0
1

]Rushin $hah

27 February 2014
Security in
Wireless Sensor Network
Unit : 6

2

]Rushin $hah

27 February 2014
Threats to a wireless sensor Networks
There are many vulnerability and threats to WSN which includes:







Due to Pow...
List of threats to WSN


Passive information gathering



Subversion of node



False Node



Node Malfunction



Nod...
List of threats to WSN
Passive Information Gathering:



- If communication between sensors / between sensors and Interme...
List of threats to WSN
False Node:



- An Intruder might add a node to a system and

feed false data or block the passag...
List of threats to WSN
Node Outage:



If a node serves as an intermediate node or collection and aggregation

point, Whi...
List of task to be achieve during
designing of Generic WSN Security Model
 Communication Security:

- This Mechanism invo...
List of task to be achieve during
designing of Generic WSN Security Model
 Key Management:

- Due to the fact that most s...
List of task to be achieve during
designing of Generic WSN Security Model


Data Aggregation:
- In the ideal security mod...
Security Architecture


SPIN:
Security Protocol

in Sensor Network


SPIN

SNEP:
Secure Network
Encryption Protocol



...
Security Architecture


In SPINS, each sensor node shares a unique master key with
base station.



Other key required b...
Security Architecture


To

achieve

authenticated

broadcasts,

micro-TESLA

uses

time –released key chain.(TRKC)


Th...
Key distribution techniques
for sensor Network


The general key distribution refers to the task of distributing secret
k...
Complication in Designing of Secure Protocol
Characteristics of the Sensor Network which can generate complication



in ...
Problems of Bootstrapping in Sensor N/W


Boot strapping schemes for sensor networks needs to satisfy the
following requi...
method of key distribution
 Single

Network Wide Key

 Asymmetric
 Pair

Cryptography

wise keys

 Trusted

base stati...
Single Network Wide Key


The simplest method of key distribution is to pre-load a Single Network
Wide Key onto all nodes...
Single Network Wide Key : Properties
 Minimal

memory storage required

 No additional

protocol steps are required.

 ...
Single Network Wide Key :


Drawback & Solution

The drawback of this scheme is:
if single node is compromised then entir...
Asymmetric Cryptography


If a sensor node hardware is able to support asymmetric key cryptography
operation then this is...
Asymmetric Cryptography


Once nodes have been deployed, they perform key exchanges.



‘Nodes exchange their respective...
Asymmetric Cryptography


Properties :


Possible to revoke known compromised key-pairs





Perfectly resilient agai...
Pair wise keys


In this approach , every node in the sensor network shares a unique
symmetric key with every other node ...
Pair wise keys


Property:


Compromised keys can be revoked





Perfect resilience to node capture

Only uses symme...
Trusted base station based key distribution


This method of key distribution uses trusted, secure base station as an
arb...
Trusted base station based key distribution


Now assume that after deployment , the node A wants to establish a
shared s...
Trusted base station based key distribution


Properties:



Perfect resilience to node capture



Revocation of node ...
Random Key pre distribution scheme


Let m –denote the number of distinct cryptographic keys that can be stores
on a sens...
Random Key pre distribution scheme


Such key discovery can be performed by assigning a short identifier to
each key prio...
Water Marking


One of the major security issue in the Internet is:

Digital Right Management (DRM).


It is easy to see...
Water Marking


Watermarking techniques have been proposed for two domains:

Static artifacts & Functional artifacts


S...
Water Marking


Watermarking is also applicable to functional artifacts, such as
software & integrated circuits designs.
...
Real – Time Watermarking


AIM: To authenticate data which is collected by a sensor network.



Key Idea: To impose addi...
Real – Time Watermarking


In particular, an attractive alternative is to impose constraints on
intrinsic properties (e.g...
36

]Rushin $hah

27 February 2014
Upcoming SlideShare
Loading in...5
×

6. security in wireless sensor netwoks

184

Published on

Published in: Education
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
184
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
20
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Vulnerability (વલ્નરેબિલિટિ) : ભેદ્યતા, આંતરિક નિર્બળતા
  • Intrude(ઇન્ટ્રૂડ) : –માં ઘાલવું, -માં ખોસવું, બીજા ઉપર પરાણે લાદવું (વસ્તુને કે જાતને), વગર બોલાવ્યે આવવું, અંદર ઘૂસવું, અતિક્રમણ કરવું Tampered : interfere unwantedly
  • Impersonate (ઇમ્પર્સનેટ્) : હોવાનો ઢોંગ કરવો, -નો ભાગ ભજવવોMal (મેલ) : રોગ, વ્યાધિ, કુ–, દુ:–, દુષ્–, અધમના અર્થમાં વપરાતો ઉપસર્ગGarble(ગાર્બલ) : ખોટો ખ્યાલ ઉત્પન્ન થાય એ રીતે હકીકતને તેના વિકૃત, ખોટા સ્વરૂપે રજૂ કરવી,
  • Quite (ક્વાઇટ) : પૂરેપૂરું, તદ્દન, બિલકુલ, કેવળ, કેટલેક અંશે
  • Healing : દરદ મટાડનાર, સાજું કરનાર, સુધારનાર
  • Secrecy (સિક્રસિ) : ગુપ્ત રાખવું તે, ગુપ્તતાBootstraps (બૂટસ્ટ્રેપ્સ) : પારકી સહાય વિનાનો પ્રયત્ન, સ્વતંત્ર પ્રયત્ન
  • Vulnerability(વલ્નરેબિલિટિ) : ભેદ્યતા, આંતરિક નિર્બળતા
  • Legitimate (લિજિટિમટ) : કાયદેસરનું, યોગ્ય, નિયમિત, તર્કથી ગ્રાહ્ય, યથાર્થ, નિયમસર
  • Viable(વાઇઅબલ) : જીવી, નભી, – જીવતું રહી શકે એવું, (કોઈ યોજના ઇ અંગે) આર્થિક દૃષ્ટિથી કરી શકાય એવું, પાંગરી કે ઊછરી શકે તેવું
  • Resilient(રિઝિલિઅન્ટ) : શારીરિક કે માનસિક મૂળ સ્થિતિ પ્રાપ્ત કરનાર, શારીરિકે માનસિક દૃષ્ટિએ સ્થિતિ સ્થાપક, સ્થિતિસ્થાપકતા, લવચીક, ઉલ્લસિત વૃત્તિવાળુંRevoke (રિવોક) : પાછું ખેંચી લેવું, રદ કરવું,Vulnerability (વલ્નરેબિલિટિ) : ભેદ્યતા, આંતરિક નિર્બળતા
  • Arbiter(આર્બિટર) : લવાદ, પંચ, કર્તાહર્તા, મધ્યસ્થી
  • Syntactic : પદવિન્યાસનું, તેને લગતું કે તદનુસારLeverage (લીવરિજ) : ઉચ્ચાલકની ક્રિયા, ઉચ્ચાલક વાપરવાથી થતો યાંત્રિક લાભ, કોઈ હેતુ પાર પાડવાનું સાધન
  • Obfuscation(ઑબ્ફસ્કેશન) : ધૂંધળું કરવું, અસ્પષ્ટ કરવું, અંધારું કરવું, ઉપર અંધારપછેડો નાખવો, મૂંઝવવું, સ્તિમિત કરવું
  • Transcript of "6. security in wireless sensor netwoks"

    1. 1. 1 ]Rushin $hah 27 February 2014
    2. 2. Security in Wireless Sensor Network Unit : 6 2 ]Rushin $hah 27 February 2014
    3. 3. Threats to a wireless sensor Networks There are many vulnerability and threats to WSN which includes:    Due to Power Failure  Due to Environmental Factors  Due to Physical Tempering  3 Threats due to Equipment Breakdown Due to Information Gathering ]Rushin $hah 27 February 2014
    4. 4. List of threats to WSN  Passive information gathering  Subversion of node  False Node  Node Malfunction  Node Outage  Message corruption  Denial of Service 4 ]Rushin $hah 27 February 2014
    5. 5. List of threats to WSN Passive Information Gathering:  - If communication between sensors / between sensors and Intermediate nodes are in the clear then An intruder: with an appropriate powerful receiver and well designed antenna can passively pick off the data stream. Subversion of a node:  - If sensor node is captured, it may be tampered with electronically interrogated and perhaps compromised. - Once compromised, the sensor node may disclose its cryptographic keying material. 5 ]Rushin $hah 27 February 2014
    6. 6. List of threats to WSN False Node:  - An Intruder might add a node to a system and feed false data or block the passage of True data. - Typically a false node is computationally robust device which impersonates a sensor node. Node Malfunction:  - A node in a wireless sensor network may mal function and generate inaccurate or false data. - More over if the node is work as intermediate node may drop or garble data during transmission. 6 ]Rushin $hah 27 February 2014
    7. 7. List of threats to WSN Node Outage:  If a node serves as an intermediate node or collection and aggregation point, Which stops working. Message Corruption:  Attacks against the integrity of message occur when: An intruder insert themselves between the source and destination And modify the contents of a message. Denial of Service:  A denial of service attack on WSN may take several forms, such an attack may consist of jamming the radio link or could exhaust resources or misroute the data. 7 ]Rushin $hah 27 February 2014
    8. 8. List of task to be achieve during designing of Generic WSN Security Model  Communication Security: - This Mechanism involve to provide security for node to node communication. - In the case: when more powerful nodes exist & clusters can be formed, end to end communication security between the designated cluster head and each individual sensor node in the cluster should be used. - In the absence of powerful nodes , it is appropriate to employ pair wise security , but only for fixed number of pairs. - This is because pair wise security is not scalable as the number of nodes in WSN increases. 8 ]Rushin $hah 27 February 2014
    9. 9. List of task to be achieve during designing of Generic WSN Security Model  Key Management: - Due to the fact that most sensor nodes in WSN have limited amount of energy, public key cryptography mechanism are expensive in terms of Energy Consumption. - Private key cryptography, on the hand is quite applicable to WSN due to its low energy requirements. - However in hybrid WSN consist of nodes with different capabilities and resources , so it is feasible to employ both public key & private key cryptography. 9 ]Rushin $hah 27 February 2014
    10. 10. List of task to be achieve during designing of Generic WSN Security Model  Data Aggregation: - In the ideal security model data aggregation can be performed to confirm security options.  Self-Healing: - Self organization and maintenance properties are built into the network. 10 ]Rushin $hah 27 February 2014
    11. 11. Security Architecture  SPIN: Security Protocol in Sensor Network  SPIN SNEP: Secure Network Encryption Protocol  Micro-TESLA: SNEP Micro Timed Efficient MicroTESLA Streaming Loss tolerant Authentication 11 ]Rushin $hah 27 February 2014
    12. 12. Security Architecture  In SPINS, each sensor node shares a unique master key with base station.  Other key required by SNEP and micro-TESLA protocols are derived from this master key.  SNEP is based on Cipher block Chaining implemented in counter mode (CBC-CTR).  In this method initial value of the counter in the sender and receiver is the same , thus:  The sender increments the counter after sending each encrypted message and the receiver after receiving, decrypting it. 12 ]Rushin $hah 27 February 2014
    13. 13. Security Architecture  To achieve authenticated broadcasts, micro-TESLA uses time –released key chain.(TRKC)  There are two requirements for correct functioning of this protocol i. The owner of the key release schedule has to have enough storage for all the keys in the key chain. ii. Every node in the network has to at least be loosely time synchronized. 13 ]Rushin $hah 27 February 2014
    14. 14. Key distribution techniques for sensor Network  The general key distribution refers to the task of distributing secret keys between communicating parties in order to facilitate security properties such as Communication Secrecy and Authentication.  In sensor network , key distribution is usually combined with initial communication establishment to bootstrap a secure communication infrastructure from collection of deployed sensor nodes.  These nodes may have been pre initialized with some secret information but do not have direct contact to each other. “ This Combined problem of key distribution & secure communication establishment is known as Bootstrapping Problem” 14 ]Rushin $hah 27 February 2014
    15. 15. Complication in Designing of Secure Protocol Characteristics of the Sensor Network which can generate complication  in designing of Secure protocol  Vulnerability of nodes to physical capture: Sensor nodes may be deploy in public or hostile locations in many applications. Because of large number of nodes requirement, each sensor node must not be expensive, which makes manufacturers to make them temper resistant.  Lack of priory knowledge of post deployment configuration: The large number of nodes involve makes it costly to pre-determine the location of every individual node. Hence security protocol should not assume prior knowledge of which nodes will be neighbor in network.  Limited bandwidth and Transmission Power: 15 27 February 2014
    16. 16. Problems of Bootstrapping in Sensor N/W  Boot strapping schemes for sensor networks needs to satisfy the following requirements:  Deploy nodes must be able to establish secure node to node communication.  Additional Legitimate nodes deploy at later time can form secure connection with already deployed nodes.  Unauthorized node should not be able to gain entry into the network, either through packet injection.  The scheme must work without prior knowledge of which nodes will come into communication range of each other after deployment. 16 ]Rushin $hah 27 February 2014
    17. 17. method of key distribution  Single Network Wide Key  Asymmetric  Pair Cryptography wise keys  Trusted base station based key distribution  Random 17 Key pre distribution scheme ]Rushin $hah 27 February 2014
    18. 18. Single Network Wide Key  The simplest method of key distribution is to pre-load a Single Network Wide Key onto all nodes before deployment.  After deployment nodes can start communication with the nodes which are using the same network key.  This can be achieve by encrypting a message using Network Key. 18 ]Rushin $hah 27 February 2014
    19. 19. Single Network Wide Key : Properties  Minimal memory storage required  No additional protocol steps are required.  Resistant against packet injection 19 ]Rushin $hah 27 February 2014
    20. 20. Single Network Wide Key :  Drawback & Solution The drawback of this scheme is: if single node is compromised then entire security of the network would be broken.  Methods to overcome this drawback - Nodes must be temper resistant - New nodes must not be allowed to enter into the network. 20 ]Rushin $hah 27 February 2014
    21. 21. Asymmetric Cryptography  If a sensor node hardware is able to support asymmetric key cryptography operation then this is a potentially viable method of key distribution.  In this technique before deployment, a master public/private key pair (KM , KMi) is first generated.  Then for every node A, its public/private key pair (KA , KAi ) is generated.  This key pair is stored in node A’s memory along with the master public key KM and master key’s signature on A’s public key.  Once all nodes are initialized in this fashion, they are ready for deployment. 21 ]Rushin $hah 27 February 2014
    22. 22. Asymmetric Cryptography  Once nodes have been deployed, they perform key exchanges.  ‘Nodes exchange their respective public keys and master key signatures.’  Each node’s public key which is known to every node in the network.  Once the public key of node has been received, a symmetric link key can be generated and sent message, which encrypted by its public key. 22 ]Rushin $hah 27 February 2014
    23. 23. Asymmetric Cryptography  Properties :  Possible to revoke known compromised key-pairs   Perfectly resilient against node capture Fully scalable Disadvantages: Dependence on asymmetric key cryptography hardware  Vulnerability to denial of service  No resistance against node replication 23 ]Rushin $hah 27 February 2014
    24. 24. Pair wise keys  In this approach , every node in the sensor network shares a unique symmetric key with every other node in the network.  In a network of n nodes , Total number of unique keys = nC2  Every node stores n-1 number of keys. 24 ]Rushin $hah 27 February 2014
    25. 25. Pair wise keys  Property:  Compromised keys can be revoked   Perfect resilience to node capture Only uses symmetric cryptography Disadvantage: 25 The main problem with the pair wise keys scheme is poor scalability. ]Rushin $hah 27 February 2014
    26. 26. Trusted base station based key distribution  This method of key distribution uses trusted, secure base station as an arbiter to provide link keys to sensor nodes.  The sensor nodes authenticate themselves to the base station, after which the base station generates a link key & sends it securely to both parties.  Before deployment of sensor nodes, unique symmetric key is generated for each node in the network.  This node key is stored in the memory of each sensor node will serve as the authentication key between base station and sensor node. 26 ]Rushin $hah 27 February 2014
    27. 27. Trusted base station based key distribution  Now assume that after deployment , the node A wants to establish a shared secret session key SKAB with node B.  Since A and B do not share any secrets, they need to use a trusted third party S, base station. 27 ]Rushin $hah 27 February 2014
    28. 28. Trusted base station based key distribution  Properties:   Perfect resilience to node capture  Revocation of node is simple   Small memory requirements Node replication is easily controlled Disadvantages:  Not scalable  Base station becomes target for compromise. 28 ]Rushin $hah 27 February 2014
    29. 29. Random Key pre distribution scheme  Let m –denote the number of distinct cryptographic keys that can be stores on a sensor node.  Before deployed the sensor nodes, an initialization phase is performed.  In this initialization phase a basic scheme picks a random pool of keys S out of the total possible key space.  For each node, m keys are randomly selected from the key pool S and stored into the node’s memory.  This set of m keys is called as the node’s key ring.  After deployed the sensor nodes , a key-setup phase is performed.  The nodes first perform key discovery to find out with which of their neighbors they share a key. 29 ]Rushin $hah 27 February 2014
    30. 30. Random Key pre distribution scheme  Such key discovery can be performed by assigning a short identifier to each key prior to deployment and having each node broadcasts its set of identifiers.  Nodes which discover that they contain shared key in their key rings, can then verify that their neighbor actually holds the key, through a challenge – response protocol. 30 ]Rushin $hah 27 February 2014
    31. 31. Water Marking  One of the major security issue in the Internet is: Digital Right Management (DRM).  It is easy to see that DRM will also play a major role in wireless sensor network.  To address these problems Feng et al have developed the first water marking technique for crypto logically embedding an authorship signature into data and information which acquired by a WSN.  The notion of intellectual property protection and specifically watermarking has been widely studied for items such text, video/audio, and circuit designs. 31 ]Rushin $hah 27 February 2014 as
    32. 32. Water Marking  Watermarking techniques have been proposed for two domains: Static artifacts & Functional artifacts  Static artifacts are artifacts that consist of only syntactic components which are not altered during their use.  F o r e x a m p l e : images, audio.  The essential property of all watermarking for static artifacts is that they leverage the imperfection of human perception.  The main objective of watermarking technique for static artifacts - Requirements for global placement of the watermark in the artifact, - Resiliency against removal and suitability for rapid detection. 32 ]Rushin $hah 27 February 2014
    33. 33. Water Marking  Watermarking is also applicable to functional artifacts, such as software & integrated circuits designs.  Functional artifacts can be specified and therefore watermarked at several levels of abstraction such as: - System level designs, - The logic synthesis level,  - FPGA designs, - Physical design level. Additionally other techniques for intellectual property protection such as finger printing, obfuscation, reverse engineering, and forensic engineering can be apply. 33 ]Rushin $hah 27 February 2014
    34. 34. Real – Time Watermarking  AIM: To authenticate data which is collected by a sensor network.  Key Idea: To impose additional constraints to the system during the sensing data acquisition or data processing phases.  The first set of techniques embeds the signature into the process of sensing data.  The crucial idea is to modulate by imposing additional constraints on of parameters that define sensor relationship with the physical world.  The options include the location and orientation on sensor, time management (e.g. frequency and phase of intervals between consecutive data capturing), resolution. 34 ]Rushin $hah 27 February 2014
    35. 35. Real – Time Watermarking  In particular, an attractive alternative is to impose constraints on intrinsic properties (e.g. sensitivity, compression laws) of a particular sensor, therefore the measured data have certain unique characteristics that are strongly correlated with the signature of the author/owner.  The second technique is to embed signature during processing, either in sensor data or control data. 35 ]Rushin $hah 27 February 2014 data
    36. 36. 36 ]Rushin $hah 27 February 2014
    1. A particular slide catching your eye?

      Clipping is a handy way to collect important slides you want to go back to later.

    ×