Professional Documents
Culture Documents
http://seclab.inha.ac.kr/
Topics
IDS Challenges in WSN
Introduction
Symmetric techniques
The secret keys are pre-distributed among sensors before their deployment. Due to the limitation on memory, symmetric key techniques are not able to achieve both a perfect connectivity and a perfect resilience for large-scale sensor networks.
System Assumptions
Communication Architecture:
The broadcast is the fundamental communication way. The network topology is tree which the BS is the root. The sensors cooperate to pass the packets from the leaves to the root. The communication patterns categorized into : Node Bs BS node Bs All Nodes. Node node
They assumed sensors are not trusted. The nodes in initialization phase trust the BS but not after this phase. The protocol achieve security requirements like data authentication, data integrity, and data freshness.
Notation
Na Nonce by node A (freshness)
Xab
kab Kab
SNEP
The two parties A, B shared XAB and derived the comm. Keys KAB=FX(1), KBA=FX(3), KAB=FX(2), KBA=FX(4). The encrypted data E(D){K,C}, and MAC(K,C||E) The complete message from AB is: AB: (D){KAB,C}, MAC(KAB,C|| (D){KAB,CA})
TESLA
Requirements: The BS and Nodes be loosely synchronized. Each node know the upper bound of max. sync. error. Each node loaded with commitment key K0.
TESLA cont.
The BS compute the MAC (K,P) where K unknown for receiver at sending time. Ki=F(Ki+1) K0=F(F(K2))
F K0
P1
F K1
P2
F K2
P3 P4
F K3
P5 P1
F K4
P2
F
K5
2L
. N2 .
Each node produce table and for scheme management. SN assign chunk for comm. With node v from (N) In secure way: i + index UV: chunk i + index VU:chunk Table of node u The sender & receiver IDs became:
v
Cluster Construction
Valid cluster Grow the Cluster Wait for a random amount Timeout and elect itself as aof time Legitimatecluster iteratively clusterhead Network partition constructed mR R mR R mR
R R mR
LOCI: Local Clustering Service for Large Scale Wireless Sensor Networks (Springer 06, Vineet Mittal)
Placement Problem
R Tree Based
IDS
CH
IDS
Tree Based
IDS
IDS
Signature Update
The problem of multi pattern matching technique is preprocessing phase. We have two choices(rebuild in node, send to preprocessed signature )
Send whole table to IDS node -Intensive comm. Overhead -Less node processing overhead