Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks

Vulnerability Analysis Wireless Sensor Networks: Challenges and Solutions Sajal K. Das

advertisement 
Vulnerability Analysis Wireless Sensor
Networks: Challenges and Solutions
Sajal K. Das
National Science Foundation, CISE/CNS
Center for Research in Wireless Mobility and Networking (CReWMaN)
E-mail: das@uta.edu
http://crewman.uta.edu
Acknowledgements: NSF, AFOSR
S. K. Das
Outline
¾ Wireless
Wi l
S
Sensor N
Networks
k (WSN
(WSNs))
¾ Securityy Challenges:
g
Need for Multi-level Approach
pp
¾ Modeling Node Compromises: Epidemic Theory
¾ Secure Data Aggregation: Reputation and Trust Model
¾ Node
N d R
Replication:
li ti
S
Sequential
ti l H
Hypothesis
th i T
Testing
ti
¾ Revoking
g Compromised
p
Nodes: Keyy Management
g
¾ Self-Correction: Digital Watermarking
¾ Conclusions
S. K. Das
Wireless Sensor Network (WSN)
We live in a cyber-physical
cyber physical world that we
need to understand, serve, and control
Communication
Computation
(Wireless)
Sensory Data: A/D conversion,
Compression, Filtering,
Aggregation, Analysis
Broadcast sensory data
data,
Dissemination, Routing
Control
(Sensing / Actuation)
Sensing the physical world:
temperature, humidity, pressure,
g t, velocity,
e oc ty, sou
sound,
d, image
age
light,
S. K. Das
WSN Applications
Monitoring and Control
- Habitat
- Environment
- Ecosystem
Ecos stem
- Agricultural
- Structural
- Traffic
- Manufacturing
- Health
H lh
Security and Surveillance
- Infrastructure Security
- Border and Perimeter Control
- Target Tracking
- Intrusion Detection
S. K. Das
WSN Applications
ƒ Sensor networks are deployed in unmonitored
t
terrain
i in
i high
hi h d
density
it and
d large
l
scale
l
ƒ Post-deployment access and control is an issue
ƒ Multi-modal functioning which require
reprogramming/data dissemination
ƒ Change applications
Micaz
ƒ Troubleshoot
Tmote
SunSPOT
ƒ Security is critical in many applications
Wireless Sensing Devices embedded in
our environment gathering data on physical
phenomena !
p
Acknowledgment : http://www.eecs.harvard.edu/~mdw/proj/volcano/
S. K. Das
Security Challenges in WSNs
Limited resources Æ Limited defense capability
– Energy (battery power), wireless bandwidth,
computational power, storage, radio communication
range (connectivity), sensing range (coverage)
– Public key too costly to authenticate packets with
digital signatures and to disclose key with each packet
–
Storing one-way chain of keys requires more memory
and
d computation
t ti for
f message en-route
t nodes
d
S. K. Das
Security Challenges in WSNs
Uncertain, unattended / hostile environment
– Uncertainty in sensing accuracy, wireless links,
mobility, topology control, deployment (density), . . .
– Faulty prone nature vs. compromises (insider attacks)
Distributed control Æ No global knowledge
In-network processing: data fusion to exploit spatiotemporal redundancy Æ Loss of integrity, confidentiality
Multiple-attacking angles
Î Single level defense mechanism highly vulnerable
– Cryptographic technique is not the panacea
S. K. Das
Threats to WSNs
Node Compromises / Replications and Intrusions
– Physical capture
– Sophisticated analysis: differential timing / energy analysis
Revealed Secrets
– Cryptographic keys, codes, commands, etc.
Enemy’s Puppeteers
– Trojans in the network with full trust
Discredit normal nodes
Selective packet dump
Report false data
Compromised Node
Infect other nodes
Forge command
False routing info
S. K. Das
Need for MultiMulti-level Solution
Att k att multiple
Attacks
lti l possible
ibl levels
l
l to
t be
b defended
d f d d
– Model the propagation of node compromises
M d li
Modeling
E
E.g.,
ttrojan
j virus
i
spreading
di
– Detect compromised nodes & forged data
E.g., abnormal reports
– Revoke revealed secrets
E.g., broadcast confidentiality
Detection
Revocation
Self-correction
– Self-correct and purge false data
E.g., average temperature calculation
Purge
S. K. Das
Multi--Level, Integrative Framework
Multi
Highly Assured
Network Operation
Epidemic Theory
Theoretical
Contain Outbreak Foundations
Compromise Process
Modeling
Architectural
Components
Topology Control
Information Theory
Detect Compromise
Trust / Belief Model
Key Management
Cryptography
Revoke Revealed Secrets
Secure Aggregation
Digital Watermarking
Node Compromise
p
Game Theory
Uncertainty Characterized
Resource Limited Environment
Self-Correct
Tampered Data
P
Purge
Tampered Data
Secure Routing
DoS Defense
Intrusion Detection
S. K. Das
Relevant Publications
•
W. Zhang,
W
Zhang S
S. K
K. Das
Das, and Y
Y. Liu
Liu, “A
A Trust Based Framework for Secure Data Aggregation in
Wireless Sensor Networks,” IEEE SECON 2006.
•
J.-W. Ho, M. Wright, and S. K. Das, “ZoneTrust: Fast Zone-Based Node Compromise
Detection and Revocation in Sensor Networks Using Sequential Analysis," IEEE SRDS 2009.
•
J.-W. Ho, M. Wright and S. K. Das, “Fast Detection of Replica Node Attacks in Mobile
Sensor Networks Using Sequential Analysis,” IEEE INFOCOM 2009.
•
P. De, Y. Liu, and S. K. Das, “An Epidemic Theoretic Framework for Vulnerability Analysis of
Broadcast Protocols in Wireless Sensor Networks
Networks,” IEEE Transactions on Mobile
Computing, Vol. 8, No. 3, pp. 413-425, Mar 2009.
•
P. De, Y. Liu and S. K. Das, “Deployment Aware Modeling of Compromise Spread in Wireless
Sensor Networks,” ACM Transactions on Sensor Networks, 2009.
•
J.-W. Ho, M. Wright, D. Liu, and S. K. Das, “Distributed Detection of Replicas with
Deployment Knowledge in Wireless Sensor Networks,” Ad Hoc Networks, Aug 2009.
•
P. De, Y. Liu and S. K. Das, “Energy Efficient Reprogramming of a Swarm of Mobile Sensors,”
IEEE Transactions on Mobile Computing,
p
g, 2009.
•
W. Zhang, S. K. Das, Y. Liu, “Secure Aggregation in Wireless Sensor Networks: A Digital
Watermarking Approach,” Pervasive and Mobile Computing, 2008.
S. K. Das
Modeling Compromises: Epidemic Defense
Premise: Node compromises in WSN broadcast protocols
– Capture node deployment, key distribution, topology
Research Objectives:
– Model
M d l and
d analyze
l
spreading
di process off node
d compromises
i
– Characterize network-wide propagation rate and outbreak
transition point of compromise process
– Study impact of infectivity duration of compromised nodes
– Capture time dynamics of the spread
– Identify critical parameters to prevent outbreaks
S. K. Das
System Model
Random Pair-wise Key Pre-distribution
–A set of keys randomly chosen from a key pool
Physical Topology
Virtual Key-Sharing Topology
S. K. Das
Sensor Network Model
Modeled as undirected geometric random graph
– N nodes uniformly randomly distributed
– Unit Disk Model with transmission radius Rc
– α(duv ) is the probability of existence of an edge between nodes
d uv
u and
d v att distance
di t
N
– Node density σ =
A
A = area of the terrain
Rc
u
v
d uv
S. K. Das
Sensor Topology Model
N
ρ = 2 denotes the node density of the network
R
N = total number of nodes
nodes, R = sensing radius
p = probability of existence of a physical link
r ρ
p=
N
2
r = average communication range between nodes
Probabilit for l nodes within
Probability
ithin communication
comm nication range
p (l ) =
( )p (1 − p)
N
l
l
N −l
S. K. Das
Sensor Topology Model
q = prob.
prob of sharing pair
pair-wise
wise key between neighboring nodes
Probability of sharing at least one key with exactly k
neighbors given l nodes within its range:
p(k l ) =
( )q
l
k
k
(1 − q )
l −k
Probability of having k neighbors sharing at least one key:
∞
p (k ) = ∑ p(l ) p(k l )
l =kk
∞
p(k ) = ∑
l =k
( )p (1 − p) ( )q
N
l
l
N −l l
k
k
(1 − q )
l −k
S. K. Das
Infection Spread Model
Rc
Source Node
Inoperative R(t)
Infective I(t)
Susceptible S(t)
S. K. Das
Epidemic Theoretic Framework
Model infection spread in a population of susceptibles
- Random graph based spatial model
- Differential
Diff
i l equation
i based
b
d temporall model
d l
Design
g spread
p
model using
g network characteristics
- Local interactions based on transmission range
- Number of contacts determined by degree distribution of the
key sharing network
Estimate the rate of infection (β) based on Rc
- Rate of communication paradigm of the broadcast protocol
- Infectivity potential (ρ) of the data
S. K. Das
Epidemic Analysis
When nodes do not recover, transmissibility (T) is
expressed only in terms of the infection probability, \beta
Node
N
d recovery is
i captured
t db
by expressing
i ttransmissibility
i ibilit
as a function of average duration of infectivity, τ
1 − T = lim (1 − βδ t )τ δt
δt → 0
T = 1 − e βτ
Average cluster size as epidemic attains outbreak proportions
TG 0' (1)
s = 1+
1 − TG 1' (1)
Average Epidemic size after outbreak results
S = 1 − G 0 (u )
u = G 1 (u )
S. K. Das
Epidemic Size with infection probability
q=p
prob. of sharing
gp
pair-wise key
y between neighboring
g
g nodes
p = probability of existence of physical link
1
Fractio
tion of Network
rk Compromised
ed
0.9
0.8
0.7
0.6
0.5
0.4
N = 1000
p = 0.25
0.3
q=0.01
q=0.02
q=0.04
q=0.1
0.2
0.1
0
0
0.1
0.2
0.3
0.4
0.5
Transmissibility (T)
0.6
0.7
0.8
S. K. Das
Epidemic Size with infectivity duration
q=p
prob. of sharing
gp
pair-wise key
y between neighboring
g
g nodes
p = probability of existence of physical link
1
Frac
action of Networ
ork Compromis
ised
0.9
0.8
0.7
0.6
0.5
N = 1000
q = 0.04
p = 0.25
0.4
β=
β=
β=
β=
β=
0.3
0.2
0.1
0
0
50
100
150
200
Infectivity Duration τ
250
300
0.01
0.02
0.04
0.08
0.2
350
S. K. Das
Deluge : Data Propagation Rate
Analytical
Simulation
Model captures rate of data propagation over dissemination protocols
S. K. Das
Simulation Study
Capture the time dynamics of the spread of compromise
Observe duration and nature of gradual recovery process
Observe effects of various network parameters
– Average node degree of key sharing network
– Average infection rate
– Average duration of infectivity
S. K. Das
Simulation Results
Under both scenarios – no node recovery and node recovery
τ = 10
τ = 30
Dynamics of the Infected, Susceptible and Revoked nodes
Dynamics of the Infected, Susceptible and Revoked nodes
1.2
1.2
1
1
0.8
Fraction of Network
Fraction of Network
0.8
0.6
z=3
β = 0.6
0.4
S(t)
I(t)
R(t)
0.2
0.6
S(t)
I(t)
R(t)
0.2
0
0
−0.2
z=3
β = 0.9
0.4
−0.2
0
100
200
300
400
500
600
700
0
100
200
1.2
1
1
Fraction of Netw
twork
Fraction of Netwo
work
z=5
β = 0.35
0.4
0
0
−0.2
100
200
300
400
Time(t)
τ = 10
500
600
700
700
S(t)
I(t)
R(t)
0.4
0.2
0
600
0.6
0.2
−0.2
500
0.8
S(t)
I(t)
R(t)
0.6
400
Dynamics of the Infected, Susceptible and Revoked nodes
Dynamics of the Infected, Susceptible and Revoked nodes
1.2
0.8
300
Time(t)
Time(t)
β = 0.5
z=5
0
100
200
300
400
500
600
700
Time(t)
τ = 10
S. K. Das
Developing Belief / Trust Model
Premise: False data injection from compromised nodes
–Cryptographic techniques ineffective
Objectives: Trust model to identify and purge false data
data.
Reduce uncertainty in data aggregation / fusion.
Solution:
–Information theoretic (relative entropy) measure to quantify
reputation / opinion of data, leading to higher confidence
Belief, disbelief, uncertainty, relative atomicity
–Josang’s belief model to define and manage trust
propagation through intermediate nodes along the route
–Identify malicious nodes by learning and outlier classification
–p
purge
g false data to achieve secure aggregation
gg g
W. Zhang, S. K. Das and Y. Liu, “A Trust Based Framework for Secure
Data Aggregation in Wireless Sensor Networks, IEEE SECON, Oct 2006.
S. K. Das
Sensor Network Model
Base Station
(Sink)
cluster head
aggregator
sensor nods
(cluster member)
S. K. Das
Josang’s Belief Model
Opinion: ω = (b, d, u, a), b + d + u = 1
b: belief
d: disbelief
u: uncertain
a: relative atomicity
b, d, u, a ∈ [0,1]
Expected Opinion: O = E(ω) = b + au
ωAH :Cluster head’s opinion about aggregator
ω AH1 =( 0 .95 ,0 .03 ,0 .02 ,0 .5 )
O AH1 = 0.95 + 0.5 * 0.02 = 0.96
ωXA : Aggregator’s opinion about its report X
ω XA1 = ( 0 .688 ,0 ,0 .312 ,0 .9 )
O XA1 = 0.688 + 0.9 * 0.312 = 0.969
S. K. Das
Belief Propagation: Subjective Logic
Belief discounting (recommendation)
Cluster head’s opinion about X as a result of aggregator’s opinion:
ωXH:A = ωAH ⊗ωXA = (bXH:A,dXH:A, uXH:A,aXH:A)
b XH : A = b AH ∗ b XA
u XH : A = d AH + u AH + b AH u XA
d XH : A = d AH ∗ d XA
a XH : A = a XA
ω AH1 = ( 0.95 ,0.03 ,0.02 ,0.5 );ω XA1 = ( 0.688 ,0,0.312 ,0.9 )
b XH ::AA1 = 0 .95 * 0 .688 = 0 .654
d XH : A1 = 0
u XH : A1 = 0 .03 + 0 .02 + 0 .95 * 0 .312 = 0 .364
a XH : A1 = 0 .9
ω XH : A1 = ( 0 .654 ,0 ,0 .364 ,0 .9 )
Belief decreases, uncertainty increases
S. K. Das
Belief Consensus
Cluster
C
us e head’s
ead s op
opinion
o abou
about X via
a A1: ω XH:A1 = (bXH:A1 , d XH:A1 , uXH:A1 , a XH:A1 )
Cluster head’s opinion about X via A2: ω XH :A2 = (bXH :A2 , d XH :A2 , u XH :A2 , a XH :A2 )
Cluster head’s consensus opinion about X:
ω XH :A1 , H :A2 = ω XH :A1 ⊕ ω XH :A2 = (bXH :A1 , H :A2 , d XH :A1 , H :A2 , u XH :A1 , H :A2 , a XH :A1 , H :A2 )
ω XH :A1 = (0.654,0,0.346,0.9);ω XH :A2 = (0.368,0,0.632,0.7)
654*0.632+ 0.368*0.346
bXH:A1 , H:A2 = 00..346
+ 0.632−0.346*0.632 = 0.712
d XH:A1 , H:A2 = 0
*0.632
uXH:A1 , H:A2 = 0.346+00..346
632−0.346*0.632 = 0.288
aXH:A1 , H:A2 = 0.7*0.3460+.350.9+*00..6363−−2(*00.7.35+0*.09.)*630.35*0.63 = 0.85
ω XH:A , H:A = (0.712, 0, 0.288, 0.85)
1
2
More evidences, belief in the result increases
S. K. Das
Aggregator: Compute Sensor Reputation
Outlier exclusion: Too far from median Î outlier
High density Î Normal distribution N(µ, σ)
Red: 68% of data within [µ[ σ, µ+
+σ]
Green: 95% of data within [µ- 2σ, µ+2σ]
Yellow: 99.7% of data within [µ- 3σ, µ+3σ]
Each sampling independent
N(µ, σ)
– Ideal
Id l node
d ffrequency: iin llong run, P
Pr(( p i | x i ∈ [ x − σ , x + σ ]) = 0 .68
– Actual node frequency: Pr( q i | x i ∈ [ x − σ , x + σ ]), learn from observation
– Measure difference in ideal and actual frequencies: Kullback Leibler distance
D ( p || q ) = ∑ p ( x ) log
Reputation:
p
r=
p( x )
;
q( x )
p(x), q(x) prob. mass function for ideal/actual node freq.
D(.) also called relative entropy measure
1
1+ D
The shorter the distance, more trustworthy, higher reputation
S. K. Das
Sensor Node’s Reputation: Example
Two sensors,
sensors s1 and s2
– Time t1:
f st11 = 0 . 65 , f st21 = 0 . 63
t1
D ( f st11 || f ideal
) = (1 − 0 .65 ) * log
(1 − 0 .65 )
0 .65
+ 0 .65 * log
= 0 .0029
(1 − 0 .68 )
0 .68
r ( s1t1 ) =
– Time t2:
1+
1
= 0 .949
0 .0029
f st12 = 0 . 68 , f st22 = 0 . 30
Time
Sensor
node
Actual
freq.
Ideal freq.
KLdistance
Reputation
t1
s1
0.65
0.68
0.0029
0.949
s2
0 63
0.63
0 68
0.68
0 0081
0.0081
0 918
0.918
s1
0.68
0.68
0
1
s2
0.30
0.68
0.436
0.602
t2
Reputation changes with time based on behavior
S. K. Das
Aggregator: Reputation Classification
Classify reputation to identify malicious nodes
– Traditional system: threshold based classification
– Online unsupervised learning, K-mean algorithm
– No prior K available, how to dynamically decide K?
K=1
K=2
K=3
K=4
Determining K
Ex:
Time
Sensor node
Reputation
t1
s1
0.949
s2
0.918
s1
1
s2
0.602
t2
1 group
2 groups
S. K. Das
Aggregator: Opinion Formulation
ω XA = (b XA , d XA , u XA , a XA )
Degree of trust in aggregation result
Trustworthy
Nodes whose data close to mean
Uncertain
Nodes
N
d whose
h
d
data
t nott close
l
tto mean
Uncertain nodes’ reputation
- how much contribution to expected opinion?
Formulation
How much to
trust?
belief: percentage in ( x ± σ )
disbelief: 0 (after excluding outlier)
uncertain: percentage out of above range
relative atomicity: reputation of nodes fall out the range
S. K. Das
Trust Framework
Josang’s trust model:
Represent belief in result
Trust propagation
Information theory
Relative entropy: reputation
Shannon’s entropy: KulbackLeibler distance
reputa
ation
Cryptography not enough
Reputation-based
trust model
Statistical analysis:
Robust estimation
classification analysis
High redundancy
Intrusion detection:
Compromised nodes
Online
O
li unsupervised
i d llearning:
i
Identify compromised nodes
Purge false data
Result: Robustness and Reliability under Attack
S. K. Das
Simulation Results: Reputation
1
Re
Reputation
0.8
0.6
Case
No.
Misbehaving
time (%)
False
data type
1
0
N/A
2
100
Obvious
3
100
Tricky
4
66
Obvious
5
66
Tricky
0.4
Case 1
Case 2
Case 3
Case 4
Case 5
0.2
0
0
5
10
15
20
25
30
Node ID
No malicious nodes, all nodes’ reputation close to 1
Reputation of malicious nodes significantly lower than legitimate ones
Reputation of malicious nodes proportional to amount of true data they send
S. K. Das
Simulation Result: Opinion
1
Test case
0.99
Opinionn
0.98
Case
No.
Misbehaving
time (%)
False
data type
1
0
N/A
0.97
2
100
Obvious
0.96
3
100
Tricky
4
66
Obvious
5
66
Tricky
0.95
Case 1
Case 2
Case 3
Case 4
Case 5
0.94
0.93
0
5
10
15
20
25
30
35
40
Time
False data sneaking into aggregation (Cases 2, 4) may affect result
Î “pollute”
pollute legitimate node’s
node s reputation
Low opinion or polluted reputation Î result from low reputation nodes
g malicious nodes Î opinion
p
/ confidence increases
Detection/blocking
Opinion correctly represents the belief in the result
S. K. Das
Cooperative Malicious Nodes (10%)
Scenario: Malicious nodes behave “good”
good at first 1/3
experiment, then they all send same data each time
Aggregation Result
Evolution of Reputation
32
1
0.95
all
good
cluster
30
0.9
28
0.8
Data
Re
Reputation
0.85
0.75
26
24
0.7
0.65
22
0.6
20
malicious nodes
good nodes
0.55
0.5
0
5
10
15
20
Time
25
30
35
40
0
10
20
30
40
50
60
Time
Malicious nodes can be identified as long as they misbehave.
Aggregation result robust to cooperative malicious nodes of
different fractions
S. K. Das
Conclusions
- Integrated multi
multi-level
level security framework in wireless
sensor networks.
- Epidemic theory modeling to control spread of infected
nodes and outbreak.
- Information theory-based
theory based reputation to detect intrusion
of malicious nodes.
- Belief / trust model to ensure secure information
aggregation by effectively filtering false data.
- Distributed key sharing and collaboration to revoke
reveals secrets.
- Digital watermarking technique to self
self-correct
correct
compromised data.
S. K. Das
Epilogue
“A teacher
t
h can never truly
t l tteach
h unless
l
h
he iis
still learning himself. A lamp can never light
another lamp unless it continues to burn its
own flame. The teacher who has come to the
end of his subject, who has no living traffic
with his knowledge but merely repeats his
lesson to his students, can only load their
minds he cannot quicken them”
minds,
them”.
Rabindranath Tagore (1861(1861-1941)
(Indian Poet, Nobel Laureate,1913)
S. K. Das
http://crewman.uta.edu
S. K. Das
Related documents
After you have created your vocabulary list, you will then need to
After you have created your vocabulary list, you will then need to
Deepak_Abstract
Deepak_Abstract
27th Annual General Session of MRSI Abstract No:IL/PP etc.
27th Annual General Session of MRSI Abstract No:IL/PP etc.
T5-bak
T5-bak
Lecture slides
Lecture slides
Computer Network
Computer Network
ECS 289 / MAE 298, Network Theory Spring 2014 Problem Set # 1 b
ECS 289 / MAE 298, Network Theory Spring 2014 Problem Set # 1 b
Download
advertisement