KEY INFECTION: SMART TRUST FOR SMART DUST
MUTHURAMAN ANNAMALAI
RINEET SUBRAMANIAN
Introduction
The research paper of our interest focuses on the security issues governing distributed systems, which typically are sensor networks. A prototype sensor network is composed of a large number of small, low-cost nodes, that make use of wireless peer-to-peer communication to form a self-sufficient network. Routing in these networks is managed by multi-hop algorithms and source driven protocols. These sensor networks are used in many low-cost purposes such as in the domestic environment as well as in complex applications such as in military. The cost of the sensor determines the overall budget required to set up the sensor network and it also subsequently determines the applications in which it can be used feasibly. In the case of low-cost applications, the nodes have limited communication, computation and storage resources. Such nodes are also not resilient against tampering by attackers. As mentioned earlier, the sensor networks are used in diverse applications such as in environmental monitoring, climate control, home and small businesses, factory instrumentation and most importantly in military and other safety-critical applications such as medical monitoring.
With sensor networks being used in multiple applications, a prime area of concern in these networks is in their security features. The nodes must be resistant against all kinds of attackers: active attackers, that may cause physical destructionand jamming, and passive attackers, that monitor the sensor data flows to estimate the capability of the network. Another categorization of attackers is in terms of their extent of coverage, attackers that have control over the entire area (passive global adversary)and attackers that control a segment of the network. An important aspect to be taken into account while designing security for sensor networks is the key distribution, that is, establishing shared secret keys between sensor nodes. Networks employing low-cost sensors make use of symmetric cryptography, owing to the resource limitations. In high-end applications which use expensive sensors, asymmetric cryptography may be employed for key distribution.
An Overview of the Paper
The paper delves deep into the security aspects involved in sensor networks and studies all possible security threatening situations in sensor networks in a comprehensive manner. The contents of this paper, when applied to the ‘Smart Dust’project, are found to be relevant. This project aims at making sensors so small and inexpensive that they can be distributed in large numbers over a wide area. The paper discusses how the key distribution problem between nodes can be dealt with in networks having attackers that are partially present in the network. While examining the different security related situations in these self-organizing networks, a few
assumptions are made. An important assumption made in this paper is that the network does not have a passive global adversary; rather it consists of an attacker that has control over a section of the network. Another assumption made is that the attacker can monitor all communications only after the node deployment as opposed to the previous works, which focused on the strong attacker model, in which the attacker is assumed to be present both before and after node deployment. In other words, the attacker does not have physical access to the deployment site during the deployment phase. The attacker is also able to perform active attacks once the deployment phase is over. Such assumptions are acceptable because of their ease of implementation in low-cost sensor networks.
An important highlight of this paper is that it indicates the trade-off between the security and the cost incurred to set up the network. For increased security features to be incorporated into the network, it would result in an increase in the cost. But for mundane low-cost applications where such features are not desired, the assumptions of the paper are valid and they simplify the operation of the network by reducing the communication overhead. The paper introduces a light-weight key distribution mechanism called the Key Infection, which can be efficiently applied to smart dust sensor nodes. This protocol is explained with respect to the real-world attacker model. Each node chooses a key and broadcasts it in plaintext to its neighbors. It is assumed that there are multiple nodes within the radio range of the first node. A node i thus broadcasts a key kiwhich is detected by the other nodes, once they become active. Then, they start organizing themselves into a network and the key material is propagated once the contact is made. This idea is analogous to an infection spreading through a biological population, hence the protocol is named ‘Key Infection’. Assume that node i’s signal is heard by node j. Its response will be to generate a pair-wise key kjand send it, along with its name, to i: {j,kji}ki. The key kjiis used to protect traffic between i and j.The paper discusses Secrecy Amplification, which is an additional mechanism to strengthen the security of key infection in presence of an active attacker. These ideas provide ways to trade off security for cost and usability.
Features and Shortcomings
A sensor network is typically set up as follows. When a node hits the ground, it broadcasts its identity, say i. If a neighboring node jhears it, it replies. The two mutually aware nodes now set RF power at just the level needed forcommunication. A source-based routing protocol, based on the periodic broadcast of beacons by base stations, organizes the nodes into forests, with a base station at the root of each tree. This involves not just routing but time synchronization: to save power, the nodes typically turn off their communications, only waking up and listening for radio signals intermittently. The paper suggests several novel features in addition to the basic idea of operation of sensor networks. The Key Infection protocol is a unique feature
discussed in this paper and a slight modification to the key infection protocol results in better security. If the nodes, instead of broadcasting a single initial key as loudly as it can, starts off transmitting very quietly and steadily increases the power until a response is heard, then it is found that the number of nodes compromised is lower. This ‘key whispering’ protocol ensures that two white nodesW1 andW2within range of each other and of a black node Bwill exchange a secure key provided that the black node is further away from eitherW1 orW2 than the distance between W1 and W2. In this case, the number of links that the black node can eavesdrop falls to 0.8%, as compared to 2.4% resulting from the original Key Infection protocol. Key Infection is secure if the attacker comes after the key infection phase. If the attacker arrives before the key infection phase, then it would result in some of the white nodes to get compromised. An upper bound on the ratio of the communication links that the black dust nodes would compromise can be calculated. It is assumed the maximum range of the radio is R. The smart dust nodes are assumed to be distributed in an area s. Here Nb is the number of black dust nodes and Nw is the number of white dust nodes. In this case, there needs to be at least one black dust node in the radius of each one of the two communicating white nodes. If both nodes transmit at maximum strength, then given a link e, the effective eavesdropping area is at most piR2, and hence the probability that this link is bad, i.e., can be eavesdropped by at least a black node, is at most piR2Nb/s.
In case of the key whispering protocol, if a link has length r, then both nodes will transmit their signals at strength that exactly reaches distance r. Therefore, a black node has to lie in the intersection of the two circles of radius r,where the distance between the two centers of the two circles is r. The effective eavesdropping area is thus at most the area of this intersection which is 2r2(pi/3-sqrt(3)/4)=1.2r2.The probability that the link is compromised is atmost 1.2r2Nb/s. The comparison between the point-to-point key exchange and whisper mode extension, for various node densities are tabulated below:
Comparison of Standard Key Infection over Whisper-mode key infection
An attacker who introduces black dust nodes before the white dust nodes are deployed can subvert some fraction of communication links. Secrecy Amplification is a technique that utilizes multipath key establishment to make the job of the attacker significantly harder. In secrecy amplification the keys are combined and propagated along different paths. Suppose that the nodes W1, W2, and W3are neighbors. W1 and
W2 set up the key k12, W1 and W3 the key k13, W2 and W3 the key k23. To amplify the secrecy of key k12, W1 can ask W3 to exchange an additional key with W2. Here N1 is anunpredictable nonce generated by W1, N2 is a unique nonce generated by W2used for confirmation of key k’12.
After this protocol terminates, W1 and W2 update their key k12 by hashing it with the value just received: k’12=H(k12||N1). If k12 was secure before the protocol, the new k’12 will also be secure afterwards. But if the initial link key k12 was compromised, the new one k’12 will not be, so long as neither k13 nor k23 is. The last two messages of the protocol are needed for key confirmation, to ensure to W1 and W2 that the other party correctly received the key.
Improvement of Secrecy Amplification over basic Key Infection
From the above table, it is clear that the Secrecy Amplification reduces the percentage number of compromised nodes when compared to the standard key infection. Another method to reduce the percentage number of compromised nodes is by using multihop keys instead of using two hop keys. This method supports end-to-end cryptography and it is also energy efficient for base to node communications to be encrypted using end-to-end keys. It also protects multihop secrecy amplification against node compromise.
This paper has brought out several new features such as Key Infection and Secrecy Amplification into the field of sensor networks security. However, there are some shortcomings that are evident from the assumptions made. Firstly, the model discussed in the paper assumes that the attacker is absent during the initialdeployment. While this assumption may hold good for most scenarios, it may not be valid when there is a highly motivated attacker, in the case of highly sensitive applications such as military applications.
Conclusion
The main concepts presented in the paperare the Key Infection Protocol,Secrecy Amplification and Multihop Key Propagation. All these ideas can be implemented to low-cost sensor networks, that are used for routine applications. The objective of this paper is to simplify the security issues concerning these sensor networks which are used for inexpensive applications by making acceptable assumptions. It thereby provides novel and counterintuitive ways of managing keys in sensor networks. The ideas, on which this paper is based, hold good when applied to the Smart Dust nodes. After a thorough analysis of this paper, it is evident that the ideas postulated are most suitable to systems which do not have a hostile attacker present before the key deployment. We recommend that the content of this paper is more applicable to low-cost self-organizing networks having locally communicating sensor nodes and the ubiquitous nature of these networks makes the ideas postulated in the paper, even more poignant. The paper, however, does not provide security solutions for highly sensitive applications such as the military where the strong attacker model cannot be ignored and assumptions concerning the systems cannot be made.
Throughout the course of this paper, analogies are made with biological systems and the mechanisms proposed to control the sensor networks are comparable to societal mechanisms that rely on trust. The paper presents the results of the simulations of the ideas proposed in it. The values obtained are acceptable and the paper also gives suggestions that further improve the values obtained. This further substantiates the use of Key Infection, Key Whispering protocol, Secrecy Amplification:some of the key ideas postulated in this paper, in low-cost sensor networks.
References
Ross Anderson, Haowen Chan, Adrian Perrig, \"Key Infection: Smart Trust for Smart Dust,\" In 12th IEEE International Conference on Network Protocols (ICNP'04),pp. 206-215, 2004.
S. Zhu, S. Setia, and S. Jajodia. LEAP: Efficient security mechanisms for large-scale distributed sensor networks. In Proceedings of the Tenth ACM Conference on Computer and Communications Security (CCS 2003), pages 62–72, Oct. 2003.
因篇幅问题不能全部显示,请点此查看更多更全内容