Transcript A Pairwise Key Pre-Distribution Scheme for Wireless Sensor Networks
Securing
Wireless Sensor Networks
Wenliang (Kevin) Du
Department of Electrical Engineering and Computer Science Syracuse University Excerpted from http://www.cis.syr.edu/~wedu/Research/slides/Purdue04.ppt
1
Overview • Overview of Wireless Sensor Networks (WSN).
• Security in wireless sensor networks.
– Why is it different? • Our work on key pre-distribution in WSN – Deployment-based scheme (INFOCOM’04) – Pair-wise Scheme (ACM CCS’03) • Summary.
2
Wireless Sensors Berkeley Motes 3
Mica Motes • Mica Mote : – Processor: 4Mhz – Memory: 128KB Flash and 4KB RAM – Radio: 916Mhz and 40Kbits/second.
– Transmission range: 100 Feet • TinyOS operating System: small, open source and energy efficient.
4
Spec Motes 5
Wireless Sensor Networks (WSN) Sensors Deploy 6
Applications of WSN • Battle ground surveillance – Enemy movement (tanks, soldiers, etc) • Environmental monitoring – Habitat monitoring – Forrest fire monitoring • Hospital tracking systems – Tracking patients, doctors, drug administrators.
7
Securing WSN • Motivation: why security?
• Why not use existing security mechanisms?
– WSN features that affect security.
• Our work: – Two key management schemes.
8
Why Security?
• Protecting confidentiality , integrity , and availability of the communications and computations • Sensor networks are vulnerable to security attacks due to the broadcast nature of transmission • Sensor nodes can be physically captured or destroyed 9
Why Security is Different?
• Sensor Node Constraints – Battery, – CPU power, – Memory.
• Networking Constraints and Features – Wireless, – Ad hoc, – Unattended.
10
Sensor Node Constraints • Battery Power Constraints – Computational Energy Consumption • Crypto algorithms • Public key vs. Symmetric key – Communications Energy Consumption • Exchange of keys, certificates, etc.
• Per-message additions (padding, signatures, authentication tags) 11
Constraints (Cont.) Public Key Encryption • Slow – 1000 times slower than symmetric encryption • Hardware is complicated • Energy consumption is high Processor MIPS R4000 MC68328 Energy Consumption (mJ/Kb) RSA/E/V RSA/D/S AES 0.81
16.7
0.00115
42 840 0.0130
12
Memory Constraints • Program Storage and Working Memory – Embedded OS, security functions (Flash) – Working memory (RAM) • Mica Motes: • 128KB Flash and 4KB RAM 13
Objectives of Our Research • Long-term Goals – Study how WSN’s constraints/features affect the design of security mechanisms.
– Develop security mechanisms for WSN.
• Current Projects – Key Management Problems – Data Fusion Assurance 14
Key Management Problem 15
Key Management Problem Sensors Deploy 16
Key Management Problem Sensors Deploy Secure Channels 17
Approaches • Trusted-Server Schemes – Finding trusted servers is difficult.
• Public-Key Schemes – Expensive and infeasible for sensors.
• Key Pre-distribution Schemes 18
Key Pre-distribution Loading Keys into sensor nodes deployment prior to Two nodes find a common key between them after deployment Challenges Memory/Energy efficiency Security: nodes can be compromised Scalability: new nodes might be added later 19
Naïve Solutions Master-Key Approach Memory efficient, but low security.
Needs Tamper-Resistant Hardware.
Pair-wise Key Approach N-1 keys for each node (e.g. N=10,000).
Security is perfect.
Need a lot of memory and cannot add new nodes.
20
Eschenauer-Gligor Scheme Each node randomly selects m keys Key Pool S A B C D E • When |S| = 10,000, m=75 Pr (two nodes have a common key) = 0.50
1 9925
C
75 10000
C
75 1 0 .
57 0 .
43 21
Establishing Secure Channels A B C D E 22
Exercise 7 • Write a program to calculate the probability: – Input: • G=(V,E) • Pr (two nodes have a common key) = – Output: • Let E’ E denote the subset of secure channels, calculate the probability that G=(V,E’) is a connected graph.
– Due: June 4 th 23
Example 1 • =1/2 24
1 8 1 8 1 8 1 8 8 1 8 1 2 25
Example 2 • =2/3 ( 2 3 2 3 1 3 3 ) ( 2 3 2 3 2 3 1 ) 20 27 26
3 1 2 2 3 3 1 Input Format • |V|=3 • Undirected edges (1,2) (2,3) (3,1) • Note: the given graph may not be complete.
27