A middleware to support security Stefano Marchesani Centre of Excellence DEWS Università degli Studi dell'aquila, Italy IPSN Ciclo PhD Forum XXVI 2013
OVERVIEW Introduction Middleware Security Middleware Agilla TAKS IDS Future works Conclusions 2/22
OVERVIEW Introduction Middleware Security Middleware Agilla TAKS IDS Future works Conclusions 3/22
INTRODUCTION (1/3) What is a middleware? SW package intermediary between the application and underlying infrastructure (OS or HW) What is a middleware for WSN? SW package providing [1] [2]: a suitable view of a network of nodes an interface to access some services: Configure/program nodes System services Manage application-layer problems (QoS, Discovery services, etc.) 4/22
INTRODUCTION (2/3) Classification by programming/configuring [1] [2] Virtual machine: the system injects and distributes the modules through the network using tailored algorithms and the VM then interprets the modules Database: this approach views the whole network as a virtual database system and It provides an interface that lets the user issue queries to the network to extract the data of interest Modular (agent-based): the key to this approach is that applications are as modular as possible to facilitate their injection and distribution through the network using mobile code Application-driven: this approach introduces a new dimension in middleware design by supplementing an architecture that reaches the network protocol stack Message-oriented: uses the publish-subscribe mechanism to facilitate message exchange between nodes and the sink nodes 5/22
INTRODUCTION (3/3) What is (network) security? Network security goals: data Confidentiality, Integrity and Authentication (CIA) system Availability How is it possible to ensure security? Good encryption (and decryption) schemes ensure CIA To ensure availabity is more complex Detection and Reaction 6/22
OVERVIEW Introduction Middleware Security Middleware Agilla TAKS IDS Future works Conclusions 7/22
MIDDLEWARE Goal: a middleware to support security in WSN Useful interface for the WSN programmer Suitable for real-world applications Compliant to security requirements (CIAA) Proposed approach Embed selectable encryption schemes and an Intrusion Detection System (IDS) into an agent-based middleware Agent-Based MW Encr/Decr IDS 8/22
MIDDLEWARE: AGENT-BASED MW Why agent-based MW? Network reprogramming without service interruption Agents are useful for both network maintenance and WSN programmer Agents can be used for IDS (Reaction) Agilla [3] Developed at the Washington University in St. Luis It is stable and open source (TinyOS 1.x) We are evaluating its suitability for real-world application Power consumption, Routing, etc. 9/22
MIDDLEWARE: ENCRYPTION (1/3) WSN encryption schemes Symmetric vs Asymmetric schemes Symmetric solutions are preferred because their performance [5] In Symmetric schemes we have key distribution issue Proposed approach Topology Authenticated Key generation Scheme (TAKS) A planner defines a planned network topology Local admissible network is stored in each node TAKS dynamically generates keys on this information Each message can be Topology Authenticated 10/22
MIDDLEWARE: ENCRYPTION (2/3) Topology Authenticated Key generation Scheme (TAKS) T(i) set of topology vector L(i) set of local key component 2 3 1 4 T(1) = k t2, k t3 T(2) = k t1, k t3 T(3) = k t1, k t4 T(4) = k t3 L(1) = k l1 L(2) = k l2 L(3) = k l3 L(4) = k l4 k t = f(k l ) TAK ij = g(k ti,k lj ) = h(k tj,k li ) 11/22
MIDDLEWARE: ENCRYPTION (3/3) Example from [4] Let n i and n j be a node pair Let b be a scalar in GF(q), a i, a j, m and c vectors in vector space over GF(q) k k k k li ti lj tj i aib k k + k k 0 j m (a + c) m aib j a b m (a + c) m a b j m a m a i j TAK i li tj lj ti = k li k tj TAK j k lj k ti 12/22
MIDDLEWARE: IDS (1/5) Intrusion Detection System A functional component to detect and eliminate intrusions [6] Block diagram Intrusion Detection Intrusion Reaction Logic Intrusion Reaction Application Configuration Data Audit Data 13/22
MIDDLEWARE: IDS (2/5) Intrusion Detection System Two types of Intrusion Detection Anomaly based models normal behavior (+FP and -FN) Misuse based models threat behavior (-FP and +FN) Proposed approach Misuse based approach Difficulty to model normal behavior Threat behavior is a Weak Process Model (WPM) 1 (1,6) 2 (3,4) 3 (2,4) 4 (3,5) 5 (1,3,6) 14/22
MIDDLEWARE: IDS (3/5) How does an attack can be modeled? An attack is a sequence of operations aim to break security It is an unknown FSM that we can observe through some anomalies Hidden Markov Model (HMM) and Viterbi algorithm HMM observable is associated to the probability to be in a certain state Viterbi algorithm is too expensive 2 1 p 11 1 p 21 1 p 61 1 4 1 2 p 12 3 p 13 2 2 p 22 3 p 23... 6 2 p 62 3 p 63 3 5 4 p 14 5 p 15 4 p 24 5 p 25 4 p 64 5 p 65 15/22
MIDDLEWARE: IDS (4/5) How does an attack can be modeled? Relax HMM to Weak Process Model (WPM) Each observable is associated to the possibility to be in a certain state Weighing state transitions Viterbi algorithm can be simplified Scoring mechanism and threshold 1 (1,6) 2 (3,4) 4 (3,5) 1 1 5 2 3 3 2 4 5 3 (2,4) 5 (1,3,6) 4 2 3 5 4 6 1 5 16/22
MIDDLEWARE: IDS (5/5) Misuse-based Intrusion Detection We designed WPM for 3 types of threats Hello flooding, sinkhole and wormhole 17/22
OVERVIEW Introduction Middleware Security Middleware Agilla TAKS IDS Future works Conclusions 18/22
FUTURE WORKS Agilla Reverse engineering Porting in TinyOS 2.x Encryption Performance evaluation in Agilla Intrusion Detection System Implementation and validation IRL and IRLA definition Database enhancing 19/22
CONCLUSIONS It is proposed a middleware to support security in Wireless Sensor Networks The proposed middleware is Useful for WSN programmer Gifted of innovative security facilities Works will be done to make it suitable for real-world applications 20/22
REFERENCES [1] Salem Hadim, and Nader Mohamed, Middleware: Middleware Challenges and Approaches for Wireless Sensor Networks (2006) [2] Miao-Miao Wang, Jian-Nong Cao, Jing Li, and Sajal K. Das, Middleware for Wireless Sensor Networks: A Survey (2008) [3] Agilla website http://mobilab.wustl.edu/projects/agilla/ [4] S. Marchesani, L. Pomante, M. Pugliese, and F. Santucci. WINSOME: A Middleware Platform for the Provision of Secure Monitoring Services over Wireless Sensor Networks (2013) [5] Wander, A. S., Gura, N., Eberle, H., Gupta, V., Shantz, Sh. Ch.: Energy analysis of public-key cryptography for wireless sensor networks (2005) [6] M. Pugliese, Managing Security Issues in Advanced Applications of Wireless Sensor Networks (2008) 21/22
THANKS YOU! ANY QUESTIONS? 22/22