A middleware to support security in Wireless Sensor Network

(1)

Here comes your footer

Page



1

A

middleware

to support

security

in Wireless Sensor Network

Stefano Marchesani

Centre of Excellence DEWS

Università degli Studi dell'Aquila, Italy

Ciclo XXVI

(2)

Here comes your footer

Page



2

OVERVIEW

●

Introduction

● Middleware ● Security ●

Middleware

● Agilla ● TAKS ● IDS ●

Future works

●

Conclusions

A middleware to support security

(3)

Page



3

OVERVIEW

●

Introduction

Middleware

● Agilla ● TAKS ● IDS ●

Future works

●

Conclusions

(4)

Page



4

INTRODUCTION (1/3)

●

What is a

middleware

?

● SW package intermediary between the application and underlying

infrastructure (OS or HW)

●

What is a

middleware

for WSN

?

● SW package providing [1] [2]:

● a suitable view of a network of nodes ● an interface to access some services:

● Configure/program nodes ● System services

● Manage application-layer problems (QoS, Discovery services, etc.)

(5)

Page



5

INTRODUCTION (2/3)

●

Classification by programming/configuring [1] [2]

● Virtual machine: the system injects and distributes the modules through the network using

tailored algorithms and the VM then interprets the modules

● Database: this approach views the whole network as a virtual database system and It

provides an interface that lets the user issue queries to the network to extract the data of interest

● Modular (agent-based): the key to this approach is that applications are as modular as

possible to facilitate their injection and distribution through the network using mobile code

● Application-driven: this approach introduces a new dimension in middleware design by

supplementing an architecture that reaches the network protocol stack

● Message-oriented: uses the publish-subscribe mechanism to facilitate message exchange

between nodes and the sink nodes

(6)

Here comes your footer

Page



6

INTRODUCTION (3/3)

●

What is

(network)

security

?

● Network security goals:

● data Confidentiality, Integrity and Authentication (CIA) ● system Availability

●

How is it possible to ensure

security

?

● Good encryption (and decryption) schemes ensure CIA ● To ensure availabity is more complex

● Detection and Reaction

(7)

Here comes your footer

Page



7

OVERVIEW

●

Introduction

Middleware

● Agilla ● TAKS ● IDS ●

Future works

●

Conclusions

(8)

Page



8

MIDDLEWARE

●

Goal: a middleware to support security in WSN

● Useful interface for the WSN programmer ● Suitable for real-world applications

● Compliant to security requirements (CIAA)

●

Proposed approach

● Embed selectable encryption schemes

and an Intrusion Detection System (IDS) into an agent-based middleware

in Wireless Sensor Network 8/22

Agent-Based MW

Encr/Decr

Agent-Based MW IDS

(9)

Here comes your footer

Page



9

MIDDLEWARE: AGENT-BASED MW

●

Why agent-based MW?

● Network reprogramming without service interruption

● Agents are useful for both network maintenance and WSN programmer ● Agents can be used for IDS (Reaction)

●

Agilla [3]

● Developed at the Washington University in St. Luis ● It is stable and open source (TinyOS 1.x)

● We are evaluating its suitability for real-world application ● Power consumption, Routing, etc.

(10)

Here comes your footer

Page



10

MIDDLEWARE: ENCRYPTION (1/3)

●

WSN encryption schemes

● Symmetric vs Asymmetric schemes

● Symmetric solutions are preferred because their performance [5] ● In Symmetric schemes we have key distribution issue

●

Proposed approach

● Topology Authenticated Key generation Scheme (TAKS) ● A planner defines a planned network topology

● Local admissible network is stored in each node

● TAKS dynamically generates keys on this information ● Each message can be Topology Authenticated

(11)

Here comes your footer

Page



11

●

Topology Authenticated Key generation Scheme (TAKS)

● T(i) set of topology vector

● L(i) set of local key component

T(1) = k

_t2

, k

_t3

T(2) = k

_t1

, k

_t3

T(3) = k

_t1

, k

_t4

T(4) = k

_t3 2 3 1 4

L(1) = k

_l1

L(2) = k

_l2

L(3) = k

_l3

L(4) = k

_l4

TAK

_ij

= g(k

_ti

,k

_lj

) = h(k

_tj

,k

_li

)

k

_t

= f(k

_l

)

(12)

Page



12

●

Example from [4]

● Let n

i and nj be a node pair

● Let b be a scalar in GF(q), a

i, aj, m and c vectors in vector space over

GF(q)

j j i i a m j tj ) c a ( m j lj a m i ti ) c a ( m i li

b

a

m

k

b

a

k

b

a

m

k

b

a

k

⋅ + ⋅ ⋅ + ⋅

×

≡

×

≡

k

_li

⋅

k

_tj

+

k

_lj

⋅

k

_ti

=

₀

tj li i

k

TAK

≡

⋅

TAK

_j

≡

−

k

_lj

⋅

k

_ti

(13)

Here comes your footer

Page



13

MIDDLEWARE: IDS (1/5)

●

Intrusion Detection System

● A functional component to detect and eliminate intrusions [6] ● Block diagram Intrusion Detection Intrusion Reaction Logic Intrusion Reaction Application Configuration Data

Audit Data

(14)

Here comes your footer

Page



14

●

● Two types of Intrusion Detection

● Anomaly based models normal behavior (+FP and -FN) ● Misuse based models threat behavior (-FP and +FN)

●

Proposed approach

● Misuse based approach

● Difficulty to model normal behavior

● Threat behavior is a Weak Process Model (WPM)

1 (1,6) 2 (3,4) 3 (2,4) 4 (3,5) 5 (1,3,6)

(15)

Here comes your footer

Page



15

●

How does an attack can be modeled?

● An attack is a sequence of operations aim to break security

● It is an unknown FSM that we can observe through some anomalies ● Hidden Markov Model (HMM) and Viterbi algorithm

● HMM observable is associated to the probability to be in a certain state ● Viterbi algorithm is too expensive

1 2 3 4 5 1 p 11 2 p 12 3 p 13 4 p 14 5 p 15 1 1 p 21 2 p 22 3 p 23 4 p 24 5 p 25 2 1 p 61 2 p 62 3 p 63 4 p 64 5 p 65 6

...

(16)

Here comes your footer

Page



16

●

How does an attack can be modeled?

● Relax HMM to Weak Process Model (WPM)

● Each observable is associated to the possibility to be in a certain state ● Weighing state transitions Viterbi algorithm can be simplified

● Scoring mechanism and threshold

1 (1,6) 2 (3,4) 3 (2,4) 4 (3,5) 5 (1,3,6) 1 5 1 ₂ 3 2 4 5 3 2 3 4 ₅ 4 6 1₅

(17)

Here comes your footer

Page



17

●

Misuse-based Intrusion Detection

● We designed WPM for 3 types of threats ● Hello flooding, sinkhole and wormhole

(18)

Page



18

OVERVIEW

●

Introduction

Middleware

● Agilla ● TAKS ● IDS ●

Future works

●

Conclusions

(19)

Page



19

FUTURE WORKS

●

Agilla

● Reverse engineering ● Porting in TinyOS 2.x ●

Encryption

● Performance evaluation in Agilla

●

● Implementation and validation ● IRL and IRLA definition

● Database enhancing

(20)

Here comes your footer

Page



20

CONCLUSIONS

●

It is proposed a middleware to support security in

Wireless Sensor Networks

●

The proposed middleware is

● Useful for WSN programmer

● Gifted of innovative security facilities

●

Works will be done to make it suitable for real-world

applications

(21)

Here comes your footer

Page



21

REFERENCES

[1] Salem Hadim, and Nader Mohamed, Middleware: Middleware Challenges and Approaches for Wireless Sensor Networks (2006)

[2] Miao-Miao Wang, Jian-Nong Cao, Jing Li, and Sajal K. Das, Middleware for Wireless Sensor Networks: A Survey (2008)

[3] Agilla website http://mobilab.wustl.edu/projects/agilla/

[4] S. Marchesani, L. Pomante, M. Pugliese, and F. Santucci. WINSOME: A Middleware Platform for the Provision of Secure Monitoring Services over Wireless Sensor Networks (2013)

[5] Wander, A. S., Gura, N., Eberle, H., Gupta, V., Shantz, Sh. Ch.: Energy analysis of public-key cryptography for wireless sensor networks (2005)

[6] M. Pugliese, Managing Security Issues in Advanced Applications of Wireless Sensor Networks (2008)

(22)

Here comes your footer

Page



22

THANKS YOU!

ANY QUESTIONS?

http://mobilab.wustl.edu/projects/agilla/