A Holistic Approach to Secure Sensor Networks

1
A Holistic Approach to Secure Sensor Networks

• Sasikanth Avancha

2
Application Scenario
Biological Attack !!
3
Wireless Sensor Network
Command Control
Secure, Fixed Base Station
Biological Attack !!
Secure, Mobile Base Station
4
Wireless Sensor Network
Command Control
Secure, Fixed Base Station
Subversive Attack !!!
Secure, Mobile Base Station
Biological Attack !!
5
Adaptive Wireless Sensor Network
Command Control
Secure, Fixed Base Station
Subversive Attack !!!
Secure, Mobile Base Station
Biological Attack !!
6
Outline

• WSN State-of-the-Art
• Thesis Statement
• SWANS
• SONETS
• Conclusions

7
WSN State-of-the-Art

• Energy, Networking, Data Management, Security
• Energy conservation is key
• Solutions designed mostly for homogeneous WSNs
• Security not a basic building block
• Few solutions adaptive to environmental variations

8
Thesis

• Holistic Approach to WSN Design
• Mechanisms to detect, classify respond to
  environmental variations
• Security as basic building block
• Result
• Adaptive WSNs tuned to environment
• Improved performance
• Security
• Longevity
• Connectivity

9
Secure Adaptive WSN Framework

• SWANS Two-tiered adaptability mechanism
• Node-level Adaptability
• Network-level Adaptability
• SONETS Secure self-organization
• Varied threat models
• End-to-end pair-wise secure links
• Misbehavior detection network repair

10
Wireless Sensor Network Adaptability

• Ontological approach
• Identify parameter set and build module ontology
• Create node ontology to describe sensor node
  states
• Create network ontology to describe network
  states
• Establish rules to enable nodes and network to
  modify operational behavior

11
Related Work

• SPIN, Heinzelman et al. (Mobicom, 1999)
• T-MAC, van Dam et al. (SenSys, 2003)
• AIDA, He et al. (ACM TECS, 2004)
• Adaptive Sampling, Jain et al. (DMSN, 2004)
• ARC, Kang et al. (Basenets, 2004)
• Adaptive routing
• LEACH
• Directed Diffusion

12
WSN Model
13
Node-level Adaptability
14
Parameter Set

• PHY
• Received power per packet, noise power
• Carrier loss, format violation and HEC failure
  rates
• MAC
• Failed transmission, multiple retry and collision
  ratios
• FCS failure rate
• Routing
• Node degree
• Compromised node/link count
• Failed node count
• Reachable RRN count
• Path and hop counts to RRNs
• Router count

15
Parameter Set

• Energy
• Remaining energy capacity
• Energy consumption rate
• Sensor layer
• Sensor accuracy
• Sensor energy consumption

16
Monitor Report

• Establish lower and upper bounds for each
  parameter
• Monitor parameter values (per epoch/packet
  count/)
• Map parameter values to ontological symbols
• Provide symbols to Logic Component

17
Module Ontology

• Logic Component
• PHY, MAC, Routing, Energy and Sensor states
• Tabular representation
• Resource-constrained nodes
• Boolean expressions
• OWL-DL representation
• Resource-enhanced nodes
• Parameters as owlObjectProperty
• Module states as owlClass

18
Module Ontology
ltowlClass rdfID"PHYJammedByNoise"gt
ltowlintersectionOf rdfparseType"Collection"gt
ltowlClass rdfabout"PHY"/gt
ltowlRestrictiongt ltowlonProperty
rdfresource"noisePower"/gt
ltowlhasValue rdfresource"Amount_Abnormal"/gt
lt/owlRestrictiongt
lt/owlintersectionOfgt lt/owlClassgt
19
Module Ontology

• ltowlClass rdfID"PHYJammed"gt
• ltrdfssubClassOf rdfresource"PHY"/gt
• ltowlunionOf rdfparseType"Collection"gt
• ltowlClass rdfabout"PHYJammedByNoise"/gt
• ltowlClass rdfabout"PHYJammedDueCarrierLo
  ss"/gt
• lt/owlunionOfgt
• lt/owlClassgt

20
Node Ontology

• Sensor node states
• PHY, MAC, Routing, Energy and Sensor states
• Classes representing sensor node states
• Restrictions
• Subsumption - subclassOf, intersectionOf, unionOf
• Deployable on sensor nodes
• Tabular representation
• OWL-DL representation
• Deploying on RRNs
• memory vs. energy trade-off

21
Node Ontology

• ltowlClass rdfID"SensorNodePHYJammed"gt
• ltowlintersectionOf rdfparseType"Collection"gt
  
• ltowlClass rdfabout"SensorNode"/gt
• ltowlRestrictiongt
• ltowlonProperty rdfresource"hasPHY"/gt
• ltowlsomeValuesFrom rdfresource"PHYJam
  med"/gt
• lt/owlRestrictiongt
• lt/owlintersectionOfgt
• lt/owlClassgt

22
Node Ontology

• ltowlClass rdfID"SensorNodeJammed"gt
• ltrdfssubClassOf rdfresource"SensorNode"/gt
• ltowlunionOf rdfparseType"Collection"gt
• ltowlClass rdfabout"SensorNodePHYJammed"/
  gt
• ltowlClass rdfabout"SensorNodeMACJammed"/
  gt
• lt/owlunionOfgt
• lt/owlClassgt

23
Logic Component Implementation

• Java Theorem Prover
• KB, reasoning engine
• Server mode of operation
• Receive instance of sensor node state from
  monitor
• tell instance to KB
• ask query (rdftype snode.owlSNi ?x)
• Return answer(s)
• undo last operation (i.e., retract sensor node
  state instance)
• Result is nodes current state

24
Action Component

• Node state NS, Operational state ?
• Sensor node rule set
• NS(Jammed) V NS(SDTA) V (NS(Disconnected) ?
  ES(Low Energy)) ? OS(Sleep)
• NS(Disconnection Imminent) ? ES(Normal) ?
  OS(Increase Tx Range)
• NS(High Node Degree) V NS(Low Accuracy) V
  NS(Abnormal Routing Info.) ? OS(Extend Active
  Period)

25
Network-level Adaptability
26
RRN Monitoring Reporting

• Obtain individual node states
• Periodic report
• Query mechanism
• Classify nodes according to reported state
• Determine cardinality of each class
• Map to ontological symbols

27
RRN Logic Component

• Classify cluster instance represented by
  ontological symbols network ontology
• Network ontology
• OWL-DL implementation
• Classes representing cluster states
• Subsumption Restriction
• Output
• Current logical state of cluster based on node
  states

28
RRN Action Component

• Cluster state X, Instructions ?
• RRN rule set
• CS(Under SDTA) ? Detected(A) ? Detects(S, A) ?
  NS(S, Sleep) ? NS(S, Active)
• CS(Normal) ? Detected(A) ? Detects(S, A) ? Stop
  Aggregation(S)

29
Evaluation

• Problem
• Node addition attack (Zhu et al., CCS 2003)
• Legitimate node addition
• SWANS Solution
• Monitor node degree
• State Node degree ? ? Operation Security
  level ?
• Result
• Malicious nodes thwarted
• Legitimate nodes accepted

30
Adapt to Node Degree Increase

• 800 node network
• 400 nodes observe
• node degree ?

Average energy consumed per node (J)
Simulation Time (seconds)
31
Determining ND Thresholds

• Initial size 200 to 390
• ND increase 5
• Final size 210 to 400
• µ?, s?
• Determine n1, n2

Average energy consumed per node (J)
Simulation Time (seconds)
32
Evaluation

• Problem
• Sleep deprivation torture attack (Stajano and
  Anderson, 1999)
• SWANS solution
• Monitor HEC FCS failures, format violations,
  collisions
• Node state SDTA ? Operation Sleep
• Report node operational states to RRNs
• RRNs Compute network state, modify node
  operation
• Result
• Network balances energy saving and utility

33
Adapt to SDTA

• 800-node WSN
• 400 nodes attacked

Affected nodes detect SDTA enter sleep state
Average energy consumed per node (J)
RRNs compute global state wake up some nodes
Simulation Time (seconds)
34
Evaluation

• Problem
• Node failures due to malfunction or attacks
• SWANS solution
• Nodes monitor count of failed neighbors (FN)
• Node state disconnected ? Op. state Tx range
  increase
• Result
• Nodes increase Tx range, prevent network
  partitioning
• Node degrees increase, hop counts decrease
• Trade-off is between connectivity and energy
  consumption

35
Adapt to Node Failures (Node degree)
Average Node Degree
Network Size
36
Adapt to Node Failure (Hop counts)
Average Hop Count
Network Size
37
SONETS

• Neighbor discovery
• P-SONETS Centralized
• C-SONETS D-SONETS Distributed
• Topology discovery network setup
• P-SONETS Centralized, no key management
• C-SONETS Centralized pair-wise key management
• D-SONETS Distributed pair-wise key management
• Topology Maintenance
• Multi-hop pair-wise key establishment
• Node addition deletion

38
Threat Models

• Adversary presence
• Local, Global
• Adversary attack mode
• Passive, Active
• Adversary attack capability
• Before, during, after self-organization

39
Related Work

• Probabilistic Approaches
• Eschenauer Gligor, CCS 2002
• Chan et al., ISSP 2003
• Du et al., CCS 2003
• Liu Ning, CCS 2003
• Deterministic Approaches
• Perrig et al., WINET 2002
• Zhu et al., CCS 2003
• Anderson et al., ICNP 2004

40
P-SONETS
BS to j EKBS(, EKj(j, Nonce, HELLO)) j to BS
EKBS(j, EKj(j, Nonce, HELLO_REPLY))
14
19
1
BS
BS to k EKBS(, EKj(j, N1, RELAY)), EKk(k, N2,
HELLO) j to k EKBS(k, EKk(k, N2, HELLO)), ? k to
j EKBS(k, ?), EKk(k, N2, HELLO_REPLY) j to BS
EKBS(k, EKk(k, N2, HELLO_REPLY)), EKj(j, N1)
5
23
9
3
11
BS List of all keys Kj j KBS, Kj
41
P-SONETS

• Network repair
• BS tracks node aberrance
• Lack of data
• Corrupt data
• Reasons for aberrance
• Node is dead/compromised 2HN
• Node is 2HN relay point is dead/compromised
• Node is dead/compromised 1HN
• BS repairs network
• Delete aberrant nodes
• Reassign relay points, if required

42
P-SONETS

• Simulation using SensorSim (UCLA)
• 100 node WSN
• Simple radio battery models
• Varied sensor node distribution in each hop
• Average energy consumption
• Total initial energy in network 3600 Asec
• Node discovery, topology discovery, network
  setup 36 mJ
• Network repair when fixed number of nodes fail 8
  mJ

43
C-SONETS

• 1 to R EK1(lt5, 19, 14gt)
• R to 1 EK1(ltx15, x119, x114gt)
• R to 5 EK5(x51)
• R to 14 EK14(x141, ltR,2,1gt)
• Node 1 K15 f (x15 ? x1)
• Node 5 K15 f (x51 ? x5)
• 14 to 1 EK114(FWD, lt13gt)
• 1 to R EK1(DATA, lt13gt)
• R to 14 EK14(x1413)
• R to 13 EK13(x1314, ltR,3,14gt)
• Node 14 K1413 f(x1413 ? x14)
• Node 13 K1314 f(x1314 ? x13)

C-SONETS
19
14
K119
K114
K1413
1
13
K15
K1
K5
5
R
Kn, Ku, xu on each node u R
x15 x5 ? R15 x51 x1 ? R15
44
Energy Consumption

• Tx Rx
• Encrypt Decrypt
• Hashing
• O(n3)
• Existing Protocols
• 100s of mJ

Average energy consumed per node (J)
Network Size (n)
45
Node degree Hop count

• Analytical Expression
• Bettstetter 2002
• E(d) ?pr02
• where,
• ? n/Area
• n/(25x104 m2)
• r02 Tx range
• 75 m
• E(d) 7 to 70
• E(h) 4

Average node degree (d)
Hop count (h)
Network size (n)
46
D-SONETS

• Node 1 Broadcast M1
• M1 EKn(, 1, EKf(5)(5,x51) )
• x51 x1 ? R51,
• Node 5 Broadcast M5
• M5 EKn(, 5, EKf(1)(1,x15))
• x15 x5 ? R15,
• Node 1 computes
• K15 f (x15 ? x51)
• Node 5 computes
• K15 f (x51 ? x15)
• Node 1 to Node 14 M114
• EKn(14, 1, EK114(ltR,1gt, lt5,1gt, ))

D-SONETS
19
14
K119
K114
K1413
M1
M5
M1
1
M114
13
K15
K1
M1
M5
5
R
K5
Kn, Ku, xu on each node u R
47
Energy Consumption (D-SONETS)

• 50 of C-SONETS
• Existing Protocols
• 1/3 D-SONETS
• n 500
• 1/10 D-SONETS
• n gt 500

Average energy consumed per node (J)
Network size (n)
48
Security Analysis

• Node compromise
• Effect limited to 1-hop neighborhood
• Links between uncompromised nodes remain secure
• Sybil (Douceur 2002)
• Identity-based authentication
• Wormhole Sinkhole (Karlof and Wagner, 2003)
• Routing not based on shortest path
• Node replication
• RRNs exchange topology information periodically
• Restrict node degree

49
Node Deletion

• Neighbors detect misbehavior
• Initiate voting process
• Majority affirmative vote to delete
• Inform RRN
• Provide list of yea voters
• RRN may poll individual voters
• RRN
• Generate new common shared key Kn
• Secure unicast

50
Conclusions

• WSNs crucial component of pervasive computing
  environments of the future
• WSNs in tune with application environment
• Secure
• Adaptive
• Our framework is comprehensive solution
• Security protocols for different levels of
  security
• SONETS protocol suites scalable, efficient,
  resilient
• SWANS provides multi-tiered WSN adaptability

51
Future Work

• Adaptive data fidelity
• Support for sensor adaptability
• Tune smart MEMS
• Real-world sensor deployment evaluation
• Memory
• Computational power
• Comprehensive high-level policy
• Govern WSN operational behavior
• Resolve conflicts