SUMP: Secure Unicast Messaging Protocol

1
SUMP Secure Unicast Messaging Protocol

• Jeff Janies, Chin-Tser Huang, and Nathan Johnson
• Presentation by
• Jeff Janies

2
Outline

• Sensor Network Background
• Related Work
• Routing level attacks
• SUMP Overview
• Strengths and Weaknesses

3
Definitions

• Sensor Network A network of devices for
  monitoring or tracking physical phenomenon
• Wireless Ad hoc Sensor Network A sensor network
  of constrained devices that automatically
  organizes and communicates through wireless means

4
Applications

• Military
• Target tracking
• Perimeter defense
• Battle field assessment
• Troop monitoring
• Personal
• Low cost home security

• Commercial
• Inventory tracking
• Building Control Systems
• Environmental
• Forest Fire early detection
• Animal population monitoring

5
Layout

• Two network entities
• Sensor nodes (Sensors)
• Base station
• Sensor records readings
• Base station is the aggregation point

6
Devices

• Sensors the X-Bow MICA2 mote
• Limited power
• Powered by 2 AA batteries
• Limited Computing power
• 8-bit Atmel processor
• Limited Memory
• 512-bits programmable memory
• Base station Laptop
• Limitless computational ability and power

7
Security Concerns

• Because of the sensors limitations security is a
  growing concern
• The RSA keys cannot fit in sensors memory
• Exponentiation is resource consuming
• Communication is on a lossy channel

8
Security Concerns

• Confidentiality communications must not be
  overheard
• Integrity errors in messages must be detectable
• Availability if possible, a message must be
  deliverable
• Non-repudiation no one can send a message then
  deny sending it

9
Assumptions

• There are no compromised nodes in the network
  during the initialization of the network.
• The base station cannot be compromised.
• The base station shares a unique symmetric key
  with each node
• The base station is aware of all nodes in the
  network prior to deployment.
• Nodes are fixed in location.

10
Related Works

• LEAP (Localized Encryption and Authentication
  Protocol)
• SPINS (Security Protocol for Sensor Networks)
• µ-Tesla multi-cast
• SNEP point-to-point communication

11
LEAP

• Uses pairwise keying
• Path establishment through breadth first
  searching
• Similar to wired network establishment with ARP

12
LEAP

• Advantages
• Efficient routing of messages
• Each node has an understanding of the networks
  connectivity
• Disadvantages
• Infeasible in modern sensor networks
• To resource consuming
• Memory requirements are too great

13
SPINS

• µ-Tesla
• A key chain is calculated and the keys are used
  in reverse order
• Uses delayed key distribution
• Messages are decrypted at the end of a time step
  (after receiving the key for the time step)

14
SPINS

• SNEP (Secure Network Encryption Protocol)
• Uses Symmetric keys shared by the base station
  and individual nodes
• Provides the protection from replay, forgery, and
  information leakage

15
SPINS

• Advantages
• A complete package for secure communication
• Provides both unicast and multicast protection
• Disadvantages
• Message is propagated through flooding
• The method is vulnerable to routing level attacks

16
Routing Level Attacks

• Routing level Attack Any attack by which an
  adversary causes a breakdown of communication
  through the use of route establishment

17
Worm Hole

• When a group of malicious nodes forwards messages
  faster then legitimate paths
• Receiving nodes are convinced the malicious path
  is the best

S4
BS
S2
S1
S3
A1
S5
A2
S6
S7
18
Black hole

• A node convinces other nodes to forward through
  it
• The node arbitrarily drops packets
• Creates holes in the sensing environment

S3
BS
S4
S2
A1
S1
S5
S8
S6
S7
19
SUMP OverviewCountering Routing Attacks

• Grouping by Level opposed to locality
• Group management becomes an issue
• How does a node know its group?
• How does a node determine if a message is
  legitimate?

20
Approaches to Group authentication

• Cryptographic accumulators
• Only a single value is stored
• Computation of the value is resource consuming
• Key chain commitment
• Easy to authentication
• Increases the storage requirement of the sensors.

21
A light-weight Alternative

• Using merkle hash trees the computational
  intensity is limited
• Authentication is preformed with log(n) hashes
• Nodes only store one value

22
Merkle Hash Trees

• A hash of the nodes IDs form the leaves of the
  tree.
• All other elements are hashes of the
  concatenation of the elements children
• Each node stores the root value of the tree

23
Merkle Hash Trees

• Authentication chains
• A list of the sibling values of each element in
  the path from the leaf to the root.
• If the root can be produced, the authentication
  is successful.
• Auth chain for 1 H(1), H(H(3).H(4))

H(H(H(1).H(2)).H(H(3).H(4)))
H(H(1).H(2))
H(H(3).H(4))
H(1)
H(2)
H(3)
H(4)
24
Path Establishment

• Base Station transmits hello message
• Nodes record the hop count, increment the count,
  and retransmit the hello packet
• Nodes reply including there own ID
• Nodes forward replies and Concatenate their ID to
  the reply

25
Path Establishment

• Base station records all path information from
  each reply
• The first reply received from a sensor is the
  primary path (fastest turnaround time)
• All other paths are recorded as alternate paths
• Reply(2.IDB. IDA)
• Level of B 2
• Path to B A, B

26
Path Establishment

• After path establishment
• Base station groups all sensors of the same
  level, and produces a Mekle Hash Tree for each
  level
• The IDs of the sensors are the leaves
• The root of the tree is distributed

27
Storage requirement

• Base Station
• All sensors IDs
• All sensors level
• All sensors symmetric keys
• A representation of the Merkle Hash Tree for each
  level

• Sensors
• ID
• Level
• symmetric key
• Root of its levels Merkle Hash Tree

28
Message propagation

• Base station
• Concatenates the message, msg, to the ID of the
  destination sensor
• Produces the authentication chain for the sensor,
  and concatenates the message to the chain.
• encrypts the resulting message with the symmetric
  key of the sensor

29
Message propagation (Outgoing)

• Base station (cont.)
• The base station concatenates the authentication
  chain of each sensor in the path to the
  destination in reverse order, and encrypts with
  the symmetric key of the intermediate sensor.
• Below is an example message to sensor 2.

K5(auth5.K3(auth3. K2(auth2.ID2.MSG)))
30
Message propagation (Outgoing)

• Sensors
• Decrypt packet
• Attempt to authenticate
• If successful and more authentications present,
  remove used authentications and retransmit.
• If successful and no more authentications are
  present, check the ID field and process
  accordingly.
• If unsuccessful, drop packet.

31
Strengths

• Level by level authentication of messages
• The base station has global view of the network
• Network faults (node deaths) are detectable
• Directed communication

32
Weaknesses

• Large message size
• Outbound communications are limited in size
• Limited group size

33
Future Work

• Integration with a multicast messaging service.
• Experimentation with less constrained devices
  (i.e. pocketPC, SPOT)
• Deployment in real world environments

34
Conclusion

• Routing level attacks are defendable with a
  level-wise grouping method
• Merkle Hash trees provide a light-weight
  alternative to expensive group authentication
• By increasing packet size storage requirements of
  sensors can be lessened

35
Any Questions?