Key Management in Mobile and Sensor Networks - PowerPoint PPT Presentation

About This Presentation
Title:

Key Management in Mobile and Sensor Networks

Description:

Key Management in Mobile and Sensor Networks Class 17 Outline Challenges in key distribution, trust bootstrapping Pre-setup keys (point-to-point, public) Resurrected ... – PowerPoint PPT presentation

Number of Views:116
Avg rating:3.0/5.0
Slides: 28
Provided by: Adrian209
Learn more at: http://www.cs.cmu.edu
Category:

less

Transcript and Presenter's Notes

Title: Key Management in Mobile and Sensor Networks


1
Key Managementin Mobile and Sensor Networks
  • Class 17

2
Outline
  • Challenges in key distribution, trust
    bootstrapping
  • Pre-setup keys (point-to-point, public)
  • Resurrected ducking
  • PGP trust graph
  • Trusted third party (TTP)
  • Kerberos, SPINS
  • PKI
  • Key infection
  • Random-key predistribution

3
Key Management
  • Goal set up and maintain secure keys
  • Public keys for signature verification or
    node-to-node key setup
  • Shared keys for confidentiality or authenticity
  • Group keys for secure group communication
  • Challenges
  • Trust establishment (Class example?)
  • Node compromise
  • Dynamic node addition/removal

4
Network Architectures
  • Closed networks, centralized deployment (trusted
    authority controls and deploys nodes)
  • All-pairs shared keys, or all public keys
  • PKI, TTP (Kerberos, SPINS)
  • Zhou Haas threshold key management
  • Randomkey predistribution
  • Open networks, autonomous deployment
  • Resurrected duckling
  • PGP web of trust
  • Key infection

5
Full Key Deployment
  • Symmetric case
  • All-pairs shared keys (need O(n2) keys)
  • Challenge node addition
  • Asymmetric case
  • Distribute every nodes public key (n keys)
  • Nodes can easily set up secure shared keys

6
Trusted Key Management Center
  • Symmetric case
  • Trusted third party (TTP) shares key with each
    node (n keys)
  • Set up key between two nodes through TTP
  • Kerberos, SPINS key agreement protocol
  • Asymmetric case
  • Public-key infrastructure (PKI)
  • Certification authority (CA) signs public keys of
    nodes
  • All nodes know CAs public key

7
Zhou Haas Key Management
  • PKI drawbacks
  • Revocation requires on-line PKI
  • Single point of failure, CA replication increases
    vulnerability to node compromise
  • Distributed CA Model, tolerates t faulty nodes
  • Threshold signatures
  • Signing needs coalition of t1 correct nodes
  • Secret sharing prevents t malicious nodes from
    reconstructing CA private key
  • Proactive security
  • Defend against mobile adversary

8
Discussion
  • How can share refreshing tolerate faulty nodes?
  • How can we tolerate compromised combiner?
  • Who decides to be a combiner?
  • How can we bootstrap this system?
  • How can we introduce a new node?
  • Why should node sign a message?
  • How does node authenticate message?
  • Is signature combination expensive if we have t
    faulty nodes?
  • How efficient are these mechanisms?

9
Randomkey Predistribution
  • Scenario deploy 104 mote sensor from airplane
  • Goal set up secure node-to-node keys
  • Simple approaches impractical
  • Network-wide secret key
  • Pairwise shared key with every other node
  • Pairwise shared key with neighbors
  • Public key infrastructure

10
Basic Random Key Scheme
  • Eschenauer and Gligor, ACM CCS 2002
  • Observation no need for all pairs of nodes to be
    able to communicate to get a connected network
  • For any 2 nodes, if they can communicate with
    some probability p, then the network is a random
    graph that is connected with high probability
    (e.g. 0.999)
  • p is a given parameter, dictated by communication
    range and density of deployment of the nodes

11
Basic Random Key Scheme
2128
Total Key Space
12
Key capture
  • Security of the basic scheme is dependent on the
    adversary not knowing the key pool P
  • Suppose adversary can compromise sensor nodes and
    read the keys off their key rings
  • E.g., adversary captures node X and discovers key
    k. If node A and B were communicating using key
    k, the adversary can now eavesdrop although
    neither A or B was compromised.
  • How can we improve resilience to node capture?

13
q-Composite Keys scheme
  • Require any 2 nodes to share at least q keys to
    communicate
  • Adversary must discover all q keys to eavesdrop
  • To maintain probability of communication between
    any 2 nodes p, must reduce size of key pool
    (samples from a smaller pool are more likely to
    overlap)
  • Smaller key pool ? keys are more likely to be
    reused

14
Resilience vs node capture
15
Duckling Key Establishment
  • Anderson and Stajano, IWSP 99
  • Problem how can we set up keys in a ubiquitous
    computing environment?
  • Devices use wireless communication
  • How to set up a key between household devices and
    PDA?
  • Solution set up keys using trusted communication
    channel
  • Physical contact establishes a secure channel

16
Duckling Security Model 1
  • Assumes wireless communication
  • Goals
  • Availability
  • Guard against jamming and battery exhaustion
  • Sleep deprivation torture attack
  • Secure transient association with device
  • Even in absence of a trusted server
  • Security assiciations keep changing, as devices
    change owners, or owner changes controller

17
Duckling Security Model 2
  • Life cycle similarities
  • Life cycle of a device
  • Buy device in store
  • Unpack it at home
  • Device breaks or gets a new owner
  • Life cycle of a duckling
  • Duckling is in egg
  • When duckling hatches, first object is viewed as
    mother imprinting
  • Duckling dies
  • Device ownership similar to ducks soul

18
Duckling Security Model 3
  • Device life cycle
  • Imprinting device meets master when it wakes up
  • Reverse metempsychosis device dies and gets new
    owner
  • Escrowed seppuku manufacturer can kill device to
    enable renewed imprinting
  • Physical contact establishes secure key during
    imprinting phase

19
PGP Web of Trust
  • Problem how can we establish shared keys in ad
    hoc network without trusted PKI?
  • Approach use PGP web of trust approach
  • Jean-Pierre Hubaux, Srdan Capkun and Levente
    Buttyán The Quest for Security in Mobile Ad Hoc
    Networks, MobiHoc 2001

20
Distributed storage of local certificates
  • Nodes issue certificates (sign others keys), as
    in PGP
  • Each node stores the certificates that it issued
    (out-bound certificates) and the certificates
    that other nodes issued for it (in-bound
    certificates)

v
u
21
Creating the subgraphs
  • Each node builds up its own out-bound and
    in-bound subgraphs
  • To establish secure communication, u and v merge
    their subgraphs and see if they intersect

v
u
22
Key Infection
  • Ross Anderson and Adrian Perrig, 2001
  • Goal Light-weight key setup among neighbors
  • Assumptions
  • Attacker nodes have same capability as good nodes
  • Attacker nodes less dense than good nodes
  • Attacker compromises small fraction of good nodes
  • Basic key agreement protocol
  • A ? A, KA
  • B ? A A, B, KB KA
  • KAB H( A B KA KB )

23
Key Infection
  • Broadcast keys with maximum signal strength

M1
M4
M3
A
B
M2
24
Key Whispering Extension
  • Broadcast keys with minimum signal strength to
    reach neighbor

M1
M4
M3
A
B
M2
25
Secrecy Amplification
  • A B share KAB, A C share KAC, , etc.
  • Strengthen secrecy of KAB
  • A ? C B, A, NA KAC
  • C ? B B, A, NA KCB
  • B ? D A, B, NB KBD
  • D ? E A, B, NB KDE
  • E ? A A, B, NB KAE
  • KAB H( KAB NA NB )

C
B
A
E
D
26
Key Infection Summary
  • Highly efficient
  • Detailed analysis in progress
  • Preliminary simulation results
  • Nodes uniformly distributed over a plane
  • D (density) average of nodes within radio
    range
  • of attacker nodes 1 of good nodes
  • Table shows fraction of compromised links

D Basic Whisper SA SA-W
2 1.1 0.4 1.0 0.3
3 1.8 0.6 1.4 0.5
5 2.9 1.0 2.4 0.8
27
Discussion
  • Tradeoff
  • Trust perimeter and security?
  • Security and management?
Write a Comment
User Comments (0)
About PowerShow.com