Slide 1

Download Report

Transcript Slide 1 

Group-based Peer Authentication for Wireless Sensor Networks
Taojun Wu, Nathan Skirvin, Jan Werner, Brano Kusy, Akos Ledeczi, Yuan Xue (Vanderbilt University)
Simple Example
Motivation
Track me
every 3s!
I want to know who
issued command.
Stadium with Sensors Deployed
(Malicious mote) I fabricate
tracking commands.
Automatic Camera Feed
Let’s do one
measurement!
Guard moves with an
XSM Mote, tracked
by RIPS technology
Sensors A, B, C,
D have different
combination of
overlapping keys:
A: 1, 4
B: 1, 2
C: 2, 3
D: 3, 4
1
A
B
k
4
2
D
C
3
Google Earth Illustration of Localization System
Sensor A pretends to be C, appends
message authentication code (generated
with key 1 & 4) to outgoing messages
B
I am C
~12 Static
XSM Motes
(positions
known )
I
can’t
hold
many
keys.
Nor do I like complex
computations.
You are not
C, since
you don’t
have key 3
(Malicious mote) See what
happens with false data.
D
C
Objectives
Meet
flexible authentication demands:
• Care only overall decision;
• Allow uncertainty between few pairs
• Enable differentiated influence according to role
• Level security assurance among sensors
Provide
BC
A
(Malicious mote) I send
results in other’s name.
efficient and effective authentication
• Low computation requirement
• Less memory space usage
Each key represents a group, a
node is in k groups if it contains k
keys. When k is equal for all nodes,
¡
¢¸
it needs
to Keys
satisfy at#least:
# of
of nodes

Scenario: Dirty Bomb Detection and Localization
1. Critical mission 2. Real-time 3. Constrained resources
Analysis
You are not C,
since you don’t
have key 2
D
C
C
I know you
are not me.
System Implementation
We implement a component (MultiMAC)
under TinyOS (based on SkipJack in TinySec)
 MultiMAC is part of the Dirty Bomb
Detection and Localization demonstration
(Vanderbilt and ORNL) of IPSN 2006.
http://www.isis.vanderbilt.edu/projects/rips/
Unlike existing research, we focus
at providing authentication. Hence
our scheme does not require equal
sized key rings, nor equal sized
overlapping groups.

Key Pre-distribution
Sensors have pre-distributed
subset of keys, out of key pool;
 Node-to-key mapping is publicly
available to all sensors;
 For the localization scenario, each
mote has 4 keys, reducing from ~12,
if pair-wise secret keys are used.

Measurement Results
 App.
2800 B in ROM, 200 B in RAM,
including program & assigned keys;
Computation time: 5.3 ms;
 Verification time: < 0.1 ms, 1.3~1.4
ms or 2.5 ms, if receiver has 0, 1 or 2
keys in common with sender.

Acknowledgement
This is a collaborative work
between Institute for Software
Integrated Systems and OAK
Ridge National Laboratory.