Reliability of Wireless Reliability of Wireless Sensors with Code Sensors with Code Attestation for Intrusion Attestation for Intrusion DetectionDetectionPresented by: Yating Wang
OutlineOutlineBackgroundCode attestationProblem definitionModelingCalculationPerformance and AnalysisConclusion
BackgroundBackground• Security properties: authentication secrecy data integritySecurity issues for Wireless Sensor
Networks(WSN) Outsider attacks (key management) Insider attacks (Intrusion
detection)
Code AttestationCode AttestationA software based method (verifier)Assumption: original codes must
be changed when sensors are compromised
Basic method: the trusted verifier evaluates the sensor compromised or not by comparing memory value (hash value) with its original value.
Examples of Code Examples of Code AttestationAttestationSWATT A sequence of memory address
checksum
Verifier sensorProgram
memo
Judgement: responding a correct answer within a time boundaryCons: the time to generate challenge; and time out because of channel collision
Examples of Code Attestation Examples of Code Attestation (cont’)(cont’)
Pre-deployed: Computing digest digital signiture
Code attestation:
Program
memo
Verifier sensor
Send ID
Random hash function
Hashing value of codes
Judgment: responding a correct hash valueCons: miss the intrusion not within a long service blockage
Examples of Code Attestation Examples of Code Attestation (cont’)(cont’)
Pre-deployment: filling empty memory with random noise
post-deployment: nodes sending distributes seeds to neighbors
First scheme:Cluster
neighbor1
neighbor2
Node A
Secret share1
Secret share2
Traversal Seed&noise seed
checksum
Examples of Code Attestation Examples of Code Attestation (cont’)(cont’)
Pre-deployment: filling empty memory with random noise
post-deployment: nodes sending distributes seeds to neighbors
second scheme:
neighbor1
neighbor2
Node A
neighbor3
C1
R1
C3R3
C2R2
Judgment: Voting
Problem DefinitionProblem Definition
Problem: the trade-off between energy consumption and code attestation; when should we trigger code attestation
Purpose: Maximizing reliability measured by Mean Time to Fail(MTTF)
* Fail: either the sensor’s energy is depleted; or the sensor returns false reading
ModelingModelingSystem activities
Periodic sensing (plus transmitting)
sensing interval – T; unit energy consumption – Es;
Modeling (cont’) Modeling (cont’) System activities
Periodic sensing (plus transmitting)T—sensing interval; Es – energy
consumption; Intrusion:
intrusion rate – λ;if being successfully compromised
after sensing, the probability :e^(- λT)
Modeling (cont’) Modeling (cont’) System activities
Periodic sensing (plus transmitting)T—sensing interval; Es – energy
consumption;
Intrusion λ – intrusion rate; e^(- λT) – healthy when reading
Code attestation: Generating probability is q; energy
consumption for code attestation is Ec;
Modeling (cont’) Modeling (cont’) System activities Periodic sensing (plus transmitting)
T—sensing interval; Es – energy consumption;
Intrusion λ – intrusion rate; e^(- λT) – probability of being compromised
Code attestationq -- generating probability; Ec– energy consumption:
Recovery:
energy consumption – Er; generating rate depending on code attestation happening “q” and nodes being attested as unhealthy
CalculationCalculationRecovery probability case 1: compromised before sensing
prob(x<T) = 1-e^(- λT) code attestation generated before sensing:prob(attestation happening) = q(1-e ^(- λT) )the false node being recovered:prob1(recover) = q(1-e ^(- λT) )(1-Pfn)
Calculation (cont’)Calculation (cont’)Case 2: uncompromised in a sensing round; prob(x>T) = e^(-λT)
the code attestation still happened thoughprob(attestation happening) = q*e ^(-λT)recovery triggeredprob2(recovery) = q*e ^(-λT)*Pfp
So the probability of recovery happening during code attestation is:θ = (prob1 + prob2)/q
Calculation (cont’)Calculation (cont’)Probability to return correct readings
is
prob(node is never compromised) + prob(node was compromised, but
recovered)= prob(x>T) + prob1(recovery)= Rq
Calculation (cont’)Calculation (cont’)Expected number of rounds before
energy depleted (original energy is E)Nq = E(original)/(E(sensing)+E(attestation) + E(recovery))= E/(Es+q*Ec+q* θ*Er) = E/(Es+q(Ec+ θEr))
Expected life time – MTTFMTTF = false reading+ energy depleted = ∑i*Rq^i*(1-Rq) + Nq*Ra^Nq (0<i<Nq)
Performance and AnalysisPerformance and AnalysisMTTF = F(λ, T, q, E, Es, Ec, Er, Pfn,
Pfp)MTTF = Gλ(q);MTTF = G pfn(q);MTTF = G pfp(q);MTTF = G Es(q);MTTF = G Ec(q);MTTF = G Er(q)
Performance and Analysis Performance and Analysis (cont’)(cont’) -- MTTF = -- MTTF = GGλλ(q)(q)
Performance and Analysis Performance and Analysis (cont’)(cont’) -- MTTF = G -- MTTF = G pfnpfn(q)(q)
Performance and Analysis Performance and Analysis (cont’)(cont’) -- MTTF = G -- MTTF = G pfppfp(q)(q)
Performance and Analysis Performance and Analysis (cont’)(cont’) --MTTF_Es(q) --MTTF_Es(q)
Performance and Analysis Performance and Analysis (cont’)(cont’) -- MTTF = G -- MTTF = G EcEc(q)(q)
Performance and Analysis Performance and Analysis (cont’)(cont’) -- MTTF = G -- MTTF = G ErEr(q)(q)
ConclusionConclusionDeveloping a probability model to
analyze how often code attestation should be generated to maximize the lifetime;
Results showing that there is always an optimal q which can make sensor’s reliability maximized
Showing that code attestation should be generated more frequently when λ is high, Pfn(Pfp) is low, Ec is low, or Er is low compared with Es