Lecture14

Views:
 
Category: Entertainment
     
 

Presentation Description

No description available.

Comments

Presentation Transcript

PowerPoint Presentation:

Wireless Sensor Networks ESE680: Wireless Sensor Networks Special Topics in Embedded Systems Security - I Lecture #14 Prof. Rahul Mangharam

Previous Lecture:

Wireless Sensor Networks Previous Lecture Current Model of Programming WSNs NesC, C, Assembly, Zigbee Stack on bare metal Virtual Machines Mate Database Centric TinyDB Macro-programming Regiment File System Centric Unix, Plan 9, Inferno

Thought for the Day:

Wireless Sensor Networks Thought for the Day

Outline of This Lecture:

Wireless Sensor Networks Outline of This Lecture Need for security Attacks on WSNs How to exploit them? Challenges in WSN Security

Sensor Networks are Here!:

Wireless Sensor Networks Sensor Networks are Here! Burglar alarm in museum Semiconductor fabrication plant Chemical manufacturing plant, oil refinery Biology measurements Structural health monitoring What if anyone had access to this sensitive data?

Security: Why?:

Wireless Sensor Networks Security: Why? Vitek Boden Arrested in Queensland, Australia on April 23, 2000 Found guilty of computer hacking Took control of municipal water system Dumped ~1 million liters of raw sewage into local waterways and parks Who cares if someone “steals” the temperature data? Ummm… nobody?

Example: Hotel Sensor Network:

Wireless Sensor Networks Example: Hotel Sensor Network Every room is equipped with a sensor node measuring light intensity, temperature, and humidity Applications Determine occupancy to direct fire fighters Detect energy drainage caused by open windows Detect water leaks Detect break-ins Detect fire

Private Information Disclosure:

Wireless Sensor Networks Private Information Disclosure Much private information is leaked by temperature, humidity, and light measurements Light intensity readings may reveal: Shadows cast onto sensor can reveal information about motion of people Fine-grained light intensity values can reveal TV channel Humidity readings may reveal: Presence of people People talking Alcohol consumption

Need for Security?:

Wireless Sensor Networks Need for Security? Hotel sensor network simply sends all sensed information over wireless network to base station, without using encryption Security not necessary, right? Wrong!

Security is Important!:

Wireless Sensor Networks Security is Important! Even for seemingly benign hotel application, security is crucial Privacy risks Burglars can figure out room occupancy Pranksters can fake fire alarm Some may argue that same issues exist without sensor network Can easily listen on door, try to spy through window However, sensors make large-scale attacks trivial! Wireless Sensor Networks Easily obtain instant information about entire hotel

Importance of Security in Sensor Applications:

Wireless Sensor Networks Importance of Security in Sensor Applications Manufacturing applications: prevent competitor from detecting production volumes or potential manufacturing problems Pollution monitoring: prevent data tampering Healthcare applications: privacy! Power grid surveillance: prevent malicious data injection SCADA networks: can blow up refineries, chemical plants

A Quick Tutorial of Encryption:

Wireless Sensor Networks A Quick Tutorial of Encryption

Some definitions:

Wireless Sensor Networks Some definitions κρυπτός kryptós "hidden," and the verb γράφω gráfo “to write" Cryptology: the study of communication over non-secure channels, and related problems Cryptography: the process of designing secure communication over channels Cryptanalysis: Analysis of cryptographic codes, and the methods to break them Coding theory: ensures that received message is the correct one.

The basic setup:

Wireless Sensor Networks The basic setup TRIVIA: Alice and Bob. Generally, Alice wants to send a message to Bob. These names were used by Ron Rivest in the 1978 Communications of the ACM article presenting the RSA cryptosystem, and in A Method for Obtaining Digital Signatures and Public-Key Cryptosystems published April 4, 1977, suggested by others.

The basic setup:

Wireless Sensor Networks The basic setup

Basic Elements:

Wireless Sensor Networks Basic Elements Plaintext: original message with no transformation Ciphertext: plaintext message after modification to obscure it from normal usage and readability encryption converts plaintext into ciphertext decryption converts ciphertext into plaintext Cryptographic algorithm: mathematical operation used to convert plain text into ciphertext Key: secret key used to encrypt or decrypt the message good algorithms: NOT necessary to keep the algorithm secret!

Eve’s goals:

Wireless Sensor Networks Eve’s goals Read the message Find the key and read all the messages Corrupt Bob’s message into another message Masquerade as Bob, and communicate with Alice, who thinks she is communicating with Bob

Eve’s possible attacks:

Wireless Sensor Networks Eve’s possible attacks Ciphertext only Known plaintext: Eve knows both Plain and ciphertext Chosen Plaintext: Eve has access to the encryption machine Chosen ciphertext: Eve gains access to the decryption machine

Kerchoffs’s Principle:

Wireless Sensor Networks Kerchoffs’s Principle “In assessing the security of a cryptosystem, one should always assume the enemy knows the method being used” The security of the system will depend exclusively on the key and not on the obscurity of the algorithm Two types of keys: Private or symmetric keys Public keys

Breaking a Cryptographic Algorithm:

Wireless Sensor Networks Breaking a Cryptographic Algorithm Crypto-analysis: trace patterns based on plaintext to re-generate key good algorithms generate noisy ciphertext with no discernible patterns Brute-force guessing: keys longer than 128-bits (1038 possibilities) are considered to be acceptable

Private or Symmetric Key Systems:

Wireless Sensor Networks Private or Symmetric Key Systems Private or symmetric key systems rely on symmetric encryption algorithms where information encrypted with a key K can only be decrypted with K . communicating parties share a cryptographic key or password also called a “secret”. The key should never be transmitted

Type of ciphers:

Wireless Sensor Networks Type of ciphers Stream ciphers: data are fed into algorithm in small pieces (bits) and the output is made of corresponding small pieces Easy to break Not used anymore Block ciphers: a block of input bits is collected and fed into an algorithm and the output is a block of bits Increased security Used in symmetric key cryptography

Symmetric Cryptography:

Wireless Sensor Networks Symmetric Cryptography Secret key is exchanged via some other secure means (hand-delivery, over secured lines, pre-established convention) Examples: Data Encryption Standard (DES) from the 70’s 56-bit keys and encryption is done in 64-bit blocks uses cipherblock chaining: encryption of each block depends on the contents of the previous one can be broken! Triple DES , DESX, GDES and RDES decrease the risks of DES by using longer keys message is encrypted with one secret key, next decrypted with a second secret key, and finally encrypted again with the first secret key equivalent to 112-bit keys

Symmetric Cryptography (cont.):

Wireless Sensor Networks Symmetric Cryptography (cont.) RC2, RC4 and RC5 proprietary algorithms proposed by RSA Data Security Inc. variable-length keys as long as 2048 bits algorithms using 40-bits or less are used in browsers to satisfy export constraints IDEA (International Data Encryption Algorithm, patented) 128-bit secret key, more secure than unmodified DES used in email encryption software such as PGP and RSA Blowfish unpatented symmetric algorithm; uses a variable-length key up to 448 bits long becoming popular in many commercial and freeware encryption products

Advanced Encryption Standard (AES):

Wireless Sensor Networks Advanced Encryption Standard (AES) New standard chosen by NIST in 2000 Came into effect in 2002 Most used symmetric key cryptographic system AES has a fixed block size of 128 bits and a key size of 128, 192 or 256 bits More secure than DES Fast, easy to implement, requires little memory

Limitations of Symmetric Cryptography:

Wireless Sensor Networks Limitations of Symmetric Cryptography Parties that have not previously met cannot communicate securely what about spontaneous communications on the internet Many people need to communicate with a server (many-to-one communications) cannot keep server key secret for long Once the secret key is compromised, the security of all subsequent messages is suspect and a new key has to be generated Authentication service must know private key privacy implications---someone else knows your key two possible points of attack changing authentication service requires a new key

Public Key Cryptography:

Wireless Sensor Networks Public Key Cryptography Idea: each player has a pair of keys, one is published (called the public key) and the other is secret (called the private key) Encryption: use the player’s public key Decryption: only the player with the private key can decrypt Signature: encrypted using a private key, everyone else could verify it using the public key Was a revolution in cryptography first suggested by Diffie-Hellman

Examples of Public Key Algorithms:

Wireless Sensor Networks Examples of Public Key Algorithms RSA (named for its inventors Ronald Rivest, Adi Shamir and Leonard Adelman) patented by RSA Data Security Inc. basis for all Web and secure e-mail software variable key lengths ranging from 512 to 1024 bits El Gamal (named for its inventor, Taher El Gamal) variable key-lengths ranging from 512 to 1024 bits

Properties of Public Key Algorithms:

Wireless Sensor Networks Properties of Public Key Algorithms These algorithms are based on computationally intensive problems such as finding the prime factors of large numbers. Longer the length of the key pair, the more time it takes to compute the private key Keys used in today’s internet will take millions of years to crack using today’s technologies

Public Key Problems:

Wireless Sensor Networks Public Key Problems Keys are usually very long and encryption is expensive RSA encryption is a 1000 times slower than typical symmetric algorithms hard to remember secret key - where do you store it? typically only used for authentication, then a random key and a symmetric encryption algorithm is used for subsequent communication Multicast is problematic Better to authenticate using public key algorithm, then use random key with symmetric algorithm How do you know you have the right public key for a principal? Public key is usually distributed as a document “signed” by a well known and trusted certification authority (e.g. Verisign). This is called a certificate. How do you determine if signature is up-todate?What if the key has been compromised?

Properties of Public Key Cryptosystems:

Wireless Sensor Networks Properties of Public Key Cryptosystems They are slow, really slow! three orders of magnitude slower than DES mainly used as key exchange tool Scientists are supposed to be real “smart” and love to solve difficult problems but even they hope to never solve factoring if you can find a quick solution, fame, dollars and perhaps even danger lurk!

Public vs Private Key Systems:

Wireless Sensor Networks Public vs Private Key Systems Private key: + encryption is fast – identity is not easily portable across authentication services – secret key must be held by server + good for structured, organizational security Public key: – encryption is slow + identity is inherently portable + secret key need not ever be revealed + provides digital signatures + good for individuals in loosely structured networks

“Common Key” Establishment:

Wireless Sensor Networks “Common Key” Establishment Key Agreement Every pair agrees on a key (public key exchange) Completely decentralized Authentication problem (Alice is not Alice), need a trusted entity Computationally expensive Key distribution (Blom Key Pre-distribution scheme) The keys are distributed to users Easier to implement Requires a trusted source to manage the process Bound produce to bottlenecks

Key Agreement:

Wireless Sensor Networks Key Agreement Allows two parties to agree on a shared key Provides part of the required secure channel for exchanging a conventional encryption key

Hash Functions:

Wireless Sensor Networks Hash Functions Creates a unique “fingerprint” for a message Anyone can alter the data and calculate a new hash value Hash has to be protected in some way

Message Authentication Codes (MACs):

Wireless Sensor Networks Message Authentication Codes (MACs) Adds a password/key to a hash

Now, let’s return to our original programming:

Wireless Sensor Networks Now, let’s return to our original programming

Threats to WSNs:

Wireless Sensor Networks Threats to WSNs Attacker Model: Outsider Attack : attacker is not part of the network Eavesdropping, replay, block, modify, forge Jamming Disable sensor nodes by exhausting its resources Tamper, destroy nodes Insider Attack: attacker is part of the network (compromised or intruder) Runs malicious code Compatible radio Authorized to participate in the sensor network Knows the key and is authenticated

Security Requirements:

Wireless Sensor Networks Security Requirements Robustness against Outsider Attacks: Standard cryptographic techniques can be applied Resource constraints and spatial distribution make the problem not trivial Detection of failed nodes Resilience to Insider Attacks Ensure graceful degradation Develop intruder detection algorithm Revoke key Ostracize from the network Reconfiguration

Security Requirements:

Wireless Sensor Networks Security Requirements Data Authentication Necessary to detect maliciously injected packets Provides data integrity Does not provide solution to Insider’s attacks Data Secrecy Effective against eavesdropping Cryptographic techniques Encryption function Shared key Insider’s attack prove more difficult to counter Use multiple range of the of keys limit the attack

Security Requirements:

Wireless Sensor Networks Security Requirements Availability: Preserve functionality of nodes during their lifetime Jamming, Denial of service attacks affect availability Service Integrity Localization, data aggregation, estimation, control can all be affected by both insider and outsider attacks

Sensor Security Requirements:

Wireless Sensor Networks Sensor Security Requirements

Sensor Security Requirements:

Wireless Sensor Networks Sensor Security Requirements

Sensor Security Requirements:

Wireless Sensor Networks Sensor Security Requirements

Generic Attacks:

Wireless Sensor Networks Generic Attacks Need to defend against generic attacks Denial-of-service attacks Battery-drainage attacks Sybil attacks Node replication attacks

Sensor Network DoS Attacks:

Wireless Sensor Networks Sensor Network DoS Attacks What sensor network resources are susceptible to DoS attacks? Energy! Sensor nodes run off a battery, usually node unavailable after battery drained Communication: especially since communication requires much battery energy Computation: slow processor makes many operations expensive Digital Signature (RSA 1024): ~10s generation, ~1s verification However, computation is much cheaper than communication: sending/receiving 1 bit requires as much energy as executing Wireless Sensor Networks 10,000 instructions!

Attacker Assumptions:

Wireless Sensor Networks Attacker Assumptions Attacker launches external and internal attacks External attack: attacker introduces additional nodes into sensor network, but does not know any cryptographic material Internal attack: attacker physically compromises sensor nodes and extracts all cryptographic keys Discussion: how realistic is physical compromise and what countermeasures can we apply against tampering?

Sensor Network DoS Attacks:

Wireless Sensor Networks Sensor Network DoS Attacks Analyze DoS attacks based on protocol layer Physical layer Link layer Network layer Transport layer Application layer

Physical Layer DoS Attacks:

Wireless Sensor Networks Physical Layer DoS Attacks External attacker can easily perform jamming attacks To jam communication, an attacker continuously sends or produces a signal, interfering and preventing standard communication Countermeasures Frequency hopping Spread spectrum communication Map jammed region and route around Consider attacker who jams with a compromised node, what are issues? Regular jamming will quickly drain battery Smart jamming only sends quick interference bursts to conserve battery energy

Link layer DoS Attacks:

Wireless Sensor Networks Link layer DoS Attacks Many attacks are possible on specific implementation of Medium Access Control protocol (MAC not to be confused with MAC) Packet collision attack is type of jamming Instance of smart jamming, short burst partially corrupts packet causing checksum computation to fail Exploit MAC layer protocols RTS/CTS: Single CTS packet prevents other nodes from communicating Backoff timers make DoS increasingly cheap Countermeasures Short frames result in less damage Authentication of all MAC-layer messages

Network & Transport Layer DoS:

Wireless Sensor Networks Network & Transport Layer DoS Routing and forwarding provide for ample opportunities to perform DoS attacks Suggestions?

Application layer DoS Attacks:

Wireless Sensor Networks Application layer DoS Attacks Many applications susceptible to resource consumption attacks Any expensive operation can be exploited, e.g., signature generation or verification Mechanisms to increase efficiency for higher importance requests are often susceptible General DoS countermeasures (all layers) Rate limiting at all levels Authentication of all messages Require consensus/voting to limit effect of DoS to local neighborhood

The Sybil Attack:

Wireless Sensor Networks The Sybil Attack The multiple identities attack Relevant in many wired and wireless contexts Voting Resource allocation Trust establishment

The Sybil Attack:

Wireless Sensor Networks The Sybil Attack

Multi-path Routing:

Wireless Sensor Networks Multi-path Routing

PowerPoint Presentation:

Wireless Sensor Networks

Voting:

Wireless Sensor Networks Voting

Voting:

Wireless Sensor Networks Voting

Voting:

Wireless Sensor Networks Voting

PowerPoint Presentation:

Wireless Sensor Networks

Sybil Attack Defenses:

Wireless Sensor Networks Sybil Attack Defenses Resource Testing, Douceur(IPTPS’02) Computation Storage Communication

Standard Security Protocols:

Wireless Sensor Networks Standard Security Protocols Why not simply leverage standard security protocols? SSL/TLS, SSH, IPsec work just fine. Challenge: severe resource constraints! Limited battery lifetime Limited processing Limited memory capacity Asymmetric cryptographic operations may require on the order of seconds Sensor deployed in unprotected areas without tamperproof hardware

Sensor Nets vs. Ad Hoc Nets:

Wireless Sensor Networks Sensor Nets vs. Ad Hoc Nets

Sensor Network Advantages:

Wireless Sensor Networks Sensor Network Advantages Seems like sensor network security is quite impossible? Fortunately, sensor networks have features that support security Large-scale: time-consuming to physically compromise large fraction of nodes High redundancy: tolerate small fraction of compromised nodes Approximate results ok Single deploying entity, single trust domain

Ideal Secure Sensor Network:

Wireless Sensor Networks Ideal Secure Sensor Network Assume commodity low-cost sensors Provide simple configuration and maintenance Tolerate installation errors by non-expert installer Provide availability of application, integrity and secrecy of information, even if attacker compromises and controls fraction of sensor nodes

Secure Node-to-Node Communication:

Wireless Sensor Networks Secure Node-to-Node Communication Most basic security primitive is secret and authentic node-to-node communication Message encryption achieves secrecy Message authentication code achieves authenticity Assumptions Trusted base station Communicating nodes share secret key Approaches SPINS – SNEP TinySec ZigBee MiniSec

Summary of Lecture:

Wireless Sensor Networks Summary of Lecture Importance of security in Sensor Networks Crash course in cryptography Threat models Types of attacks

authorStream Live Help