Energy Saving In Sensor Network Using Specialized Nodes Shahab Salehi EE 695.
EE 418 Project 2: Key Distribution in Wireless Sensor Networks
-
Upload
steel-joseph -
Category
Documents
-
view
15 -
download
0
description
Transcript of EE 418 Project 2: Key Distribution in Wireless Sensor Networks
EE 418 Project 2: Key Distribution in Wireless Sensor
NetworksProfessor Radha Poovendran
Andrew Clark
Project Guidelines
• Groups of up to 4 are allowed• Due December 15 during the exam• Four parts
– Key distribution problems– Node Capture Attack Simulation– Analysis of Node Capture Attack– Route Capture Attack Simulation
• Groups are required to complete three of the four parts
Outline
• Sensor networks and their applications• The key distribution problem• The Eschenauer-Gligor scheme• Non-cryptographic attacks:
– Node capture– Link capture– Route capture
• Modifications of the EG scheme• Conclusion
Wireless Sensor Networks
• Emerging technology with many potential applications
Inventory Tracking Fire Detection
Patient Monitoring Battlefield Surveillance
Network Model
1 2
34
5
6
7
• Network of N sensor nodes, indexed {1,…,N}
• Two nodes can communicate if they are within radio range
• May lack supporting infrastructure (e.g. base station)
• Computing power, battery lifetime of nodes limit range of protocols used
• In some applications, no public key crypto!
1 2
34
5
6
7
Key Distribution
1 2
34
5
6
7
• In order to communicate, two sensor nodes must share a key
• Moreover, if two nodes communicate via multiple hops, then each pair of nodes along the path must share a key
• How do we guarantee that the network is connected if the network topology is not known in advance?
1 2
34
5
6
7
Naïve Approach
• Every node is preloaded with a secret key for every other node
• Problems:– Storage constraints in individual nodes and
the network as a whole • If you have 1000 nodes, each node needs to store
999 long keys, and the total number of keys is ~1000000
– Updating the network becomes difficult
• Not practical for large networks!
Random Predistribution
• Eschenauer and Gligor (2002) proposed a novel and straightforward scheme.
• A pool of P keys is generated randomly.
• Each node is preloaded with a random collection of k keys from the pool.
• The number of keys per node is a design parameter.
1 2
3
4
5
6
7
1
3
5
6
7
P = 8
k = 3
{k1, k2, k4}
{k2, k3, k5}
{k1, k5, k6}
{k2, k5, k8}
{k3, k6, k8}
{k6, k7, k8}
{k3, k4, k8}
Ensuring Connectivity
• How do we choose k and P?
• First, find p according to the equation:
• Pc is the probability that a network of n nodes is connected, assuming that each
pair of nodes share a link with probability p.
•E.g. suppose we want a network of size n=10000 to be connected with probability 0.99. Then we have exp{-e-c} = 0.99, so c = -log(-log(0.99)) = 4.6 and p = log(10000)/10000 + 4.6/10000 = 0.0014
• Hence in this example, if two nodes share an edge with probability 0.0014, then the network is connected (assuming each node’s radio range is infinite)
Ensuring Connectivity
• Using p, we can find d, the expected degree of each node in the network to ensure connectivity:
d = p*(n-1)
• We can use d (rather than p) to characterize the network
• One problem: so far, we have neglected to take radio range into account!
Ensuring Connectivity
• Suppose that, due to range constraints, each node can only connect to n’ of its neighbors.
• In this case, we want the probability of connectivity to be p’ = d/(n’-1) to ensure that the whole graph is connected.
Ensuring Connectivity
• Given p’, we can then find values of P and k using the equations on page 5 of [1]:
Ensuring Connectivity
• In summary, we have the following approach:
• Given n (number of nodes) and Pc (design constraint), find c and p using Erdos’s formula
• Calculate d = p*(n-1)• If the neighborhood size is n’ (due to radio
range), find p’ = d/(n’-1)• Choose P and k so that Pr(two nodes share a
key) = p’
Random Key Distribution
From a security standpoint, can you think of a problem with assigning keys in this way?
Node Capture Attacks
• The adversary may have a hard time attacking security through cryptanalysis
• However, recall that the network is unmonitored for extended periods
• We consider “node capture attacks”, in which the adversary steals the key by physically capturing a node
• The EG scheme is especially vulnerable because many different nodes may share the same key
Node Capture Attacks
• The first type of attack is the seed cover attack, in which the adversary attempts to recover the entire key pool (or at least a large subset of it).
• This is equivalent to the set-covering problem
– Can use efficient “greedy” heuristic
– At every iteration, capture the node with the most unknown keys
1 2
3
4
5
6
7
1
3
5
6
7
P = 8
k = 3
{k1, k2, k4}
{k2, k3, k5}
{k1, k5, k6}
{k2, k5, k8}
{k3, k6, k8}
{k6, k7, k8}
{k5, k7, k8}
P’ = {k1, k2, k4, k3, k6, k8, k5, k7}
Node Capture Attacks
• The second type of attack is the link cover attack.
• Note that it may not be necessary for the adversary to capture all the secret keys; he may only have to capture enough to compromise all the links
• This is another set-covering problem
Link Cover Example
Performance
The q-composite Scheme
• In [2], the authors proposed different methods for mitigating the node capture problem
• In the q-composite scheme, q shared keys between nodes to are needed to communicate.
• The shared key between two nodes is then K = hash(k1||…kq)
• The adversary must therefore capture all q keys to break the link
1 2
3
4
5
6
7
1
3
5
6
7
P = 8
k = 3
{k1, k2, k3}
{k2, k3, k5}
{k1, k5, k6}
{k2, k5, k8}
{k5, k6, k8}
{k6, k7, k8}
{k5, k7, k8}{k2, k5}
{k7, k8}{k2, k3} {k5, k8}
{k6, k8}
The q-Composite Scheme
• Under the q-Composite scheme, the probability that Eve can compromise the link between two nodes by capturing random nodes is the top equation, where:
– |S| is the key pool size, m is the number of keys per node
– p(i) is the probability that two nodes share exactly i keys
– p is the probability that two nodes share at least q keys
– x is the number of nodes Eve will capture
Multipath Reinforcement
• Suppose A and B have a secure link between them (i.e., they share a key k)
• We can improve the security of the link by updating its key after the initial setup.
• If there are m disjoint routes between A and B, then A can generate random numbers v_1, …, v_m and send each number (encrypted, of course) along a different route
• The shared key will then be k’ = k xor v1 xor … xor vm
Example
Route Capture Attacks
• The final kind of attack we will consider is the route capture attack [4].
• Route capture attacks take advantage of the fact that traffic in a WSN has to be routed between nodes that are far apart.
• Thus if we capture certain “bottleneck” nodes, we can observe a lot of the network traffic.
Node Capture Attacks
• We want to define a way to quantify how vulnerable a route is after a certain number of keys is captured.
• For a route between source node s and destination d, we define a function Vsd
• Let C be a set of nodes that we can capture. Then we want:– Vsd(C) = 0 if C is empty– Vsd(C) between 0 and 1 if there is still some security
to the route– Vsd(C) = 1 if the route has been compromised.
Node Capture Attacks
• Suppose we have such a function Vsd. Then, given a set of pairs (s,d) and a set of routes Rsd between them, define the incremental node value by
• Now, we can implement a greedy algorithm not unlike that from the previous section
• At each iteration, we capture the node with the largest incremental node value.
Node Capture Attacks
• The adversary can choose Vsd in order to reflect his or her goals.
• An example in [4] is
Explanation of Terminology
Summary
• By using random key distribution, we can develop secure communication in a sensor network with limited storage
• This distribution scheme is vulnerable to attack:– Seed cover– Link cover– Route cover
• There are techniques for mitigating these vulnerabilities.
Questions?