Transcript Introducing Epidemic Models for Data Survivability in UWSNs

Epidemic Data Survivability
in UWSNs
Roberto Di Pietro,
Nino Vincenzo Verde
{dipietro,nverde}@mat.uniroma3.it
Universita’ di Roma Tre
1
RoadMap
•
•
•
•
•
Introduction to UWSNs
Information Survivability
The SIS Model
Modeling Information Survivability in UWSNs
Epidemic Data Survivability
– Full Visibility
– Geometrical model
• Experimental results
• Conclusions
ACM WiSec 2011
2
Unattended WSNs
• Sporadic presence of the sink
• Sensors upload info as soon as the sink comes
around
• Applications:
– Hostile environments
monitoring
– Pipelines monitoring
ACM WiSec 2011
3
Information Survivability
• Sink not always available:
– UWSN More subject to malicious attacks than traditional
WSN
• Our targets:
To provide a certain level of assurance about
INFORMATION SURVIVABILITY
To predict the sink
COLLECTING TIME
To set up a TRADE-OFF between energy consumption,
data survivability, and collecting time
ACM WiSec 2011
4
Epidemic Models
• Epidemic Models
– Describe the dynamic of a disease at the population scale
– Fit very large populations
• General Approach:
– n individuals are partitioned into several compartments
– Transition probabilities between any two compartments are given
– The spreading of the disease is taken into consideration
ACM WiSec 2011
5
SIS
SI
S
I
Susceptibles
I
Infected
i ' (t )  s (t )i (t )  i (t )
s ' (t )  i (t )  s (t )i (t )
• Solution:
i (t )  
(   )
e t (   )  c (   )  
• Using i(t) it is possible to predict the number of sick
individuals at time t
ACM WiSec 2011
6
Steady States
• A steady state is reached when i‘(t)=0
– The rate of infected individual will remain indefinitely constant
• In the SIS model there are 2 steady states:
– STEADY0: i(t)=0
– STEADY1: i(t)=1-β/α
STEADY1 is Asymptotically Stable:
Perturbing the system will not produce any long term
effect
ACM WiSec 2011
7
Modeling the Information Spread
with epidemic models
• Data replication process can be modeled as the spreading of a
disease in a finite population
– No crypto needed
– No additional overhead due to the reconstruction of the info
• We want to achieve:
– Data survivability
– Optimal usage of sensor resources
– Predictable collecting time
ACM WiSec 2011
8
Modeling the Information Spread
with epidemic models (2)
• Contributions
– Highlighting that the original SIS model may lead to lose the
datum, in contrast with theoretical results provided in the
literature (This risk is particularly sensitive when trying to optimize sensor
resources usage)
– Providing a probabilistic analysis highlighting the conditions to
be satisfied to preserve the data survivability
(for both geometrical and full visibility model)
– Experimental results confirming the findings
ACM WiSec 2011
9
Modeling the Information Spread
THE NETWORK MODEL
• UWSN with n sensors (n large)
• Evolution time partitioned in rounds
– Sensors, attacker and sink play their game in each round
• Data is transmitted by replication:
– In each round, each sensor that stores the datum transmits it with probability α/n
to each neighbor
s(t ) is t hefract ionof sensors t hatdo not possess t hedat um
i (t ) is t hefract ionof sensorspossesingit
S
Susceptibles
S
Do not have info
ACM WiSec 2011
I
Infected
I
Have info
10
Modeling the Information Spread
THE ATTACKER MODEL
• Search and Erase mobile adversary:
– He wants to prevent certain target data from reaching the sink without
being detected
• He is able to move inside the monitored area
• He compromises the nodes erasing information
• He does not change sensors’ behavior or destroy them (it would be
easily detectable)
In each round the attacker compromises up to β percentage of nodes that
currently store the target information
ACM WiSec 2011
11
Modeling the Information Spread
THE SINK MODEL
• It is able to contact and to download data from γ
percentage of nodes belonging to the network in each
round
• We will consider two models:
– Global Intermittent Sink
– Itinerant Intermittent Sink
ACM WiSec 2011
12
Epidemic Data Survivability
Search and Erase
mobile adversary
n sensor with
replication α/n
SIS
• The datum corresponds to a disease
• Each healthy subject (sensor) can
contract the disease (datum) from a
sick individual with a certain
probability
• The adversary corresponds to the
process of healing from the disease
• A healed subject can then recontract the disease (datum)
ACM WiSec 2011
13
Full Visibility
• Assuming full visibility among the sensors, in
each round:
– The prob that a sensor receives a “new” datum can
be approximated by:
in





s1  1     si

n 



– The prob that a sensor will be compromised is: i
Therefore, the SIS model with parameters α and β can be used to predict the
behavior of such a network
ACM WiSec 2011
14
SIS Prediction Vs. Simulations
The SIS model is not always accurate
(In the Simulation α=0.95)
ACM WiSec 2011
15
SIS Prediction Vs. Simulations
• Not accurate when β
is close to α -> that
means STEADY1 close
to 0
• It depends on
statistical fluctuations
of i(t)
• Unfortunately, that
portion is the most
interesting for us:
we want to minimize
energy consumption
ACM WiSec 2011
16
Video Information Lost
Start video
17
A probabilistic lower bound on
the data survivability
THEOREM
Once reached Steady1, if α>β/(1- ε) , the probability
to loose the datum is less than or equal to exp(-ε2n/2)
The proof is based on the Method of Bounded Differences
ACM WiSec 2011
18
Trade-Off between Energy Consumption,
Data Survivability and Collecting Time
The following result assures at the same time:
• Data survivability
• An optimal usage of sensors resources
• And a fast and predictable collecting time
TRADE-OFF THEOREM
Once reached Steady1, considering a global intermittent sink, and full
visibility among sensors, if β/(1- ε)<α< β+(1/x), with 1<x<n, the following
three conditions will hold:
1.In each round the expected number of sent messages is less than n/x
2.the probability to loose the datum is less than or equal to exp(-ε2n/2)
3.The expected collecting time will be equal to (nγ(1- β/α))-1
ACM WiSec 2011
20
Video Probabilistic Bound
Start video
21
Geometrical Model
• Sensor A can communicate with sensor B if and only if B is
inside A’s transmission range
• Is the SIS model still valid? YES, but we need to revise it
i ' (t )  rn2 s (t )i (t )  i (t )
s ' (t )  i (t )  rn2 s (t )i (t )
Steady States:
i (t )  0
i (t )  1 

rn2
ACM WiSec 2011
22
Video Information Lost –
Geometrical case
Start video
ACM WiSec 2011
23
Extending the results for the
geometrical models
TRADE-OFF THEOREM
In the geometrical model, once reached Steady1, considering a itinerant
intermittent sink, and full visibility among sensors, if β/(πrn2(1- ε) )<α<
β/(πrn2)+(1/x), with 1<x<n, the following three conditions will hold:
1.In each round the expected number of sent messages is less than nπrn2/x
2.the probability to loose the datum is less than or equal to exp(-ε2n/2)
3.The expected collecting time will be equal to (nγπrs2 (1- β/ ( απrn2)))-1
ACM WiSec 2011
25
Geometrical model:
experimental results
Sent Messages
Theoretical prediction
Vs.
Experimental results
Collecting Time
Information Survivability
ACM WiSec 2011
26
Video Probabilistic Bound –
Geometrical case
Start video
ACM WiSec 2011
28
Conclusions
• Epidemic models can be used to forecast
the behavior of large UWSNs
• Statistical fluctuation can cause the loss of the
datum
• We provided a theoretically sound result that
assures data survivability, minimizes resources
consumption, provides a fast collecting time
• Future Work
What if the UWSN becomes a mobile WSN?
ACM WiSec 2011
29
Questions?
Thank you!
ACM WiSec 2011
30
Related Work (some)
•
•
•
•
•
[1] Roberto Di Pietro, Luigi V. Mancini, Claudio Soriente, Angelo Spognardi, and
Gene Tsudik. “Catch Me (If You Can): Data Survival in Unattended Sensor
Networks”. In Proceedings of the 6th IEEE International Conference on Pervasive
Computing and Communications (PerCom 2008), pages 185-194, Hong Kong, March
17-21, 2008.
[2] Michele Albano, Stefano Chessa, and Roberto Di Pietro. “A model with
applications for data survivability in Critical Infrastructures”. In Journal of
Information Assurance and Security, vol. 4(6), pages 629-639, June 2009.
[3] Roberto Di Pietro, Luigi V. Mancini, Claudio Soriente, Angelo Spognardi, and
Gene Tsudik. “Playing Hide-and-Seek with a Focused Mobile Adversary in
Unattended Wireless Sensor Networks”. In Journal of Ad Hoc Networks (Elsevier) Special Issue on Privacy and Security in Wireless Sensor and Ad Hoc Networks -,
vol. 7(8), pages 1463-1475, November 2009.
[4] D. Ma, C. Soriente and G. Tsudik. “New Adversary and New Threats in
Unattended Sensors Networks”. IEEE Network, Vol. 23, No. 2, 2009.
[5] R. Di Pietro, and N. V. Verde. “Introducing Epidemic Models for Data
Survivability in Unattended Wireless Sensor Networks”. Second International
Workshop on Data Security and PrivAcy in wireless Networks (D-SPAN 2011), Lucca,
Italy.
ACM WiSec 2011
31