SECURITY FOR IN NETWORK PROCESSING AND AGGREGATION
Michigan Tech University1
EE5723 – Network SecurityApril 08, 2010
Outline
Michigan Tech University2
Overview of Aggregation Basics of non-secure aggregation Basics of secure aggregation Aggregation Protocols and Techniques
Overview of Aggregation
Michigan Tech University3
“Aggregation collects results from several sensors and calculates a smaller message that summarizes the important information from a group of sensors.” [1]
Overview of Aggregation
Michigan Tech University4
Overview of Aggregation
Michigan Tech University5
Aggregation is helpful as it reduces the amount of traffic on a network. This helps prolong battery life. Can provide less processing needs.
Basics of Non-secure Aggregation
Michigan Tech University6
A few different types of aggregation techniques: Data Centric Routing [4]. Statistical aggregation. Simple Object Access Protocol (SOAP) [9]
Data-centric routing
Michigan Tech University7
Data-centric routing is more about removing duplications unnecessary traffic in parents in a tree.
This could include: Duplicate packet removal Removing packets from sensors with similar
readings Three Methods:
Center at Nearest Source (CNS) Shortest Paths Tree (SPT) Greedy Incremental Tree (GIT)
Data-centric routing
Michigan Tech University8
Statistical Aggregation
Michigan Tech University9
Application of estimation theory. It can involve:
Minimums and/or maximums Different types of averaging Medians Counts Normal distributions Lots of other types of statistical inference.
SOAP in WSN
Michigan Tech University10
Simple Object Access Protocol (SOAP) Based on XML (Extensible Markup Language) Easily integrated into different programming
languages. Message types:
1. A node dispatching a hello message to sinks. 2. A sink sends a Remote Procedure Call (RPC) to
registered nodes. 3. Nodes responding to the RPC.
SOAP in WSN
Michigan Tech University11
The modified SOAP allows an adaptive Pull strategy instead of a traditional push strategy. Requestor sends request to Invoker. The Invoker processes what Requestor wants and
sends back results when the results have been obtained.
SOAP in WSN
Michigan Tech University12
While security was not initially implied in this protocol it could easily be adapted to one of the few techniques introduced in this presentation.
Drawbacks of Aggregation
Michigan Tech University13
More computation for internal nodes More delays in getting from edge node to
Central Node. Not as useful when full data is needed.
Flaws on Existing Aggregation
Michigan Tech University14
Straight averaging is insecure if even a single node is compromised. Geometric Mean
floor((31+32+30+29+31+200)/6) = 58 Harmonic Mean
floor(6/(1/31+1/32+1/30+1/29+1/31+1/200)) = 35
Minimum and maximum functions insecure Example: Ice or Fire on thermostat (0 or 200
degrees)
Attacks on Existing Aggregation
Michigan Tech University15
Network attacks Eavesdropping DoS Replay Artificial data insertion (Stealthy Attack) Intruder Nodes
Physical Attacks Tampering Physical compromise of nodes
Basics of Secure Aggregation
Michigan Tech University16
Security needed to transfer data reliably from the sensor to the base station.
With aggregation intermediate nodes require access to the data for the aggregation. This introduces a need to determine if the data received from aggregators is reliable.
Cannot bootstrap all keys to device as applications require a dynamic structure.
Basics of Secure Aggregation
Michigan Tech University17
Standard Public key is too intensive for limited computing environment.
The basic approaches of network security apply to secure aggregation though majority of research covers these: Integrity Authentication
Integrity in Secure Aggregation
Michigan Tech University18
The integrity in secure aggregation helps make sure that intermediate and aggregator nodes have not altered the data.
This can involve a hash function, most commonly the Message Authentication Code (MAC).
Authentication in Secure Aggregation
Michigan Tech University19
The use of authentication helps ensure that intruder nodes don’t insert invalid data into the aggregation values. This can have severe effects on the system as
mentioned beforehand. Two protocols that help with authentication
include: uTESLA MAC (Assuming a certain key is used)
WSN Security Protocols
Michigan Tech University20
Security Protocols ECC – Elliptic Curve Cryptography [2] (Not
Covered) MAC – Message Authentication Code [8] Merkle Hash Tree [7] SPINS – [5] [6]
SNEP – Secure Network Encryption Protocol µTESLA – Micro Timed Efficient Stream Loss-Tolerant
Authentication
MAC/HMAC
Michigan Tech University21
Message Authentication Code Used to verify message authenticity
HMAC – Hashed MAC Uses cryptographic hashing function to create
the MAC Used to check data integrityMAC(text)t = HMAC(K, text)t = H((K0 ⊕ opad )|| H((K0 ⊕ ipad) ||
text))t
Does not provide non-repudation Because it uses Symmetric Keys
Does prevent replay attacks
MAC/HMAC
Michigan Tech University22
Image courtesy of Wikipedia
Merkle Hash Tree
Michigan Tech University23
The hash tree is a way to store hash information.
It is a fairly easy concept. hash 0 = hash( hash 0-0 + hash 0-1 ) Where
+ indicates concatenation.
µTESLA
Michigan Tech University24
Micro Timed Efficient Stream Loss-Tolerant Authentication
Derived from TESLA protocol, developed by A. Perrig at Carnegie Mellon University
Broadcast Authentication Strong Freshness
µTESLA
Michigan Tech University25
Addresses problems with TESLA Digital signature for packet authentication
µTESLA uses only symmetric mechanisms
Overhead of 24 bytes/packet µTESLA discloses key once per time interval
One-way key chain is too big µTESLA restricts number of authenticated senders
Assumptions Base station, nodes must be loosely synchronized Each node must know upper bound for max sync error
µTESLA
Michigan Tech University26
The basic protocol One-way key chain and delayed key disclosure Keys : Ki = F(Ki+1)
F public one-way function Each node knows Ki and predefined time slot intervals Sender periodically broadcasts current key K0 is initial commitment to chain, base station gives K0 to
all nodes
Issues with µTESLA
Michigan Tech University27
Important parameters: interval length, disclosure delay
Delay must be greater than RTT for integrity Parameters define maximum delay until
messages can be serviced Nodes must buffer all broadcasts until key is
disclosed. Counters must be (somewhat) synchronized
Aggregation Protocols and Techniques
Michigan Tech University28
SecureDAV [2] Elliptic Curve Cryptography Merkle Hash Trees
Secure Aggregation for Wireless Networks [1] Non-confidential µTESLA MAC Hashing (Any algorithm would do)
SecureDAV
Michigan Tech University29
Prevents acceptance of faulty readings Doesn’t make assumption that nodes are
honest. Develops private cluster key for each cluster. Only distributes a chunk of the private key to
the cluster nodes. This prevents an attacker from obtaining the full
key. Up to t nodes can be compromised. t < n/2
SecureDAV
Michigan Tech University30
Uses Averaging Transmit average back to sensors for
verification. If verified, sensors do partial signature. Aggregator combines partial signatures into a
full one. Average and full signature sent to the base
station. Cluster Head integrity ensured using Merkle
hash Trees
SecureDAV
Michigan Tech University31
Issues If greater than n/2 nodes are compromised in a
cluster of n nodes then the cluster can be compromised.
Covers Basic confidentiality Integrity
Secure Aggregation For WSN
Michigan Tech University32
Protocol focuses on Integrity and Authentication It has a fixed base station Uses uTESLA from SPINS Protocol Incorporates a MAC (non-specific) Uses delayed aggregation and authenticaion. Non-specific aggregation technique. Shared secret with base station established before
deployment.
Secure Aggregation For WSN
Michigan Tech University33Tree From [1]
Secure Aggregation For WSN
Michigan Tech University34
Helps protect against: Intruder Node Attacks
Authentication (Doesn’t have initial Key) Artificial Data
Hash Replay
Using the uTESLA key in the Hash
Secure Aggregation For WSN
Michigan Tech University35
Compromised Node Attacks: With access to node information it has the ability
to forge node messages. No cryptographic way to prevent this, but different
aggregation techniques can detect false readings. This is harder with intermediate nodes a the Hash
from children are harder to forge.
Conclusions
Michigan Tech University36
Aggregation can provide many benefits. Many different protocols exist with different
types of goals in mind. Intermediate node data processing creates a
need for a special kind of security. Protocols with lightweight security
implementations are important.
Sources
Michigan Tech University37
[1] L. Hu, D. Evans, “Secure Aggregation for Wireless Networks,” Workshop on Security and Assurance in Ad hoc Networks, 2003.
[2] A. Mahimkar, T. Rappaport, “SecureDAV: A Secure Data Aggregation and Verification Protocol for Sensor Networks”, 2004
[3] Jing Deng, Richard Han, and Shivakant Mishra, “Security Support for In-Network Processing in Wireless Sensor Networks” ACM Workshop on Security of Ad Hoc and Sensor Networks (SASN '03), 2003
[4] B. Krishnamachari, D. Estrin, S. Wicker, “The Impact of Data Aggregation in Wireless Sensor Networks”
[5] Robert Anderson “SPINS:Security Protocolsfor Sensor Networks,” http://web.pdx.edu/~raand/files/SPINS.pdf, May 11, 2004.
[6] A. Perrig, R. Szewczyk, V. Wen, D. Culler, and D. Tygar, “SPINS: Security Protocols for Sensor Networks,” Proceedings of Seventh Annual International Conference on Mobile Computing and Networks MOBICOM 2001, July 2001.
Sources
Michigan Tech University38
[7] B. Przydatek, D. Song, A. Perrig, “SIA: Secure Information Aggregation for Sensor Networks,” SenSys’03, 2003.
[8] M. Bellare, R. Canetti, H. Krawczyk, “Keying Hash Functions for Message Authentication,” 1996.
[9] A. Al-Yasiri, A. Sunley, “Data aggregation in wireless sensor networks using the SOAP protocol,” Journal of Physics: Conference Series 76, 2007