Add to collection(s) Add to saved
  1. Business
  2. Finance

An Impersonation Attack Detection Method Using Bloom Filters and Wireless Sensor Networks

advertisement 
Hiroshima City University
An Impersonation Attack Detection
Method Using Bloom Filters and
Dispersed Data Transmission for
Wireless Sensor Networks
Noriaki Tanabe, Eitaro Kohno, Yoshiaki Kakuda
Graduate School of Information Sciences,
Hiroshima City University
Hiroshima
City
University
Agenda
Background
Impersonation attacks
Overview of our proposed method
Bloom Filters
Secret Sharing Scheme-based dispersed data
transmission
Proposed method
Experiments and Discussions
Conclusions
Hiroshima City University
3SL 2012
Hiroshima
City
University
Background
Usage of Wireless Sensor Networks
Requires for
(WSNs)
Climate observation
Crime prevention,
Disaster response
Healthcare
confidentiality when
transferring data
Dispersed Data Transmission
Secret Sharing Scheme-based dispersion
Weak against impersonation attacks
Countermeasure
Hiroshima
City University
to impersonation attacks
Hiroshima
City
University
Dispersed Data Transmission
Path C (ID Pc = x3)
Share #3
node3
Original
data
node2
Original
data
node6
Share #2
Path B (ID PB = x2)
Share #1
source
node4
node7
node1
Secret Sharing
Scheme-based
Dispersion
Path A (ID PA = x1)
Hiroshima City University
node5
Sink
Background (cont.)
With Wireless Sensor Networks, sensor
nodes and sink nodes communicate using
multihop communication function.
Multihop communication
Intermediate node can steal relaying data
Possibility to be in danger of being attacked
• Falsification and eavesdropping of data
packets
• Impersonation (attacks)
Hiroshima City University
3SL 2012
Hiroshima
City
University
Hiroshima
City
University
Impersonation attacks
【Actions of a malicious mode】
1. Steal/Falsify the source node’s ID
2. Sends crafted packets to destination node
Node S’s ID
DATA :Data packet
Steal/Falsify
DATA
S
Spoofed packet
a
Source
Hiroshima City University
b
Malicious
3SL 2012
c
D
Destination
Overview of our proposed method
Hiroshima
City
University
【Feature 1.Authentic Identity】
•Bloom Filters to stores adjacent
node ID’s of source node
【Feature 2.Packet Transmission】
•
Secret Sharing Scheme-based
dispersed data transmission
Hiroshima City University
3SL 2012
Hiroshima
City
University
Bloom Filters (BFs)
• Data structures that are bit sequences
• Capable of registering multiple data
• Procedures to register data
x1 , x 2 :
Data to be registered
1.Acquire hash values to resist data
2.Set “1” of each hash values
x1 and x2 are
registered.
h1(), h2():
Hash functions
: 0 10 0 00 10 0 10 0 00 0 BF
0
1
2
3
4
5
6
7
8
9
BFs can be captured, but the function
cannot be reversed.
Hiroshima City University
3SL 2012
Hiroshima
City
University
Secret Sharing Schemes
Decryption (by collection greater
or equal k [threshold])
The Original
data
(The secret
Information)
Share A
Share B
Share C
Dispersal multiples
Cannot decrypt less
than k shares
Decrypted data
Share D
Conceptual diagram of Secret Sharing Scheme
This diagram called as a (k,n) threshold schemes.
Hiroshima City University
9
9
Secret Sharing Scheme
Hiroshima
City
University
Method to create multiple shares from the
original data for storing safely.
Protect authentic information
against malicious node’s attacks
【Characteristics】
The original data can be decrypted by
collecting shares
・# of shares ≧ threshold: possible to decrypt
・# of shares < threshold : impossible to decrypt
Hiroshima City University
3SL 2012
Procedures of our proposed method
Hiroshima
City
University
1.Transmission of authentic identity
2. Using authentic identity to detect falsification
3.Detection of impersonation attacks
Hiroshima City University
3SL 2012
Hiroshima
City
University
1.Transmission of authentic identity
Hash value by hash()
H
B
H
share1
share1
share1share2
share2
S
c
share3
b
share1
share2
share2
Dshare3
share3
d
Decrypt
share1
a
Create
Create shares
shares
share2
B
B :Authentic identity
H :Hash value
e
share33SL 2012 share3
Hiroshima City University
f
share3
Hiroshima
City
University
Procedures on source node
a
b
IDa
IDc
Register
S
c
IDb
Bloom Filter
Hash (AIBF)
AIBF
AD
Secret
Sharing
Scheme
Share #1
Share #n
Hash value
Hiroshima City University
AIBF-hash
2. Using authentic identity to detect falsification
Hiroshima
City
University
compare
Hash value which created
on destination node
H
B
H
Decrypted hash value
on destination node
Hash function is the
Same on the source node
identical: no falsified
different: falsified
(falsified during transmission)
Hiroshima City University
3SL 2012
2. Using authentic identity to detect falsification
Hiroshima
City
University
(cont.)
Store
比較
Authentic
Identity
Hash value which created
Decrypted hash value
on destination node
on destination node
identical: no falsified
Verify Authentic Identity
Hiroshima City University
3SL 2012
Hiroshima
City
University
3. Detection of impersonation attacks
B :Auth. Info. H :Hash value
D :Original data
share
B
Hash value
B
H
:share which includes data
b
share1
S
share2
share1
share3
Dshare2
share2
d
Hiroshima City University
decrypt
c
share3
share2
share3
share1
a
share2
share1
D
share1
D
Create
Create shares
shares
H
e
3SL 2012
share3
share3
f
share3
Hiroshima
City
University
3. Detection of impersonation attacks (cont.)
compare
B
Authentic Identity
decrypted from shares
Authentic Identity
on destination node
identical: The source node is S.
different: Impersonation attacks exist
(The source node is not S.)
Hiroshima City University
3SL 2012
Hiroshima
City
University
Simulation parameters
Simulator
Routing protocol
Number of nodes
Field size (m x m )
Source and destination pairs
Interval of data packets (sec)
Radio area (m)
Hash function
Length of Bloom Filter (bit)
Number of simulation run
MAC layer protocol
Node distribution
Hiroshima City University
QualNet ver.5.0
SRIDR
50,100,150,200,250,300
1100 x 1100
10
0.4
250
Salted SHA-1
128
50
IEEE802.11b (PHY-ABSTRACT)
RANDOM
3SL 2012
Hiroshima
City
University
Scenarios of experiments
1. Performs proposed method
2. Malicious nodes creates spoofed packets and
transmits them.
3. Destination nodes try to detect impersonation
Spoofed packets
a
Spoofed packets
b
g
f
S
Spoofed packets
D
c
e
i
d
Hiroshima City University
h
3SL 2012
Spoofed packets
Success rate on detection [%]
Results of the success rate on detection of
impersonation attacks
95.1%
97.4%
98.2%
87.6%
Number of nodes
Hiroshima City University
3SL 2012
98.7%
Hiroshima
City
University
99.0%
Number of nodes capable of stealing
original data
Number of nodes capable of stealing original data
Hiroshima
City
University
5.97
4.72
Hiroshima City University
3.91
3.51
3.19
Number of nodes
3SL 2012
3.04
Hiroshima
City
University
Conclusion
• We have proposed a new detection method for
impersonation attacks on WSNs.
– Bloom Filter
+
– Secret Sharing Scheme-based secure
dispersed data transmission
• Our proposed method can detect impersonation
attacks.
• In addition, our proposed method has been
effective as the number of nodes in the
networks grows.
Hiroshima City University
3SL 2012
Related documents
Vocabulary 1-30 from Hiroshima Remember that vocabulary goes in
Vocabulary 1-30 from Hiroshima Remember that vocabulary goes in
Chapter 1 Study Guide
Chapter 1 Study Guide
51) 2110m Cherry tree (Prunus × yedoensis) and Japanese black
51) 2110m Cherry tree (Prunus × yedoensis) and Japanese black
Hiroshima Close Reading Text Directions: Annotate the following
Hiroshima Close Reading Text Directions: Annotate the following
Hiroshima Hiroshima by John Hersey by John Hersey by John
Hiroshima Hiroshima by John Hersey by John Hersey by John
“Letter from Birmingham Jail”
“Letter from Birmingham Jail”
1 Hiroshima ch1
1 Hiroshima ch1
Download
advertisement