insens: intrusion-tolerant routing for wireless sensor networks
DESCRIPTION
INSENS: Intrusion-Tolerant Routing For Wireless Sensor Networks. By: Jing Deng, Richard Han, Shivakant Mishra Presented by: Daryl Lonnon. INSENS Goals. Define a secure & intrusion-tolerant routing scheme. A small number of compromised nodes can only effect a small/localized area. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: INSENS: Intrusion-Tolerant Routing For Wireless Sensor Networks](https://reader030.vdocuments.us/reader030/viewer/2022032804/56812a99550346895d8e4e37/html5/thumbnails/1.jpg)
INSENS: Intrusion-Tolerant Routing For Wireless Sensor Networks
By: Jing Deng, Richard Han, Shivakant Mishra
Presented by: Daryl Lonnon
![Page 2: INSENS: Intrusion-Tolerant Routing For Wireless Sensor Networks](https://reader030.vdocuments.us/reader030/viewer/2022032804/56812a99550346895d8e4e37/html5/thumbnails/2.jpg)
INSENS Goals
Define a secure & intrusion-tolerant routing scheme.
A small number of compromised nodes can only effect a small/localized area.
Compromised nodes cannot bring down the entire network.
![Page 3: INSENS: Intrusion-Tolerant Routing For Wireless Sensor Networks](https://reader030.vdocuments.us/reader030/viewer/2022032804/56812a99550346895d8e4e37/html5/thumbnails/3.jpg)
INSENS: Goals
![Page 4: INSENS: Intrusion-Tolerant Routing For Wireless Sensor Networks](https://reader030.vdocuments.us/reader030/viewer/2022032804/56812a99550346895d8e4e37/html5/thumbnails/4.jpg)
INSENS: Challenges
Wireless communication is broadcast in nature; adversaries can: Eavesdrop on packets as they cross
the network Tamper with transmitted packets Inject packets to initiate DOS
![Page 5: INSENS: Intrusion-Tolerant Routing For Wireless Sensor Networks](https://reader030.vdocuments.us/reader030/viewer/2022032804/56812a99550346895d8e4e37/html5/thumbnails/5.jpg)
Challenges (continued) Sensor nodes are highly constrained:
Limited power/lifetime Low-power micro-sensors and actuators Slow embedded processors Limited memory Low bandwidth communication
Distributed in the field in-situ, lacking physical security.
![Page 6: INSENS: Intrusion-Tolerant Routing For Wireless Sensor Networks](https://reader030.vdocuments.us/reader030/viewer/2022032804/56812a99550346895d8e4e37/html5/thumbnails/6.jpg)
INSENS: Underlying Framework
Large number of resource poor sensor nodes. 10-100 nodes for home monitoring 1000+ nodes for battlefield and
building monitoring Small number of resource rich
base stations.
![Page 7: INSENS: Intrusion-Tolerant Routing For Wireless Sensor Networks](https://reader030.vdocuments.us/reader030/viewer/2022032804/56812a99550346895d8e4e37/html5/thumbnails/7.jpg)
High Level Design Principles to Achieve Intrusion Tolerance
Securely build redundant routing. Only trusted base stations may
initiate expensive network operations (such as route setup).
Symmetric key encryption performed between base stations and nodes.
![Page 8: INSENS: Intrusion-Tolerant Routing For Wireless Sensor Networks](https://reader030.vdocuments.us/reader030/viewer/2022032804/56812a99550346895d8e4e37/html5/thumbnails/8.jpg)
High Level Principles (Continued) Base stations perform expensive
operations for nodes (i.e. route table computation).
Secure only common traffic patterns. Base station -> node/aggregator Aggregator/node -> base station
Nodes are static (motionless) after setup.
![Page 9: INSENS: Intrusion-Tolerant Routing For Wireless Sensor Networks](https://reader030.vdocuments.us/reader030/viewer/2022032804/56812a99550346895d8e4e37/html5/thumbnails/9.jpg)
High Level Principles (Continued)
Novel mechanisms can be used to overcome specific attacks.
Allow for multiple base stations and multiple routes to those base stations.
![Page 10: INSENS: Intrusion-Tolerant Routing For Wireless Sensor Networks](https://reader030.vdocuments.us/reader030/viewer/2022032804/56812a99550346895d8e4e37/html5/thumbnails/10.jpg)
Threat Model
Adversary can compromise a node, obtaining all information (e.g. keys, routing info), as well as, reprogram a node.
An adversary has a jamming range of d, where d is >= a nodes transmission range, and d << the radius of the complete network.
![Page 11: INSENS: Intrusion-Tolerant Routing For Wireless Sensor Networks](https://reader030.vdocuments.us/reader030/viewer/2022032804/56812a99550346895d8e4e37/html5/thumbnails/11.jpg)
Threat Model (continued)
An adversary can only hear a node if the node can hear the adversary, the adversary may, however, transmit much further than a node.
An adversary cannot tamper with a base station (without being detected).
![Page 12: INSENS: Intrusion-Tolerant Routing For Wireless Sensor Networks](https://reader030.vdocuments.us/reader030/viewer/2022032804/56812a99550346895d8e4e37/html5/thumbnails/12.jpg)
INSENS: Basic Protocol
Divided into two separate phases. Route Discover – determines the
topology of the network Data Forwarding – is the normal
operation of the network
![Page 13: INSENS: Intrusion-Tolerant Routing For Wireless Sensor Networks](https://reader030.vdocuments.us/reader030/viewer/2022032804/56812a99550346895d8e4e37/html5/thumbnails/13.jpg)
INSENS: Basic Protocol Assumptions and Preconditions
Assumption: Communication between nodes is symmetric (if a can hear b, b can hear a).
Preconditions: each node possess: A symmetric key shared with the base
station, which is used to create to derived keys and
A globally known one way hash function F The initial number of a one way hash chain
eK mK
oS
![Page 14: INSENS: Intrusion-Tolerant Routing For Wireless Sensor Networks](https://reader030.vdocuments.us/reader030/viewer/2022032804/56812a99550346895d8e4e37/html5/thumbnails/14.jpg)
INSENS: Basic Protocol Route Discovery Overview
Base station securely floods a request message.
Nodes send local topology to base station in a feedback message.
Base station sends each node a specific routing update message.
![Page 15: INSENS: Intrusion-Tolerant Routing For Wireless Sensor Networks](https://reader030.vdocuments.us/reader030/viewer/2022032804/56812a99550346895d8e4e37/html5/thumbnails/15.jpg)
Basic INSENS: Route Request
The base station sends a route request message to each of it’s neighbors.
Each node saves the neighbor that it first received a request from and forwards a modified route request.
![Page 16: INSENS: Intrusion-Tolerant Routing For Wireless Sensor Networks](https://reader030.vdocuments.us/reader030/viewer/2022032804/56812a99550346895d8e4e37/html5/thumbnails/16.jpg)
Route Request Messages
bsID
),( 0msgKMAC bs
0msg
Base Station
REQ
OHC
oMAC
xID
)||,( 1xxx MACmsgKMAC
xmsg
Node x
REQ
OHC
xMAC
…
![Page 17: INSENS: Intrusion-Tolerant Routing For Wireless Sensor Networks](https://reader030.vdocuments.us/reader030/viewer/2022032804/56812a99550346895d8e4e37/html5/thumbnails/17.jpg)
Basic INSENS: Feedback Each node waits some amount of
time, listening for neighbors flooding the request message.
After some timeout, each node sends a feedback message to it’s parent.
)),(,(),( xxexxmxxex NBRKEIDFDBKOHCKMACNBRKEIDFDBKyx
nxnxnnnnx MACIDMACIDMACIDNBR ...2211
![Page 18: INSENS: Intrusion-Tolerant Routing For Wireless Sensor Networks](https://reader030.vdocuments.us/reader030/viewer/2022032804/56812a99550346895d8e4e37/html5/thumbnails/18.jpg)
INSENS: Route Discovery
The base station waits for feedback messages, and uses those neighbor lists to build route tables.
A shortest path algorithm is used to generate the first path between a node and a base station.
![Page 19: INSENS: Intrusion-Tolerant Routing For Wireless Sensor Networks](https://reader030.vdocuments.us/reader030/viewer/2022032804/56812a99550346895d8e4e37/html5/thumbnails/19.jpg)
INSENS: Route Discovery (Second Path)
The second path is generated first by creating three sets of nodes: N1 are nodes along the path (not
including the base station and target node).
N2 are nodes that are neighbors to node in N1.
N3 are nodes that are neighbors to nodes in N2.
![Page 20: INSENS: Intrusion-Tolerant Routing For Wireless Sensor Networks](https://reader030.vdocuments.us/reader030/viewer/2022032804/56812a99550346895d8e4e37/html5/thumbnails/20.jpg)
INSENS: Path Formation Remove N3 from the “network”, and
compute shortest path. If a path exists, you have the second path.
Remove N2 from the “network”, and compute the shortest path. If a path exists, you have the second path.
Remove N1 from the “network”, and compute the shortest path. If a path exists you have the second path.
If all fail, you have no second path.
![Page 21: INSENS: Intrusion-Tolerant Routing For Wireless Sensor Networks](https://reader030.vdocuments.us/reader030/viewer/2022032804/56812a99550346895d8e4e37/html5/thumbnails/21.jpg)
Data Forwarding Tables For each node in a path, add to that
nodes routing table a 3-tuple <destination,source,immediate sender>
After all paths have been calculated, unicast each node it’s table.
If a node detects a message, it searches its table and broadcasts the message if it matches an entry.
![Page 22: INSENS: Intrusion-Tolerant Routing For Wireless Sensor Networks](https://reader030.vdocuments.us/reader030/viewer/2022032804/56812a99550346895d8e4e37/html5/thumbnails/22.jpg)
Basic INSENS Protocol1. BS floods request message
2. Nodes respond with feedback
3. BS determines shortest path
4. BS builds sets N1, N2 & N3
5. BS determines 2nd shortest path
6. BS sends out routing tables
N1
N2
N3
![Page 23: INSENS: Intrusion-Tolerant Routing For Wireless Sensor Networks](https://reader030.vdocuments.us/reader030/viewer/2022032804/56812a99550346895d8e4e37/html5/thumbnails/23.jpg)
Limitations of Basic INSENS
Wireless communication is not always symmetric.
Feedback messages can get long. Base station can get overloaded on
large networks. No maintenance of network routing
for failed and/or new nodes.
![Page 24: INSENS: Intrusion-Tolerant Routing For Wireless Sensor Networks](https://reader030.vdocuments.us/reader030/viewer/2022032804/56812a99550346895d8e4e37/html5/thumbnails/24.jpg)
Enhanced INSENS adds
Bidirectional verification. Secure multi-path multi-base
station routing. Maintenance issues: message loss,
nodes joining and leaving.
![Page 25: INSENS: Intrusion-Tolerant Routing For Wireless Sensor Networks](https://reader030.vdocuments.us/reader030/viewer/2022032804/56812a99550346895d8e4e37/html5/thumbnails/25.jpg)
Bidirectional Verification Defends against Rushing attacks. Echo-back process to verify neighbor
nodes. Each node uses a temporary global key to
setup pairwise keys with it’s neighbors During the handshake for pairwise keys, it
verifies which nodes are neighbors. Each node, then, unicasts a random cluster
key to all its valid neighbors. REQ messages are broadcast encrypted
and authenticated with the cluster key.
![Page 26: INSENS: Intrusion-Tolerant Routing For Wireless Sensor Networks](https://reader030.vdocuments.us/reader030/viewer/2022032804/56812a99550346895d8e4e37/html5/thumbnails/26.jpg)
Secure Multi-Path Multi-Base Station Routing Each node uses bi-directional verification to
determine neighbors and setup cluster keys. Each base station floods a request message:
Each node that receives the request, verifies the OHC, replaces id with it’s id and rebroadcasts the message using it’s cluster key.
This constructs multiple secure trees that span the network.
),( bCsS IDOHCKEIDREQ
![Page 27: INSENS: Intrusion-Tolerant Routing For Wireless Sensor Networks](https://reader030.vdocuments.us/reader030/viewer/2022032804/56812a99550346895d8e4e37/html5/thumbnails/27.jpg)
Maintenance: Local Repair Local repair is used to add new nodes
and fix holes in network. If node u has not received a REQ
message after some time t, it sends an authenticated (with it’s cluster key) message (P REQ).
Nodes that have received a REQ message send an authenticated (with their pair-wise key) affirmative response.
Node u picks a node at random that gave an affirmative response.
![Page 28: INSENS: Intrusion-Tolerant Routing For Wireless Sensor Networks](https://reader030.vdocuments.us/reader030/viewer/2022032804/56812a99550346895d8e4e37/html5/thumbnails/28.jpg)
Maintenance: Pair-Wise Key Setup with New Nodes Before deleting their global key, old
nodes save off a set of These pairs are used to query a new
node u, to determine if it has the global key.
The new node then queries an existing node by asking for it’s id and computing a key ( (using it’s polynomial share?)) and initiating a challenge response.
),(, RandKERand G
xK
![Page 29: INSENS: Intrusion-Tolerant Routing For Wireless Sensor Networks](https://reader030.vdocuments.us/reader030/viewer/2022032804/56812a99550346895d8e4e37/html5/thumbnails/29.jpg)
Enhanced INSENS Protocol1. Nodes use global key to find
and setup pair-wise and clusterkeys with neighbors.
2. BS floods request message, which is forwarded on using cluster keys.
3. Nodes note first neighbor to send request to build minimum spanning tree.
![Page 30: INSENS: Intrusion-Tolerant Routing For Wireless Sensor Networks](https://reader030.vdocuments.us/reader030/viewer/2022032804/56812a99550346895d8e4e37/html5/thumbnails/30.jpg)
Implementation: Basic INSENS
Motes running TinyOS 1.0 with NesC. Base station running Java. RC5 used for encryption. CBC mode of RC5 used to generate
MACs. RC5 over known plain text with result
being next key to generate hash chain.
![Page 31: INSENS: Intrusion-Tolerant Routing For Wireless Sensor Networks](https://reader030.vdocuments.us/reader030/viewer/2022032804/56812a99550346895d8e4e37/html5/thumbnails/31.jpg)
Implementation: Basic INSENS 36 byte packet fragmentation by dropping
packets with higher sequence numbers. Network setup was dominated by timeout
at sensor nodes.
![Page 32: INSENS: Intrusion-Tolerant Routing For Wireless Sensor Networks](https://reader030.vdocuments.us/reader030/viewer/2022032804/56812a99550346895d8e4e37/html5/thumbnails/32.jpg)
Performance (Cryptographic) of Enhanced INSENS
Cryptographic storage = 8 x (2n +k +l + 2) where key size is 8 bytes, n neighbors, l random numbers, and k base stations.
4 milliseconds to encrypt a message.
4.2 milliseconds to verify hash chain and 136 bytes overhead.
![Page 33: INSENS: Intrusion-Tolerant Routing For Wireless Sensor Networks](https://reader030.vdocuments.us/reader030/viewer/2022032804/56812a99550346895d8e4e37/html5/thumbnails/33.jpg)
Effectiveness of Multipath Routing 2000 nodes, each node averaging
16 neighbors. Enhanced INSENS with 4 base
stations Basic INSENS with 2 paths Single path routing.
Jamming range = activity range; enhance was 3 times better, basic was 2 times better.
![Page 34: INSENS: Intrusion-Tolerant Routing For Wireless Sensor Networks](https://reader030.vdocuments.us/reader030/viewer/2022032804/56812a99550346895d8e4e37/html5/thumbnails/34.jpg)
Effectiveness of Multi-Path Routing Jamming range = 2 x activity range;
Enhance was 2 times better, basic was about equal to single path.
Jamming range = 3 x activity range; Enhance was about 1.5 times better, basic was equal to single path.
Versus rushing attacks, echo back almost completely eliminated blocked nodes.