1 security of sensor networks tanya roosta trust seminar uc berkeley, november 9, 2006

1

Security of Sensor Networks

Tanya Roosta

TRUST Seminar

UC Berkeley, November 9, 2006

2

Overview

Taxonomy of attacks on sensor networks Convergence analysis of Reweighted-Tree sum-

product algorithms Time synchronization security Reputation system for tracking Game theory

3

Overview

Taxonomy of attacks on sensor networks Convergence analysis of Reweighted-Tree sum-

product algorithms Time synchronization security Reputation system for tracking Game theory

4

Background on Sensor Network

Wireless networks consist of a large number of motes self-organizing, highly integrated with changing

environment and network Highly Constrained resources

processing, storage, bandwidth, power Facilitate large scale deployment

Health care Surveillance Critical infrastructure

5

Motivation Sometimes deployed in hostile environment, and

have random topology Vision is to integrate sensors into critical

infrastructure, such as wireless Supervisory Control And Data Acquisition systems (SCADA)

Traditional security techniques can not be applied because …

6

Challenges Unique to Sensor Networks Random Topology Secure aggregation Context privacy [PMRSSW06] Scalability of trust/key management schemes Power and computation efficiency

[PMRBSSW06] “Sameer Pai, Marci Meingast, Tanya Roosta, Sergio Bermudez, Shankar Sastry, Stephen Wicker. “Privacy in Sensor Networks: A Focus On Transactional Information”. Under submission to IEEE Security and Privacy Magazine

7

Security Attacks on Sensor Networks

Need to have a comprehensive taxonomy of security and confidentiality attacks on sensor networks to describe [RSS06]: Attacker’s goal Trust model Security requirements Various types of attacks

[RSS06] Tanya Roosta, Shiuhpyng Shieh, Shankar Sastry. "Taxonomy of Security Attacks on Sensor Networks". IEEE International Conference on System Integration and Reliability Improvements 2006

8

Attacker’s Goal

Eavesdropping (outsider attacker) Disruption of applications (insider attacker) Subverting a subset of sensor nodes (insider

attacker)

9

There is usually a central base station that gathers all the data reported by the sensor nodes

Only trust assumption: the base station is trustworthy

No other trust requirement is placed

Trust Model

10

Security Requirements

Confidentiality Authentication Integrity Freshness Secure Group Management Availability Graceful degradation

11

Cryptography

Cryptography is the first line of defense Cryptography helps with message integrity,

authentication, and confidentiality TinySec: symmetric key cryptographic algorithm TinyECC: Elliptic Curve Cryptography (ECC)

Cryptography can not solve all the problems of security in sensor networks

12

Security Attacks Attacks can be categorized into [RSS 06]:

Attacks on the sensor mote Attacks on the protocols and applications

13

Non-invasive: The embedded device is not physically tampered with Side-channel attack

Invasive: Reverse engineering followed by probing techniques Extract cryptographic keys Exploit software vulnerabilities:

Memory access control

Attacks on the Sensor Mote

14

Attacks on Protocols/Applications

Denial of service Traffic analysis Time synchronization Key management protocols Data aggregation protocols Comprehensive list in [RSS06]

DOS

15

Overview

Taxonomy of attacks on sensor networks Convergence analysis of Reweighted-Tree sum-

product algorithms Time synchronization security Reputation system for tracking Game theory

16

Graphical Models In probabilistic graphical models, the nodes are

random variables, and arcs (or lack of them) encodes the conditional independence of these random variables

Specify a joint probability distribution among random variables

17

Graphical Models in Sensor Networks Graphical models useful for distributed fusion in

sensor networks [CCFIMWW06]: Well-suited for sensor network structure Scalable inference algorithm, new message-passing

algorithms Parallel message-passing

[CCFIMWW06] M. Cetin, L. Chen, J. W. Fisher, A. T. Ihler, R. L. Moses, M. J. Wainwright, A. Willsky. “Distributed Fusion in Sensor Networks”. IEEE Signal Processing Magazine, July 2006.

18

Inference on Graphical Models

Calculating posterior marginals is NP-hard Junction Tree algorithm finds exact marginals, but is

computationally expensive Standard Belief Propagation (BP) is used as an

approximate inference algorithm

BP Equation

19

Tree-Reweighted Sum-Product Algorithm

TRW is a broader class of approximate inference algorithms Message adjusted by edge-based weights The weights are ts2[0,1] Computational complexity identical to BP = 1: recovers the standard BP

[WJW05] M. J. Wainwright and T. S. Jaakkola and A. S. Willsky. "A new class of upper bounds on the log partition function"IEEE Trans. Info. Theory, 2005.

20

Advantages of TRW

For suitable choices of , TRW, in sharp contrast to BP, always has a unique fixed point for any graph and any dependency strength

Additional benefit: Message-passing updates tend to be more stable Faster convergence rate

21

TRW in Sensor Networks

TRW can be used in sensor networks [CWCW03] TRW and security:

Compromised nodes give faulty updates

Need to understand: How much of an effect the faulty updates will have on

the estimation How the characteristics of the fixed points of TRW are

changed

[CWCW03] L. Chen, M. J. Wainwright, M. Cetin, A. S. Willsky. “Multitarget-Multisensor Data Association Using Tree-Reweighted Max-Product Algorithm”. SPIE AeroSense Conference, 2003.

22

Convergence Analysis of TRW [RW06]

The objective is to analyze the convergence of the family of reweighted sum-product algorithms

We assume that the ‘true’ messages are fixed points of the algorithm

The messages are perturbed by some amount

[RW06] Tanya Roosta, Martin J. Wainwright. "Convergence Analysis of Reweighted Sum-Product Algorithms“. Submitted to IEEE International Conference on Acoustics, Speech, and Signal Processing (ICASSP)

23

Convergence Analysis [RW06] W.L.O.G restrict attention to the case of pair-wise

cliques

The distribution defined on this graph is:

Analyze homogeneous and non-homogeneous models

st

24

Homogeneous Model

st = , s= θ for all edges and all nodes

Let d=degree of the nodes If d-1 1, then we are guaranteed uniqueness and

convergence of the updates If d-1 > 1 , the update equation may have more than

one fixed point, depending on the choice of and

Proof

25Plot of the appearance of multiple fixed points versus and

θ

cri

tica

l

d=4

26

Non-Homogeneous Model In the general model, convergence analysis is based

on establishing, under suitable conditions, the updates specify a contractive mapping in the l1 norm, i.e.

27

Simulation Results

uniform from [0.05,0.5], edge potentials st, uniform from [0.01,1], and different values for

Number of nodes between 49-169 Plot of log |zm-z*|1 vs. the number of iterations (m)

28

More figures

29

Ongoing and Future Work The convergence condition is somewhat

conservative Requires the message updates be contractive at every

node of the graph

We like to have an average-case analysis Require that updates be attractive in an average sense

30

Overview

Taxonomy of attacks on sensor networks Convergence analysis of Reweighted-Tree sum-

product algorithms Time synchronization security Reputation system for tracking Game theory

31

Why Need Time Sync.? Sources of error in time are:

Clock skew: the difference in the frequencies of the clock and the perfect clock

Clock offset: the difference between the time reported by a clock and the real time

Time sync.

32

Effect of Time Sync. Attacks Time sync. protocols are vulnerable to security attacks Effect on applications/services [MRS05]:

Shooter Localization TDMA-based Channel Sharing:

Flexible Power Scheduling TDMA-based MAC protocol

Estimation Authenticated Broadcast (Tesla)

[MRS05] Mike Manzo, Tanya Roosta, Shankar Sastry. “Time Synchronization Attacks in Sensor Networks“. The Third ACM Workshop on Security of Ad Hoc and Sensor Networks 2005

33

Time Sync. Protocols in Sensor Network

Three general categories: Reference Broadcast Synchronization (RBS) TPSN Flooding Time Synchronization Protocol (FTSP)

In [MRS05] attacks and possible countermeasures for each time sync. protocols was explained

Description

34

FTSP FTSP uses reference points for synchronization Reference point = (globalTime, localTime)

globalTime: time of the transmitting node localTime: time of the receiving node

The receiving node uses linear regression on 8 reference points to find offset and skew

Detail

35

Attacks on FTSP [RS06] A compromised node can claim to be the root node The compromised root sends false updates, which

will get propagated in the network Every node accepting the false updates calculates

false offset and skew

[RS06] Tanya Roosta, Shankar Sastry. “Securing Flooding Time Synchronization Protocol in Sensor Networks". Workshop of 6th ACM & IEEE Conference on Embedded Software

36

Proposed Countermeasures [RS06]

Secure leader election mechanism: distributed coin-flipping algorithms (use cryptographic

commitments)

Using redundancy: Instead of LS on one neighbor, run LS on multiple

neighbors and take the median Run LS on multiple random subsets of data

Using robust estimators: Least Median of Squares (LMS)

37

Future work Experiments:

Implementing the attacks

Analyze the effect on the tracking application

Implement some of the countermeasures

Time line: 6 months

38

Overview Taxonomy of attacks on sensor networks Convergence analysis of Reweighted-Tree sum-

product algorithms Time synchronization security Reputation system for tracking Game theory

39

Reputation System Reputation systems have been used in online ranking

systems They have proven useful as a self-policing

mechanism In [GS04] the authors propose extending this

framework to sensor networks

[GS04] Saurahb Ganeriwal, Mani Srivastava.  “Reputation-based framework for high integrity sensor Networks”. Proceedings of the 2nd ACM workshop on Security of ad hoc and sensor networks, 2004.

40

Reputation System in Sensor Network

No unifying way to design the “watchdog” mechanism Application dependent

[GS04]

41

Reputation System for Tracking [RMS06]

We designed a reputation system for the tracking application

Tracking is fundamental in sensor networks Surveillance Pursuit Evasion Games

Focused on Hierarchical Multi-Object Tracking Algorithm (MCMCDA)

[RMS06] Tanya Roosta, Marci Meingast, Shankar Sastry. "Distributed Reputation System for Tracking Applications in Sensor Networks". In proc. of International Workshop on Advances in Sensor Networks 2006

42

The input: a set of data indexed by time

The output: the association of the observed data with object tracks

The tracking algorithm has two phases: Data Fusion Data Association

MCMCDA

[ORS04] S. Oh, S. Russell, and S. Sastry. “Markov Chain Monte Carlo Data Association for General Multiple-Target Tracking Problems”. IEEE International Conference on Decision and Control (CDC), 2004.

43

Example

Figure (a) shows the observed data indexed by time, Figure (b) shows the tracks that were formed based on the

maximum likelihood function

[ORS04]

44

Nodes equipped with motion detection sensors Sensor model:

MCMCDA [ORS04]

45

Data Fusion In each local neighborhood, the node with the

highest signal strength declares itself to be the leader All the other nodes in the neighborhood send their

observations to this leader The leader aggregates the data:

46

Data Association Each leader sends the fused observation to the

closest super-node Super-node send their gathered fused observations to

the base station Base station uses Markov Chain Monte Carlo

(MCMC) to associate the fused data by maximizing the posterior of the track, given the observations

Formula

47

Possible Attacks [RMS06] Adversary physically captures a subset of the

sensor nodes Compromised nodes send faulty observations to the

leader

Results in wrong fused observations and formation of non-existent tracks for the moving objects

48

Attacks Not Considered

We did not allow the compromised nodes to claim to be the leader

This problem could be solved using standard distributed coin-flipping algorithms using cryptographic commitments

At the central level, we need to use statistical methods that would filter out the faulty observations coming from the compromised leaders

49

Reputation System [RMS06] The nodes do not share their reputation table At this point, we only use first hand observations for

updating the reputation Each node updates the reputation of its neighbors

only when it becomes the leader The reputation is a value in [0,1]

50

The Algorithm [RMS06]

Leader node gathers all the observations from its neighbors

It chooses m subsets of the observations The members of each subset are chosen randomly

from among all the neighbors The leader computes the fused observation for each

subset ( )

51

The Algorithm (cont.)

is the accumulated reputation of the jth neighbor at node i up to time t-1

The leader finds the median of where i 2 {1,…,m}

52

Reputation Assignment [RMS06]

The median value of the estimated location is the trusted value (mtrust) and the nodes in the corresponding subset are trusted nodes (Strsut)

There are two counters (ij , ij) for instantaneous reputation ij : positive reputation

ij : negative reputation

53

Reputation Assignment (cont.)

Nodes in Strust receive an instantaneous reputation of (1,0)

For the rest of the neighbors, the leader picks one node, sij, at a time and add it to the subset Strust and recalculates the location estimation

Call the result of this calculation

54

Reputation Update [RMS06]

T is a threshold to determine how far can be pulled away from the median mtrue

T has to take the normal level of observation noise into account

55

Reputation Aggregation [RMS06]

Instantaneous reputations are aggregated to calculate the cumulative positive and negative reputation (rij

t, sijt)

Discounting factor, , is used to guarantees old reputations will be gradually forgotten

The reputation is aggregated using: Beta function

56

Simulation

The surveillance region is a square grid of size 50m x 50m

There is one node placed at each corner of each square

The number of objects we want to track is ni

The sensing range Rs is set to 1.5m

57

Simulation (cont.)

The noise represented by a Gaussian standard distribution ~N(0,1)

Tested different scenarios Example: the number of compromised nodes is fixed and

the sensing radius is varied from 1.5m to 3m

T= 0.4, m=4, and s=3 Metric: the average error in the number of tracks

estimated by the algorithm compared to the actual number of tracks

58

250 compromised nodes, varying sensing radius

59

Qualitative Comparison

60

Future Work Extend the

observation model to include probability of compromised nodes using mixture models [RMG06]

[RMG06] Tanya Roosta, Mubaraq Mishra, Ali Ghazizadeh. “Robust Detection and Estimation in Ad-Hoc and Sensor Networks”. IEEE International Conference on Mobile Ad-hoc and Sensor Systems, 2006

61

Overview

Taxonomy of attacks on sensor networks Convergence analysis of Reweighted-Tree sum-

product algorithms Time synchronization security Reputation system for tracking Game theory

62

Clustering Game

Setup: There are a number of clusters K The adversary knows what is being observed The adversary can not observe what the other adversaries

are doing (no collusion) The nodes are monitoring temperature (example)

What is the optimal compromised node placement within the clusters to cause the most amount of damage?

63

center

center

Which distribution of the compromised nodes has the most affect on the final estimation at the center?

Good node

Compromised node

More Game Theory

64

Conclusion Security in sensor networks is crucial to successful

deployment In this talk:

proposed a taxonomy of security attacks Gave convergence results for TRW Described attacks on time sync. Protocols and the effect

on different application Developed a decentralized reputation system for tracking Use of game theory to formulate security attacks

65

66

Effect on Estimation (Example) state of a discrete-time controlled process

Given the measurement

Back

67

Reputation and Beta Function

The sequence of observations can be considered as a sample from a binomial distribution, i.e. a sequence of independent coin tosses, with a bias parameter P

To be clear, the head corresponds to an honest node and the tail corresponds to a compromised node, and the bias is the overall reputation of the node

We can estimate the rating of a node using Bayesian parameter estimation of the binomial distribution

Back

68

Reputation and Beta Function (cont.)

The posterior probability of binary events is most accurately represented by the Beta distribution

Beta distribution is a two parameter distribution with parameters a and b

Parameter a measures the number of successes (rijt)

and b measures the number of failures (sijt)

The overall reputation is modeled as the expected value of the Beta distributionBack

69

Proof Message updates are characterized by:

Taking the derivative of F(z,, , ) will give the rate of convergence

70

Proof (cont.)

Back

71

Robust Detection The goal is to detect compromised/faulty nodes

The lying behavior could be: Static unchanging behavior Dynamic changing liars Dynamic colluding liars We can model each one of these cases using a Hidden Markov Model

72

Problem Formulation The nodes make an observation according to:

No notion of time in our problem setup, i.e. the nodes collect all their observations, and then the detection is performed

73

Problem Formulation Expectation Maximization (EM) framework is used

to find the parameters (probability of a the node lying and the detection value)

We maximize the log likelihood based on the lying behavior we are considering (which affects the hidden parameters)

Back

74

RBS

In RBS a reference message is broadcast to two receivers and the receivers synchronize their respective local clocks to each other A transmitter broadcasts m reference messages Each of the n receivers record their local received time Receivers exchange their local times. Each receiver calculates its phase offset as the LS linear regression of the phase offsets Back

75

TPSN TPSN creates a spanning tree of the sensor network Each node finds the clock drift and propagation

delay, using:

2))()(( 3412 TTTT

2))())(( 3412 TTTTd

Back

76

77

Back

78

Denial of Service Attacks

Denial of service attack concerns any attack that diminishes the network’s capacity to perform its function

Denial of service attacks can be carried out at any of the layers of the communication stack

Back

79

Denial of Service Attacks

[WS02] A. Woods, J. Stankovic“Denial of Service Attacks in Sensor Networks”. IEEE Computer, 35(10):54-62, October 2002

Back

80

Ordinary Belief Propagation

ttsu

iutttsttss

its dxxmxxxxm

t

)()(),()(\

1

Message and belief updates:

)()()( tu

iutttt

it xmxxM

t

Back

81

LMS

}{ )10

(,)210

(2,)

110(

1min222

, 10n

Xbbn

YXbbYXbbYMedianSRmed iibb

Back

82

Time Synchronization Time synchronization protocols provide a

mechanism for synchronizing the local clocks of the nodes in a sensor network

Two ways to synchronize the clocks: Synchronization to accurate real time Relative synchronization for ordering of the events

Clock model:Back

83

FTSP (cont.) Offset:

Skew:

Back

84

Example

Back

85

Data Association (cont.)

Maximizing the posterior of the track, given the observations, Y:

zt number of objects terminated at timet, at number of new objects at time t, dt the number of detections, ft the probability of false alarms, f the false alarm rate, b the birth rate of a new object, pz the probability of an object disappearing, and pd the probability of detection.

Back

86

Attack Trees Attack trees provide a formal, methodical way of

describing the security of systems, based on varying attacks

The tree can also be used to determine where a system is vulnerable, and weigh the benefits of different countermeasures against one another

We want to develop an efficient attack tree for sensor networks An example based on the taxonomy paper

87

88

Routing Game1

The power consumption in routing has been modeled as a dynamic Bayesian game among the N nodes of the network Uses action history: hi(tk)=(si(t0), …, si(tk-1) )

This Bayesian game has a Nash equilibrium solution, but the solution strategy has not been explicitly found

1-Petteri Nurmi. “Modelling Routing in Wireless Ad Hoc Networks with Dynamic Bayesian Games”. IEEE SECON, 2004

89

Future Work What are the actual solutions to this Bayesian game

(if we can explicitly solve for the equilibrium)? Affect of memory/action history length on the

outcome of the Bayesian game Learning the reputations of nodes dynamically using

the solution to the Bayesian game Time line: 1 year

90

TRW Message Update

Back