Intrusion Tolerance for NEST

1
Intrusion Tolerance for NEST

• Bruno Dutertre, Steven Cheung
• SRI International

2
Outline

• Objectives
• Proposed approach
• Local authentication and initial key
  establishment
• Leveraging local trust
• Intrusion detection and response
• Plan

3
Objective

• Low-cost key management for large-scale networks
  of small wireless devices
• Constraints
• Limited memory, processing power, and bandwidth
• Networks too large and not accessible for manual
  administration/configuration
• Devices can be compromised

4
Traditional Key Management

• Decentralized approaches
• Public-key infrastructure
• Diffie-Hellman-style key establishment
• Approaches based on symmetric-key cryptography
• Trusted authenticationand key distribution
  server (e.g., Kerberos)

Too expensive
Limited scalability High administrativeoverhead
to set up long-term keys Vulnerable to
serverfailure Server may be a bottleneck
5
Proposed Approach

• Goals
• Intrusion-tolerant architecture for key
  management in NEST
• Use only inexpensive cryptographic algorithm
  (symmetric-key crypto)
• Decentralized (no server) and self organizing
• Approach
• Build initial secure local links
• For nonlocal communication, rely on chains of
  intermediaries
• Use secret sharing when intermediaries are not
  fully trusted
• Develop complementary intrusion detection methods
  to locate nontrustworthy nodes

6
Bootstrapping

• Establish secure local links between neighbor
  devices quickly after deployment
• Weak authentication is enough (need only to
  recognize that your neighbor was deployed at the
  same time as you)
• Exploit initial trust (it takes time for an
  adversary to capture/compromise devices)
• Focusing on local links improves efficiency

7
Basic Bootstrapping Scheme

• For a set S of devices to be deployed
• Construct a symmetric key K
• Distribute it to all devices in the set
• K enables two neighbor devices A and B
• To recognize that they both belong to S (weak
  authentication)
• To generate and exchange a key for future
  communication
• Possible drawback
• Every device from S in communication range of A
  and B can discover . More robust variants
  are possible.

8
Leveraging Local Trust
B
C
D
A
E

• To establish keys between distant nodes
• use chains of trusted intermediaries
• To tolerate compromised nodes
• disjoint chains and secret sharing

9
Tradeoffs

• Security increases with
• the number of disjoint paths
• the number of shares
• but these also increase cost
• Challenges
• Implement cheap crypto and secret sharing
  techniques
• Quantify the security achieved
• Find the right tradeoff for an assumed fraction
  of compromised nodes

10
Intrusion Detection

• Goals
• Detect compromised nodes (to remove them from
  chains)
• Detect other intrusions denial-of-service
  attacks, attempt to drain power
• Cryptography is ineffective against these

11
Intrusion Detection Approach

• Develop models of attacks and relevant signature
• What must be monitored?
• How to collect and distribute the data?
• Develop diagnosis methods
• Identify the source of the attack if possible
• Possible responses
• Avoid nodes that are considered compromised
• Hibernation to counter DoS or power-draining
  attacks

12
Experimental Evaluation

• Platform
• motes with TinyOS
• up to 20 compromised nodes
• Objective show feasibility, measure overhead
• Experiment scenario remains to be defined

13
Schedule