Least Privilege and Privilege Deprivation: Towards Tolerating Mobile Sink Compromises

advertisement
Computer Science
Least Privilege and Privilege Deprivation:
Towards Tolerating Mobile Sink Compromises
in Wireless Sensor Network
Presented by Jennifer Frankie
Authors: Wensheng Zhang, Hui Song, Sencun Zhu, and Guohong Cao
Outline
• Background
• Motivation
• Proposed Schemes
– Restricting privileges
– Revocation
• Conclusion
• Future Work
Computer Science
Background
Nodes
may
be far
awayare
from
BS,data,
soinsending
data
each node
Each
node
temporarily
holds
the
then the
BSfrom
dispatches
a to
Mobile
sinks
(MS)
useful
sensor
networks
the
BS
willaround
decrease
security
MS
to
go
to
collect
for: data collection, datait querying and network
Long delay, thus intermediate can modify the data passing by
maintenance
Mobile
Sink
BS
Computer Science
Background
•
Assumptions:
1. BS are secure and fixed in location
2. MS are dispatched with a known task
3. All clocks of sensor nodes are loosely
synchronized
4. Nodes know their general location
Computer Science
Motivation
• If MS is given too many privileges, it will become an
attractive target for an attacker to compromise
• Attacker can use compromised MS to revoke other
nodes and bring down an entire sensor network
• Enable sensor nodes to validate tasks claimed by MS
• Goal of design:
–
–
–
–
Least privilege
Immediate Privilege Deprivation (revocation)
On-demand task assignment
Efficiency
Computer Science
Notation
• u: sensor node
• MS: mobile sink
• Rn: randomly generated nonce
• TT: type of task
• Ts: Starting time of a task
• Te: Ending time of a task
• Km: Master key held by BS
• Ku: individual node key
Computer Science
Scheme I & II: Key Distribution
1. BS generates master key km
2. BS generates an individual key for each node u
• Ku = Gkm(u) where G is a pseudo random function
• f(u,y) a t bivariate polynomial share
3. Loads the MS with a pairwise key
• Ku(MS) = H(TT | MS | Ku | Ts | Te)
• f(MS(u),y) where MS(u) = H(TT | Ts | Te | u)
Computer Science
Scheme I & II: Authentication
1. MS  u: MS, TT, Ts, T in plaintext
and encrypted with pairwise share key
2. MS and u use their pairwise key to encrypt this
information and authenticate each other
Problem: Not scalable in terms of storage!
– Store one pairwise key with each host node
– Store n(t+1) coefficients
Computer Science
Scheme III: Reducing Polynomial Shares to One
Goal: Reduce the number of polynomial shares
processed by a MS to one
•
To do this we will need to:
1. Use locations of the host nodes rather then their id to
reduce the amount of information the MS must store
about each host node (cell merging)
2. Use Merkle-hash tree to construct the id for a MS so that
only one polynomial share has to be assigned to the MS
(block compression)
Computer Science
Scheme III: Reducing Polynomial Shares to One
Cell Merging
Cell (i,j)
•• Merge
If MS is
continuous
scheduledcells
to into
blocks
cross cell (i,j) then BS
will generate
a specific id
• Each
block = (i,j,d,s)
for
MS= index
– (i,j)
– d = 0 =for
top, |=1
MS(i,j)
H(TT
Ts for
| Tebottom
| i | j)
– s =can
number
of cellsa in
• MS
establish
direction d
pairwise key f(MS(i,j),u)
• First
(1,1,0,7)
with block:
any node
u in cell
• Second
block: (2,7,1,3)
(i,j)
(0,0)
Computer Science
Scheme III: Reducing Polynomial Shares to One
• Block compression
X18= H(X14 | X58)
X14
X58
X12
B1
B2
B3
X34
X56
B4
B5
X78
B6
B7
B8
MS gives u B3, B4, X12 and X58
u verifies that it is in B3 and derives X18 = F(F(X12|F(B3|B4))|X58)
u computes id of MS (H(TT|Ts|Te|X1m)) to derive polynomial share
Computer Science
Revoking a MS On-Demand
• Revoke a MS if it is compromised or the security
policy has changed and the MS still holds privileges
• Naïve approach
– BS unicast revocation message to all host nodes
• BS may not know all nodes’ ids
• Too much overhead
– BS flood revocation message over the network
• All nodes that receive this message must forward it
Computer Science
Basic Revocation Scheme
Multicast revocation message within the revocation area
1. BS broadcast revocation message to it’s neighbors,
indicating the id of the MS to be revoked
2. Once each neighbor receives this message
•
•
Checks to see if this is a duplicate message, if so, the
message is dropped
If the neighbor finds it is within the revocation area
indicated by the message, it records the id of the revoked
MS and rebroadcasts the message to it’s neighbors
Computer Science
Problems with Basic Scheme
• The basic revocation scheme is performs well when
the revocation area is a regular shape (e.g. rectangle
or circle)
• One can divide the irregular shape into several regular
shapes…
Revocation Area
The revocation area is divided into 100
rectangles and each rectangle needs 4 bytes
Need 400 bytes to represent revocation area
Computer Science
Typical packet contains few tens of bytes
(assume 29 bytes)
400
To revoke an MS, must send 29 = 14
revocation messages must be sent, received
and forwarded by each host node
Enhanced Revocation Schemes
• Revocation area is divided into multiple subareas and
multiple revocation messages are sent to and
multicasted within the subareas simultaneously
• The blocks forming the subarea are further combined
into smaller number of blocks (expanded blocks)
• This reduces the…
– Revocation delay
– Number of revocation messages
Computer Science
GPSR-based Scheme
Use GPSR
protocol to send
each revocation
message to a
certain node
within the subarea
Then multicast the
message within
the subarea
Computer Science
Performance
• GPSR-based schemes reduce latency by sending
multiple packets almost simultaneously along
different paths
Triangle Trajectory
Computer Science
Polygon Trajectory
Conclusion & Future Work
• Conclusion
– Each node must be able to verify the MS and the
task that the MS has been sent to perform
• Future work
– Address issues when the MS needs to change its
trajectory due to an unexpected event
– Explore other revocation techniques to balance the
tradeoff between delay and message complexity
Computer Science
Questions
Are there any questions?
Computer Science
Download