1 Secure In-Network Aggregation for Wireless Sensor Networks Bo Sun Department of Computer Science...
Transcript of 1 Secure In-Network Aggregation for Wireless Sensor Networks Bo Sun Department of Computer Science...
1
Secure In-Network Aggregation for Wireless Sensor Networks
Bo Sun
Department of Computer Science
Lamar University
Research Supported by Texas Advanced Research Program under Grant 003581-0006-2006
2
Outline of Presentation• Introduction and Motivation• Assumptions and Network Model• Local Detection
– Challenges
– Extended Kalman Filter based Monitoring
– CUSUM GLR based Monitoring
• Collaboration between Intrusion Detection Module (IDM) and System Monitoring Module (SMM)
• Performance Evaluation• Conclusions and Future work
3
Introduction and Motivation
4
Wireless Sensor Networks (WSNs)
Target
Base Station
Internet
User
Sensor Node
Sensor Node
Sensor Field
•Many simple nodes with sensors deployed throughout an environment
Sensing + CPU +Radio = Thousands of Potential Applications
5
Why do we need Aggregation in WSNs?
• Example Query:– What is the maximum
temperature in area A between 10am and 11am?
– Redundancy in the event data
• Solution: Combine the data coming from different sources
• Eliminate redundancy• Minimize the number of
transmissions
2
1
3
4
5
6
Secure In-Network Aggregation Problem
I
C D
B
E
HA
F
G
Base Station
JK LM
NWireless Sensor Node
Data Transmission
Legend
v1 v2
v3
vi Sensor Measurement
f(v1, v2, v3)
f Aggregation Function
7
Observation
• There is very little work that aims at addressing secure in-network aggregation problem from the intrusion detection perspective
• Our Work– We set up the normal range of the neighbor’s
future transmitted values– We propose the integration between System
Monitoring Modules and Intrusion Detection Modules
8
Intrusion Detection Systems (IDSs)
Intrusion Prevention(Encryption, Authentication,etc.): Not Enough
Weakest Point
IntrusionDetection
LayeredProtection
Security Failure
IntrusionTolerance
• Why do we need IDSs?
• Goal: Highly secured Information Systems
9
1) Misuse Based Detection2) Anomaly Based Detection3) Combination of 1) and 2)
Intrusion Detection Systems
System
NormalActivities
IntrusiveActivities
DetectionEngine
Probes Audits
Database Configuration
Intrusion ResponseAlarms
10
Challenges
• It is difficult to achieve the real aggregated values– High packet loss rate– Individual sensor readings are subject to
environmental noise– Uncertainty of the aggregation function
• Sensor nodes suffer from stringent resources
11
Challenges
12
Assumptions and Network Models
13
Assumptions
• The majority of nodes around some unusual events are not compromised
• Falsified data inserted by compromised nodes are significantly different from real values
14
Network Models
N
Aggregation Node
N1 N2 Nn
v1 v2
vn
15
Local Detection
16
Kalman Filter• A set of mathematical equations
– Recursively estimate the state of a process
• Time Update: Project the current state estimate ahead of time
• Measurement Update: Adjust the projected estimate by an actual measurement
17
Extended Kalman Filter based Monitoring
18
Extended Kalman Filter based Monitoring – System Dynamic Model
• Process Model
• Measurement Model
19
Extended Kalman Filter based Monitoring – System Equations
• Time Update– State Estimate Equations:– Error Project Equations:
• Measurement Update– Kalman Gain Equation:– Estimate Update with Measurement:
– Error Covariance Update Equation:
20
EKF based Local Detection Algorithm
21
CUSUM GLR based Location Detection
• EKF based solution ignores the information given by the entire data sequence
• EKF based solution is not suitable if an attacker continuously forge values with small deviations
• Solution
– Cumulative Summation (CUSUM) Generalized Likelihood Ratio (GLR)
22
An Example of CUSUM • Cumulative sum:
Source: D.C. Montgomery (2004).
23
CUSUM GLR based Location Detection
24
Collaboration between IDM and SMM to Differentiate Malicious Events from
Emergency Events
Co-DetectorsNormal Nodes
Compromised Node
Compromised NodeFire
False Report
False ReportAlert Transmission
Base Station
25
Performance Evaluation
26
Simulation Setup
• Aggregation Function– Average, Sum, Min, and Max
• Simulation– Different packet loss ratio: 0.1, 0.25, 0.5– D: Attack Intensity
• The difference between attack data and normal data
• Performance Metric– False Positive Rate– Detection Rate
27
Performance Evaluation – Average of EKF
28
Performance Evaluation – Average of CUSUM GLR
29
Performance Evaluation – Sum of EKF
30
Performance of Evaluation – Sum of CUSUM GLR
31
Performance Evaluation – Min of EKF
32
Performance Evaluation – Min of CUSUM GLR
33
Performance Evaluation – Max of EKF
34
Performance Evaluation – Max of CUSUM GLR
35
Related Work
• Hu and Evans’ secure Aggregation
• Secure Information Aggregation
• Secure Hierarchical In-Network Aggregation
• Secure hop-by-hop data aggregation
• Topological Constraints based Aggregation
• Resilient Aggregation
36
Conclusions and Future Work
• Conclusions– Extended Kalman Filter based approach can
provide an effective local detection algorithm– Intrusion Detection Module and System
Monitoring Modules should work together to provide intrusion detection capabilities
• Future Work– Large scale test of the proposed approach– Further elaboration of interactions between IDM
and SMM
37
Thank You !