Security
in
Wireless Sensor Networks
Shruti Pathak
CS 685
Fall 2009
Introduction (Wireless sensor Networks)
 Current applications include ocean and
wildlife monitoring, manufacturing machinery
performance monitoring, building safety and
earthquake monitoring, military applications
etc.
 Future applications might involve highway
traffic, building security, water quality and
people’s heart rates.
Challenges posed by WSN
 To make the sensor networks economically
viable they have limited energy consumption
and communication capabilities.
 Often deployed in accessible areas; implies
added risk to physical attacks.
 Interaction with their physical environments
and people result in new security problems.
A Secure System
 Usually a standalone component of the
system where a separate module provides
security.
 This is a flawed approach.
 Ideally, security should be a part of every
component. (the components designed
without security can become a point of
attack)
Key Establishment and Trust Setup
 Cryptographic keys need to be established during
the setting up of a sensor network for later use.
 Various traditional protocols cannot be used in case
of sensor devices due to limited computational
capabilities.
 The key establishment techniques need to scale to
networks with hundreds and thousands of nodes.
 Sensor nodes differ in communication patterns with
the traditional networks; sensor nodes may need to
set up keys with their neighbors and with data
aggregation nodes.
Simplest solution for key establishment
 Network-wide shared key.
Disadvantage: Compromise of any single node result
in decryption of complete network traffic.
 Variant to the above approach use a single shared
key to establish a set of link keys, one per pair of
communicating nodes, then erase the network-wide
key after setting up the session keys.
Disadvantage: This process does not allow addition
of new nodes after initial deployment.
Public Key Cryptography
(Diffie-Hellman key Establishment)
 D-H Key Establishment: Allows two parties
that have no prior knowledge of each other to
jointly establish a shared secret key over an
insecure communications channel.
 Advantage: A node can set up a secure key
with any other node in the network.
 But is beyond the scope of the capabilities of
the sensor networks.
Bootstrapping
 Bootstrapping keys with a trusted base
station is an option.
 Each node shares a single key with the base
station and set up keys with the other nodes
through the base stations.
 Disadvantage: Single point of failure.
 Advantage: If the network incorporates
tamper-resistant packaging for the base
station, it would help in the mitigation of
threats of physical attacks.
Random Key Distribution Protocols
 Large pool of symmetric key is chosen and a random
subset of pool is distributed to each sensor node.
 Two nodes that want to communicate search their pools
to determine whether they share a common key.
 Not every pair of nodes share a common key.
 A fully connected network can be established if the key
establishment probability is sufficiently great.
 Advantage: Avoids having to include a central base
station.
 Disadvantage: Attackers who are able to compromise
sufficiently large number of nodes could reconstruct the
complete key pool and break the entire scheme.
Security and Authentication
 Need for protection against eavesdropping, injection
and modification of packets.
 Cryptography is the standard defense mechanism
but has its own tradeoffs.
 It entails performance cost for extra computation
that increases packet size.
 Hardware support of it increases efficiency but also
increase financial cost of implementing a network.
 Software-only cryptography is practical with today’s
sensor technology. Hardware support is not needed.
Privacy Concerns
 Secret surveillance:
- Employers can spy on their employees
- Shop owners on customers
- Neighbors on each other
- Law enforcement agencies on public places
 Surveillance technology has become cheaper
and more effective and hence affordable.
 Devices have become smaller hence easy to
conceal.
Threats
 New type of threats introduced by the sensor
networks.
 Enables routine tracking of people and vehicles over
long period of time.
 In order to be able to solve the problems related to
privacy; not only the technology but a mix of societal
norms, new laws and technological responses are
necessary.
 The existence of sensor technology and surveillance
should be made known to people for a better
acceptance of the technology.
Robustness to communication
denial of service
 Denial of services attacks are one of the greatest
concerns.
 An adversary can severely disrupt the network’s
operation by broadcasting a high energy signal,
entire system could be jammed.
 Solution: When jamming effects only the portion of
the network, a jamming-resistant network could
defeat the attack by detection of the jammed area
and mapping the affected region and the routing
around the jammed area.
Secure Routing
 Routing and data forwarding is an essential service
for enabling communication in sensor networks.
 Simplest attack: Injection of malicious routing
information into the network can result in routing
inconsistencies.
Solution: Simple authentication might guard against
these attacks; still susceptible to replay attacks by
attackers with legitimate routing messages.
 Node-capture attacks: In almost all the routing
protocols, compromise of single nodes suffices to
take over the entire network or prevent
communication within it.
Resilience to node capture
 Generally, sensor nodes are present in locations that are readily
accessible to attackers.
 It becomes easy for an attacker to capture these nodes, extract
cryptographic secrets, modify their programming or replace them
with malicious nodes.
 Defense: Tamper-resistant packaging but is expensive hence not
preferable instead algorithmic solutions are preferred over it.
 Challenge is to build a network that would operate correctly even
if several nodes are compromised without our knowledge.
 Sending every packet across multiple, independent paths and
checking at the destination for consistency among the packets
that are received, resilience against node-capture can be
achieved.
Network Security Services:
Secure Group Management
 High level security mechanisms.
 Each node in the sensor network is limited in computing and
communication capabilities.
 However, data aggregation and analysis can be performed by
group of nodes.
 Example: A group of nodes might be responsible for tracking the
vehicle through the network.
 Secure protocols are required for group management that would
ensure secure admission of new group members and secure
communication among that group.
 The outcome of the group’s computation is normally transmitted
to the base station which should be authenticated to ensure that
it comes from a valid group.
 Any solution must be efficient in time and energy.
Network Security Services:
Intrusion Detection
 Wireless sensor networks are susceptible to many
forms of intrusion.
 In wired networks, traffic and computation are
typically monitored and analyzed for anomalies at
various concentration points, which is often
expensive.
 For a lesser expensive solution, applications and
typical threat models must be understood,
particularly how cooperating adversaries might
attack the system.
 Use of secure groups may be a promising approach
for decentralized intrusion detection.
Network Security Services:
Secure data aggregation
 One benefit of wireless sensor networks is
the fine-grain sensing that large and dense
set of nodes can provide.
 To avoid overwhelming traffic back to the
base station; data should be aggregated.
 Aggregation may take place at many places
in the network, depending upon the
architecture of the wireless sensor networks.
 All such locations should be secured.
Research Challenges
 Severe constraints and demanding
deployment environments of wireless sensor
networks make computer security for these
systems challenging.
 How to secure wireless communication links?
 Understanding the environment-related
constraints.

Paper1

  • 1.
  • 2.
    Introduction (Wireless sensorNetworks)  Current applications include ocean and wildlife monitoring, manufacturing machinery performance monitoring, building safety and earthquake monitoring, military applications etc.  Future applications might involve highway traffic, building security, water quality and people’s heart rates.
  • 3.
    Challenges posed byWSN  To make the sensor networks economically viable they have limited energy consumption and communication capabilities.  Often deployed in accessible areas; implies added risk to physical attacks.  Interaction with their physical environments and people result in new security problems.
  • 4.
    A Secure System Usually a standalone component of the system where a separate module provides security.  This is a flawed approach.  Ideally, security should be a part of every component. (the components designed without security can become a point of attack)
  • 5.
    Key Establishment andTrust Setup  Cryptographic keys need to be established during the setting up of a sensor network for later use.  Various traditional protocols cannot be used in case of sensor devices due to limited computational capabilities.  The key establishment techniques need to scale to networks with hundreds and thousands of nodes.  Sensor nodes differ in communication patterns with the traditional networks; sensor nodes may need to set up keys with their neighbors and with data aggregation nodes.
  • 6.
    Simplest solution forkey establishment  Network-wide shared key. Disadvantage: Compromise of any single node result in decryption of complete network traffic.  Variant to the above approach use a single shared key to establish a set of link keys, one per pair of communicating nodes, then erase the network-wide key after setting up the session keys. Disadvantage: This process does not allow addition of new nodes after initial deployment.
  • 7.
    Public Key Cryptography (Diffie-Hellmankey Establishment)  D-H Key Establishment: Allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel.  Advantage: A node can set up a secure key with any other node in the network.  But is beyond the scope of the capabilities of the sensor networks.
  • 8.
    Bootstrapping  Bootstrapping keyswith a trusted base station is an option.  Each node shares a single key with the base station and set up keys with the other nodes through the base stations.  Disadvantage: Single point of failure.  Advantage: If the network incorporates tamper-resistant packaging for the base station, it would help in the mitigation of threats of physical attacks.
  • 9.
    Random Key DistributionProtocols  Large pool of symmetric key is chosen and a random subset of pool is distributed to each sensor node.  Two nodes that want to communicate search their pools to determine whether they share a common key.  Not every pair of nodes share a common key.  A fully connected network can be established if the key establishment probability is sufficiently great.  Advantage: Avoids having to include a central base station.  Disadvantage: Attackers who are able to compromise sufficiently large number of nodes could reconstruct the complete key pool and break the entire scheme.
  • 10.
    Security and Authentication Need for protection against eavesdropping, injection and modification of packets.  Cryptography is the standard defense mechanism but has its own tradeoffs.  It entails performance cost for extra computation that increases packet size.  Hardware support of it increases efficiency but also increase financial cost of implementing a network.  Software-only cryptography is practical with today’s sensor technology. Hardware support is not needed.
  • 11.
    Privacy Concerns  Secretsurveillance: - Employers can spy on their employees - Shop owners on customers - Neighbors on each other - Law enforcement agencies on public places  Surveillance technology has become cheaper and more effective and hence affordable.  Devices have become smaller hence easy to conceal.
  • 12.
    Threats  New typeof threats introduced by the sensor networks.  Enables routine tracking of people and vehicles over long period of time.  In order to be able to solve the problems related to privacy; not only the technology but a mix of societal norms, new laws and technological responses are necessary.  The existence of sensor technology and surveillance should be made known to people for a better acceptance of the technology.
  • 13.
    Robustness to communication denialof service  Denial of services attacks are one of the greatest concerns.  An adversary can severely disrupt the network’s operation by broadcasting a high energy signal, entire system could be jammed.  Solution: When jamming effects only the portion of the network, a jamming-resistant network could defeat the attack by detection of the jammed area and mapping the affected region and the routing around the jammed area.
  • 14.
    Secure Routing  Routingand data forwarding is an essential service for enabling communication in sensor networks.  Simplest attack: Injection of malicious routing information into the network can result in routing inconsistencies. Solution: Simple authentication might guard against these attacks; still susceptible to replay attacks by attackers with legitimate routing messages.  Node-capture attacks: In almost all the routing protocols, compromise of single nodes suffices to take over the entire network or prevent communication within it.
  • 15.
    Resilience to nodecapture  Generally, sensor nodes are present in locations that are readily accessible to attackers.  It becomes easy for an attacker to capture these nodes, extract cryptographic secrets, modify their programming or replace them with malicious nodes.  Defense: Tamper-resistant packaging but is expensive hence not preferable instead algorithmic solutions are preferred over it.  Challenge is to build a network that would operate correctly even if several nodes are compromised without our knowledge.  Sending every packet across multiple, independent paths and checking at the destination for consistency among the packets that are received, resilience against node-capture can be achieved.
  • 16.
    Network Security Services: SecureGroup Management  High level security mechanisms.  Each node in the sensor network is limited in computing and communication capabilities.  However, data aggregation and analysis can be performed by group of nodes.  Example: A group of nodes might be responsible for tracking the vehicle through the network.  Secure protocols are required for group management that would ensure secure admission of new group members and secure communication among that group.  The outcome of the group’s computation is normally transmitted to the base station which should be authenticated to ensure that it comes from a valid group.  Any solution must be efficient in time and energy.
  • 17.
    Network Security Services: IntrusionDetection  Wireless sensor networks are susceptible to many forms of intrusion.  In wired networks, traffic and computation are typically monitored and analyzed for anomalies at various concentration points, which is often expensive.  For a lesser expensive solution, applications and typical threat models must be understood, particularly how cooperating adversaries might attack the system.  Use of secure groups may be a promising approach for decentralized intrusion detection.
  • 18.
    Network Security Services: Securedata aggregation  One benefit of wireless sensor networks is the fine-grain sensing that large and dense set of nodes can provide.  To avoid overwhelming traffic back to the base station; data should be aggregated.  Aggregation may take place at many places in the network, depending upon the architecture of the wireless sensor networks.  All such locations should be secured.
  • 19.
    Research Challenges  Severeconstraints and demanding deployment environments of wireless sensor networks make computer security for these systems challenging.  How to secure wireless communication links?  Understanding the environment-related constraints.