secure time synchronization service for sensor networks s. ganeriwal, r. kumar, m. b. sirvastava...

Secure Time Synchronization Service for Sensor Networks

S. Ganeriwal, R. Kumar, M. B. Sirvastava

Presented by: Kaiqi Xiong

11/28/2005

Computer Science

CSC 774 Adv. Net. Security


2

Outline

• Time synchronization and techniques– Pairwise sender-receiver synchronization

• Secure time sync problem: pulse delay attacks

• Proposed techniques– Node to node

• Single hop: Secure Pairwise Synchronization (SPS)

• Multi-hops: SO(opportunistic)M, SDM and STM

– Group: L-SGS and SGS

• Conclusions and possible research questions


3

Why Time Synchronization

• Time difference in sensor node clocks– Time offset: = CA(t)-CB(t)

• Why time synchronization– e.g., TESLA, localization and target tracking (any protocol

regarding time stamp)

• How to find


4

How to Synchronize

• Pairwise sender-receiver synchronization: TPSN#

– Step 1: A (T1) (T2) B: A, B, sync

– Step 2: B (T3) (T4) A: m, where m=[B, A, T2, T3, ack]

– Step 3: Compute

A

B

T1

T2 T3

T4

= [(T2-T1)-(T4-T3)]/2

d = [(T2-T1)+(T4-T3)]/2

T1, T4 are measured in A’s clock

T2, T3 are measured in B’s clock

#S. Ganeriwal, et al., Timing-sync protocol for sensor networks, SenSys, 2003


5

Why Secure Time Synchronization

• Type 1 attack: modify T2 and T3 by capturing node B• Type 2 attack: pulse-delay attacks

– Simply jam an initial pulse– Store in its memory– Replay it at an arbitrary time later

=[(T2-T1)-(T4-T3)+]/2; d=[(T2-T1)+(T4-T3)+]/2

T2* = T1 + d + +

Jam the signal with delay A sends at T1 B receives at T2*


6

Roadmap For Proposed Techniques

• Only discuss techniques resilient to type 2 attacks• Node-to-node: time synchronization of two nodes

– Single hop: Secure Pairwise Synchronization (SPS)– multi-hops:

• Secure Opportunistic Multi-hop (SOM)• Secure Direct Multi-hop (SDM)• Secure Transitive Multi-hop (STM)

• Group: time synchronization among a group of nodes– Lightweight Secure Group Synchronization (L-SGS)– Secure Group Synchronization (SGS)


7

Single-hop - Secure Pairwise Synchronization (SPS)

• Step 1: A (T1) (T2) B: A, B, NA, sync

• Step 2: B (T3) (T4) A: m, MAC[KAB, m]

– where m=[B, A, NA, T2, T3, ack]

• Step 3: Compute d=[(T2-T1)+(T4-T3)]/2• If d d* (predefined), then =[(T2-T1)-(T4-T3)]/2; else abort

End-to-end delay (d) consists of •Waiting time Tw at mac to access channel (s~min) (Big!)•Transmission time Tt : time taken to transmit the packet bit-by-bit at the radio of sender (100’s s)•Propagation delay Tp: time over wireless link between sender and receiver (ns)


8

Performance - Define d*

• d = N(davg, ) is a Guassian distribution

• Select d* = davg+3

• Maxi sync error=3=10s

• Attacker can introduce a maxi pulse-delay factor of 12 due to

– davg+3 +/2 = davg-3

– In this case, maxi attacker impact = 6

•Fig: End-to-end delay over a link

•Table: Statistics of end-to-end delay (Waiting time is extracted)

Maximum(s)

Minimum (s)

Average(s) (dAVG)

Standarddeviation ()

768 755 762 2.82


9

Secure Opportunistic Multi-hops (SOM)

• Assumption: key KAB shared by A and B

• SOM

Step 1: m1=[A, B, NA], sync

Step 2: m, MAC[KAB, m]

where m=[m1, T2, T3, ack]

Step 3: Node A computes d =[(T2-T1)+(T4-T3)]/2

If d dM*, then =[(T2-T1)-(T4-T3)]/2; else abort

BA

– Exactly the same as SPS except nodes C and D added

DC

Send at T1 Receive at T2

Receive at T4 Send at T3


10

Performance: SOM

• End-to-end delay – d=sum (Tw+ Tt +Tp)

– Tw is significantly higher

– Standard deviation is higher in 3 orders of magnitude as compared to a single hop

– Maxi sync error=3• Maxi attacker impact=6


11

Secure Direct Multi-hop (SDM)

• Step 5: Node A computes d=(E1+E2)/2

– If d dT*, then = (E1-E2)/2; else abort

• where E1 = (T2-T1)+(T4-T3)+(T6-T5), E2 = (T12-T11)+(T10-T9)+(T8-T7)

Step 1. A C D B: A, B, NA, sync

Step 2. B,D,NA,m1,M1

– m1=[m1, T2, T3, ack], M1=MAC[KBD, B, D, NA, m1]

– m2 =[B, D, A, T4, T9, T6-T5, T8-T7, ack], M2=MAC[KDC, D, C, NA, m2]

– m3 =[B,D,C,A,T2,T11,T4-T3,T10-T9, T6-T5,T8-T7, ack], M3=MAC[KCA,C, A, NA, m3]

BADC

T1 T3T2 T4 T5T6

T7T8T9T10T11T12

Step 3. D,C,NA,m2,M2Step 4. C,A,NA,m3,M3


12

Performance (as compared to SOM)

• Advantages– End-to-end delay is not corrupted by Tw

– dAC= dCD=dDB=N(davg, ). So, dAB=N(ndavg, n1/2)

– dT*= ndavg+n1/2

n1/2 M* (SOM), lower in 3 orders of magnitude

• Disadvantages– ack has to carry the state information and

timestamps about all the previous packets, so the packet size of ack packet is larger


13

Secure Transitive Multi-hop (STM)

• Step 5: A sync to C (SPS)

Step 1. A C D B: A, B, NA, sync

Step 2. B, D, NA, m1, M1

– m1 = [B, D, notify], M1 = MAC[KBD, B, D, NA, m1]

– m2 = [B, D, C, notify], M2 = MAC[KDC, D, C, NA, m2]#

– m3 = [B, D, C, A, notify], M3 = MAC[KCA, C, A, NA, m3]#

BADC

Step 4. C sync to D (SPS) Step 3. D sync to B (SPS)

#In the paper, KBD in M2 and M3 should be KDC and KCA respectively

D C: D, C, NA, m2, M2C A: C, A, NA, m3, M3


14

Comparison (SOM, SDM and STM)

• Maximal delay parameter same as d* in SYS

• Advantages– Threshold is verified at each step, so re-sync if the

threshold does not meet in STM. But, threshold is done only when A receives ack in SOM and SDM

• Disadvantages– In STM, an external attacker can carry out pulse-delay

attacks on the link joining C and D, due to local verification

– The total number of transmitted messages• 2n for SOM and SDM, but 3n for STM when no attacks


15

Group Synchronization

• Lightweight Secure Group Synchronization (LSGS)

– Step 1: G1 *: G1, sync

– Step 2: Gi (Ti) (Ti1) G1: Gi, Ni

– Step 3: G1 (T1) (T1i) *: G1, T1, ack, m, M• where m={Ti1, Gi, Ni}, M=MAC[K1i, G1, T1, ack, m] (i = 2,…n)

– Step 4: • Compute d = [(Ti1-Ti )+(T1i - T1)]/2

• If d d*, then = [(Ti1-Ti )-(T1i - T1)]/2; else abort

Note. Gi A and G1 B in a single hop


16

Performance (L-SGS)

• Same as SPS– Resilient to pulse-delay attacks and message

modification attacks

• Not resilient to internal attacks (if G1 is malicious)


17

Secure Group Synchronization (SGS)

• Triangle consistency

ij

Node i

Node j

Node kjk

ki

Internal attacks if ij+ jk + ki 0?

Main ideas of SGS

– Every two nodes use SPS by broadcast. No fixed node is used for time sync

– Use triangle consistency to detect internal attacks


18

Comparison and Summary

Secure Sync Singlehop

Multi-hop sync over n hops(n=5)

Group sync of nnodes

Protocols SPS SOM SDM STM T-SGS SGS

Maxi sync error 3(10s)

3M

(25ms)3 n1/2

(25s)3 n1/2

(25s)3

(10s)3

(10s)

Maxi externalattacker impact

6(20s)

6M

(50ms)6 n

(120s)6 n

(120s)6

(20s)6

(20s)

Resilient tointernal attackers

- Yes No No No Yes

Total number ofmessages

2 2n 2n 3n n+1 3n

Ack packet size# - Same Large Same Large Large

#Compared to the packet size in SPS


19

Conclusions

• A suite of time synchronization protocols was proposed to detect pulse-delay attacks

– Node-to-node• Single hop: SPS

• Multi-hops:

– SOM (shared pairwise key and big dM*)

– SDM (large message sizes), STM (external attacks)

– Group: L-SGS (internal attacks), SGS (big communication overhead)

• Secure group synchronization is based on the assumption: all group nodes are in each other’s power range


20

Possible Research Questions

• How to sync time when some nodes are not in the power range of other nodes in a group

• Prevention? How to continue with the processing of time sync when attacks

• How to develop methods to avoid internal attacks (e.g., a hash chain?)

• Is it possible to apply Iulos’s approach or a tree-based technique to SGS for reducing communication overhead


21

Thank You!

Questions?

secure time synchronization service for sensor networks s. ganeriwal, r. kumar, m. b. sirvastava...

Documents

tc b t

transmission time t

t p t w

clock t

time t w

t w d ac

sum t w

d sync