a practical secure neighbor verification protocol for wireless sensor networks
DESCRIPTION
A Practical Secure Neighbor Verification Protocol for Wireless Sensor Networks. Reza Shokri, Marcin Poturalski, Gael Ravot, Panos Papadimitratos, and Jean-Pierre Hubaux Laboratory for Computer Communications and Applications, EPFL, Switzerland - PowerPoint PPT PresentationTRANSCRIPT
1
A Practical Secure Neighbor Verification Protocol for Wireless Sensor Networks
A Practical Secure Neighbor Verification Protocol for Wireless Sensor Networks
Reza Shokri, Marcin Poturalski, Gael Ravot, Panos Papadimitratos, and Jean-Pierre Hubaux
Laboratory for Computer Communications and Applications, EPFL, Switzerland
Second ACM Conference on Wireless Network Security (WiSec'09) March 2009 Zurich, Switzerland
2
Wormhole AttackWormhole Attack
3
Wormhole AttackWormhole Attack
WormholeWormhole
4
Wormhole AttackWormhole Attack
False Links over the WormholeFalse Links over the Wormhole
5
Neighbor Verification ProtocolNeighbor Verification Protocol
Protocol StagesProtocol Stages
i. Ranging ii. Exchanging the Neighbor Tables (include distance)iii. Neighbor Verification (security tests)
Our Main IdeaOur Main Idea
Local geometric consistency tests
MotivationMotivation
- The other proposed methods are not implementable on sensor networks (e.g., directional antennas) or are not secure enough considering the sensor networks’ limitations (e.g., tight time synchronization in nanosecond precision is required). - Our goal is to propose a secure and practical protocol for WSN.
6
The Ranging ProtocolThe Ranging Protocol
7
The Ranging ProtocolThe Ranging Protocol
?
?
?
A
B
C D
8
The Ranging ProtocolThe Ranging Protocol
A B
tREQ/A tREQ/B
C
REQ
Fresh Random Nonce
9
The Ranging ProtocolThe Ranging Protocol
A B
REP
tREQ/A tREQ/B
C
tREP/BtREP/A
REQ
10
The Ranging ProtocolThe Ranging Protocol
A B
REP
tREQ/A tREQ/B
C
tREP/BtREP/A
REQ
tRNG/B
tRNG/A
RNG
(Ultra)Sound
11
The Ranging ProtocolThe Ranging Protocol
A B
REP
tREQ/A tREQ/B
C
tREP/BtREP/A
REQ
tRNG/B
tRNG/A
RNG
ACK
(Ultra)Sound
12
The Ranging ProtocolThe Ranging ProtocolA B
REP
tREQ/A tREQ/B
C
tREP/BtREP/A
REQ
tRNG/B
tRNG/A
RNG(Ultra)Sound
ACK
Node B:
“Synchronization Test”
Speed of sound
Empirical Synchronization Error
13
C
B
The Ranging Protocol (Over Attack)The Ranging Protocol (Over Attack)
A dwadwb
dwc dbc
A
C
B
dbc
>= dwb + dwb
>= dwb + d
wb
The adversary can change adjust the distance between nodes only by introducing different delay values while relaying RNG messages
14
Neighbor Table ExchangeNeighbor Table Exchange
AB
C D
F
E
G
Each node broadcasts its neighbor table to its direct neighbors.Neighbor tables include distance between nodes.
We assume nodes are deployed on a plane. (it can be extended to 3D)
15
Neighbor Verification (Security Tests)Neighbor Verification (Security Tests)
16
Neighbor Verification (Security Tests)Neighbor Verification (Security Tests)
Link Symmetry Test d(B->A) = d(A->B)
(1)
17
Neighbor Verification (Security Tests)Neighbor Verification (Security Tests)
Maximum Range Test d(B->A) < RR
(1) (2)
Link Symmetry Test d(B->A) = d(A->B)
18
Neighbor Verification (Security Tests)Neighbor Verification (Security Tests)
Quadrilateral Test Each 4 neighbors that form a clique must belong to a quadrilateral. (embedding graph on a plane)
Maximum Range Test d(B->A) < RR
(1)
(3)
(2)
Link Symmetry Test d(B->A) = d(A->B)
19
Neighbor Verification (Security Tests)Neighbor Verification (Security Tests)
Quadrilateral Convexity Test A link will be marked as verified link if it belongs to a convex quadrilateral.
Maximum Range Test d(B->A) < RR
(1)
(3)
(2)
(4)
Quadrilateral Test Each 4 neighbors that form a clique must belong to a quadrilateral. (embedding graph on a plane)
Link Symmetry Test d(B->A) = d(A->B)
20
Security AnalysisSecurity Analysis
21
Security AnalysisSecurity Analysis
To successfully create a false link:the attacker has to convince 4 nodes that form a convex quadrilateral
(2-2)
(3-1)
A
B C
D
D
A
BC
22
Security AnalysisSecurity Analysis
(2-2)A
B C
D
C
DA
B C
DA
B
Nodes’ perception (1) Nodes’ perception (2)
We have proved that neither of these perceptions are possible. Thus, 2-2 attack is impossible.
23
Security AnalysisSecurity Analysis
(3-1)D
A
BC
A
B
C
DNodes’ perception
DA
BC
We have proved that the attack is possible only if:
24
Experimental ResultsExperimental Results
SettingsSettings
The ranging protocol has been implemented on Crossbow Cricket motes
25
Experimental ResultsExperimental Results
SettingsSettings
The ranging protocol has been implemented on Crossbow Cricket motes
ResultsResults
Time Synchronization Error: 99.55% below 5 microsecondDistance Measurement Error: Below 5cm error (Range up to 4m)Link Symmetry Error: 97% below 7cm (74% below 2cm)
26
Performance Evaluation in Benign SettingPerformance Evaluation in Benign Setting
Links have to satisfy the convex quadrilateral test to be verified by our protocol.
Yet, even in a benign setting, some links might not belong to any convex quadrilateral, and therefore remain unverifiable.
How percentage of true links can be verified?
27
Performance Evaluation in Benign SettingPerformance Evaluation in Benign Setting
CoverageCoverage
Uniform distribution of nodes in a field measuring 400m*400m“R”: Transmission range = 100m“e”: Maximum distance estimation error as percentage of R.
28
ConclusionConclusion
- Neighbor Verification Protocol for Wireless Sensor Networks
- Based on estimation of node distance and simple, local tests
- Practical solution, implemented on Cricket motes
- Formal analysis and proof of correctness
- Highly effective against powerful adversaries
- Adding detection of adversary increases security (see tech-report)