CSC 774 Advanced Network Security

Similar documents
Mitigating DoS attacks against broadcast authentication in wireless sensor networks

Kun Sun, Peng Ning Cliff Wang An Liu, Yuzheng Zhou

Seluge: Secure and DoS-Resistant Code Dissemination in Wireless Sensor Networks

Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures

A Tree-Based µtesla Broadcast Authentication for Sensor Networks

Wireless Network Security Spring 2011

Defenses against Wormhole Attack

Efficient and Secure Source Authentication for Multicast

Reliable Broadcast Message Authentication in Wireless Sensor Networks

TinySec: A Link Layer Security Architecture for Wireless Sensor Networks. Presented by Paul Ruggieri

Network Security: Broadcast and Multicast. Tuomas Aura T Network security Aalto University, Nov-Dec 2010

LHAP: A Lightweight Hop-by-Hop Authentication Protocol For Ad-Hoc Networks

LHAP: A Lightweight Hop-by-Hop Authentication Protocol For Ad-Hoc Networks

Network Security: Broadcast and Multicast. Tuomas Aura T Network security Aalto University, Nov-Dec 2011

SECURE ROUTING PROTOCOLS IN AD HOC NETWORKS

LHAP: A Lightweight Network Access Control Protocol for Ad-Hoc Networks

Wireless Network Security Spring 2015

Sleep/Wake Aware Local Monitoring (SLAM)

Source Authentication in Group Communication Systems

WIRELESS sensor networks have received a lot of attention

Presented by: Murad Kaplan

Authentication for Bulk Data Dissemination in Sensor Networks. Using Symmetric Keys 1

KSN Radio Stack: Sun SPOT Symposium 2009 London.

LXRS and LXRS+ Wireless Sensor Protocol

Key establishment in sensor networks

Wireless Network Security Spring 2016

A METHOD FOR DETECTING FALSE POSITIVE AND FALSE NEGATIVE ATTACKS USING SIMULATION MODELS IN STATISTICAL EN- ROUTE FILTERING BASED WSNS

CSC 774 Network Security

The Emergence of Networking Abstractions and Techniques in TinyOS

Secure Multi-Hop Infrastructure Access

Use of Symmetric And Asymmetric Cryptography in False Report Filtering in Sensor Networks

DIRECTED DIFFUSION ROUTING PROTOCOL: ATTACKS AND COUNTERMEASURES RAJKUMAR VIJAYARAMAN. Bachelor of Engineering. Annamalai University

Routing in Sensor Networks

SPINS: Security Protocols for Sensor Networks

Effective Multi-user Broadcast Authentication in Wireless Sensor Networks

Secure Routing for Mobile Ad-hoc Networks

Chapter 5 Ad Hoc Wireless Network. Jang Ping Sheu

SRPS: Secure Routing Protocol for Static Sensor Networks

The Flooding Time Synchronization Protocol

A Distributed Particle Filter Implementation for Tracking in a Wireless Sensor Network

The Internet of Things. Thomas Watteyne Senior Networking Design Engineer Linear Technology, Dust Networks product group

Practical Experiences with crypto on 8-bit

ABSTRACT

Matteo Petracca Scuola Superiore Sant Anna, Pisa

CSC344 Wireless and Mobile Computing. Department of Computer Science COMSATS Institute of Information Technology

Intel Research mote. Ralph Kling Intel Corporation Research Santa Clara, CA

Authentication in Reprogramming of Sensor Networks for Mote Class Adversaries 1

A Thesis for the Degree of Master. A Study on Localized Multi-user Broadcast Authentication Protocol for Wireless Sensor Networks

Presented by: Mariam Ahmed Moustafa Faculty of Engineering, Alexandria University, Egypt. 24 March 2016 RIPE NCC / MENOG 16

Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures

Housekeeping. Fall /5 CptS/EE 555 1

Part I: Introduction to Wireless Sensor Networks. Xenofon Fafoutis

Information Brokerage

Securing Internet of things Infrastructure Standard and Techniques

Reliable Time Synchronization Protocol for Wireless Sensor Networks

Body Sensor Network Security

CSC 774 Advanced Network Security

Common problems in production Wireless Networks. Jigsaw: Solving the Puzzle of Enterprise Analysis. Sounds Familiar?

Agilla/Agimone: Middleware for Sensor Networks

Video of the Day. Ø LA Express Park Explained!

MiniSec: A Secure Sensor Network Communication Architecture

SSL/TLS. How to send your credit card number securely over the internet

Dynamic Source Routing in ad hoc wireless networks

Security of Wireless Networks. Srdjan Čapkun Department of Computer Science ETH Zurich

Self-Adapting MAC Layer for Wireless Sensor Networks

TESLA Certificates: An Authentication Tool for Networks of Compute-Constrained Devices Mathias Bohge

Secure Embedded Wireless Networks

LIGHTWEIGHT KEY MANAGEMENT SCHEME FOR HIERARCHICAL WIRELESS SENSOR NETWORKS

Green Lights Forever: Analyzing the Security of Traffic Infrastructure

ISSN: ISO 9001:2008 Certified International Journal of Engineering and Innovative Technology (IJEIT) Volume 3, Issue 10, April 2014

Authentication in Reprogramming of Sensor Networks for Mote Class Adversaries 1

Zephyr: Efficient Incremental Reprogramming of Sensor Nodes using Function Call Indirections and Difference Computation

Energy-aware Reconfiguration of Sensor Nodes

Legacy-Compliant Data Authentication for Industrial Control System Traffic

Trust-Propagation Based Authentication Protocol in Multihop Wireless Home Networks

Analysis of Black-Hole Attack in MANET using AODV Routing Protocol

Switching & ARP Week 3

Department of Electrical and Computer Engineering, Institute for Systems Research, University of Maryland, College Park, MD 20742, USA

Security Issues In Mobile Ad hoc Network Routing Protocols

ISA100.11a. Pengfei Ren.

TinyECC: A Configurable Library for Elliptic Curve Cryptography in Wireless Sensor Networks

Routing Scheme in Energy efficient based Protocols for Wireless Sensor Networks

Wireless Sensor Networks: Security Issues, Challenges and Solutions

Distributed Control over Wireless Networks

An Interleaved Hop-by-Hop Authentication Scheme for Filtering of Injected False Data in Sensor Networks

ISSN: ISO 9001:2008 Certified International Journal of Engineering and Innovative Technology (IJEIT) Volume 2, Issue 2, August 2012

Security of Mobile Ad Hoc and Wireless Sensor Networks

Secure routing in ad hoc and sensor networks

Ariadne: Secure On-Demand Routing in Ad-Hoc Networks an explanation for dummies

TDMA-Based Detection of Packet Modification Attacks in Wireless Sensor Networks 1

A Survey On Attacks, Challenges and Security Mechanisms In Wireless Sensor Network

CSE 473 Introduction to Computer Networks. Final Exam. Your name here: 12/17/2012

Outline. CS5984 Mobile Computing. Dr. Ayman Abdel-Hamid, CS5984. Wireless Sensor Networks 1/2. Wireless Sensor Networks 2/2

SDCI Student Project 6 Sensing Capabilites Go Wireless. Mario Caruso Francesco Leotta Leonardo Montecchi Marcello Pietri

Reminder. Course project team forming deadline. Course project ideas. Friday 9/8 11:59pm You will be randomly assigned to a team after the deadline

Outline. Multi-Channel Reliability and Spectrum Usage in Real Homes Empirical Studies for Home-Area Sensor Networks. Smart Grid

CS-435 spring semester Network Technology & Programming Laboratory. Stefanos Papadakis & Manolis Spanakis

System Architecture Directions for Networked Sensors[1]

ENSF: ENERGY-EFFICIENT NEXT-HOP SELECTION METHOD USING FUZZY LOGIC IN PROBABILISTIC VOTING-BASED FILTERING SCHEME

Data Elevators Applying the Bundle Protocol in Delay Tolerant Wireless Sensor Networks

Transcription:

Computer Science CSC 774 Advanced Network Security Topic 4.3 Mitigating DoS Attacks against Broadcast Authentication in Wireless Sensor Networks 1 Wireless Sensor Networks (WSN) A WSN consists of a potentially large number of battery powered sensor nodes Each node has sensors, actuators, micro controller, memory, radio Example sensor platforms Low end: MICA series of motes High end: Intel imotes MICA2 MICA2DOT MICAz Intel imote 2 Applications of Wireless Sensor Networks Structural health monitoring Buildings, bridges, etc. Target tracking Environmental monitoring Industry monitoring Battlefield surveillance 3 1

Wireless Sensor Networks (Cont d) 4 Broadcast: A Critical Communication Primitive Broadcast 5 Broadcast Authentication In hostile environments, broadcast messages must be authenticated Options for broadcast authentication Digital signature Expensive Possible for high-end sensor nodes µtesla and its variations Based on symmetric cryptography efficient Requires loose time synchronization Threat: DoS attacks 6 2

Broadcast in Multi-Hop Sensor Networks A broadcast packet is usually forwarded multiple times before reaching all the nodes 7 DoS Attacks against Broadcast Authentication (1) Signature-based broadcast authentication Attack: inject messages with false signatures Impact: Nodes receiving false messages have to perform unnecessary signature verifications 8 DoS Attacks against Broadcast Authentication (2) µtesla-based broadcast authentication Symmetric cryptography Delayed disclosure of symmetric keys Security condition Make sure when a receiver gets a broadcast message, the sender has not disclosed the corresponding key Loose time synchronization 9 3

DoS Attacks against Broadcast Authentication (3) µtesla-based broadcast authentication Attack: Overhear and inject false messages Impact: All the nodes have to buffer, and some have to forward the false messages 10 Possible Solution -- Client Puzzle? Client Service request R Server O.K. Buffer [Juels & Brainard, NDSS 99] Challenge: Client puzzle requires interaction, but broadcast is one-to-many! 11 Our Solution: Message Specific Puzzles Weak authentication along with signature or µtesla authentication Extremely efficient to verify, but costly to forge Cannot be pre-computed Even if extremely resourceful attackers may forge a few, but it s very difficult to reuse the forged ones Work for both digital signature and µtesla Light communication overhead E.g., 4 bytes/packet for µtesla with reasonable strength Require resourceful sender (e.g., laptop) Sender side delay Still useful when sender can predict the broadcast messages Examples: task dissemination, sensor/actuator reconfiguration 12 4

Outline Assumptions A strawman approach Message specific puzzles Optimization for signature-based broadcast authentication Optimization for µtesla-based broadcast authentication Implementation and field experiments TinySigGuard and TinyµTESLAGuard 13 Assumptions Broadcast senders are resourceful E.g., laptop, vehicle carried computers When signature is used, assume packet is large enough to accommodate the signature Not a problem for ZigBee compliant sensor nodes (up to 102 byte payload) Nodes can perform limited public key operations When µtesla is used, assume the clocks of all nodes are loosely synchronized 14 Assumptions of Attackers Attacker can eavesdrop, inject, and modify broadcast packets Attacker is resourceful Attacker may use colluding nodes distributed in the network Share information Wormhole Attacker may compromise some nodes But attacker cannot compromise the broadcast sender 15 5

A Strawman Approach Weak authentication through one-way key chains The i-th broadcast packet includes a weak authenticator K i. A broadcast packet can be weakly authenticated with the weak authenticator Weaknesses An attacker overhearing a valid broadcast packet can forge many packets An attacker can force the nodes isolated from the source to verify an infinite number of signatures Key problem: Duplicating weak authenticators is too easy Commitment 16 Message Specific Puzzles (MSP) Consider the i-th message M i Suppose BA i is the signature or µtesla MAC for the packet w/o weak authenticator K i is the puzzle key for M i i, M i, BA i, K i together define a message specific puzzle The solution P i must satisfy K i and P i form the weak authenticator Commitment l: puzzle strength 17 MSP for Weak Authentication with Signature-Based Broadcast Authentication Sender Generate a signature BA i Find the right puzzle key, and solve the MSP for M i Expensive Broadcast the message index, the message, the broadcast authenticator, the puzzle key, and the puzzle solution i M i BA i K i P i Receiver Verify the puzzle solution Very efficient (1 hash operation) Verify the broadcast authenticator Later messages with the same index can be dropped 18 6

MSP for Weak Authentication with µtesla-based Broadcast Authentication Sender 1. Find the right µtesla key to generate a MAC (BA i ) 2. Find the right puzzle key, and estimate how many puzzle solutions can be tested before the µtesla key expires Try the estimated number of puzzle solutions 3. If puzzle solution is not found, go back to step 1 4. Broadcast the message index, the message, the broadcast authenticator, the puzzle key, and the puzzle solution Switch puzzle keys 19 MSP for Weak Authentication w/ µtesla Receiver Verify the puzzle solution Very efficient (1 hash operation) Verify the broadcast authenticator Have to wait until the µtesla key is disclosed 20 Security Can an attacker forge a weak authenticator? Yes, if it s resourceful, but The attacker has to wait for the release of the puzzle key, and It takes time Each message has a unique message index Signature: After getting an authenticated message, a receiver will not accept another one with the same index µtesla: Limited duration for forged messages Problem: network partition 21 7

Minimizing Reuse of Forged Puzzle Solutions Forged puzzle solution Valid puzzle solution, but invalid broadcast authenticator Buffer hashes of potentially forged puzzle solutions Keep m buffer entries For the k-th (unique) message that pass the weak authentication Discard if it hashes to one of the saved entries If k <= m, save it to an empty entry If k > m, substitute it for any random entry with probability m/k 22 Cost of Finding a Puzzle Solution Given puzzle strength l, the probability of finding a solution after x trials: P x,l =1" (1" 2 "l ) x Expected number of trials to find a solution is 2 l 1"1.6 #10 "28 23 Optimization for Digital Signatures (1) Time limited message specific puzzles Adopting the idea of TESLA Addressing the network partition problem An attacker can DoS attack nodes isolated from the source for a limited period of time 24 8

Optimization for Digital Signatures (2) Adaptive verification N f : # failed signature verifications in the past w time units An indicator of DoS attacks Optimistic mode Verify the weak authenticator, rebroadcast, and then verify the signature Pessimistic mode Verify the weak authenticator and the signature, and then rebroadcast 25 Optimization for µtesla Use µtesla key chain for both weak authentication and broadcast authentication The disclosed key puzzle key Reduced complexity Only manage one key chain Reduced computation, communication, and storage overheads 26 Implementation Implemented on TinyOS Target platform: MICAz Assume up to 102 byte packet payload size ZigBee compliant Two packages TinySigGuard Intended to be used with TinyECC to provide signature-based broadcast authentication TinyµTESLAGuard Intended to be used with µtesla-based broadcast authentication Both have a sender part (running on PC) and a receiver part (running on motes) 27 9

Implementation (Cont d) Code size measured on MICAz Excluding TinyECC and µtesla Obtained using check_size.pl Code size (bytes) on MICAz TSGReceiver TuGReceiver Packet format ROM 1,317 180 RAM 289 210 28 Experimental Evaluation Sender DELL Latitude D510 laptop 1.6GHz Pentium M 730 512 MB DDR SDRAM Receivers 30 MICAz motes Each has a 8-bit processor, 128KB program flash, 4KB SRAM, ZigBee compliant radio Deployed in a 2,800 square-feet lab 29 Experimental Scenario 30 10

Computation Cost and Sender Side Delay 31 Propagation Delay 32 Conclusion Message specific puzzles Benefits Extremely efficient to verify, but costly to forge Cannot be pre-computed Forged weak authenticators are difficult to reuse Work for both digital signature and µtesla Light communication overhead Limitations Require resourceful sender (e.g., laptop) Sender side delay 33 11

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback