Intrusion Detection System WSN

Information Security Research Laboratory

http://seclab.inha.ac.kr/

Topics
IDS Challenges in WSN

SPINS: Security Protocol for Sensor Network

Efficient anonymity schemes for clustered wireless sensor networks. Placement Problem. Signature Update.

IDS Challenges in WSN

Authentication. Anonymity(prevent compromising). Node placement. Signature Update.
SPINS: Security Protocol for Sensor
Network Adrian Perrig, Robert Szewczyk, JD,Vector Wen, and Davide Culler Springer 2002

Introduction
Symmetric techniques
The secret keys are pre-distributed among sensors before their deployment. Due to the limitation on memory, symmetric key techniques are not able to achieve both a perfect connectivity and a perfect resilience for large-scale sensor networks.

Public key cryptography

eliminate the connectivity and resilience problems. Common criticism: computational complexity and communication overhead.
ECC signature verification: 1.62s (160-bit Atmega 128)

System Assumptions
Communication Architecture:
The broadcast is the fundamental communication way. The network topology is tree which the BS is the root. The sensors cooperate to pass the packets from the leaves to the root. The communication patterns categorized into : Node Bs BS node Bs All Nodes. Node node

 They assumed sensors are not trusted. The nodes in initialization phase trust the BS but not after this phase. The protocol achieve security requirements like data authentication, data integrity, and data freshness.

Notation
Na Nonce by node A (freshness)

Xab
kab Kab

Master secret key sheared between A, B

Secret encryption key derived from Xab Secret MAC key shared FXab(2) wher F() is Pseudo Random function

SNEP
The two parties A, B shared XAB and derived the comm. Keys KAB=FX(1), KBA=FX(3), KAB=FX(2), KBA=FX(4). The encrypted data E(D){K,C}, and MAC(K,C||E) The complete message from AB is: AB: (D){KAB,C}, MAC(KAB,C|| (D){KAB,CA})

Counter Exchange Protocol

AB: CA BA: CB , MAC(KBA,CA||CB) AB: MAC(K AB,CA||CB) How does the synchronization of the counter be? AB: CA, MAC(KAB,CA) BA: CB , MAC(KBA,CA||CB)

TESLA
Requirements: The BS and Nodes be loosely synchronized. Each node know the upper bound of max. sync. error. Each node loaded with commitment key K0.

TESLA cont.
The BS compute the MAC (K,P) where K unknown for receiver at sending time. Ki=F(Ki+1) K0=F(F(K2))
F K0
P1

F K1
P2

F K2
P3 P4

F K3
P5 P1

F K4
P2

F
K5

TESLA detailed description

Sender phase.(keys generation e.g. MD5) Sending Auth. Packet. Bootstrapping new receiver.(parameters of sync.) MS: NM MS: TS|Ki|Ti|Tint|,MAC(KMS,NM| TS|Ki|Ti|Tint|) Auth. received packet.

Node to Node key agreement

If node A(IDS) want to communicate with node B. They use trusted party BS because the share master secret key with it (XAS,XAB). AB: NA,A BS: NA,NB ,A,B, MAC(KBS,NA|NB|A|B) SA: {SKAB}KSA,MAC(K SA,NA|B|{SKAB}KSA) SB: {SKAB}KSB,MAC(K SB,NA|B|{SKAB}KSB)

IDS Challenges in WSN

Authentication. Anonymity(prevent compromising). Node placement. Signature Update.
Efficient anonymity schemes for clustered wireless sensor networks
Satyajayant Misra and Guoliang Xue Inderscience,Wireless Network 2006 Arizona State University

Requirements for anonymity in a CWSN

SN can communicate with any other SN in its neighborhood and the BS in an anonymous . Routing of messages is anonymous The nodes in a cluster are indistinguishable. SNs outside the neighborhood of a cluster cannot figure out the CH of the cluster.

Framework for the anonymity schemes

2k pseudonyms Continuous chunk of size 2L The total chunk N2
K bit

2L
. N2 .

 Each node produce table and for scheme management. SN assign chunk for comm. With node v from (N) In secure way: i + index UV: chunk i + index VU:chunk Table of node u The sender & receiver IDs became:
v

Sender: index u|| IDvu Receiver: index v || IDuv

IDS Challenges in WSN

Authentication. Anonymity(prevent compromising). Node placement. Signature Update.

Cluster Construction
Valid cluster Grow the Cluster Wait for a random amount Timeout and elect itself as aof time Legitimatecluster iteratively clusterhead Network partition constructed mR R mR R mR

R R mR

LOCI: Local Clustering Service for Large Scale Wireless Sensor Networks (Springer 06, Vineet Mittal)

Placement Problem
R Tree Based

IDS

CH

IDS

Tree Based

IDS

IDS

IDS Challenges in WSN

Authentication. Anonymity(prevent compromising). Node placement. Signature Update.

Signature Update
The problem of multi pattern matching technique is preprocessing phase. We have two choices(rebuild in node, send to preprocessed signature )

Send new signature from BS -Less comm. Overhead -Processing overhead

Send whole table to IDS node -Intensive comm. Overhead -Less node processing overhead

Thank You Any Question ?