Embed Size (px)
Citation preview
Secure Time Synchronization in Wireless Sensor Networks
11/8/2007 Carl J Ochs Jr 1
AgendaOverviewBackgroundSecurity ThreatsTime Synchronization ProtocolsCountermeasuresSummary
11/8/2007 Carl J Ochs Jr 2
OverviewScope
Time Synchronization in wireless sensor networks and security measures
IntentSurvey and evaluation of current time
synchronization protocols and the effectiveness of their security measures
11/8/2007 Carl J Ochs Jr 3
Background Wireless Sensor Networks
Network of multiple resource-constrained sensor nodes that monitor and forward information
Typically has a centralized node that collects the data and another node that will be used for processing the data.
11/8/2007 Carl J Ochs Jr 4
BackgroundWhy is Time Synchronization Important
Location and proximity of siblingsIntranetwork coordinationProper functioning of security measuresMaintain ordering of messagesUse of Time Division Multiplexing (TDMA)Energy efficiency
11/8/2007 Carl J Ochs Jr 5
BackgroundWhy not NTP or GPS?
The majority of sensor nodes are designed with minimal resources available and consumed NTP requires highly accurate clocks GPS requires an additional receiver for the GPS
transactions Some networks with less restrictions may be able to
afford a GPS sensor infrastructure.Additional details are available in chapter 1 of the
Handbook of Sensor Networks: Algorithms and Architectures: Time Synchronization and Calibration in Wireless Sensor Networks by Kay Römer, Philipp Blum, Lennart Meier available from http://www.vs.inf.ethz.ch/publ/papers/wsn-time-book.pdf
11/8/2007 Carl J Ochs Jr 6
BackgroundClock Synchronization Basics
Clock Offset Difference between clocks at 2 nodes
Clock Skew Change in offset over time
One clock running faster than another
Drift Error Random changes in clock frequency
Temperature differences Aging of the hardware
11/8/2007 Carl J Ochs Jr 7
)()( tt CC BAAB
t
t
t
t CC BA
AB
)()(
tC
tC tt
BAAB
2
2
2
2)()(
BackgroundEffects of Unsynchronized clocks
Invalid observationsInefficient/ineffective coverage
Areas left uncovered during certain timeslotsDisabled communications architecture (worst
case
11/8/2007 Carl J Ochs Jr 8
Threat OverviewVectors of Attack
Malicious OutsiderAttacker with Jamming and Replay abilitiesCompromised Node
11/8/2007 Carl J Ochs Jr 9
Threat Overview Malicious Outsider
Wireless device inserted into the network Can eavesdrop, but cannot contribute
No knowledge of security keys (at least initially) Similar in behavior to the “snoop”/Ethereal/Wireshark network capturing
utility
Sensor
Sensor
Sensor
Sensor
Sensor
Collection Node
Processing Node (End User)
Area of O bservation
EnemySensor
11/8/2007 Carl J Ochs Jr 10
Threat Overview Attacker with Jamming and Replay ability
Can initiate Pulse Delay Attacks Jam a message, store, and replay later Real message sent out of sequence (confusion)
Jamming detection possible, but expensive
Sensor
Sensor
Sensor
Sensor
Sensor
Collection Node
Processing Node (End User)
Area of O bservation
EnemySensor
11/8/2007 Carl J Ochs Jr 11
Threat Overview Compromised Node
Most difficult to defend against Friendly node taken over by enemy (brainwashed) Primarily physical attack
In theory, it could be a pure software attack Node has correct security keys and can contribute to the network
communication
Sensor
Sensor
CompromisedSensor
Sensor
Sensor
Collection Node
Processing Node (End User)
Area of O bservation
11/8/2007 Carl J Ochs Jr 12
Reference Broadcast Synchronization (RBS)
External unit broadcasts a synchronization signalSignal causes all nodes to record their current local
time and then exchange this information amongst each other
Processing time and propagation delays can cause imprecise measurementsSolution: multiple reference signals broadcast, nodes
exchange message arrival times, use least squares fit approximation
AttacksCompromised node can exchange an incorrect time
causing the other node to calculate an incorrect offset
11/8/2007 Carl J Ochs Jr 13
Reference Broadcast Synchronization (RBS)
• Receiver-Receiver synchronizationo Single node
transmits a synchronization message to multiple nodes
o Receiver nodes synchronize the arrival timestamp amongst themselves (transmitter does not interact).
11/8/2007 Carl J Ochs Jr 14
Time Synchronization Protocol Sensor NetworksCreate a spanning tree with a designated “root”
nodeEach pair of nodes can be considered a root-child,
where the child becomes the root for the next nodeChild requests synchronization from the root, which
responds with an acknowledgement message The message data is the departure and arrival time
of each, so the child, upon receipt of the last message can calculate its clock offset relative to the parent
AttacksCompromised node can cause it's child node to
calculate an incorrect offset, and this will trickle down the tree
11/8/2007 Carl J Ochs Jr 15
Time Synchronization Protocol Sensor Networks
Typical sender-receiver synchronization
HierarchicalRoot nodes at
each level synchronize with child nodes
11/8/2007 Carl J Ochs Jr 16
Flooding Time Synchronization Protocol
Root node is elected (lowest ID wins) and is the node that sends out the synchronization message
If no synchronization message is received after a preset time period, a node can elect itself root and initiate the synchronization Self healing tree structure in case of node failures
Attacks Any compromised node could declare itself root since the
lowest ID always wins Node then sends incorrect time synchronization data that
corrupts the entire tree
11/8/2007 Carl J Ochs Jr 17
Flooding Time Synchronization Protocol
Root node broadcasts time synchronization initiation message
Non-root sensors coordinate root message amongst neighborsNon-root sensors use
multiple neighbors timestamps to determine their own time.
Sensor
Sensor
Sensor
Sensor
Sensor
RootNode
T ime Sync
T ime Sync
I nitiate T ime Sync
T ime Sync
I nitiate T ime Sync
Area of O bservation
T ime Sync
T ime Sync
I nitiate T ime SyncI nitiate T ime Sync
CountermeasuresGeneral
Cryptographic-based Key sharing
Pre-shared or exchanged using Diffie-Hellman protocol Random nonce's are inserted in the initial messages to
prevent playback attacks
Proposals reviewed by articleGaneriwal et al.Song et al.2 by Sun et al. Manzo et al.
11/8/2007 Carl J Ochs Jr 19
Ganeriwal et al.Extended the Key-sharing with initial nonce
by adding end-to-end delay calculationsPrevents “Pulse Delay Attacks”
11/8/2007 Carl J Ochs Jr 20
Song et al.Statistical approach that intends to filter out the
compromised nodesAssumption is that compromised nodes will behave
significantly different from uncompromised nodes – called outliers.
Implementations Generalized Extreme Studentized Deviate (GESD)
Outputs estimated number of outliers Predetermined Delay thresholds
At startup, nodes determine the maximum delay tolerated and ignore any messages exceeding this threshold
No cryptographic techniques employed
11/8/2007 Carl J Ochs Jr 21
Sun et al.Original ApproachStatistical method with more resiliency in the
face of compromised nodesSynchronization can be level based – heirarchical – or
diffusion based – synch with nearest neighborsThe synchronization method selects the median of 2t
+ 1 candidate measures Tolerates up to t compromised nodes
Requires pairwise-key-based authentication to prevent Sybill attack (single node masquerading as multiple nodes)
11/8/2007 Carl J Ochs Jr 22
Sun et al.Revised ApproachTinySeRSync
http://discovery.csc.ncsu.edu/software/TinySeRSync/
Improved version of original approach proposed by Sun et al.
Still relies on the selection of a median from 2t + 1 candidates
Has 1+ source/root nodes that have highly precise time (i.e. GPS set)
11/8/2007 Carl J Ochs Jr 23
TinySeRSyncStaggers the global synchronization into 2 asynchronous
phases First phase has pairs of nodes synchronizing to each other,
independent of the source node MAC layer timestamping is used for authenticating the source Continuously done to maintain precision between pairs
Second phase is initiated by the source node broadcasting a synchronization message This message is flooded to neighboring nodes who then
forward it on to their neighbors μTESLA is used as the authentication method
Does not require signature verification overhead, which can be a vector for Denial of Service attacks
11/8/2007 Carl J Ochs Jr 24
SummaryMajority of the proposed countermeasures
provide protection against compromised nodesGaneriwal et al. Is the only method that does not
All apply some form of statistical filtering to weed out the attacks
Cryptography is not a necessary component to defend against attacksMethod proposed by Song et al. Protects against all 3
attacks, yet uses no cryptography for authentication
11/8/2007 Carl J Ochs Jr 25
ReferencesA. Boukerche and D. Turget, “Secure Time
Synchronization Protocols For Wireless Sensor Networks,” IEEE Wireless Communications, October 2007, pp. 64-69
Kun Sun, Peng Ning, Cliff Wang, An Liu, Yuzheng Zhou, "TinySeRSync: Secure and Resilient Time Synchronization in Wireless Sensor Networks'', in Proceedings of the 13th ACM Conference on Computer and Communications Security (CCS'06), Alexandria, VA, November 2006.
11/8/2007 Carl J Ochs Jr 26
References Roche, Michael. "Time Synchronization in Wireless Networks."
CSE574S: Advanced Topics in Networking: Wireless and Mobile Networking (Spring 2006) Website. 23 Apr. 2006. Washington University in St. Louis. 04 Dec. 2007 <http://www.cs.wustl.edu/~jain/cse574-06/ftp/time_sync/index.html>.
K. Römer, P. Blum, L. Meier: Time Synchronization and Calibration in Wireless Sensor Networks, In: I. Stojmenovic (Ed.), Handbook of Sensor Networks: Algorithms and Architectures, pp. 199-237, Wiley and Sons, October 2005, ISBN 0-471-68472-4.
11/8/2007 Carl J Ochs Jr 27
