Download Document

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
page
34
page
35
page
36
page
37
page
38
page
39
page
40
page
41
page
42
page
43
page
44
page
45
page
46
page
47
page
48
page
49
page
50
page
51
page
52
page
53
page
54
page
55
page
56
page
57
page
58
page
59
page
60
page
61
page
62
page
63
page
64
page
65
Document related concepts

Network tap wikipedia , lookup

CAN bus wikipedia , lookup

Recursive InterNetwork Architecture (RINA) wikipedia , lookup

Distributed firewall wikipedia , lookup

List of wireless community networks by region wikipedia , lookup

Piggybacking (Internet access) wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Computer security wikipedia , lookup

Wireless security wikipedia , lookup

Transcript 
Wireless Network Security
and Sensor Networks
1
Advance Security CS692 Fall 2004
Topics



Brief review of wireless security
Sensor networks: Architecture and Issues of
Security of SNs


SNEP
Tesla
2
Advance Security CS692 Fall 2004
802.11


802.11 a, b, …
Components

Wireless station


A desktop or laptop PC or PDA with a wireless NIC.
Access point

A bridge between wireless and wired networks




Radio
Wired network interface (usually 802.3)
Bridging software
Aggregates access for multiple wireless stations to wired
network.
3
Advance Security CS692 Fall 2004
802.11 modes

Infrastructure mode

Basic Service Set


Extended Service Set



One access point
Two or more BSSs forming a single subnet.
Most corporate LANs in this mode.
Ad-hoc mode (peer-to-peer)


Independent Basic Service Set
Set of 802.11 wireless stations that communicate
directly without an access point.

Useful for quick & easy wireless networks.
4
Advance Security CS692 Fall 2004
Infrastructure mode
Access Point
Basic Service Set (BSS) –
Single cell
Station
Extended Service Set (ESS) –
Multiple cells
5
Advance Security CS692 Fall 2004
Ad-hoc mode
Independent Basic Service Set (IBSS)
6
Advance Security CS692 Fall 2004
802.11b Security Services

Two security services provided:

Authentication


Shared Key Authentication
Encryption

Wired Equivalence Privacy
7
Advance Security CS692 Fall 2004
Wired Equivalence Privacy

Shared key between



Extended Service Set


Stations.
An Access Point.
All Access Points will have same shared key.
No key management

Shared key entered manually into



Stations
Access points
Key management a problem in large wireless LANs
8
Advance Security CS692 Fall 2004
WEP – Sending

Compute Integrity Check Vector (ICV).
 Provides integrity
 32 bit Cyclic Redundancy Check.
 Appended to message to create plaintext.

Plaintext encrypted via RC4
 Provides confidentiality.
 Plaintext XORed with long key stream of pseudo random bits.
 Key stream is function of
 40-bit secret key
 24 bit initialisation vector

Ciphertext is transmitted.
9
Advance Security CS692 Fall 2004
WEP Encryption
IV
Initialisation
Vector (IV)
Secret key
||
Seed
PRNG
Key Stream

Cipher
text
Plaintext
||
32 bit CRC
ICV
Message
10
Advance Security CS692 Fall 2004
WEP – Receiving


Ciphertext is received.
Ciphertext decrypted via RC4


Ciphertext XORed with long key stream of pseudo
random bits.
Check ICV



Separate ICV from message.
Compute ICV for message
Compare with received ICV
11
Advance Security CS692 Fall 2004
Shared Key Authentication

When station requests association with Access
Point


AP sends random number to station
Station encrypts random number



Encrypted random number sent to AP
AP decrypts received message


Uses RC4, 40 bit shared secret key & 24 bit IV
Uses RC4, 40 bit shared secret key & 24 bit IV
AP compares decrypted random number to
transmitted random number
12
Advance Security CS692 Fall 2004
Wepcrack

First tool to demonstrate attack using IV
weakness.


Open source
Three components



Weaker IV generator.
Search sniffer output for weaker IVs & record 1st byte.
Cracker to combine weaker IVs and selected 1st
bytes.
13
Advance Security CS692 Fall 2004
Airsnort

Automated tool





Does it all!
Sniffs
Searches for weaker IVs
Records encrypted data
Until key is derived.
14
Advance Security CS692 Fall 2004
Safeguards







Security Policy & Architecture Design
Treat as untrusted LAN
Discover unauthorised use
Access point audits
Station protection
Access point location
Antenna design
15
Advance Security CS692 Fall 2004
Bluetooth Security



Mode 1 – non-secure.
Mode 2 – service level enforced security.
 Initiated after the channel is established.
Mode 3 – link level enforced security
 Initiated before the channel is established.

Trusted Devices
 Unrestricted access to all services.

Untrusted Devices
 Services requiring Authorisation and Authentication.
 Services requiring Authentication.
 Open services.
16
Advance Security CS692 Fall 2004
Link Layer services

Link Layer



Authentication of Peers
Encryption of information
Unique public device address


BD_ADDR
48 bits, allocated by IEEE
17
Advance Security CS692 Fall 2004
Connecting Two Devices

Two devices with no prior connection

For low security connections



128 bit Unit link key from one device used.
Created when device is manufactured.
For higher security connections


128 bit Combination link key generated
Provides



Confidentiality
Integrity
Authentication
18
Advance Security CS692 Fall 2004
Combination Key


Identical PIN code entered into both devices.
128 bit initialisation link key generated.





PIN code
Device Address
Random number
Combination key now generated.
Combination key stored for future use.
19
Advance Security CS692 Fall 2004
Wireless Transport Layer Security
(WTLS)

Provides security services between the mobile
device (client) and the WAP gateway




Data integrity
Privacy (through encryption)
Authentication (through certificates)
Denial-of-service protection (detects and rejects
messages that are replayed)
20
Advance Security CS692 Fall 2004
WAP Gateway Architecture
Application
Servers
Wireless
Gateway
HTTP/SSL
WTLS
HTTP/SSL
21
Advance Security CS692 Fall 2004
WAP Stack Configuration
22
Advance Security CS692 Fall 2004
WTLS Protocol Stack
23
Advance Security CS692 Fall 2004
WTLS Record Protocol
Takes info from the next higher level and
encapsulates them into a PDU





Payload is compressed
A MAC is computed
Compressed message plus MAC code are
encrypted using symmetric encryption
Record protocol adds a header to the beginning to
encrypted payload
24
Advance Security CS692 Fall 2004
Record Protocol Operation
25
Advance Security CS692 Fall 2004
26
Advance Security CS692 Fall 2004
Alert Protocol




Convey WTLS-related alerts to the peer entity
Alert messages are compressed and encrypted
A fatal warning terminates the connection (i.e.
incorrect MAC, unacceptable set of security
parameters in the handshake
Certificate problems usually cause a non-fatal
error
27
Advance Security CS692 Fall 2004
SSL vs. WTLS







Datagram support ( UDP)
Expanded set of alerts
Optimized handshake – 3 levels of client/server
authentication
New Certificate Format – WTLS certificates are small
in size and simple to parse
Support client identities
Additional cipher suites – RC5, short hashes
Explicit shared secret mode
28
Advance Security CS692 Fall 2004
Sensor Network
What is it?
29
Advance Security CS692 Fall 2004
What and Where/When

What?




Low cost, low power, multi-functional sensor nodes
Communicates within short distances
Enabled by MEMS, wireless, and digital electronics
Where:

Military, health, environmental
30
Advance Security CS692 Fall 2004
Ad hoc Networks vs. SNs







Number of nodes several orders larger
Densely deployed
More prone to failures
Dynamic topology (frequent changes)
SNs use broadcasts instead of PP
Power, CPU, and memory limitations
No global IDS
31
Advance Security CS692 Fall 2004
Applications

Military


Environmental


Forest fire, bio-complexity analysis, flood detection
Health


c4ISRT, NBC detection etc.
Tele-monitoring, tracking, drug admin.
Commercial

Environmental control of office buildings



Potential for $55B/year saving &, reduction of 35 mmt of CO2 emission
Detection of vehicle thefts (Not Really SensorNets..)
Inventory control (Mostly RFIDs not nets)
32
Advance Security CS692 Fall 2004
Design Goals



Fault tolerance
Scalability
Cost ~= $1/node





(what do batteries cost? )
Hardware constraints
Transmission constraints
Power constraints
SWAP (Size Weight and Power) critical for
military apps
33
Advance Security CS692 Fall 2004
Sensor Networks Overview
• Sensor Nodes
– Sensor networks are made up of large number of ad hoc
sensor nodes
•
•
•
•
•
Power supply
Memory
Sensing hardware
Data processing
Communication components
34
Advance Security CS692 Fall 2004
Sensor Networks Overview (cont.)
• Sensor networks communication architecture
– Sensor nodes and sink node (Monitoring Station)
– Each of these scattered sensor nodes has the
capabilities to collect data and route data back to the
Monitoring Station
35
Advance Security CS692 Fall 2004
Sensor Networks Overview (cont.)
Self-organizing sensor networks topology
Alberto Cerpa and Deborah Estrin 2002
• Procedure
– The source starts transmitting data packets
toward the sink (a)
– When a node joins the network it starts
transmitting and receiving packets and sending a
neighbor announcement message (b)
– When the process completes, the group of newly
active neighbors that have joined the network
make the delivery of data from source to sink
more reliable (c)
36
Advance Security CS692 Fall 2004
Sensor Networks (cont.)
• 4 State transitions of sensor nodes
When a node starts, it initializes in the test state; it sets up a timer Tt. When Tt
expires, the node enters the active state; Before Tt expire, the number of active
neighbors > the neighbor threshold (NT), the node moves to passive state;
When a node enters the passive state, it sets up a timer Tp. When Tp expires, the
node enters the sleep state. Before Tp expire, , the number of neighbours is <
NT(…), the node moves to test state;
When a node enter the sleep turns the radio off, sets a timer Ts and goes to sleep.
37
When Ts expires, the node moves into passive state.
Advance Security CS692 Fall 2004
Area Monitoring
• Jean Carle et al paper, 2003
• 3 sub problems for area monitoring
– Select sensors that are needed for area
coverage, other sensors to sleep mode - to reduce
the number of sensor needed to monitor the area to extend
network life;
– Construct broadcasting tree from monitoring
station to all active sensors: minimum energy
broadcasting or dominating set based;
– Sensors report events to monitoring station
using reverse broadcast tree.
38
Advance Security CS692 Fall 2004
Area Coverage - Algorithm 1

Ye, Zhong,Chen, Lu, Zhang 2003





A sensor sleeps for a while, then decides to be active iff there is
no active sensor closer than a threshold distance
Once active, it remains active until life ends
Non-active periodically reevaluates decision
High probability of full coverage if threshold < ≈ 0.3 sensing
radius
The disadvantage

Probabilistic not ensure the full coverage
39
Advance Security CS692 Fall 2004
Area Coverage - Algorithm 2

Tian 2002







Each sensor knows position of all neighbors
If neighbors cover its sensing area then sensor sends withdrawal
message after timeout = negative acknowledgement (goes to sleep
mode)
Otherwise, remain active
Repeats periodically
Neighbor sensors may disappear without notice
Covering sensors may not be connected
Require priori knowledge of all neighboring nodes
40
Advance Security CS692 Fall 2004
Area Coverage - Algorithm 3
• Carle, Simplot, Stojmenovic, 2003
– Area dominating set algorithm
– Covered = active neighbors are connected
and together cover its sensing area
Central node decides to be non-dominant (sleep)
– If not covered at end of timeout then send
positive ack, otherwise send negative ack
– Positive and negative ack variant
– Positive only acks variant
(shorter network life)
41
Central node decides to be dominant (active)
(area is covered by active neighbors
but these neighbors are not connected)
Advance Security CS692 Fall 2004
Area Coverage - Algorithm 3 (Cont.)
• The Election of Covering Nodes
E.g. Nodes 0,1,2,3,4 are active, Node 5
decides to be inactive
– If node 5 does not announce its
deactivation,
• Node 6 decides to be active
– Else, node 5 announce its status
• Node 6 decides to be inactive
• Negative ack may reduce the number of active sensors
(prolong network life)
42
• Experiments show that “positive and negative ack”
leads to four times smaller area dominating sets than
“positive only ack” for dense networks.
Advance Security CS692 Fall 2004
Broadcasting -
Monitoring Station to Sensors
• Distribute requests from monitoring station to the
whole sensor nodes
• Broadcasting is a common and important operation
for route finding, information dissemination or
request diffusion
• Research on energy efficient broadcast protocols
• Aim at reducing the number of sensors which
participate in broadcasting
43
Advance Security CS692 Fall 2004
Broadcasting Tree (I)- Monitoring Station to Sensors
• F.Dai and J.Wu, 2003
– Dominant punning scheme
– Applied on area dominant set
– The dominant punning method
is the same process as
constructing area dominant set
– 20% reduction with most of
saving the border of monitored
area according to the
experimental data
44
Advance Security CS692 Fall 2004
Broadcasting Tree (II)- Monitoring Station to Sensors

A.Qayyum, et al. Multipoint Relay (MPR) Protocols
 Select a minimal set of one-hop neighbors that cover the same
network as the complete set of neighbors
 Each node find its relay set
 Repeats periodically, add to the relay subset the neighboring
node which covers
 The list of relay nodes are attached to the retransmitted packet
 Applied on area dominating sets, MPR constructs relay subsets
which contain nearly all nodes
45
Advance Security CS692 Fall 2004
Reporting Events – Sensors to Monitoring Station
• Sensor measurements –
sensors report only important
information (data aggregation)
• Spanning tree induced by
flooding over area dominating
set (reduce the number of sensors and
energy saving)
46
Advance Security CS692 Fall 2004
Management
• Ruiz, L.B, et al, 2003
• Three-layer sensor networks management architecture
47
• Service - Executed by a set of function;
• Management functions - Five possible states: ready,
not-ready, executing, done, and failed;
• Wireless sensor networks Models – Dynamic in time
Advance Security CS692 Fall 2004
Management (cont.)
Sensor nodes differ in their hardware physical capabilities
• Manager – Collects and
distribute information from all
agents and controls the entire
networks
• Sink node – Host an
intermediate manager
• Agent – Raise some questions
related to the location nodes
48
Advance Security CS692 Fall 2004
Management (cont.)
Agents in hierarchical homogeneous

Manager - Collects and distribute

Agent - Raise some questions

Cluster-head - Response for

Base Station- Connect,
information from all agents and
controls the entire networks
related to the location nodes
sending data to a base station;
execute correlation of management
data (no sink node)
communicate and secure networks
49
Advance Security CS692 Fall 2004
Sensor Network Security

What do we mean by sensor network security?







Conventional view of security from cryptography community:
cryptographically unbreakable design in practical sense
Network Reality: very few security breaches in practice are to
exploit flaws in cryptographic algorithms; side channel attacks
Malicious versus selfish (DoS vs. resource gobbler)
Security v.s. robustness, fault tolerance, resiliency
Security is not a black/white world, it is progressive
We must secure entire networked system, not just an
individual component
Solutions must be robust/adapt to new threats as much
as possible
50
Advance Security CS692 Fall 2004
How is it Different?

Wireless Sensor networks have NO clear
line of defense





Each node is a host as well as a “router”
Security solutions in wired or cellular networks may leverage
the networking infrastructure
Secure Network/service “infrastructure” has to be
collaboratively established
Wireless channel is easily accessible by
both good citizens and attackers
Resource constraints on portable devices



Energy, computation, memory, etc.
Some devices may be compromised
Heterogeneity prevents a single security solution
51
Advance Security CS692 Fall 2004
Capability based Abstraction of a
Heterogeneous Network
Capability-based Abstraction
Processing
Capabilities
BN-Backbone node
RN-Regular Node
Network
Granularity
BN
BN
RN
BN
RN
RN
RN
RN
RN
A
B
52
Advance Security CS692 Fall 2004
Incomplete list of challenges

Resource-Efficient Secure Network Services




Cryptographic services



Network Initialization, single/multihop neighbor discovery
Multihop path establishment & Routing
Supporting application services
Broadcast authentication
Key management
Security mechanisms for fundamental services






Clock synchronization
Secure location discovery and verification of claims
Location privacy
Secure aggregation and in-network processing
Cluster formation/cluster head election
Middleware (will not discuss further)
53
Advance Security CS692 Fall 2004
Incomplete list of challenges

Modeling vulnerabilities



VERY POOR state of understanding
Needed by services and applications
Cross-layer design techniques



Routing/location-aware protocols that are also
robust!
Incorporating semantics such as geometry, radio
model and range for context-based security
Functionality instead of optimality
54
Advance Security CS692 Fall 2004
Problem #1: Robust Designs


Attacks and compromise of network are reality

Misconfiguration cannot be fully eliminated

Maybe we can never enumerate

Software bugs are #1 cause for all possible attacks

Not every device can implement maximum-strength solutions
Shift from prevention to tolerance

Building trustworthy system out of untrustworthy components

Ability to detect, and function, even in the presence of problems

Similar analogy to IP


building reliable system out of unreliable components
How? Can be application specific
55
Advance Security CS692 Fall 2004
Problem #2: Adaptive
Security

Adaptation to handle many dimensions of
dynamics:

Adaptive to user requirements



Adaptive to user devices
Adaptive to channel dynamics:


Partial connectivity, disconnectivity, full connectivity
Adaptive to mobility


Differential security services used in government and military
Cross-domain service for roaming users
Adaptive to dynamic membership

Node join, leave, fail
56
Advance Security CS692 Fall 2004
Problem #3: Joint Design of QoS and
Security


Incorporating network metrics and security: scalability,
communication overhead, computation complexity,
energy efficiency, device capability, …
Different performance metrics may be in (partial) conflict



Probably the most secure system is of minimal usability
Example: energy efficiency/computation complexity versus
cryptography strength
Many conventional security solutions take a centralized
approach
57
Advance Security CS692 Fall 2004
Problem #4: Evaluation of Design
• Current designs have an explicit threat
model in mind
• NOT Realistic
– Real trace analysis for practical attacks?
• Benchmarking ?
– Other areas in computer systems have well
defined benchmarks: SPEC CPU, TPC-C
• Analytical tools
• Current effort: game theory, graph theory
58
Advance Security CS692 Fall 2004
Problem #5: Securing the Chain

The system is only as secure as the weakest
link



How to secure these supporting components



Often ignored
Secure the entire system chain
Build multiple fences

59
Many supporting components: DNS, ARP, DHCP,…
Other supporting protocols: bootstrapping, discovery,
time synchronization
Each fence is built based on a component’s resource
constraint
Advance Security CS692 Fall 2004
Security in Sensor Networks

To provide




Confidentiality
Authenticity, integrity
Timeliness – freshness
With minimum power consumption


Minimize communication – key exchanges
Private key encryption
60
Advance Security CS692 Fall 2004
Trust Model




Sensor Nodes are not trusted
Sink node part of the trusted network
Sink node and the sensor nodes share secret
Node trusts its own resources

Clock, memory etc.
61
Advance Security CS692 Fall 2004
SPIN – Two Protocols

Secure Network Encryption Protocol (SNEP)


Provides confidentiality, authentication, freshness
between endpoints
µTESLA - Micro Timed Efficient Stream Losstolerant Authentication

Provides broadcast authentication
62
Advance Security CS692 Fall 2004
SNEP Basics

Private key encryption



DES-CBC
Derive subsequent keys from the original shared key
using RC5
Use counter mechanism for freshness
{Msg}<Kencr, Counter>, MAC(KMAC, Counter | {Msg}<Kencr, Counter>)
Confidentiality with authentication MAC
63
Advance Security CS692 Fall 2004
µTESLA




Provides authentication for broadcast
In general needs public-key system to avoid
forgery
Public-key not suitable for SNs
Emulate public-key using delayed private key
disclosure (see details in SPIN paper)
64
Advance Security CS692 Fall 2004
Wireless/Sensor Network References




Adrian Perrig, Robert Szewczyk, Victor Wen, David Culler, J. D.
Tygar. SPINS: Security Protocols for Sensor Networks. Mobile
Computing and Networking, 2001.
Jiejun Kong, Petros Zerfos, Haiyun Luo, Songwu Lu, Lixia Zhang.
Providing Robust and Ubiqitous Security Support for Mobile Ad-Hoc
Networks. 9th International Conference on Network Protocols, Nov.
2001.
Haiyun Luo, Songwu Lu. Ubiquitous and Robust Authentication
Services for Ad Hoc Wireless Networks. Technical Report UCLACSD-TR-200030, University of California, Los Angeles. October
2000
Akyildiz, I.F., Su, W., Sankarasubramaniam, Y., and Cayirci, E., ``A
Survey on Sensor Networks,” IEEE Communications Magazine, Vol.
40, No. 8, pp. 102-116, August 2002
65
Advance Security CS692 Fall 2004
Related documents
An Ultra-Low Power Asynchronous-Logic In-Situ Self
An Ultra-Low Power Asynchronous-Logic In-Situ Self
Lecture18 - Philadelphia University
Lecture18 - Philadelphia University
Home monitoring of patients with Parkinson`s disease via wearable
Home monitoring of patients with Parkinson`s disease via wearable
Sensor Networks
Sensor Networks
pptx - Ann Gordon-Ross - University of Florida
pptx - Ann Gordon-Ross - University of Florida
Fast Surface Mount Pressure Sensor Assembly
Fast Surface Mount Pressure Sensor Assembly
AMC6821 E2E Question
AMC6821 E2E Question
Wireless Monitoring System
Wireless Monitoring System
Bosch Graphene Magnetic Sensor
Bosch Graphene Magnetic Sensor
Chapter 1
Chapter 1
Daily Activity Recognition - Computer Science and Engineering
Daily Activity Recognition - Computer Science and Engineering