report1
TRANSCRIPT
T.E I.T. Seminar Report
JSPM’SRAJARSHI SHAHU COLLEGE OF ENGINEERING,
Tathawade, Pune -33.
DEPARTMENT OF INFORMATION TECHNOLOGY2010-2011
A
Seminar Report
On
LAP: A Lightweight Authentication Protocol for Smart Dust Wireless Sensor Networks
Submitted byAsmita Kulkarni
Under The Guidance Of
Prof. D.H.Patil
Designation
…………………………………………………………………………………………………………………………..RSCOE IT 10-11 LAP-4
T.E I.T. Seminar Report
JSPM’S
RAJARSHI SHAHU COLLEGE OF ENGINEERING
TATHAWADE, PUNE – 33
CertificateThis is to certify that the Seminar entitled
LAP: A Lightweight Authentication Protocol for Smart Dust Wireless Sensor Networks
has been successfully completed by
Asmita kulkarni
of Rajarshi Shahu College of Engineering, Department of Information Technology, under our
guidance in a satisfactory manner as a partial fulfillment for the requirement of Seminar work
during the academic year 2011-12.
Date:
Place:
Prof. D. H. Patil Prof. S.V. Kedar Prof. D. S. Bormane
…………………………………………………………………………………………………………………………..RSCOE IT 10-11 LAP-4
T.E I.T. Seminar Report
(Seminar Guide) (H.O.D Information Technology) (Principal)
ACKNOWLEDGEMENT
It is my great pleasure to express my deep sense of gratitude to Prof. S.V. Kedar, Head of
Department Information Technology, for her valuable guidance, inspiration, and wholehearted
involvement during every stage of this project. Her experience, perception and through
professional knowledge, being available beyond the stipulated period of time for all kind of
guidance and supervision and ever-willing attitude to help, have greatly influenced the timely
and successful completion of this project.
I extend my sincere thanks to Prof. D H. Patil, Seminar Coordinator, for her valuable
guidance. She was always there for suggestions and help in order to achieve this goal.
My special thanks to Prof. S.V. Kedar, Head of Department – Information Technology for
her support and invaluable assistance rendered towards presentation of this work. I am also
thankful to all my staff members and course mates who were always there for suggestions and
help, in order to achieve the goal.
Finally I am indebted to Prof. D.S. Bormane, Principal, JSPM’s Rajarshi Shahu College of
Engineering, Tathawade, Pune for encouragement and providing me the opportunity and
facilities to carry out this project work.
Asmita kulkarni
…………………………………………………………………………………………………………………………..RSCOE IT 10-11 LAP-4
T.E I.T. Seminar Report
Table of Contents
Acknowledgement
Abstract
1. Introduction…………………………………………………......................1
2. LAP Protocol spec………………………………………………................3
3. Rekeying mechanism……………………………………………………...5
4. Performance Evaluation………………………………………………….9
5. Security Analysis……………………………………………………….…12
6. Simulation…………………………………………………………………15
7. Communication hole.……………………………………………………..16
8. Reshuffle of communication hole………………………………………...17
9. Key infection:smart trust for smart dust………………………………..18
10. Conclusion……………..………………………………………………......19
11. Future work……………………………………………………………......20
12. Refrences…………………………………………………………...………21
…………………………………………………………………………………………………………………………..RSCOE IT 10-11 LAP-4
T.E I.T. Seminar Report
ABSTRACT
With the advent of unbounded small-scale dust sensors being deployed in wireless
sensor networks, existing authentication protocols for ordinary wireless sensor networks
are becoming less efficient for dust sensors.Resource constrained dust nodes must do anything in
cooperation with other nodes. Existing key management protocols require large key storage in
each node, which cannot be stored in smart dust sensor nodes with strictly limited resources.
Given the practical fact that adversaries or non-adversaries cannot retrieve information inside
the RAM of minute smart dust sensors,this paper presents a Lightweight Authentication
Protocol (LAP) as a key management protocol for smart dust wireless sensor networks with
boundless number of nodes.The protocol uses a comparatively fewer number of keys for
authentication purposes, and guarantees the security of network in the long run by a rekeying
mechanism.Apart from being lightweight, it is quite primitive in the sense that it does not
impose any specific requirements on the network, such as on routing and network topology.This
allows other security protocols for ordinary sensor networks to use LAP while their initial key
distribution setup is in progress. LAP uses a rekeying mechanism in cooperative manner.…………………………………………………………………………………………………………………………..RSCOE IT 10-11 LAP-4
T.E I.T. Seminar Report
INTRODUCTION
The Wireless Sensor Networks (WSNs) are used in many applications from elementary home
applications to critical or military applications. Each application needs sensor nodes with specific
capabilities. Some applications need powerful nodes, but some need cheaper and less powerful
nodes such as smart dust nodes. In the context of key management, any key management
protocol requires a reasonable amount of space for key storage, depending on its sensors
capabilities. For example, a sensor node with 512 byte of memory cannot store hundreds of bytes
for keys. So, any technique that can reduce the amount of required storage for keys will be
beneficial to key management protocols.There have been a number of other ideas too that have
been proposed to overcome other specific requirements of WSNs, such as reducing the number
of communications,storing some keys in nodes before network deployment local key
management , relying on computation instead of communication (exchange of keys) , using
…………………………………………………………………………………………………………………………..RSCOE IT 10-11 LAP-4
T.E I.T. Seminar Report
specific network topologies, exploiting special nodes for key management , designing different
key types of different types of units of communication , and using deployment knowledge .In
this paper we intend to present a suitable Lightweight Authentication Protocol (LAP), as a key
management protocol, to provide a minimum level of security for WSNs consisting of cheaper
and less powerful nodes.The objective set for this key management protocol is to make use of as
few keys as possible. It should entail very low communication overhead for key management
too.To achieve these objectives, we have used most of the aforementioned ideas. However, it
should be noted that some ideas impose special requirements on the network.For example,
deployment knowledge of sensor places is only available in some specific applications and not
for all. It can optimize many approaches for that application.An example of such a scenario can
be found in . To preserve the generality of our approach and make it amenable to application to
as wider types of WSNs as possible, special-purpose ideas are ignored. This makes LAP a
basic key management protocol for WSNs.The rest of paper is organized as follows. Section2…………………………………………………………………………………………………………………………..RSCOE IT 10-11 LAP-4
T.E I.T. Seminar Report
discusses relevant works. Section 3 presents LAP in detail including its proposed rekeying
mechanism. Section 4 present discussion on the performance of LAP. Section5 complements the
latter discussion by a security analysis.Section 6 presents the simulation results, and Section 7
concludes and presents some future works
LAP PROTOCOL SPEC
We try to relax some of the strong constraints on the network in LAP. In LAP sensor nodes can
be mobile. The base station can be mobile or absent for some periods of time. It is not necessary
for the network to have a unique base station. It can have multiple base stations too.Network can…………………………………………………………………………………………………………………………..RSCOE IT 10-11 LAP-4
T.E I.T. Seminar Report
have any topology. For example, it can be single-hop, multi-hop, clustered or non-clustered, etc.Nodes can have very limited resources such as those available for smart dust nodes. Nodes can
be anonymous with no explicit identifier in our protocol, though in general the existence of at
least locally unique identifiers for nodes is appropriate for many applications especially for DOS
attacks. There is no assumption about node placement, routing protocol and wireless devices. It
can work in the absence of any kind of synchronizations. Any adversary can eavesdrop the
network communication units and may inject such units into the network. Physical attacks are
totally ignored since they require dedicated solutions that are orthogonal to our concerns in this
paper. The only perhaps strong assumption made about the network in LAP is about memory
. The memory inside each node is divided into three logical sections: RAM memory, executive
code memory and non-volatile memory. Some of these logical memory sections can be
4.
in one physical hardware unit. It is possible for an attacker to steal information which is stored in
…………………………………………………………………………………………………………………………..RSCOE IT 10-11 LAP-4
T.E I.T. Seminar Report
executive code or non-volatile memory sections, but cannot steal information stored in RAM. If
an attacker wants to access any information in RAM, the node owning the RAM detects this
desire and resets itself making information on the RAM inaccessible. This is specifically the
case for tiny smart dust nodes with miniature sizes and embedded integrated physical hardware
that makes intrusion real hard for attackers. This assumption about RAM also allows us to
deploy a global shared key for smart dust networks, in spite of the cited criticisms that when a
node compromises the global shared key, the security of the whole network is compromised too
…………………………………………………………………………………………………………………………..RSCOE IT 10-11 LAP-4
T.E I.T. Seminar Report
REKEYING MECHANISM
In an arbitrary time the base station sends a message to network nodes to refresh their shared
keys. This message is encrypted with SK0. The interval for rekeying messages can be aperiodic.
A rekeying message consists of a counter (C) whose value shows the number of times the key
has been refreshed. This message must be disseminated to all nodes using the underlying routing
protocol of the network. It is quite possible that a rekeying message be the first message
received by a node. In this case, no routing information has been gathered yet. LAP works even
in these situations since it does not make any assumptions about routing protocol. This implies
that redundant messages could well be received during network setup time. So we include a
mechanism to avoid uncontrolled states when such messages arrive.After a node receives a
rekeying message, if the value of C is more than the value that the node knows about (CNi
for each node i), it continues processing the message, otherwise, it discards the message. In case
of further processing, any network node can decrypt the implementation of FK function with
EK. Using FK function and SK0 and SK1 shared keys, new keys are generated. Now it's time to
encrypt the implementation code of FK function using EK. Afterwards, all nodes use
these new keys. During key refreshing, some nodes may well exchange messages that are
encrypted with the old keys. These kinds of messages are discarded by the receiving nodes as…………………………………………………………………………………………………………………………..RSCOE IT 10-11 LAP-4
T.E I.T. Seminar Report
if they were corrupt messages.It should be pointed out that the base station is always the
6.
initiator of the rekeying message in LAP. This does not however deny the right of other nodes to
trigger rekeying at agreed upon time intervals in a synchronized manner.This way, all nodes
upgrade their keys at the same time. But the problem is how they synchronize time in
adistributed manner with the lack of a globally synchronized timer? That is why LAP exclude
any rekeying initiatives from nodes other than the base station If any node loses a rekeying
message for any reason, it cannot negotiate with other nodes in the network after rekeying
finishes. We call such a node a sleepy node. So a sleepy node cannot decrypt its received
messages correctly since it does not possess the refreshed keys.Repeated occurrence of this
disability to communicate with some nodes, gives a sleepy feeling to the node. If it has not been
slept for long, it may awaken itself by sending a special message, called GetCounter, to its
neighbors. Receiving neighbors reply by sending their internal C value (CNi) The sleepy node
…………………………………………………………………………………………………………………………..RSCOE IT 10-11 LAP-4
T.E I.T. Seminar Report
encrypts the message using its own SK0 (previous network shared key) whileneighbors decrypt
the special message using their SK1 (the previous network shared key which is now put into
SK1). Replied messages of neighbors are also encrypted with SK1. Having got the new C value,
it can set its internal C value to the new value and start refreshing its keys toenable its secure
future communications. Note that only those neighboring nodes can reply to the GetCounter
message whose SK1 are identical to SK0 of the sleepy node; that is they only lag one rekeying
Better said, only those neighboring nodes reply to the GetCounter message whose C values are
not identical to the C value of the sleepy node. If any node loses more than one rekeying
message, it cannot be awakened by triggering the GetCounter message mechanism
just once. This is because none of its neighbors reply to its GetCounter message. To wor out
its way out, it should create new shared keys in its own will and try the GetCounter message
mechanism once more. This scenario must be repeated either until it gets the shared keys
pertinent to all other communicating nodes, or a predefined MaxTry threshold is reached…………………………………………………………………………………………………………………………..RSCOE IT 10-11 LAP-4
T.E I.T. Seminar Report
indicating that the node must purge its RAM and go to sleep forever.If none of the nodes within
a group of neighboring sensor nodes gets refreshing messages, it is as if they form
communication hole. They communicate with the nodes in the hole all right, but the nodes at the
border of this hole get the feeling that they cannot communicate with their neighbors residing
outside the hole. So they try to send GetCounter messages and consequently obtain new shared
keys. As is shown in Figure 1, in this way the members and the boundary of the sleepy group
gets smaller and smaller until all sleepy nodes get awakened.
…………………………………………………………………………………………………………………………..RSCOE IT 10-11 LAP-4
T.E I.T. Seminar Report
1.Sleepy group population at time t0
When additional nodes are to be added to the network and deployed after the initial network
setup, they must have SK0, SK1, EK keys and the C value. The network controller somehow sets
the last known shared keys and values to the newly arrived nodes. If a rekeying message
is sent to the network before the setup of the new nodes finishes and they are deployed, they can
get communicating using the special GetCounter message mechanism described before.
…………………………………………………………………………………………………………………………..RSCOE IT 10-11 LAP-4
T.E I.T. Seminar Report
Additional lags in refreshing messages between the new nodes and currently deployed nodes are
treated as mentioned before
8.
.
2. Sleepy group population at time t0+Δt
…………………………………………………………………………………………………………………………..RSCOE IT 10-11 LAP-4
T.E I.T. Seminar Report
9.
PERFORMANCE EVALUATION
The storage space required by each node in LAP need only accommodate the implementation of
FK function,SK0, SK1 and EK Keys and the internal value of C. This is a small space
requirement. The performance of awakening procedure can be improved if more keys,
SK0,SK1, SK2, …, SKn, are stored instead of only one pair of shared keys. This is indeed
feasible only if enough space exists at each node Computational overheads of LAP are mostly
dependenton the rate of refreshing. LAP is designed for applications that require a low rate of refreshing. The overhead of refreshing mechanism consists of decryption andencryption of FK
function and calculation of new keys.These computations are very trivial in contrast to
computations that a node performs in its lifetime.It is however possible to eliminate the
…………………………………………………………………………………………………………………………..RSCOE IT 10-11 LAP-4
T.E I.T. Seminar Report
decryption and encryption of FK function at the cost of using more RAM. When a node starts, it
can decrypt the implementation code of FK function, copy this to RAM, and finally remove this
implementation from nonvolatile memory.Thereafter, there is no need at all for the encryption
and decryption of FK function implementation code.When a node becomes sleepy, it must run
FK once or more times to acquire successive keys. This wastes node power. Two observations
exist about this repeated action. Firstly, this repetition occurs rarely. Secondly, when a node
10.
becomes sleepy it cannot communicate with others in actual fact. So awaking is the only action
which can bring back the node to a communicative status. To achieve this, the node generates
the next keys in sequence,sends a GetCounter message to neighbors and waits for a response. If
no response is received until a timeout, the node keeps silent for some time and tries GetCounter
message again and repeats this scenario until it gets some response. If however the received
messages are not meaningful due to the mismatch of shared keys between the slept node and
…………………………………………………………………………………………………………………………..RSCOE IT 10-11 LAP-4
T.E I.T. Seminar Report
other nodes in the network, the slept node generates the next keys in sequence and continues as
before. The slept node stops all its other activities when it goes through the mentioned scenario
because no communication is available to it. The point is that the computation of
communication overhead of a sleepy node is not more than the computation or communication
cost of the same node when it is not slept doing its normal operations. When a node is awake, it
has some computation and communication that may have immediate responses makes the node
look busier.Furthermore, the communication cost is mostly attributable to rekeying messages
sent to all nodes over whom the cost is amortized. If the network is clustered,the cost of message
propagation depends on the clustering approach. If the network is not clustered, which is more
probable in smart dust networks, or it is in its start up and before the completion of clustering
the cost of message propagation will be high. As we noted before, the rekeying mechanism is
considered to have a low rate in this paper.
11.
…………………………………………………………………………………………………………………………..RSCOE IT 10-11 LAP-4
T.E I.T. Seminar Report
SECURITY ANALYSIS
LAP is considered as a base protocol for WSNs. It is very lightweight. Other possibly more
powerful and heavyweight protocols can be deployed on top of this protocol. One of the main
advantages of this light protocol is that it provides a secure environment even before network
start up finishes. For example, consider an application wherein flying objects scatter sensors on
the ground. Even before sensor nodes reach to the ground,they can start communicating securely
using LAP. As another example, some renowned protocols such as LEAP pretend not to suffer
from insecure communications during node start up by assuming that no adversaries will
compromise security while the nodes are engaged in startup activities and before then discover
their immediate neighbors. This weakness can be removed if LEAP uses LAP as a basis to
secure communications during node start up. LAP is used until the key establishment activities
in LEAP finish; the established keys are thereafter used.We store SK0, SK1 and EK keys in
non-volatile memory in encrypted form. This is because if a deployed node cannot start
…………………………………………………………………………………………………………………………..RSCOE IT 10-11 LAP-4
T.E I.T. Seminar Report
12.
normally, no unencrypted key should exist in its non-volatile memory; otherwise unencrypted
keys may well be found out by any adversary. It is also desirable that nodes start up a few
seconds before deployment.It may seem that LAP is defenseless against denial of service attacks
that can send superfluous messages to nodes. This is not true, since each node can be forced to
accept such messages from a given source, only a number of predefined (MaxTry) times and to
disregard messages from that source afterwards. We have defined LAP to be a key management
protocol, other security issues like DOS and DDOS have their own solutions. The encryption of
the FK function in sensor nodes is quite innovative and unique to LAP. In this way,adversaries
are prevented from keying mechanism. When a rekeying message is received, it is decrypte only
in fraction of a second.
…………………………………………………………………………………………………………………………..RSCOE IT 10-11 LAP-4
T.E I.T. Seminar Report
13
SIMULATION
We simulated our protocol in VisualSense (Ptolemy II) and used many node distribution patterns
to check the validity of LAP. The patterns supported both different densities and number of
nodes in the field. The field size was chosen differently too in order to check the generality
of LAP. The logic of LAP was implemented with a derived class from Ptolemy
TypedAtomicActor class. To monitor the behavior of the rekeying mechanism, we
visualized the states of nodes with colors.Figure 2 shows a communication hole denoting the
…………………………………………………………………………………………………………………………..RSCOE IT 10-11 LAP-4
T.E I.T. Seminar Report
number of nodes that have not yet received the rekeying message (green nodes stand for awake
nodes, and blue nodes stand for sleepy nodes). Figure 3 demonstrates a situation where a
number of previous sleepy nodes have changed their states to awake after sending GetCounter
messages to awake nodes. Figure 2. A communication hole in a sample simulation Figure 3
Reshuffle of the communication hole.
14.
…………………………………………………………………………………………………………………………..RSCOE IT 10-11 LAP-4
T.E I.T. Seminar Report
Figure 2. A communication hole in a sample
15.
…………………………………………………………………………………………………………………………..RSCOE IT 10-11 LAP-4
T.E I.T. Seminar Report
Figure 3. Reshuffle of the communication hole
16
…………………………………………………………………………………………………………………………..RSCOE IT 10-11 LAP-4
T.E I.T. Seminar Report
Key Infection: Smart Trust for Smart Dust
Future distributed systems may include large selforganizing networks of locally communicating
sensor nodes, any small number of which may be subverted by an adversary. Providing security
for these sensor networks is important, but the problem is complicated by the fact that managing
cryptographic key material is hard: low-cost nodes are neither tamper-proof nor capable of
performing public key cryptography efficiently.In this paper, we show how the key distribution
problem can be dealt with in environments with a partially present, passive adversary: a node
wishing to communicate securely with other nodes simply generates a symmetric key and sends
it in the clear to its neighbours. Despite the apparent insecurity of this primitive, we can use
mechanisms for key updating, multipath secrecy amplification and multihop key propagation to
build up extremely resilient trust networks where at most a fixed proportion of communications
links can be eavesdropped. We discuss applications in which this assumption is sensible.
Many systems must perforce cope with principals who are authenticated weakly, if at all; the
resulting issues have often been left in the ‘too hard’ tray. One particular interest of sensor
networks is that they present a sufficiently compact and tractable version of this problem. We
can perform quantitative analyses and simulations of alternative strategies, some of which we
present here. We also hope that this paper may start to challenge the common belief that
authentication is substantially about bootstrapping trust.We argue that, in distributed systems
where the opponent can subvert any small proportion of nodes, it is more economic to invest
in resilience than in bootstrapping17.
…………………………………………………………………………………………………………………………..RSCOE IT 10-11 LAP-4
T.E I.T. Seminar Report
CONCLUSION AND FUTURE WORKS
A lightweight protocol (LAP) for key management in smart dust wireless sensor networks with
boundless number of nodes was presented in the paper that tries to manage keys with minimum
communication, storage, and computational costs. The global shared key approach
used in the protocol makes in-network processing available to smart dust nodes. LAP uses
comparatively fewer keys to achieve security. It reduces communication overhead at the cost of
adding a little bit to computation. It provides security for nodes before deployment.Therefore, it can be considered as a base key management protocol that preserves network
security before start up. LAP can be used in any network topology including the
flat model. LAP keeps safety of network using a cooperative rekeying mechanism.We are
currently furthering the work reported in this paper in three ways. Firstly, the study of other
lightweight protocols for WSNs in this area needs to distinguish between the existing protocols
that use a global shared key or not. Secondly, LAP assumes that the information stored in RAM
cannot be stolen. Removing this assumption, may well lead to more heavyweight protocols
than LAP. A challenge is to look for a similarly lightweight protocol lacking this assumption
…………………………………………………………………………………………………………………………..RSCOE IT 10-11 LAP-4
T.E I.T. Seminar Report
Thirdly,LAP is designed for an unbounded number of cheap nodes with limited life time. We
need to have a lightweight protocol for lots of cheap but longer life nodes, for example, nodes
with rechargeable batteries.
18.
REFERENCES
[1] G.J. Pottie and W.J. Kaiser., “Wireless Integrated Network Sensors,” Communications of the ACM, Vol. 43, 2000, pp. 551–558.
[2] I.F Akyildiz, W. Su, Y. Sankarasubramaniam, E. Cayirci, “Wireless Sensor Networks: a Survey,” Computer Networks, Vol. 38, 2002, pp. 393-422.
[3] R. Anderson, H. Chan, A. Perrig, “Key Infection: Smart Trust for Smart Dust,” 12th IEEE International Conference on Network Protocols (ICNP'04),
[4] W. Diffie, and M. E. Hellman, “New Directions in Cryptography,” IEEE Transactions on Information
.
…………………………………………………………………………………………………………………………..RSCOE IT 10-11 LAP-4