Intrusion Tolerance
for NEST
Bruno Dutertre, Steven Cheung
SRI International
1
Outline
• Objectives
• Proposed approach:
– Local authentication and initial key
establishment
– Leveraging local trust
– Intrusion detection and response
• Plan
2
Objective
• Low-cost key management
for large-scale networks of
small wireless devices
• Constraints:
– Limited memory, processing
power, and bandwidth
– Networks too large and not
accessible for manual
administration/configuration
– Devices can be compromised
3
Traditional Key Management
• Decentralized approaches:
– Public-key infrastructure
– Diffie-Hellman-style key
establishment
• Approaches based on
symmetric-key cryptography
– Trusted authentication
and key distribution server
(e.g., Kerberos)
Too expensive
Limited scalability
High administrative
overhead to set up
long-term keys
Vulnerable to server
failure
Server may be a
bottleneck
4
Proposed Approach
• Goals:
– Intrusion-tolerant architecture for key management in NEST
– Use only inexpensive cryptographic algorithm (symmetrickey crypto)
– Decentralized (no server) and self organizing
• Approach:
–
–
–
–
Build initial secure local links
For nonlocal communication, rely on chains of intermediaries
Use secret sharing when intermediaries are not fully trusted
Develop complementary intrusion detection methods to
locate nontrustworthy nodes
5
Bootstrapping
• Establish secure local links between
neighbor devices quickly after
deployment
– Weak authentication is enough (need only to
recognize that your neighbor was deployed
at the same time as you)
– Exploit initial trust (it takes time for an
adversary to capture/compromise devices)
– Focusing on local links improves efficiency
6
Basic Bootstrapping Scheme
• For a set S of devices to be deployed
– Construct a symmetric key K
– Distribute it to all devices in the set
• K enables two neighbor devices A and B
– To recognize that they both belong to S (weak
authentication)
– To generate and exchange a key K ab for future
communication
• Possible drawback:
– Every device from S in communication range of A
and B can discover K ab. More robust variants are
possible.
7
Leveraging Local Trust
B
K ab
K bc
C
K cd
K ce
A
K ae
D
K de
E
• To establish keys between distant nodes:
– use chains of trusted intermediaries
• To tolerate compromised nodes:
– disjoint chains and secret sharing
8
Tradeoffs
• Security increases with
– the number of disjoint paths
– the number of shares
but these also increase cost
• Challenges:
– Implement cheap crypto and secret sharing
techniques
– Quantify the security achieved
– Find the right tradeoff for an assumed fraction of
compromised nodes
9
Intrusion Detection
• Goals:
– Detect compromised nodes (to remove
them from chains)
– Detect other intrusions: denial-of-service
attacks, attempt to drain power
– Cryptography is ineffective against these
10
Intrusion Detection Approach
• Develop models of attacks and relevant
signature:
– What must be monitored?
– How to collect and distribute the data?
• Develop diagnosis methods:
– Identify the source of the attack if possible
• Possible responses:
– Avoid nodes that are considered compromised
– Hibernation to counter DoS or power-draining
attacks
11
Experimental Evaluation
• Platform:
– “motes” with TinyOS
– up to 20% compromised nodes
– Objective: show feasibility, measure
overhead
• Experiment scenario remains to be
defined
12
Schedule
13