computer science 1 tinysersync: secure and resilient time synchronization in wireless sensor...

1

Computer Science

TinySeRSync: Secure and Resilient Time Synchronization in Wireless

Sensor Networks

Speaker: Sangwon HyunAcknowledgement: Slides were provided by Dr. Kun Sun

2Computer Science

Outline

• Introduction

• Related Work

• TinySeRSync: Secure and Resilient Time Synchronization

• Conclusion and Future Work

3Computer Science

Introduction

• Accurate and synchronized time is crucial in many sensor network applications.– the need for consistent distributed sensing and coordination

• An adversary may certainly attack the time synchronization protocol due to such importance.

• Traditional time synchronization protocols (e.g., NTP) cannot be directly applied in sensor networks.

4Computer Science

Related Work

• Recent time synchronization techniques.– Single-hop Pair-wise Time Synchronization.

• Receiver-Receiver based schemes.– Elson et al., ACM SIGOPS’02;

• Sender-Receiver based schemes.– Ganeriwal et al., SenSys’03;

– Global Time Synchronization.• Clock distribution schemes,

– Maroti et al., SenSys’04;• Clock agreement schemes.

– Li and Rus, INFOCOM’04;S R

t1 t2

t4 t3

Sender-Receiver based

S

1 2

S

1 2t1 t2 t2

t1

Sender-Receiver based

5Computer Science

Threats

• Single-hop Pair-wise Time Synchronization.– No message authentication.

• Manzo et al., SASN’05; Ganeriwal et al., Wise’05

– Time sensitive.• Jam and Replay attacks: Ganeriwal et al.,

Wise’05

• Global Time Synchronization.– Insider attacks

S

Malicious Node

Victim Nodes

6Computer Science

Our Contributions

• TinySeRSync:– Phase I

• Secure single-hop pair-wise time synchronization

– Phase II• Secure and resilient global time synchronization

7Computer Science

Phase I:

Secure Single-hop Pair-wise Time Synchronization

8Computer Science

Secure TPSN

• Ganeriwal et al., Wise’05

• Estimate time difference and transmission delay.

– Security condition:• d < maximum expected delay.

– KAB : secret key shared between A and B.

– MIC: message integrity code

A Bt1

t2

t4

t3

time

2 1 4 3( ) ( ) is the time difference.

2

t t t t

2 1 4 3( ) ( ) is half of the transmission delay.

2

t t t td

9Computer Science

Problems in Secure TPSN

• Authenticated MAC layer timestamp.– MIC must be available when radio sends the MIC

field.

• Software solution in Secure TPSN– Calculate MIC using TinySec (Karlof et al.

SenSys’04)

– Works for low data rate radio (e.g., 38.4 kbps in CC1000 used by MICA2).

– Does not work for high data rate radio (e.g., 250kbps in CC2420 used by MICAz).

MIC CRC…...

a11

a22

3a3

4a4

b1

b2

b3

b4

5

6

7

8

Vcc1

0

GND

0

CPU

10Computer Science

Prediction-based MAC Layer Timestamp

• Sender side:– When channel is clear, it add sending time = current time + constant delay . △

△ = 399.29 us.• Receiver side:

– When the SFD field is received, it records the time as receiving time.

11Computer Science

Delay Uncertainty

cpu

Radio

Antenna

Accessing and adding timestamp,then send STXON command

Encoding symbol periods and preamble

cpu

Radio

Antenna

Decoding of SFD

Interrupt handling

Propagation of SFD

Accessing timestamp

Sender

Receiver

t2 t3

Encoding of SFD

Propagation of SFD

Decoding of SFD

Interrupt handling

Accessing timestamp

Encoding SFD

Accessing and adding timestamp,then send STXON command

Encoding symbol periods and preamble

12Computer Science

Hardware-assisted, Authenticated MAC Layer Timestamp• Hardware security support in CC2420

– Two modes• stand-alone mode: 128 bit AES encryption on message

in stand-alone buffer.

• in-line mode: – begin encryption when message are being sent out;

– begin decryption after the whole message is received.

• Using in-line mode, CC2420 can generate a 12-byte MIC on 98-byte message in 99 us

13Computer Science

Distribution of Secure Single-hop Pair-wise Synchronization Error• Experimental result (1 tick = 8.68us)

0.00% 0.01% 0.71%

8.43%

67.76%

19.84%

3.15%0.09% 0.01%

0%

10%

20%

30%

40%

50%

60%

70%

80%

-4 -3 -2 -1 0 1 2 3 4Synchronization Error (tick)

Pe

rce

nta

ge

14Computer Science

Phase II:

Secure and Resilient Global Time Synchronization

15Computer Science

Secure and Resilient Global Time Synchronization Algorithm Each node i maintains a local clock time Ci.

1 2 3

5 64

7 8 9

S

16Computer Science


For each neighbor node j, node i maintains a single-hop pair-wise time difference i,j.

1 2 3

5 64

7 8 9

S

17Computer Science



A source node S broadcasts its local time CS periodically.

1 2 3

5 64

7 8 9

S

18Computer Science




Each direct neighbor node i of node S can obtain a source clock difference i,S from node S directly. Then, it broadcasts i,S.

1 2 3

5 64

7 8 9

S

19Computer Science




Each direct neighbor node i of node S can obtain a source time difference i,S from node S directly. Then, it broadcasts i,S.

For other nodes, to tolerate up to t malicious neighbor nodes, each node i needs to obtain at least 2t+1 source time differences through different neighbor nodes. Node i chooses the median one as i,S . Then it broadcasts i,S.

1 2 3

5 64

7 8 9

S

20Computer Science




Each direct neighbor node i of node S can obtain a source time difference i,S from node S directly. Then, it broadcasts i,S.

For other nodes, to tolerate up to t malicious neighbor nodes, each node i needs to obtain at least 2t+1 source time differences through different neighbor nodes. Node i chooses the median one as i,S . Then it broadcasts i,S.

Each node i can estimate the global clock CS by CS = Ci+i,S.

1 2 3

5 64

7 8 9

S

21Computer Science

How to Distribute Global Synchronization Messages?• Unicast

– Messages authenticated by secure pair-wise key.– Conclusion: too heavy communication overhead

and substantial message collisions. Scalability problem

• Broadcast– Can reduce the communication overhead.– Require local broadcast authentication.

• Digital signature is too expensive for sensor nodes.

• uTESLA

22Computer Science

Overview of uTESLA

• Perrig et al., IEEE S&P’01• Sender:

– Generate one-way key chain, Ki=F(Ki+1), 0 i n-1– Release the commitment K0

– Use key Ki for all messages sent in time interval Ii, and disclose Ki in Ii+d

• Receiver:– Security condition: the key has not been disclosed by the sender when

the messages are received.– Verify Ki=F(Ki+1)

Time...I1 In-1 In

T1T0 T2 Tn-2 Tn-1 Tn

I2

KnKn-1K1K0 ...F F FFFK2

23Computer Science

Using uTESLA in Time Synchronization?

• Problems: 1. uTESLA itself requires loose pair-wise time

synchronization.

2. Delayed authentication causes clocks drift away again.

24Computer Science

Short Delayed uTESLA

• Tight single-hop pair-wise time synchronization.• Too short time intervals waste a lot of keys in a key

chain. • Interleaved short and long intervals.

– Short interval (r) : A sender broadcasts authenticated synchronization message.

– Long interval (R) : A sender discloses the key used in last short interval.

M i K i

TimeSender A

Receiver Bti

r rR Rr rR R

Time

25Computer Science

Short Delayed uTESLA (Cont.)

• Receiver:– Security condition: the message is sent in the sender’s last

short interval.

(ti-T0+ +△ max) < i*(r+R)+r.

△: single-hop pair-wise time differencemax: maximum synchronization error

– Verify Ki=F(Ki+1)

26Computer Science

Experimental Evaluation

• Software package– TinySeRSync

• MICAz motes running TinyOS

• 35 files

• Providing 8 interfaces

• Code size in MICAz

• Parameters

# of MICAz nodes 60

pair-wise synchronization

interval

4 seconds

global synchronization interval

10 seconds

Tolerance (t) 0, 1, 2, 3, 4

uTESLA short interval 10 ms

uTESLA long interval 1 second

key chain length 100

Memory Bytes

RAM 1961

Program memory 24814

27Computer Science

Network Deployment

8150

55

15 22 29 36 43

9 16 23 30 37 442

10 17 24 31 38 453

11 18 25 32 39 464

12 19 26 33 40 475

13 20 27 34 41 486

14 21 28 35 42 497

51

52

53

54

56

57

58

59

60

Source NodeFirst round

additional nodeSecond round additional node

Sink Node

28Computer Science

Data Collection

• Sink node – Broadcast reference messages to all the nodes.– Query each node one by one at different time.

• All the nodes – When receiving a reference message

• Records the current global time when the message is received at MAC layer.

– When receiving a query message• Send the buffered global time information to the sink

node.

29Computer Science

Synchronization Error

• Precision achieved: tens of microseconds

0

2

4

6

8

10

12

14

16

0 1 2 3 4

Tolerance (t)

Syn

ch

ron

izati

on

Err

or

(tic

k) Avg. Error Max. Error

1 tick = 8.68 us

30Computer Science

Synchronization Rate

• When t=4, 95% in 3 rounds

60

65

70

75

80

85

90

95

100

0 1 2 3 4Tolerance (t)

Per

cen

tag

e

One Round

Two Rounds

Three Round

31Computer Science

Communication Overhead

10440

9720

9200

9400

9600

9800

10000

10200

10400

10600

5 10

Global synchronization interval (seconds)

Nu

mb

er

of

messag

es

Number of message each node sends per hour.

32Computer Science

Incremental Deployment

• Average synchronization error (left Y-axis)

• Synchronization rate when t=2 (right Y-axis)

1.E+00

1.E+01

1.E+02

1.E+03

1.E+04

1.E+05

1.E+06

1.E+07

1.E+08

1.E+09

1.E+10

time (hh:mm:ss)

mic

ros

ec

on

ds

0

10

20

30

40

50

60

70

80

90

100

pe

rce

nta

ge

Avg Sync Error

Sync Rate

33Computer Science

Conclusion

• TinySeRSync:– Secure single-hop pair-wise time synchronization

• Between two nodes

• The building block of global time synchronization.

– Secure and resilient global time synchronization• In the whole network

• Future work– Adapting the linear regression technique to compensate the

constant clock drifts.

34Computer Science

Comments and Questions?

Thank you!

computer science 1 tinysersync: secure and resilient time synchronization in wireless sensor...

Documents

computer science

synchronized time

wise05 time sensitive

infocom04 slide

current time constant

future work slide

delay uncertainty slide

secure tpsn ganeriwal