Least Privilege and Privilege Deprivation: Towards Tolerating Mobile Sink Compromises
advertisement
Computer Science Least Privilege and Privilege Deprivation: Towards Tolerating Mobile Sink Compromises in Wireless Sensor Network Presented by Jennifer Frankie Authors: Wensheng Zhang, Hui Song, Sencun Zhu, and Guohong Cao Outline • Background • Motivation • Proposed Schemes – Restricting privileges – Revocation • Conclusion • Future Work Computer Science Background Nodes may be far awayare from BS,data, soinsending data each node Each node temporarily holds the then the BSfrom dispatches a to Mobile sinks (MS) useful sensor networks the BS willaround decrease security MS to go to collect for: data collection, datait querying and network Long delay, thus intermediate can modify the data passing by maintenance Mobile Sink BS Computer Science Background • Assumptions: 1. BS are secure and fixed in location 2. MS are dispatched with a known task 3. All clocks of sensor nodes are loosely synchronized 4. Nodes know their general location Computer Science Motivation • If MS is given too many privileges, it will become an attractive target for an attacker to compromise • Attacker can use compromised MS to revoke other nodes and bring down an entire sensor network • Enable sensor nodes to validate tasks claimed by MS • Goal of design: – – – – Least privilege Immediate Privilege Deprivation (revocation) On-demand task assignment Efficiency Computer Science Notation • u: sensor node • MS: mobile sink • Rn: randomly generated nonce • TT: type of task • Ts: Starting time of a task • Te: Ending time of a task • Km: Master key held by BS • Ku: individual node key Computer Science Scheme I & II: Key Distribution 1. BS generates master key km 2. BS generates an individual key for each node u • Ku = Gkm(u) where G is a pseudo random function • f(u,y) a t bivariate polynomial share 3. Loads the MS with a pairwise key • Ku(MS) = H(TT | MS | Ku | Ts | Te) • f(MS(u),y) where MS(u) = H(TT | Ts | Te | u) Computer Science Scheme I & II: Authentication 1. MS u: MS, TT, Ts, T in plaintext and encrypted with pairwise share key 2. MS and u use their pairwise key to encrypt this information and authenticate each other Problem: Not scalable in terms of storage! – Store one pairwise key with each host node – Store n(t+1) coefficients Computer Science Scheme III: Reducing Polynomial Shares to One Goal: Reduce the number of polynomial shares processed by a MS to one • To do this we will need to: 1. Use locations of the host nodes rather then their id to reduce the amount of information the MS must store about each host node (cell merging) 2. Use Merkle-hash tree to construct the id for a MS so that only one polynomial share has to be assigned to the MS (block compression) Computer Science Scheme III: Reducing Polynomial Shares to One Cell Merging Cell (i,j) •• Merge If MS is continuous scheduledcells to into blocks cross cell (i,j) then BS will generate a specific id • Each block = (i,j,d,s) for MS= index – (i,j) – d = 0 =for top, |=1 MS(i,j) H(TT Ts for | Tebottom | i | j) – s =can number of cellsa in • MS establish direction d pairwise key f(MS(i,j),u) • First (1,1,0,7) with block: any node u in cell • Second block: (2,7,1,3) (i,j) (0,0) Computer Science Scheme III: Reducing Polynomial Shares to One • Block compression X18= H(X14 | X58) X14 X58 X12 B1 B2 B3 X34 X56 B4 B5 X78 B6 B7 B8 MS gives u B3, B4, X12 and X58 u verifies that it is in B3 and derives X18 = F(F(X12|F(B3|B4))|X58) u computes id of MS (H(TT|Ts|Te|X1m)) to derive polynomial share Computer Science Revoking a MS On-Demand • Revoke a MS if it is compromised or the security policy has changed and the MS still holds privileges • Naïve approach – BS unicast revocation message to all host nodes • BS may not know all nodes’ ids • Too much overhead – BS flood revocation message over the network • All nodes that receive this message must forward it Computer Science Basic Revocation Scheme Multicast revocation message within the revocation area 1. BS broadcast revocation message to it’s neighbors, indicating the id of the MS to be revoked 2. Once each neighbor receives this message • • Checks to see if this is a duplicate message, if so, the message is dropped If the neighbor finds it is within the revocation area indicated by the message, it records the id of the revoked MS and rebroadcasts the message to it’s neighbors Computer Science Problems with Basic Scheme • The basic revocation scheme is performs well when the revocation area is a regular shape (e.g. rectangle or circle) • One can divide the irregular shape into several regular shapes… Revocation Area The revocation area is divided into 100 rectangles and each rectangle needs 4 bytes Need 400 bytes to represent revocation area Computer Science Typical packet contains few tens of bytes (assume 29 bytes) 400 To revoke an MS, must send 29 = 14 revocation messages must be sent, received and forwarded by each host node Enhanced Revocation Schemes • Revocation area is divided into multiple subareas and multiple revocation messages are sent to and multicasted within the subareas simultaneously • The blocks forming the subarea are further combined into smaller number of blocks (expanded blocks) • This reduces the… – Revocation delay – Number of revocation messages Computer Science GPSR-based Scheme Use GPSR protocol to send each revocation message to a certain node within the subarea Then multicast the message within the subarea Computer Science Performance • GPSR-based schemes reduce latency by sending multiple packets almost simultaneously along different paths Triangle Trajectory Computer Science Polygon Trajectory Conclusion & Future Work • Conclusion – Each node must be able to verify the MS and the task that the MS has been sent to perform • Future work – Address issues when the MS needs to change its trajectory due to an unexpected event – Explore other revocation techniques to balance the tradeoff between delay and message complexity Computer Science Questions Are there any questions? Computer Science
