Research On Security Countermeasures For Time Synchronization In IEEE802.15.4e

As industrial wireless applications have critical requirements on reliability,low-power and real-time,the historical medium access control(MAC)protocol of IEEE802.15.4-2006 standard has suffered from many flaws.IEEE802.15.4e is the new MAC standard for the industrial Internet of things(IIoT),which enables highly reliable and low power wireless networking through time-synchronized channel hopping(TSCH)technique.Since time synchronization is a fundamental requirement for IEEE802.15.4e network,the applications of network communication,node localization and data fusion will be paralyzed when the malicious adversaries launch time synchronization attacks.So the security of time synchronization is a key problem in the area of IEEE802.15.4e-based IIoT.Time synchronization in IEEE802.15.4e is divided into single-hop pair-wise,cluster-wise and multi-hop three levels.The dissertation analyzes their security vulnerabilities due to the TSCH technology itself and high-precision synchronization requirements,and defines the specific attacks,then proposes the corresponding security countermeasures.The contributions of this dissertation are as follows:(1)We propose a security countermeasure for single-hop pair-wise time synchronization.The single-hop pair-wise time synchronization include two parts:Absolute Slot Number(ASN)synchronization and Device-to-Device synchronization.First,we provide an in-depth security analysis of single-hop pair-wise time synchronization,and define two types of time synchronization attacks,named ASN attack and timeslot template attack.Then,we propose a security countermeasure which includes Sec ASN and time offset filter(TOF)algorithm.The Sec ASN algorithm adopts message integrity authentication method and 2s+1 mechanism to defend against ASN attack.The TOF algorithm designs a filter based on a typical clock model to filter out the time synchronization packet from malicious nodes,which is used to defend against timeslot template attack.Finally,experiments are conducted to verify the effectiveness and feasibility of the proposed countermeasure.(2)We propose a security countermeasure for cluster-wise time synchronization.The cluster-wise time synchronization in IEEE802.15.4e adopts advertisement(ADV)-based scheme to provide a common time among a cluster of'nodes.First,we provide an in-depth security analysis of cluster-wise time synchronization and point out two majority attacks which called forge broadcast synchronization packet attack and compromise attack.Then,we propose a security countermeasure which includes an improved ?TESLA broadcast authentication protocol and fault-tolerant time synchronization algorithm.The improved ?TESLA broadcast authentication protocol adopts a packet-based key chain mechanism to resolve the conflict between the delay of disclosed keys and the length of key chain in the original ?TESLA.The fault-tolerant time synchronization algorithm adopts a cluster-wise time synchronization model to guarantee an upper bound of time difference between normal nodes in a cluster,provided that the malicious nodes are no more than one third of the cluster.Finally,theoretical analysis and experiment results validate the effectiveness and feasibility of the security countermeasure.(3)We propose a security countermeasure for multi-hop time synchronization.First,we point out two types of attacks in the multi-hop time synchronization,named time synchronization tree attack and error accumulation attack.Then,we propose a security countermeasure which includes an anomaly intrusion detection algorithm based on Rank and a multi-path approach based on trust modeling.The anomaly intrusion detection algorithm based on Rank can detect time synchronization tree attack by verifying the rank value of DIO packet in the network.The multi-path approach based on trust modeling can find a secure path to the root node by establishing trust model between nodes.Finally,simulations are conducted to verify the effectiveness of the proposed countermeasure.And a multi-hop time synchronization test platform is built using 16 OpenMoteSTM nodes and OpenWSN software.The experimental results validate the effectiveness and feasibility of the security countermeasure.