Security Support in In-Network Processing & analysis of key management in WSN


Published on

Security protocols & algorithms
information aggregation & assimilation in WSN
Analysis of key managment

Published in: Education, Technology
  • Be the first to comment

  • Be the first to like this

Security Support in In-Network Processing & analysis of key management in WSN

  1. 1. Security Support in In-Network Processing in WSN
  2. 2. Introduction to Zigbee (IEEE 802.15.4) These networks are Wireless Personal Area Networks (WPANs) that are defined by a low data rate, long battery life, and secure networking. Zigbee networks support automation and remote control. Zigbee exist in mac & physical layer Qualnet (i.e. network sensor library, supporting Zigbee ) The following are capabilities included in the QualNet 4.5 Sensors Network Library: • Generating network beacons if the deviceis a coordinator • Synchronizing to the beacons • Personal Area Network (PAN) association and disassociation • Carrier Sense Multiple Access with Collision avoidance (CSMA-CA) for channel access • Energy detection (ED) within the current channel • Battery model and RF energy consumption model • Link Quality Indication (LQI) for received packets • Modulation schemes: • O-QPSK with DSSS @ 2.4 GHZ, 868/915 MHz • BPSK with DSSS @ 868/915 MHz • PSSS with BPSK and ASK @ 868/915 MHz Handling Security in In-Network Processing in WSN. Benefits of In-Network Processing 1. Improved Scalability – reduction of data through aggregation 2. Prolonged Lifetime - less communication overhead due to aggregation. 3. Increased Versatility – easy dissemination of commands Two types of In-Network Processing 1. upstream - aggregation of data send by nodes to aggregator & base station 2. downstream – disemination of commands from aggregator & base station to leaf nodes
  3. 3. Objectives Handling security issues such as DOS attacks, eavesdropping, tampering, physical compromise of nodes in both. 1. Secure Data Aggregation - authentication of reported data by aggregators send by nodes. 2. Secure Data Assemination - authentication of commands by nodes send by aggregators Aggregators functions 1. dissemination of commands 2. aggregation of data 3. create & dissolve subgroups 3 issues in Delegating trust to Aggregators. 1. Nodes & aggregators should understand & identify their sensor group. 2. Aggregators can disseminate commands that are trusted by nodes 3. nodes can send trusted data to aggregators
  4. 4. Delegation of Authorization It is a technique used by base station to delegate aggregators for a limited period of time. Motive is to distinguish between commands originating from aggregators of particular sensor group & malicious node Two mechanisms proposed 1. One-way hash chain 2. µtesla protocol 1. One-way hash chain (OHC). It is generated by one-way hash function F which satisfies following properties: (I) Given x it is easy to compute y such that y = F(x). (II) Given y it is computationally infeasible to compute x. an OHC is a sequence no. K0,K1,... Kn-1,Kn for all j such that 0 < j < = n Kj-1 = F(Kj) To delegate trust to aggregators, base station creates separate hash chains for each aggregator. OHCi : Oim, Oim-1 ….. Oi0 for each sensor group SGi Oim is send to the aggregator & Oi0 is send to every other node in the sensor group SGi. Kth packet send by agi includes Oik. .& Fk(Oik) = Oi0 which is calculated by receiving node. 2. µtesla protocol It is improvement over one-way hash chain. This protocol requires that the base station & nodes are loosely time synchronized, & each node knows the upper limit of maximum synchronization error. Sender of broadcast packets maintains a one-way hash chain . (K0,K1,... Kn-1,Kn ) & each sensor node is configured with K0. The base station broadcasts a list containing < SGi.,,agi, Oi0, ri> for each sensor group SGi to all the nodes in the network. In these protocols, if a aggregator is compromised, then it is confined to its own sub-group.
  5. 5. Lightweight Shared Secret Key Establishment Privacy & secrecy of data transfer is maintained between nodes & aggregator by using a separate pairwise secret key. It is called a subkey of sensor node. It can defend sybil attack. Ks,r = G(Ks,r) Ks,r = subkey Ks = unique secret custom key which is preconfigured in sensor nodes & shared with base station only r = random no. Subkey is distributed in 3 step process: 1. Base Station chooses a random no. for each sensor group & creates subkey for each node in that sub group. Then it broadcasts that random no. using utesla protocol. 2. Base Station sends encrypted unicast message to each aggregator that contains subkey for all sensor nodes in the sensor group of that aggregator. 3. Aggregator sends a unicast message to each sensor nodes after which sensor node can identify its sensor group. Efficient secure broadcasts in a small group : Ripple Key Ripple command dissemination is a method within a sensor group that doesn't rely on unicast messages, and doesn't require time synchronization. SG is divided into layers called ripples. Ripples is defined as set of all nodes that are at the same distance (no. of hops) from the ag. . For each ripple a secret ripple key (Krj) is generated that is shared between ag & members of ripple. To disseminate commands, ag sends a separate ripple message for each ripple in the group. Assumption : distance of farthest node from ag is 5 hops or less. Advantages: 1. No need of time synchronization among sensor nodes. 2. No unicast message to each node. Disadvantages: 1. Ag sends same command multiple times for each ripple. 2. Subject to rushing attack 3. Too many layers makes the method inefficient.
  6. 6. Building A Secure Hierarchical WSN : An Integrated Solution There are four rounds present in building secure hierarchical WSN. Round 0 (Preparation) The BS discovers the topology of the complete sensor network & perform some initial preparation Secure Routing protocol such as INSENS. It provides following functionalities: 1. Discovering Topology of WSN 2. Building routing tables in the presence of attacks such as tampering with data, DOS etc The BS configures hierarchical network by dividing it into sensor groups and choosing ag for each group. Round 1 (Group Announcement) BS uses delegation of authorization to mechanism to inform each node the identity of sensor groups such as ag's id, initial sequence no., random no. to generate subkey by broadcasting message. µtesla protocol protects authenticity & integrity of message. After receiving message each node can verify that whether it is from BS or contents of the message is tampered. At the end of round each node has the complete list of sensor groups in the WSN but still it doesn't knows which group does it belongs to. Round 2 (Trust Commitment) The BS sends all information that an ag needs to build a secure sensor such as internal routing information, one-way hash chain & the subkeys of member nodes. At first for each sensor group BS generates subkey for each member node BS then sends unicast message to the aggregator. This message includes <topologyi,ohci,ri,key_listi>. Topology contains all connectivity information among the nodes ohc is one-way hash chain that the ag will use. key_list is the entire key_list that BS creates for the nodes in that group.
  7. 7. Round 3 (Building each Sensor Group) This round provides 4 piece of information to each node in a sensor group. 1. The sensor group it belongs to 2. Its forwarding table for sending & routing data 3. The pairwise shared key it shared with the ag 4. The ripple key of the ripple it belongs to Since the ag has the sensor group topology information, it can compute paths & routing table for each member node by using Breadth-First Search Algorithm. To securely send this information to member nodes, ag sends two unicast message in breadth first manner. 1st message contains – <Oi1,agi,ri,MAC> It tells the node its sensor group & subkey that it shares with ag. 2nd message contains - <fts,KRj> ft is forwarding table of the node. KR is ripple key of that node. Now each sensor node can send its data securely to ag using its subkey Ks,r. Performance Evaluation 1. Network setup overhead A WSN can be divided in level of hierarchies such as each top level hierarchy can be further divided into 2nd level hierarchy & each 2nd level hierarchy can be divided into 3rd level hierarchy & so on. The overall network overhead increases with the no. of levels & hence no. of sensor groups. Network overhead increases in Round 1 & 2 & decreases in round 3 with increasing no. of levels. The reason for increase in network overhead in round 1 is round 1 is repeated for each layer (µtesla broadcast). The reason for increase in network overhead in round 2 is increase in the no. of sensor groups as BS sends unicast message to ag.s at level 1 then ag.s at level 2. The reason for decrease in network overhead in round 3 is as the no. of sensor group increases the no. of nodes in each SG decreases. The overall network setup overhead is relatively small.
  8. 8. 2. In-Network Processing Performance By experiments it is concluded that in-network processing results in a significant reduction in the no. of packets exchanged. While the overhead due to initial network setup results in more packets being exchanged at first in multi-level hierarchy compared to no hierarchy In-network processing consumes less network bandwidth after just a small no of sensor reports. Another observation is that by increasing the no. of levels, the no. of packets exchanged decreases. 3. Aggregator Storage Requirement An aggregator needs to store ripple keys,subkeys, one-way hash chain & topology information of its sensor groups. Memory requirement for one-way hash chain is small as not all values is to be stored. All less no. of ripples keys storage is required. But storage requirement of subkeys & topology increases with the size of sensor group. By conducting experiments we conclude that storage requirement for storing shared pairwise keys & topology information increases linearly with group size.
  9. 9. 4. Aggregator Command dissemination There are two mechanism aggregator can use to send command to all nodes 1 . µtesla 2 . Ripple Keys These two approaches incur much less overhead than unicast approach. The ripple key approach outperforms µtesla for small network size. Thus ripple key approach requires small no. of packets exchange than µtesla. Also ripple key doesn't require time synchronization & suffer from delay key release. If group size is large µtesla results in small no. of packet exchanged. 5. Resource requirements for cryptographic Algorithms. One-way hash chain & Message Authentication Codes (MAC) can be generated using RC5 on berkeley motes. Motes have 4Mhz processor with 128k flash memory, 4k RAM and RFM monolithics TR 1000 radio at 19.2kbps. We use standard CBC mode to generate MAC. Experiments shows that computation & memory requirement for cryptographic algorithms needed to build WSN supporting in-network processing is fairly low. It can be easily supported by current sensor nodes such as motes. cryptographic algorithms take about 2k flash memory & 264 bytes of RAM for data storage .
  10. 10. Analysis of Key Management in Wireless Sensor Networks
  11. 11. Introduction: WSNs come in two flavours: distributed networks and hierarchical networks. In a hierarchical wireless sensor network (HWSN), three types of devices exist: a base station, several cluster heads, and a multitude of sensor nodes. The sensor node can be considered the “worker bees” of the network, whereby they diligently collect data representing various characteristics of its surrounding atmosphere. Pair-wise key management schemes: All pair wise (Single master key): The most trivial solution in terms of resource usage. All nodes are deployed with a single master key. Problems: Since an adversary may capture a node and compromise the key very easily, it has very low resilience. This scheme is not recommended for much more than a test system. All pair-wise (Distinct pair-wise keys): Each node stores all possible pairs in the WSN. For a network of size N, Node Si stores a unique pair-wise key for each one of N-1 sensor nodes in the WSN . However, not all N-1 keys have to be stored in a nodes’ key-chain to have a adequate connectivity. The storage burden is high for each sensor node but resilience is much better than “single master key”. Random pair-wise key scheme: Each sensor node is given a random set of Np pair-wise keys. This gives a probability p that two nodes can connect. “At key setup phase, each node identity is matched with Np other randomly selected node IDs with probability p” . For each matched pair of nodes a pair-wise key is generated. The key is then stored in both nodes’ key- chain along with an ID of other node. 2Np units of memory are use in each node to store the complete keychain. During the shared-key discovery phase, all nodes broadcast their ID. As a result, each node sends and receives one message from the other nodes within its radio range .
  12. 12. Closest pair-wise keys pre-distribution scheme: In this scheme Location information is used to improve the key connectivity. Sensor nodes are deployed in a two dimensional area similar to a grid. All sensors locations are predicted by a setup server. Each sensor shares pair-wise keys with its c closest neighbors. In the key setup each sensor node SA is given a unique key KA and a set “c” of it’s closest neighbors SB1, . . . , SBc are selected. For each pair (SA, SBi), a pair- wise key KA,Bi = PRF(KBi |IDA) is generated. All these pair-wise keys and Ids makeup the keychain of SA, Node SBi only stores the key KBi and the PRF. Each sensor uses 2c+1 units of memory to store its key-chain [3][4]. This scheme makes deployments of new nodes easier, decreases memory usage, and has good key connectivity if deployment errors are kept low. ID based one-way function scheme (IOS): This scheme is based on a connected r-regular graph G of the expected deployment. The graph is composed of star-like sub graphs. The sub graphs are used to distributed the pair-wise keys to the appropriate nodes. Each sensor node is the center of one star-like graph and a leaf of r/2 star-like sub graphs. Each node uses r + 1 units of memory to store keys and key IDs . Very good key resilience. Multiple IOS: Multiple IOS is meant to improve the scalability of ID based one-way function scheme
  13. 13. (IOS). Every node in graph G corresponds to l nodes SA =SA1, . . . , SAl. Each sensor node SAi stores a common key KA and a secret Hash(KB|IDAi). Every node SBj in the class of node SB, can use common key KB to generate the secret Hash(KB|IDAi) for node SAi [3][4]. Memory usage decreases by a factor of l. Broadcast session key negotiation protocol (BROSK): A single master key is pre-deployed to all sensor nodes. Sensor node pairs (Si, Sj) then exchange randomnonce values. The master key Km is used to establish session key Ki,j = PRF(Km|RNi|RNj). Only one unit of memory is used (by each node) to store the master key. If the master keyis compromised, then all links are compromised therefore the scheme has very low resilience . Protocols for Distributed Key Management in Clustered Wireless Sensor Networks Aim: To provide security to one-to-all and one-to-one communication In WSN. Related Terms: Rekey Interval, Periodic Rekeying , Rekeying with Cluster Dynamics: The Rekey Interval can be defined as the period with which encryption key of a node is changed to a new one. If the network topology does not change within the rekey
  14. 14. interval, the new key can be easily distributed to all the nodes by encrypting it with the existing key. Each node decrypts the new key using the existing key and designates the new key as its current key. This way of rekeying is called Periodic Rekeying. If the network topology changes within the rekey interval due to joining of new nodes or leaving of existing nodes, then the rekeying method applied at this time is called Rekeying with Cluster Dynamics. Key Management Protocols: The aim of the key management protocols is to provide security to all the one-to-all and one-to-one data communications. This requires formation of a network wide key shared by all members of the network, pair-wise keys shared between every Cluster Head and a cluster member and a Cluster key shared by all members of each cluster. We assume that in a WSN there are one or more clusters. Each cluster is having a Cluster Head decided by the HEED algorithm. The Cluster Head has a share a pair- wise key with each of its cluster members. Notations in the Key Management Protocols
  15. 15. Initial key distribution protocol Initial cluster key distribution protocol: Initial Network Key Distribute protocol: