This document introduces TinySec, a link layer security architecture designed for wireless sensor networks. TinySec aims to provide security such as message authentication and encryption with minimal overhead of bandwidth, latency, and energy consumption. The document discusses the design goals and challenges of sensor network security given constraints of memory, processing power, bandwidth and energy of sensor nodes. It argues that link layer security is better suited than end-to-end security for sensor networks where traffic is often many-to-one and in-network processing is used.
The document describes an intrusion detection system for cluster-based wireless sensor networks. It proposes using MAC address-based intruder tracking to detect intruders early. The system divides the network into clusters, with cluster heads monitoring members. It uses port numbers, IP addresses and MAC addresses to authenticate nodes and detect intruders pretending to be valid nodes. If intruder behavior is detected, an alarm is raised. The approach aims to securely transmit data in the network by identifying and preventing malicious intrusions and attacks.
AN ANTI-CLONE ATTACK KEY MANAGEMENT SCHEME FOR WIRELESS SENSOR NETWORKScsandit
Wireless Sensor Networks (WSNs) are subject to various kinds of attacks such as replaying of
messages, battery exhausting, and nodes compromising. While most of these attacks can be
dealt with through cryptographic security protocols provided by key management schemes,
there are always a few that manage to really cause problems. One such attack that is most
common and significant in WSNs is cloning attack. In clone attack, the intruder tries to capture
and compromise some nodes and inject them into several locations throughout the network in
order to conduct other types of attacks. Moreover, if this attack is not detected early, then these
replicated injected nodes will consume a large amount of the network resources. In this paper,
we analyze several key management schemes that can be used for checking integrity and
preventing cloning attacks. After analyzing the problems associated with these schemes, we
propose a model that allows us to distinguish between legitimate nodes and cloned nodes in
such sensor networks.
ENHANCED THREE TIER SECURITY ARCHITECTURE FOR WSN AGAINST MOBILE SINK REPLI...ijwmn
Recent developments on Wireless Sensor Networks have made their application in a wide range
such as military sensing and tracking, health monitoring, traffic monitoring, video surveillance and so on.
Wireless sensor nodes are restricted to computational resources, and are always deployed in a harsh,
unattended or unfriendly environment. Therefore, network security becomes a tough task and it involves
the authorization of admittance to data in a network. The problem of authentication and pair wise key
establishment in sensor networks with mobile sink is still not solved in the mobile sink replication attacks.
In q-composite key pre distribution scheme, a large number of keys are compromised by capturing a
small fraction of sensor nodes by the attacker. The attacker can easily take a control of the entire network
by deploying a replicated mobile sinks. Those mobile sinks which are preloaded with compromised keys
are used authenticate and initiate data communication with sensor node. To determine the above problem
the system adduces the three-tier security framework for authentication and pair wise key establishment
between mobile sinks and sensor nodes. The previous system used the polynomial key pre distribution
scheme for the sensor networks which handles sink mobility and continuous data delivery to the
neighbouring nodes and sinks, but this scheme makes high computational cost and reduces the life time of
sensors. In order to overcome this problem a random pair wise key pre distribution scheme is suggested
and further it helps to improve the network resilience. In addition to this an Identity Based Encryption is
used to encrypt the data and Mutual authentication scheme is proposed for the identification and
isolation of replicated mobile sink from the network.
Wireless Sensor Network (WSN) is a promising field for research. As the use of this field increases, it is
required to give proper security to this field. So to ensure the security of communication of data or messages and to
control the use of data in WSN is of great importance. As sensor networks interact with responsive data and operate
in unfriendly unattended area, from the time of system design these security concerns should be addressed. The paper,
presents a modified Motesec security protocol which is a security mechanism for Wireless sensor network. In this
protocol a hash function based approach is used to detect replay attacks. For data access control key lock matching
method i.e. memory data access control policy is used to prevent unauthorized data access. Encoding and
reconstruction scheme is used to find out attacker. Flooding attack detection by comparing data rate. There is currently
massive research is present in the area of wireless sensor network security..Keywords: GPS,GCM,LBS Android.
Keywords: secure communication architecture, wireless Sensor network security.
Iaetsd secure data dissemination based onIaetsd Iaetsd
This document proposes a secure data dissemination protocol called Se-Drip for wireless sensor networks. Se-Drip uses a Merkle hash tree to securely disseminate data from a base station to sensor nodes in the network. The protocol has three phases: 1) initialization where the base station generates keys and loads them on nodes, 2) packet preprocessing where the base station constructs data packets and their authentication paths in a Merkle hash tree, and 3) packet verification where nodes verify received packets against the hash tree to authenticate the data. Se-Drip aims to securely disseminate data while being lightweight, robust to packet loss, and resistant to denial-of-service attacks.
4.report (cryptography & computer network)JIEMS Akkalkuwa
This document discusses network security and cryptography. It begins by defining network security and explaining the key areas of secrecy, authentication, non-repudiation, and integrity control. It then discusses what cryptography is, explaining that it uses mathematics to encrypt and decrypt data to provide security. The document provides an overview of symmetric and asymmetric key encryption techniques as well as hash functions. It also discusses some existing network security systems and their use of symmetric encryption with periodic key distribution and refresh.
This document summarizes a survey on security attacks in wireless sensor networks. It begins with an introduction to wireless sensor networks and their constraints, such as limited energy, memory, and processing power. It then discusses common security requirements for wireless sensor networks like availability, authentication, confidentiality, and integrity. Various types of attacks against wireless sensor networks are described, including denial of service attacks, physical attacks, and link layer attacks that can cause collisions. The challenges of providing security in wireless sensor networks given their constraints and vulnerabilities are also outlined.
Multi-Tiered Communication Security Schemes in Wireless Ad-Hoc Sensor NetworksIDES Editor
Networks of wireless micro-sensors for monitoring
physical environments have emerged as an important new
application area for wireless technology. Key attributes of
these new types of networked systems are the severely
constrained computational and energy resources and an ad
hoc operational environment. This paper is a study of the
communication security aspects of these networks. Resource
limitations and specific architecture of sensor networks call
for customized security mechanisms. Our approach is to
classify the types of data existing in sensor networks, and
identify possible communication security threats according
to that classification. We propose a communication security
scheme where for each type of data we define a corresponding
security mechanism. By employing this multi-tiered security
architecture where each mechanism has different resource
requirements, we allow for efficient resource management,
which is essential for wireless sensor networks.
The document describes an intrusion detection system for cluster-based wireless sensor networks. It proposes using MAC address-based intruder tracking to detect intruders early. The system divides the network into clusters, with cluster heads monitoring members. It uses port numbers, IP addresses and MAC addresses to authenticate nodes and detect intruders pretending to be valid nodes. If intruder behavior is detected, an alarm is raised. The approach aims to securely transmit data in the network by identifying and preventing malicious intrusions and attacks.
AN ANTI-CLONE ATTACK KEY MANAGEMENT SCHEME FOR WIRELESS SENSOR NETWORKScsandit
Wireless Sensor Networks (WSNs) are subject to various kinds of attacks such as replaying of
messages, battery exhausting, and nodes compromising. While most of these attacks can be
dealt with through cryptographic security protocols provided by key management schemes,
there are always a few that manage to really cause problems. One such attack that is most
common and significant in WSNs is cloning attack. In clone attack, the intruder tries to capture
and compromise some nodes and inject them into several locations throughout the network in
order to conduct other types of attacks. Moreover, if this attack is not detected early, then these
replicated injected nodes will consume a large amount of the network resources. In this paper,
we analyze several key management schemes that can be used for checking integrity and
preventing cloning attacks. After analyzing the problems associated with these schemes, we
propose a model that allows us to distinguish between legitimate nodes and cloned nodes in
such sensor networks.
ENHANCED THREE TIER SECURITY ARCHITECTURE FOR WSN AGAINST MOBILE SINK REPLI...ijwmn
Recent developments on Wireless Sensor Networks have made their application in a wide range
such as military sensing and tracking, health monitoring, traffic monitoring, video surveillance and so on.
Wireless sensor nodes are restricted to computational resources, and are always deployed in a harsh,
unattended or unfriendly environment. Therefore, network security becomes a tough task and it involves
the authorization of admittance to data in a network. The problem of authentication and pair wise key
establishment in sensor networks with mobile sink is still not solved in the mobile sink replication attacks.
In q-composite key pre distribution scheme, a large number of keys are compromised by capturing a
small fraction of sensor nodes by the attacker. The attacker can easily take a control of the entire network
by deploying a replicated mobile sinks. Those mobile sinks which are preloaded with compromised keys
are used authenticate and initiate data communication with sensor node. To determine the above problem
the system adduces the three-tier security framework for authentication and pair wise key establishment
between mobile sinks and sensor nodes. The previous system used the polynomial key pre distribution
scheme for the sensor networks which handles sink mobility and continuous data delivery to the
neighbouring nodes and sinks, but this scheme makes high computational cost and reduces the life time of
sensors. In order to overcome this problem a random pair wise key pre distribution scheme is suggested
and further it helps to improve the network resilience. In addition to this an Identity Based Encryption is
used to encrypt the data and Mutual authentication scheme is proposed for the identification and
isolation of replicated mobile sink from the network.
Wireless Sensor Network (WSN) is a promising field for research. As the use of this field increases, it is
required to give proper security to this field. So to ensure the security of communication of data or messages and to
control the use of data in WSN is of great importance. As sensor networks interact with responsive data and operate
in unfriendly unattended area, from the time of system design these security concerns should be addressed. The paper,
presents a modified Motesec security protocol which is a security mechanism for Wireless sensor network. In this
protocol a hash function based approach is used to detect replay attacks. For data access control key lock matching
method i.e. memory data access control policy is used to prevent unauthorized data access. Encoding and
reconstruction scheme is used to find out attacker. Flooding attack detection by comparing data rate. There is currently
massive research is present in the area of wireless sensor network security..Keywords: GPS,GCM,LBS Android.
Keywords: secure communication architecture, wireless Sensor network security.
Iaetsd secure data dissemination based onIaetsd Iaetsd
This document proposes a secure data dissemination protocol called Se-Drip for wireless sensor networks. Se-Drip uses a Merkle hash tree to securely disseminate data from a base station to sensor nodes in the network. The protocol has three phases: 1) initialization where the base station generates keys and loads them on nodes, 2) packet preprocessing where the base station constructs data packets and their authentication paths in a Merkle hash tree, and 3) packet verification where nodes verify received packets against the hash tree to authenticate the data. Se-Drip aims to securely disseminate data while being lightweight, robust to packet loss, and resistant to denial-of-service attacks.
4.report (cryptography & computer network)JIEMS Akkalkuwa
This document discusses network security and cryptography. It begins by defining network security and explaining the key areas of secrecy, authentication, non-repudiation, and integrity control. It then discusses what cryptography is, explaining that it uses mathematics to encrypt and decrypt data to provide security. The document provides an overview of symmetric and asymmetric key encryption techniques as well as hash functions. It also discusses some existing network security systems and their use of symmetric encryption with periodic key distribution and refresh.
This document summarizes a survey on security attacks in wireless sensor networks. It begins with an introduction to wireless sensor networks and their constraints, such as limited energy, memory, and processing power. It then discusses common security requirements for wireless sensor networks like availability, authentication, confidentiality, and integrity. Various types of attacks against wireless sensor networks are described, including denial of service attacks, physical attacks, and link layer attacks that can cause collisions. The challenges of providing security in wireless sensor networks given their constraints and vulnerabilities are also outlined.
Multi-Tiered Communication Security Schemes in Wireless Ad-Hoc Sensor NetworksIDES Editor
Networks of wireless micro-sensors for monitoring
physical environments have emerged as an important new
application area for wireless technology. Key attributes of
these new types of networked systems are the severely
constrained computational and energy resources and an ad
hoc operational environment. This paper is a study of the
communication security aspects of these networks. Resource
limitations and specific architecture of sensor networks call
for customized security mechanisms. Our approach is to
classify the types of data existing in sensor networks, and
identify possible communication security threats according
to that classification. We propose a communication security
scheme where for each type of data we define a corresponding
security mechanism. By employing this multi-tiered security
architecture where each mechanism has different resource
requirements, we allow for efficient resource management,
which is essential for wireless sensor networks.
Dear Students
Ingenious techno Solution offers an expertise guidance on you Final Year IEEE & Non- IEEE Projects on the following domain
JAVA
.NET
EMBEDDED SYSTEMS
ROBOTICS
MECHANICAL
MATLAB etc
For further details contact us:
enquiry@ingenioustech.in
044-42046028 or 8428302179.
Ingenious Techno Solution
#241/85, 4th floor
Rangarajapuram main road,
Kodambakkam (Power House)
http://www.ingenioustech.in/
A-SURVEY SECURITY PROTOCOL FOR WIRELESS SENSOR NETWORKEditor IJMTER
Nowadays, Wireless Sensor Networks are emerging because of the technological
developments in Wireless Communication. Wireless Sensor Networks are deployed mostly in open
and unguarded environment. The key features of Wireless Sensor Networks are low power, lowmemory, low-energy scaled nodes. Security is a fundamental requirement for Wireless Sensor
Network. Security is the main concern for everything whether it is for wired based network or
wireless based network. Security in Wireless Sensor Network plays an important role in node
communication. For Wireless Sensor Network so many security protocol available but some have
some limitation. In this paper, our center of attention is security protocols for Wireless Sensor
Network through this paper; we have to identify the security protocols and their limitation for
Wireless Sensor Network.
IEEE 2014 DOTNET PARALLEL DISTRIBUTED PROJECTS Secure and efficient data tran...IEEEMEMTECHSTUDENTPROJECTS
To Get any Project for CSE, IT ECE, EEE Contact Me @ 09666155510, 09849539085 or mail us - ieeefinalsemprojects@gmail.com-Visit Our Website: www.finalyearprojects.org
This document summarizes security schemes for wireless sensor networks, including TinySec, IEEE 802.15.4, and others. It discusses the challenges of WSNs like power constraints and limited resources. It also outlines common security threats to WSNs such as denial of service attacks, attacks on information in transit, Sybil attacks, black hole/sinkhole attacks, and hello flood attacks. The document evaluates the feasibility of applying basic security schemes like cryptography and steganography to WSNs given their unique constraints and requirements.
IRJET- SDN Multi-Controller based Framework to Detect and Mitigate DDoS i...IRJET Journal
This document proposes a scalable framework using SDN and machine learning techniques to detect and mitigate DDoS attacks in large-scale networks. The framework uses a lightweight detection layer implemented across multiple controllers to detect anomalies locally using entropy calculations. It also includes a heavyweight detection layer in a centralized system that employs machine learning for more accurate detection. The goal is to provide robust intrusion detection that can quickly detect network attacks efficiently in large networks.
Efficient Data Aggregation in Wireless Sensor NetworksIJAEMSJORNAL
Sensor network is a term used to refer to a heterogeneous system combining tiny sensors and actuators with general/special-purpose processors. Sensor networks are assumed to grow in size to include hundreds or thousands of low-power, low-cost, static or mobile nodes. This system is created by observing that for any densely deployed sensor network, high redundancy exists in the gathered information from the sensor nodes that are close to each other we have exploited the redundancy and designed schemes to secure different kinds of aggregation processing against both inside and outside attacks.
International Journal of Engineering Research and Development (IJERD)IJERD Editor
We would send hard copy of Journal by speed post to the address of correspondence author after online publication of paper.
We will dispatched hard copy to the author within 7 days of date of publication
Passive monitoring to build Situational AwarenessDavid Sweigert
Passive network monitoring techniques can provide valuable situational awareness for network security professionals. The document describes techniques for passively discovering information about nodes on a network, including operating systems, roles, services, and configurations. This contextual information helps analysts by reducing false positives and focusing resources. The passive approach does not disrupt networks and can operate continuously, in contrast to active scanning tools. A network monitoring prototype is being developed to test these passive discovery techniques.
The document describes a proposed system for secure and efficient data transmission in cluster-based wireless sensor networks. It proposes two protocols, SET-IBS and SET-IBOOS, that use identity-based digital signatures for security. SET-IBS relies on the Diffie-Hellman problem while SET-IBOOS relies on the discrete logarithm problem. The proposed protocols aim to reduce computational overhead for security compared to existing approaches. Simulations show the proposed protocols have better performance in terms of security overhead and energy consumption.
VESPA- Multi-Layered Self-Protection for Cloud Resources, OW2con'12, ParisOW2
This talk presents VESPA, an open self-protection architecture and framework for cloud infrastructures that overcomes the previous limitations. Developed in the OpenCloudWare project, VESPA adopts a policy-based management approach, and allows a two-level regulation of security, both within a software layer and across layers. Flexible coordination between self-protection loops allows enforcing a rich spectrum of security strategies such as cross-layer detection and reaction. A multi-plane, extensible architecture also enables simple integration of commodity detection and reaction components. Evaluation results on a VESPA KVM-based implementation show that the design is applicable for effective and yet flexible self-protection of cloud infrastructures.
Security and privacy in Wireless Sensor NetworksImran Khan
This document discusses security and privacy issues in emerging wireless networks such as wireless sensor networks and vehicular ad hoc networks. It identifies several factors that make wireless networks more vulnerable than wired networks, such as broadcast communication enabling eavesdropping, mobility revealing user location, and resource constraints opening doors to denial of service attacks. The document examines challenges for unattended wireless sensor networks that operate without a continuous sink presence, and discusses potential solutions like data protection through encryption and authentication. It concludes that new security challenges arise from features like intermittent connectivity, and that infrastructure-independent and new cryptographic techniques are needed to address issues in emerging wireless networks.
HYBRID CRYPTOSYSTEM WITH DNA BASED KEY FOR WIRELESS SENSOR NETWORKSijwmn
A number of various techniques have been already developed for providing security in sensor networks. It may be anticipated that these techniques provide less secure sensor network which has numerous adverse effects associated with them. Thus there is a sufficient scope for improvement of secure electronic communication, as the proficiency of attacks is growing rapidly in wireless sensor networks. DNA steganography is a technique of covered writing, which provides secure system in sensor network to some
extent. Steganography is more effective over cryptography as later one only conceals information but steganography obscures the information, as well as camouflage the data to various attackers. DNA steganography is an inventive approach to reduce the popularity of public key cryptography over the wireless sensor networks. In the proposed work, a secret key is introduced which is purely based on DNA
sequence named as DNA stego key and is only known to sender and receiver. This DNA stego key is used to
hide information and is stored in a carrier. The proposed technique is implemented using java to verify its
correctness
The document proposes a security model for wireless sensor networks using zero knowledge protocol. It addresses security threats like cloning attacks, man-in-the-middle attacks, and replay attacks. The model uses a unique fingerprint for each node based on its neighboring nodes to detect cloning. It also uses zero knowledge protocol for sensor nodes to verify authenticity without transmitting cryptographic information, preventing man-in-the-middle and replay attacks. The paper analyzes the performance and security of the proposed model.
Describes the term Internet of Things IoT security architecture based on Software Defined Networking SDN . In this context, building on SDN works with or without infrastructure. This is called the SDN domain. This work describes the mechanics of the proposed architecture and reduces the chances of using SDN to achieve more effective and flexible network security. It outlined the issues associated with current SDN security applications and introduced a new IoT system plan. This document has discussed the management of Internet access for specific networks and monitoring of global traffic. Finally, it describes the choice of architecture for SDN using OpenFlow and discusses the resulting results. M. Silambarasan | B. Michael Vinoline Rinoj | V. Karthik ""A Novel SDN Architecture for IoT Security"" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-4 | Issue-2 , February 2020, URL: https://www.ijtsrd.com/papers/ijtsrd29908.pdf
Paper Url : https://www.ijtsrd.com/engineering/electronics-and-communication-engineering/29908/a-novel-sdn-architecture-for-iot-security/m-silambarasan
This document proposes a secure communication framework for embedded networking. The framework aims to be platform neutral and hardware independent. It incorporates a secured database containing all possible system events. Embedded systems can authenticate and access this database. The framework also protects the communication channel by encrypting transmissions, secure handshaking, and using self-adaptive frame structures. It references event indexes from the database rather than transmitting actual information. The database is dynamically recreated on each power-on to change event indexes and improve security. The framework is designed to be easily implemented using proven security technologies while providing modest protection for embedded network devices.
A key management approach for wireless sensor networksZac Darcy
In this paper we presenta key management approach for wireless sensor networks. This approach
facilitating an efficient scalable post-distribution key establishment that provides different security services.
We have developed and tested this approach under TinyOs. Result shows that this approach provides
acceptable resistance against node capture attacks and replay attacks. The provision of security services is
completely transparent to the user of the WSNs. Furthermore, being highly scalable and lightweight, this
approach is appropriate to be used in a wireless sensor network of hundreds of nodes.
The document discusses wireless body area networks and wireless sensor networks. It describes the goals of the project which are to implement the Tate pairing and Weil pairing protocols, analyze their performance with respect to time and memory consumption, and implement the better performing one for security purposes. The document provides background on sensor network technology, including how sensors have evolved from large specialized systems to smaller low-power devices. It outlines some of the applications of wireless sensor networks.
This document discusses security issues related to wireless sensor networks. It begins with an introduction to wireless sensor networks and an overview of security challenges due to limited sensor node capabilities. It then summarizes common attacks on different layers of wireless sensor networks and discusses security objectives. The document outlines key areas of research on sensor network security including key management, secure time synchronization, and secure routing. It provides details on different key management schemes, time synchronization protocols, and discusses vulnerabilities of existing synchronization schemes to various attacks.
This document discusses security challenges in wireless sensor networks. It outlines key challenges like limited energy and communication capabilities as sensors are often deployed in accessible areas. It discusses approaches for secure key establishment, privacy concerns around surveillance, threats like denial of service attacks, and the need for secure routing, intrusion detection, and data aggregation given the resource constraints of sensor networks. Research is still needed to address security challenges posed by the unique aspects of sensor network environments and applications.
2.espk external agent authentication and session key establishment using publ...EditorJST
Wireless sensor networks (WSNs) have recently attracted a lot of interest in the research community due their wide range of applications. Due to distributed and deployed in a un attend environment, these are vulnerable to numerous security threats. In this paper, describe the design and implementation of public-key-(PK)-based protocols that allow authentication and session key establishment between a sensor network and a third party. WSN have limitations on computational capacity, battery etc which provides scope for challenging problems. We fundamentally focused on the security issue of WSNs The proposed protocol is efficient and secure in compared to other public key based protocols in WSNs.
Dear Students
Ingenious techno Solution offers an expertise guidance on you Final Year IEEE & Non- IEEE Projects on the following domain
JAVA
.NET
EMBEDDED SYSTEMS
ROBOTICS
MECHANICAL
MATLAB etc
For further details contact us:
enquiry@ingenioustech.in
044-42046028 or 8428302179.
Ingenious Techno Solution
#241/85, 4th floor
Rangarajapuram main road,
Kodambakkam (Power House)
http://www.ingenioustech.in/
A-SURVEY SECURITY PROTOCOL FOR WIRELESS SENSOR NETWORKEditor IJMTER
Nowadays, Wireless Sensor Networks are emerging because of the technological
developments in Wireless Communication. Wireless Sensor Networks are deployed mostly in open
and unguarded environment. The key features of Wireless Sensor Networks are low power, lowmemory, low-energy scaled nodes. Security is a fundamental requirement for Wireless Sensor
Network. Security is the main concern for everything whether it is for wired based network or
wireless based network. Security in Wireless Sensor Network plays an important role in node
communication. For Wireless Sensor Network so many security protocol available but some have
some limitation. In this paper, our center of attention is security protocols for Wireless Sensor
Network through this paper; we have to identify the security protocols and their limitation for
Wireless Sensor Network.
IEEE 2014 DOTNET PARALLEL DISTRIBUTED PROJECTS Secure and efficient data tran...IEEEMEMTECHSTUDENTPROJECTS
To Get any Project for CSE, IT ECE, EEE Contact Me @ 09666155510, 09849539085 or mail us - ieeefinalsemprojects@gmail.com-Visit Our Website: www.finalyearprojects.org
This document summarizes security schemes for wireless sensor networks, including TinySec, IEEE 802.15.4, and others. It discusses the challenges of WSNs like power constraints and limited resources. It also outlines common security threats to WSNs such as denial of service attacks, attacks on information in transit, Sybil attacks, black hole/sinkhole attacks, and hello flood attacks. The document evaluates the feasibility of applying basic security schemes like cryptography and steganography to WSNs given their unique constraints and requirements.
IRJET- SDN Multi-Controller based Framework to Detect and Mitigate DDoS i...IRJET Journal
This document proposes a scalable framework using SDN and machine learning techniques to detect and mitigate DDoS attacks in large-scale networks. The framework uses a lightweight detection layer implemented across multiple controllers to detect anomalies locally using entropy calculations. It also includes a heavyweight detection layer in a centralized system that employs machine learning for more accurate detection. The goal is to provide robust intrusion detection that can quickly detect network attacks efficiently in large networks.
Efficient Data Aggregation in Wireless Sensor NetworksIJAEMSJORNAL
Sensor network is a term used to refer to a heterogeneous system combining tiny sensors and actuators with general/special-purpose processors. Sensor networks are assumed to grow in size to include hundreds or thousands of low-power, low-cost, static or mobile nodes. This system is created by observing that for any densely deployed sensor network, high redundancy exists in the gathered information from the sensor nodes that are close to each other we have exploited the redundancy and designed schemes to secure different kinds of aggregation processing against both inside and outside attacks.
International Journal of Engineering Research and Development (IJERD)IJERD Editor
We would send hard copy of Journal by speed post to the address of correspondence author after online publication of paper.
We will dispatched hard copy to the author within 7 days of date of publication
Passive monitoring to build Situational AwarenessDavid Sweigert
Passive network monitoring techniques can provide valuable situational awareness for network security professionals. The document describes techniques for passively discovering information about nodes on a network, including operating systems, roles, services, and configurations. This contextual information helps analysts by reducing false positives and focusing resources. The passive approach does not disrupt networks and can operate continuously, in contrast to active scanning tools. A network monitoring prototype is being developed to test these passive discovery techniques.
The document describes a proposed system for secure and efficient data transmission in cluster-based wireless sensor networks. It proposes two protocols, SET-IBS and SET-IBOOS, that use identity-based digital signatures for security. SET-IBS relies on the Diffie-Hellman problem while SET-IBOOS relies on the discrete logarithm problem. The proposed protocols aim to reduce computational overhead for security compared to existing approaches. Simulations show the proposed protocols have better performance in terms of security overhead and energy consumption.
VESPA- Multi-Layered Self-Protection for Cloud Resources, OW2con'12, ParisOW2
This talk presents VESPA, an open self-protection architecture and framework for cloud infrastructures that overcomes the previous limitations. Developed in the OpenCloudWare project, VESPA adopts a policy-based management approach, and allows a two-level regulation of security, both within a software layer and across layers. Flexible coordination between self-protection loops allows enforcing a rich spectrum of security strategies such as cross-layer detection and reaction. A multi-plane, extensible architecture also enables simple integration of commodity detection and reaction components. Evaluation results on a VESPA KVM-based implementation show that the design is applicable for effective and yet flexible self-protection of cloud infrastructures.
Security and privacy in Wireless Sensor NetworksImran Khan
This document discusses security and privacy issues in emerging wireless networks such as wireless sensor networks and vehicular ad hoc networks. It identifies several factors that make wireless networks more vulnerable than wired networks, such as broadcast communication enabling eavesdropping, mobility revealing user location, and resource constraints opening doors to denial of service attacks. The document examines challenges for unattended wireless sensor networks that operate without a continuous sink presence, and discusses potential solutions like data protection through encryption and authentication. It concludes that new security challenges arise from features like intermittent connectivity, and that infrastructure-independent and new cryptographic techniques are needed to address issues in emerging wireless networks.
HYBRID CRYPTOSYSTEM WITH DNA BASED KEY FOR WIRELESS SENSOR NETWORKSijwmn
A number of various techniques have been already developed for providing security in sensor networks. It may be anticipated that these techniques provide less secure sensor network which has numerous adverse effects associated with them. Thus there is a sufficient scope for improvement of secure electronic communication, as the proficiency of attacks is growing rapidly in wireless sensor networks. DNA steganography is a technique of covered writing, which provides secure system in sensor network to some
extent. Steganography is more effective over cryptography as later one only conceals information but steganography obscures the information, as well as camouflage the data to various attackers. DNA steganography is an inventive approach to reduce the popularity of public key cryptography over the wireless sensor networks. In the proposed work, a secret key is introduced which is purely based on DNA
sequence named as DNA stego key and is only known to sender and receiver. This DNA stego key is used to
hide information and is stored in a carrier. The proposed technique is implemented using java to verify its
correctness
The document proposes a security model for wireless sensor networks using zero knowledge protocol. It addresses security threats like cloning attacks, man-in-the-middle attacks, and replay attacks. The model uses a unique fingerprint for each node based on its neighboring nodes to detect cloning. It also uses zero knowledge protocol for sensor nodes to verify authenticity without transmitting cryptographic information, preventing man-in-the-middle and replay attacks. The paper analyzes the performance and security of the proposed model.
Describes the term Internet of Things IoT security architecture based on Software Defined Networking SDN . In this context, building on SDN works with or without infrastructure. This is called the SDN domain. This work describes the mechanics of the proposed architecture and reduces the chances of using SDN to achieve more effective and flexible network security. It outlined the issues associated with current SDN security applications and introduced a new IoT system plan. This document has discussed the management of Internet access for specific networks and monitoring of global traffic. Finally, it describes the choice of architecture for SDN using OpenFlow and discusses the resulting results. M. Silambarasan | B. Michael Vinoline Rinoj | V. Karthik ""A Novel SDN Architecture for IoT Security"" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-4 | Issue-2 , February 2020, URL: https://www.ijtsrd.com/papers/ijtsrd29908.pdf
Paper Url : https://www.ijtsrd.com/engineering/electronics-and-communication-engineering/29908/a-novel-sdn-architecture-for-iot-security/m-silambarasan
This document proposes a secure communication framework for embedded networking. The framework aims to be platform neutral and hardware independent. It incorporates a secured database containing all possible system events. Embedded systems can authenticate and access this database. The framework also protects the communication channel by encrypting transmissions, secure handshaking, and using self-adaptive frame structures. It references event indexes from the database rather than transmitting actual information. The database is dynamically recreated on each power-on to change event indexes and improve security. The framework is designed to be easily implemented using proven security technologies while providing modest protection for embedded network devices.
A key management approach for wireless sensor networksZac Darcy
In this paper we presenta key management approach for wireless sensor networks. This approach
facilitating an efficient scalable post-distribution key establishment that provides different security services.
We have developed and tested this approach under TinyOs. Result shows that this approach provides
acceptable resistance against node capture attacks and replay attacks. The provision of security services is
completely transparent to the user of the WSNs. Furthermore, being highly scalable and lightweight, this
approach is appropriate to be used in a wireless sensor network of hundreds of nodes.
The document discusses wireless body area networks and wireless sensor networks. It describes the goals of the project which are to implement the Tate pairing and Weil pairing protocols, analyze their performance with respect to time and memory consumption, and implement the better performing one for security purposes. The document provides background on sensor network technology, including how sensors have evolved from large specialized systems to smaller low-power devices. It outlines some of the applications of wireless sensor networks.
This document discusses security issues related to wireless sensor networks. It begins with an introduction to wireless sensor networks and an overview of security challenges due to limited sensor node capabilities. It then summarizes common attacks on different layers of wireless sensor networks and discusses security objectives. The document outlines key areas of research on sensor network security including key management, secure time synchronization, and secure routing. It provides details on different key management schemes, time synchronization protocols, and discusses vulnerabilities of existing synchronization schemes to various attacks.
This document discusses security challenges in wireless sensor networks. It outlines key challenges like limited energy and communication capabilities as sensors are often deployed in accessible areas. It discusses approaches for secure key establishment, privacy concerns around surveillance, threats like denial of service attacks, and the need for secure routing, intrusion detection, and data aggregation given the resource constraints of sensor networks. Research is still needed to address security challenges posed by the unique aspects of sensor network environments and applications.
2.espk external agent authentication and session key establishment using publ...EditorJST
Wireless sensor networks (WSNs) have recently attracted a lot of interest in the research community due their wide range of applications. Due to distributed and deployed in a un attend environment, these are vulnerable to numerous security threats. In this paper, describe the design and implementation of public-key-(PK)-based protocols that allow authentication and session key establishment between a sensor network and a third party. WSN have limitations on computational capacity, battery etc which provides scope for challenging problems. We fundamentally focused on the security issue of WSNs The proposed protocol is efficient and secure in compared to other public key based protocols in WSNs.
Next Generation Network: Security and Architectureijsrd.com
Wireless sensor networks will be widely deployed in the near future. While much research has focused on making these networks feasible and useful, security has received little attention. Wireless Sensor Networks (WSN) are a most challenging and emerging technology for the Research due to their vital scope in the field coupled with their low processing power and associated low energy. As wireless sensor networks continue to grow, so does the need for effective security mechanisms. Because sensor networks may interact with sensitive data and/or operate in hostile unattended environments, it is imperative that these security concerns be addressed from the beginning of the system design staring with a brief overview of the sensor networks security, a review is made of and how to provide the security in the wireless sensor networks. This paper studies the security problems, Requirement, Architecture of WSN and different platform, characterized by severely constrained computational and energy resources, and an ad hoc operational environment.
Performance Analysis of Wireless Trusted Software Defined NetworksIRJET Journal
This document analyzes the performance of wireless trusted software defined networks (SDNs) by considering metrics like energy consumption, throughput, end-to-end delay, and packet delivery ratio. It finds that SDNs perform better than conventional networks without SDN capabilities. It also compares the energy consumption of different SDN topology models. The key findings are that SDNs provide centralized control, programmability, and flexibility that improve performance compared to traditional networks. Additionally, different SDN topology models have varying levels of energy efficiency.
A Security Framework for Replication Attacks in Wireless Sensor NetworksIJMER
International Journal of Modern Engineering Research (IJMER) is Peer reviewed, online Journal. It serves as an international archival forum of scholarly research related to engineering and science education.
Data Security and Data Dissemination of Distributed Data in Wireless Sensor N...IJERA Editor
The document discusses a data dissemination protocol called seDrip for wireless sensor networks. seDrip allows multiple authorized network users to simultaneously distribute data items directly to sensor nodes, without relying on a central sink node. It implements authentication using digital signatures to provide security and prevent unauthorized access. The protocol is analyzed and shown to satisfy security requirements like authenticity, integrity, and resistance to denial-of-service attacks. RSA encryption is used to encode data for confidentiality.
Agent based intrusion detection, response and blocking using signature method...Mumbai Academisc
This document discusses an approach to intrusion prevention using active networks. It proposes using agents for intrusion detection and response that are integrated with a collaborative intrusion detection system (IDS) to provide a wider array of information. Signatures are used to detect intrusions, and when detected, responses include blocking the connection to prevent further access to data. The system is intended to provide rapid detection and response to evolving network threats.
Security and risk analysis in the cloud with software defined networking arch...IJECEIAES
Cloud computing has emerged as the actual trend in business information technology service models, since it provides processing that is both costeffective and scalable. Enterprise networks are adopting software-defined networking (SDN) for network management flexibility and lower operating costs. Information technology (IT) services for enterprises tend to use both technologies. Yet, the effects of cloud computing and software defined networking on business network security are unclear. This study addresses this crucial issue. In a business network that uses both technologies, we start by looking at security, namely distributed denial-of-service (DDoS) attack defensive methods. SDN technology may help organizations protect against DDoS assaults provided the defensive architecture is structured appropriately. To mitigate DDoS attacks, we offer a highly configurable network monitoring and flexible control framework. We present a dataset shift-resistant graphic model-based attack detection system for the new architecture. The simulation findings demonstrate that our architecture can efficiently meet the security concerns of the new network paradigm and that our attack detection system can report numerous threats using real-world network data.
A SURVEY ON WIRELESS SENSOR NETWORKS SECURITY WITH THE INTEGRATION OF CLUSTER...cscpconf
The document discusses key establishment techniques and cluster-based group key agreement protocols for wireless sensor networks. It reviews pairwise keying, clustering, and how integrating the two can provide security. Several cluster-based group key agreement protocols are described, including HKAP, GKA-CH, PB-GKA-HGM, and AP-1 and AP-2. These protocols establish cluster and group keys using different hierarchical structures and key agreement methods. The document concludes by comparing the protocols based on their topology and structure.
A survey on wireless sensor networks security with the integration of cluster...csandit
Keying technique in Wireless Sensor Networks(WSNs) is one of the most emerging fields of
WSN security. In order to provide security on WSN, the role of Key distribution technique is
considered to be very significant and thus the key management plays a crucial and fundamental
roles in the security service of WSNs. This paper reviews pairwise key establishment technique
along with the architecture and the environment of WSN. The cluster based group key
agreement protocols for infrastructure base WSN are discussed in this paper. This paper also
reviews how the security can be provided to WSNs with the integration of clustering and keying
techniques. The survey also provides a more detailed discussion on the comparison between
different cluster based group key agreement protocols.
Network Security Roadmap have some perception of provided securityslametarrokhim1
The document discusses security considerations for 5G networks. It notes that 5G networks integrate new technologies like SDN, virtualization and service-based architecture that introduce new threat models beyond those of previous generations. Effective 5G security will require measures across multiple layers, including mutual authentication, cloud-based threat analysis, quarantining infected devices, and multi-layered encryption of SDN data planes. The document also proposes studying vulnerabilities emerging from the integration of 5G components and systems, as well as formulating new stream ciphers, security protocols, and analyzing security challenges across application, edge and cloud layers.
The document discusses security mechanisms for spontaneous networks. It begins with an overview of the growth of mobile communications and challenges in configuring services and providing security in spontaneous networks that imitate human relationships. Key management schemes are needed for node authorization and user authentication in mobile ad hoc networks. Existing methods require initial configuration or external authorities. The proposed system aims to reduce dependence on a central authority for re-authentication to avoid possible attacks, increase performance by reducing server utilization, and implement a workload mechanism for efficient server usage.
Cloud Computing intends a trend in computing model arises many security issues in all levels such as: network, application, data and host.
These models put up different challenges in security
Depending on consumers, models QOS(quality of service) requirements. Privacy, authentication, secre-cy are main concern for both consumers and cloud providers. IaaS serves as base for other models, if the security in this model is uncertain; it will affect the other models too. This paper delivers a examine the countermeasures and exposures. As a research we project security Assessment and improvement in Iaas layer.
The document describes a security protocol called SPINS (Security Protocols for Sensor Networks) that is optimized for resource-constrained wireless sensor networks. SPINS consists of two security building blocks: SNEP and TESLA. SNEP provides data confidentiality, authentication, integrity and freshness with low overhead. TESLA provides authenticated broadcast, which is challenging for sensor networks. The protocols were implemented on prototype sensor nodes and shown to perform well within the limited capabilities of the hardware.
As sensor networks edge closer towards wide-spread placement, security issues become a central concern. So far, much research has concentrated on making sensor networks feasible and useful, and has not focused on security.
We present a set of security building blocks optimized for resource constrained environments and wireless communication. SPINS has two secure building blocks: SNEP and TESLA. SNEP provides the following important baseline security primitives: Data confidentiality, two-party data authentication, and data freshness. A particularly hard problem is to provide effective broadcast authentication, which is an important mechanism for sensor networks. TESLA is a new protocol which provides authenticated broadcast for severely resource-constrained surroundings. We realized the above protocols, and show that they are practical straighly on minimal hardware: the performance of the protocol suite easily matches the data rate of our network. Additionally, we prove that the suite can be used for building higher level protocols
Whitepaper - Software Defined Networking for the Telco Industryaap3 IT Recruitment
is SDN (Software Defined Networking) the next big thing in Network Security, or another headache and potential skills gap for the next generation of business networks?
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Full-RAG: A modern architecture for hyper-personalizationZilliz
Mike Del Balso, CEO & Co-Founder at Tecton, presents "Full RAG," a novel approach to AI recommendation systems, aiming to push beyond the limitations of traditional models through a deep integration of contextual insights and real-time data, leveraging the Retrieval-Augmented Generation architecture. This talk will outline Full RAG's potential to significantly enhance personalization, address engineering challenges such as data management and model training, and introduce data enrichment with reranking as a key solution. Attendees will gain crucial insights into the importance of hyperpersonalization in AI, the capabilities of Full RAG for advanced personalization, and strategies for managing complex data integrations for deploying cutting-edge AI solutions.
GridMate - End to end testing is a critical piece to ensure quality and avoid...ThomasParaiso2
End to end testing is a critical piece to ensure quality and avoid regressions. In this session, we share our journey building an E2E testing pipeline for GridMate components (LWC and Aura) using Cypress, JSForce, FakerJS…
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
How to Get CNIC Information System with Paksim Ga.pptxdanishmna97
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!SOFTTECHHUB
As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfMalak Abu Hammad
Discover how MongoDB Atlas and vector search technology can revolutionize your application's search capabilities. This comprehensive presentation covers:
* What is Vector Search?
* Importance and benefits of vector search
* Practical use cases across various industries
* Step-by-step implementation guide
* Live demos with code snippets
* Enhancing LLM capabilities with vector search
* Best practices and optimization strategies
Perfect for developers, AI enthusiasts, and tech leaders. Learn how to leverage MongoDB Atlas to deliver highly relevant, context-aware search results, transforming your data retrieval process. Stay ahead in tech innovation and maximize the potential of your applications.
#MongoDB #VectorSearch #AI #SemanticSearch #TechInnovation #DataScience #LLM #MachineLearning #SearchTechnology
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
1. TinySec: A Link Layer Security Architecture for
Wireless Sensor Networks
Chris Karlof Naveen Sastry David Wagner
ckarlof@cs.berkeley.edu nks@cs.berkeley.edu daw@cs.berkeley.edu
UC Berkeley UC Berkeley UC Berkeley
ABSTRACT challenge that faces us is the question of how to secure sen-
We introduce TinySec, the first fully-implemented link layer sor networks: without adequate security, widespread deploy-
security architecture for wireless sensor networks. In our ment could be curtailed.
design, we leverage recent lessons learned from design vul- We have taken up this challenge and introduce TinySec,
nerabilities in security protocols for other wireless networks a lightweight, generic security package that developers can
such as 802.11b and GSM. Conventional security protocols easily integrate into sensor network applications. We fore-
tend to be conservative in their security guarantees, typi- see TinySec will cover the basic security needs of all but
cally adding 16–32 bytes of overhead. With small memories, the most security critical applications. As a part of this,
weak processors, limited energy, and 30 byte packets, sensor we were motivated by an observation about 802.11 wireless
networks cannot afford this luxury. TinySec addresses these networks: several studies report that 50-80% of all 802.11
extreme resource constraints with careful design; we explore wireless networks operate in the clear, without any crypto-
the tradeoffs among different cryptographic primitives and graphic protection whatsoever [24, 36, 37, 45]. To achieve
use the inherent sensor network limitations to our advan- high deployment rates in sensor networks, we believe that a
tage when choosing parameters to find a sweet spot for secu- security system must be easy to use and minimally impact
rity, packet overhead, and resource requirements. TinySec is performance. Failure to meet either requirement creates a
portable to a variety of hardware and radio platforms. Our justifiable reason for developers to leave out security.
experimental results on a 36 node distributed sensor net- We base the design of TinySec on existing security primi-
work application clearly demonstrate that software based tives that other researchers have proven to be secure. Using
link layer protocols are feasible and efficient, adding less these primitives, we design a lightweight and efficient link-
than 10% energy, latency, and bandwidth overhead. layer security protocol that is tailored to sensor networks.
We describe a complete solution, defining packet formats
and application interfaces, and provide a detailed perfor-
Categories and Subject Descriptors mance characterization. Previous work, such as SNEP [33],
D.4.6 [Operating Systems]: Security and Protection Cryp- analyzed aspects of the design space. Many of their design
tographic controls choices are sound, but further experience with sensor net-
works lead us to reevaluate their work as researchers gain
more understanding of the limitations and capabilities of the
General Terms devices. Correspondingly, we note that much of the value of
Security, Design a link-layer security system comes from the higher level al-
gorithms with which it is paired. We designed TinySec with
this in mind and built TinySec as a research platform for
Keywords use in testing and evaluating higher level security packages.
Sensor Network Security, Link Layer Security One of the major barriers to deploying security on sensor
networks is that current sensor devices have limited compu-
tation and communication capabilities. Since cryptography
1. INTRODUCTION & MOTIVATION is not free, these performance constraints pose a non-trivial
There is considerable excitement about new applications challenge for any system that would incorporate cryptogra-
enabled by sensor networks, and we are on the cusp of a phy into sensor networks. We expect that people will use
broader deployment of these technologies. However, one Moore’s law to drive down the cost of these devices and
not to increase their performance capabilities. But with a
careful analysis, we can use the inherent limitations to our
advantage. For example, the bandwidth of the wireless chan-
Permission to make digital or hard copies of all or part of this work for nel used in sensor networks is significantly less than that of
personal or classroom use is granted without fee provided that copies are conventional networks. This implies that even a powerful
not made or distributed for profit or commercial advantage and that copies adversary is limited in how many packets per second she
bear this notice and the full citation on the first page. To copy otherwise, to can inject or eavesdrop on. Designing protocols that rely on
republish, to post on servers or to redistribute to lists, requires prior specific
permission and/or a fee.
properties such as these is one strategy we take in reducing
SenSys’04, November 3–5, 2004, Baltimore, Maryland, USA. overhead. Our design choices are driven by sensor network
Copyright 2004 ACM 1-58113-879-2/04/0011 ...$5.00.
2. capabilities and realities; this ultimately separates TinySec very little computational power; even efficient public-key
from other low overhead security protocols. cryptography and fast symmetric ciphers must be used with
Before this work, an interesting open problem was whether care. There is considerable pressure to ensure that our se-
software cryptography could achieve acceptable performance curity protocols use a minimal amount of the limited RAM.
on typical sensor platforms, or whether hardware assistance Additionally, communication bandwidth is extremely dear:
would be needed. Many previous systems (e.g., GSM, Blue- each bit transmitted consumes about as much power as exe-
tooth, 802.15.4) took the stance that hardware is needed. In cuting 800–1000 instructions [23], and as a consequence, any
contrast, we show that, with sufficient engineering effort, it message expansion caused by security mechanisms comes at
is possible to encrypt and authenticate all communications significant cost. Energy is the scarcest resource of all: each
entirely in software, without special hardware, and without milliamp consumed is one milliamp closer to death, and as
major performance degradation. a result, nearly every aspect of sensor networks must be de-
The main contributions of this paper are: signed with power in mind.
• We introduce TinySec, the first fully-implemented pro- 2.1 Security risks and threat models in sensor
tocol for link-layer cryptography in sensor networks. networks
We have incorporated our implementation of TinySec
Because sensor networks use wireless communication, they
into the official TinyOS release.
are vulnerable to attacks which are more difficult to launch
• We explore some of the tradeoffs between performance, in the wired domain. Many wired networks benefit from
transparency, and cryptographic security, and we pro- their inherent physical security properties. It is unlikely that
pose a design that meets the needs of applications in an adversary will dig up the Internet backbone and splice
the sensor network space. into the line. However, wireless communications are diffi-
cult to protect; they are by nature a broadcast medium. In
• We measure the bandwidth, latency, and energy costs a broadcast medium, adversaries can easily eavesdrop on,
of our implementation of TinySec and show that they intercept, inject, and alter transmitted data. In addition,
are minimal for sensor network applications. This demon- adversaries are not restricted to using sensor network hard-
strates for the first time that it is feasible to imple- ware. They can interact with the network from a distance
ment acceptable cryptographic protection for sensor by using expensive radio transceivers and powerful worksta-
networks entirely in software. tions.
Sensor networks are vulnerable to resource consumption
• TinySec is a research platform that is easily extensible attacks. Adversaries can repeatedly send packets to drain
and has been incorporated into higher level protocols. the nodes’ batteries and waste network bandwidth. Since
We have evidence of several sensor network security sensor networks will be deployed in a variety of physically
projects using TinySec in their research. insecure environments, adversary can steal nodes, recover
their cryptographic material, and pose as authorized nodes
2. SENSOR NETWORKS in the network. However, we do not address these threats.
We use the term sensor network to refer to a heteroge- Our focus is on guaranteeing message authenticity, integrity,
neous system combining tiny sensors and actuators with and confidentiality. We do not address resource consump-
general-purpose computing elements. We envision sensor tion attacks, physical tamper resistance, or node capture
networks will consist of hundreds or thousands of low-power, attacks.
low-cost wireless nodes deployed en masse to monitor and
affect the environment. Applications include habitat mon- 2.2 Motivation for link-layer security in sen-
itoring [5, 31, 39], burglar alarms, inventory control, medi- sor networks
cal monitoring and emergency response [44], and battlefield In conventional networks, message authenticity, integrity,
management [17]. and confidentiality are usually achieved by an end-to-end
A representative sensor node is the Mica2 [23], a several security mechanism such as SSH [47], SSL [3], or IPSec [4]
cubic inch sensor/actuator unit with a CPU, radio, power because the dominant traffic pattern is end-to-end commu-
source, and optional sensing elements. The processor is a nication; intermediate routers only need to view message
8 MHz 8-bit Atmel ATMEGA128L CPU with 128 kB of headers and it is neither necessary nor desirable for them to
instruction memory, 4 kB of RAM for data, and 512 kB of have access to message bodies.
flash memory. It features a low-powered radio from Chipcon, This is not the case in sensor networks. The dominant
delivering up to 19.2 kbps application bandwidth on a single traffic pattern in sensor networks is many-to-one, with many
shared channel and with a range of up to around hundred sensor nodes communicating sensor readings or network events
meters. At full power, the Mica2 sensor node can run for over a multihop topology to a central base station. However,
only two weeks or so before exhausting its batteries. neighboring nodes in sensor networks often witness the same
Mica2 sensor nodes run TinyOS [23], an event-driven op- or correlated environmental events, and if each node sends a
erating system for networked applications in wireless em- packet to the base station in response, precious energy and
bedded systems. The memory footprint of TinyOS is small, bandwidth are wasted. To prune these redundant messages
with the core components requiring only 400 bytes of data to reduce traffic and save energy, sensor networks use in-
and instruction memory. TinyOS supports other hardware network processing such as aggregation and duplicate elim-
platforms as well. ination [29, 30]. Since in-network processing requires inter-
It is clear that we must discard many preconceptions about mediate nodes to access, modify, and suppress the contents
network security: sensor networks differ from other dis- of messages, it is unlikely we can use end-to-end security
tributed systems in important ways. These devices have mechanisms between each sensor node and the base station
3. to guarantee the authenticity, integrity, and confidentiality play protection is a difficult problem when there is a limited
of these messages. amount of state that each recipient keeps.
End-to-end security mechanisms are also vulnerable to A common defense is to include a monotonically increas-
certain denial of service attacks. If message integrity is ing counter with every message and reject messages with old
only checked at the final destination, the network may route counter values. With this policy, every recipient must main-
packets injected by an adversary many hops before they are tain a table of the last value from every sender it receives.
detected. This kind of attack will waste precious energy However, for RAM-constrained sensor nodes, this defense
and bandwidth. A link-layer security architecture can de- becomes problematic for even modestly sized networks. As-
tect unauthorized packets when they are first injected into suming nodes devote only a small fraction of their RAM for
the network. Link-layer security mechanisms have been pro- this neighbor table, an adversary replaying broadcast mes-
posed for wired networks to resist similar denial of service sages from many different senders can fill up the table. At
attacks [22]. this point, the recipient has one of two options: ignore any
For the above reasons, we decided on a link-layer secu- messages from senders not in its neighbor table, or purge en-
rity architecture for TinySec. Link-layer security mecha- tries from the table. Neither is acceptable; the first creates a
nisms guarantee the authenticity, integrity, and confidential- DoS attack and the second permits replay attacks. This is a
ity of messages between neighboring nodes, while permitting realistic concern. If each counter requires 4 bytes and there
in-network processing. Despite the problems enumerated is only 100 bytes of RAM available for the neighbor table
above, end-to-end security mechanisms can still useful in (2.5% of the total RAM), networks larger than 25 nodes will
sensor networks and complement TinySec.1 be vulnerable.
However, the application layer may be better equipped
to manage the replay table if it expects certain communica-
3. DESIGN GOALS tion patterns or has information about the network topology.
We have three goals for a link layer security mechanism This type of information is typically not available at the link
in sensor networks: security, performance, and usability. layer. For example, if the physical topology implies that only
nodes 1, 2, 3, 4 should be able to communicate with node
3.1 Security goals 5, an application running on node 5 can efficiently manage
A link layer security protocol should satisfy three basic the neighbor table by only keeping replay counter entries for
security properties: access control, message integrity, and these four nodes. For this reason, we believe replay protec-
message confidentiality. tion belongs not in the link-layer, but rather in higher layers
of the protocol stack. By using information about the net-
Access control and message integrity. Access control work’s topology and communication patterns, the applica-
means the link layer protocol should prevent unauthorized tion and routing layers can properly and efficiently manage
parties from participating in the network. Legitimate nodes a limited amount of memory devoted to replay detection.
should be able to detect messages from unauthorized nodes
and reject them. Closely related to message authenticity is 3.2 Performance
message integrity: if an adversary modifies a message from A system using cryptography will incur increased over-
an authorized sender while the message is in transit, the re- head in the length of messages sent as well as in extra de-
ceiver should be able to detect this tampering. We provide mands on the processor and RAM. The increased message
message authentication and integrity by including a message length can decrease message throughput and increase la-
authentication code with each packet. We discuss message tency, but more importantly for sensor networks, it will also
authentication codes in more detail in Section 4. increase power consumption. We would like to impose only a
modest increase in power consumption when using TinySec
Confidentiality. Confidentiality means keeping information and achieve comparable channel utilization and latency.
secret from unauthorized parties. It is typically achieved Due to the extreme resource limitations in sensor net-
with encryption. Preferably, an encryption scheme should works, it is important to carefully tune the strength of the
not only prevent message recovery, but also prevent adver- security mechanisms in a way that provides reasonable pro-
saries from learning even partial information about the mes- tection while limiting overhead. This is in sharp contrast to
sages that have been encrypted. This strong property is conventional network security where the difference between
known as semantic security [8]. Semantic security implies 8 or 16 bytes of overhead is often inconsequential. Cryp-
adversaries should have no better than a 50% chance in cor- tography designed for conventional networks is conservative
rectly answering any yes or no question about an encrypted because it can afford to be. In sensor networks, 8 bytes is
message. We discuss mechanisms for achieving semantic se- nearly 25% of the total packet size, and overly conservative
curity in more detail in Section 4. choices of security parameters will consume resources too
quickly.
Explicit omission: Replay protection. An adversary that
eavesdrops on a legitimate message sent between two autho- 3.3 Ease of use
rized nodes and replays it at some later time engages in a
replay attack. Since the message originated from an autho- Security platform. We expect higher level security proto-
rized sender, the same receiver will accept it again. Re- cols will rely on the link-layer security architecture as a prim-
1
By removing the link-layer protocol headers, the TinySec itive. For example, key distribution protocols, some of which
packet format could be used in an end-to-end security pro- utilize public key cryptography, could use TinySec to create
tocol as well. We do not address this modification in this secure pairwise communication between neighboring nodes.
paper. To reduce the effort in implementing these protocols, Tiny-
4. Sec must provide the right set of interfaces to facilitate their Initialization vectors (IVs). Recall we want our encryp-
development. tion mechanism to achieve semantic security (Section 3.1).
One implication of semantic security is that encrypting the
Transparency. A major challenge in deploying security mech- same plaintext two times should give two different cipher-
anisms is the difficulty in properly using and implementing texts. A common technique for achieving semantic security
them. Frequently, application programmers are unsure of is to use a unique initialization vector (IV) for each invo-
appropriate security parameters. Also, if the secure commu- cation of the encryption algorithm. An IV can be thought
nication mechanism requires different APIs than the stan- of as a side input to the encryption algorithm. The main
dard mechanism, then migrating legacy applications will be purpose of IVs is to add variation to the encryption process
difficult. Of course, if it is not easy to enable the security when there is little variation in the set of messages. Since
features, many users and programmers will disable it and the receiver must use the IV to decrypt messages, the se-
continue to operate insecurely. curity of most encryption schemes do not rely on IVs being
To alleviate these problems, an important design goal of secret. IVs are typically sent in the clear and are included
TinySec is that it should be transparent to applications run- in the same packet with the encrypted data. We discuss IVs
ning on TinyOS. To achieve this goal, we structured Tiny- further in Section 5, including their necessary length and
Sec as a link-layer security protocol. We believe that trans- how to generate them.
parency will play a crucial role in enabling widespread de- It might seem that given the resource constraints in sen-
ployment of TinySec and other security mechanisms. sor networks, we could give up semantic security to eliminate
At the same time, we try to make it easy for security- the additional packet overhead required by an IV. However,
aware applications to customize the level of security that semantic security is almost always necessary and desirable,
TinySec provides: application programmers should be able even in resource constrained environments. Consider ap-
to adjust the security performance tradeoffs if they have a plication messages with low entropy, such as YES or NO
greater understanding of their application’s security needs. messages that are sent periodically to report environmental
events such as movement. Without using an IV, all encryp-
Portability. An additional goal of TinySec is that it should tions of YES messages are identical. Once an adversary
be portable. TinyOS runs on a host of different platforms, determines what a YES message looks like, confidentiality
including processors manufactured by Texas Instruments, is lost; the adversary can determine the contents of every
Atmel, Intel x86, and StrongArm. TinyOS also supports YES/NO message by simply looking at its encryption.
two radio architectures: the Chipcon CC1000 and the RFM
TR1000. A radio stack bridges these two pieces of hardware.
A link layer security architecture should fit into the radio
5. DESIGN OF TINYSEC
stack so that porting the radio stack from one platform to
another is a simple job. 5.1 Existing schemes are inadequate
Using cryptography to secure an untrusted channel has
been well-studied in the literature, and there are a plethora
of existing schemes that try to achieve this goal. In the
4. SECURITY PRIMITIVES networking community, protocols such as IPSec, SSL/TLS,
In this section, we give background on some well-studied and SSH all do a satisfactory job of securing Internet com-
cryptographic primitives commonly used to achieve our se- munications. However, these protocols are too heavy-weight
curity goals. We apply these primitives in TinySec. for use in sensor networks. Their packet formats add many
bytes of overhead, and they were not designed to run on
Message authentication codes (MACs). A common so- computationally-constrained devices.
lution for achieving message authenticity and integrity is to The wireless, cellular telephony, and ad-hoc networking
use a message authentication code (MAC).2 A MAC can be communities have developed schemes closer to our needs,
viewed as a cryptographically secure checksum of a message. but even there, the existing designs have serious limitations.
Computing a MAC requires authorized senders and receivers The closest previous work is SNEP [33], which specifically
to share a secret key, and this key is part of the input to a targets sensor networks, but SNEP was unfortunately nei-
MAC computation. The sender computes a MAC over the ther fully specified nor fully implemented. Refer to Sec-
packet with the secret key and includes the MAC with the tion 10 for further discussion of these wireless security mech-
packet. A receiver sharing the same secret key recomputes anisms.
the MAC and compares it with the received MAC value. If The conclusion is that existing schemes are either insecure
they are equal, the receiver accepts the packet and rejects or too resource intensive for use in sensor networks, and we
it otherwise. MACs must be hard to forge without the se- must design a new scheme.
cret key. This implies if an adversary alters a valid message
or injects a bogus message, she cannot compute the corre- 5.2 TinySec design
sponding MAC value, and authorized receivers will reject TinySec supports two different security options: authen-
these messages. ticated encryption (TinySec-AE) and authentication only
(TinySec-Auth). With authenticated encryption, TinySec
2 encrypts the data payload and authenticates the packet with
There is an unfortunate name collision between the cryp- a MAC. The MAC is computed over the encrypted data and
tographic and networking community. We will refer to the
acronym “MAC” only in the cryptographic sense and use the packet header. In authentication only mode, TinySec
“media access control” to refer to protocols governing ac- authenticates the entire packet with a MAC, but the data
cess to channel. payload is not encrypted.
5. 5.2.1 Encryption this principle, so the only alternative is to use a mode of
Using semantically secure encryption typically requires operation based on a block cipher [11].
two design decisions: selecting an encryption scheme and A block cipher is a keyed pseudorandom permutation over
specifying the IV format. In our design of TinySec, we use a small bit strings, typically 8 or 16 bytes. Examples of block
specially formatted 8 byte IV, and we use cipher block chain- ciphers include DES, AES, RC5, and Skipjack. Since we
ing (CBC) [8]. In this section, we introduce the structure of usually want to encrypt and authenticate messages longer
our IV format and argue why CBC is the most appropriate than 8 or 16 bytes, block ciphers require a mode of operation
encryption scheme for sensor networks. to encrypt longer messages. For a k byte block cipher, a
mode of operation typically breaks a message into segments
TinySec IV format. Recall that our goal is to see how much of k bytes and uses the block cipher in a special way to
we can reduce the cost of security. The length of our IV, and encrypt the message block by block.
the way we generate IVs, can have a dramatic effect on both Using a block cipher for encryption has an additional ad-
security and on performance. If the IV is too long, we will vantage. Since the most efficient message authentication
add unnecessary bits to the packet, which translates to a code (MAC) algorithms use a block cipher, the nodes will
significant cost in overall throughput and in energy drain. need to implement a block cipher in any event. Using this
At the same time, if the IV is too short, we run the risk that block cipher for encryption as well conserves code space.
the IV will repeat, and then our security warranty is void. If we use block ciphers for encryption, we must choose a
How long is long enough? By the pigeonhole principle, a mode of operation. One natural choice is counter (CTR)
n-bit IV is guaranteed to repeat after 2n +1 packets are sent, mode [8]; however, CTR mode is a stream cipher mode of
no matter how we choose the IV. If we use a n-bit counter, operation, and shares all the problems as any other stream
repetitions will not occur before that point. However, for cipher. Therefore, we rejected CTR mode.
some IV generation strategies, repetitions may occur earlier. Another natural choice is cipher block chaining (CBC)
If we choose each IV as a random n-bit value, then by the mode [8]. CBC mode is better: it degrades more gracefully
birthday paradox, we expect (probabilistically) to see the in the presence of repeated IVs. In particular, if we encrypt
two plaintexts P, P with the same IV under CBC mode,
first repetition after roughly 2n/2 packets have been sent.
then the ciphertexts will leak the length (in blocks) of the
Therefore, we use a counter in our IV, and we transmit it
longest shared prefix of P and P , and nothing more. For in-
in the packet so that the receiver can learn the value of the
stance, if the first block of P is different from the first block
counter.
of P , as will typically be the case, then the cryptanalyst
The structure of the IV is dst||AM|| ||src||ctr, where dst
learns nothing apart from this fact. Consequently, CBC
is the destination address of the receiver, AM is the ac-
leaks only a small amount of information in the presence
tive message (AM) handler type, is the length of the data
of repeated IVs, a significant improvement over a stream
payload, src is the source address of the sender, and ctr is
cipher. CBC mode is provably secure when IVs do not re-
a 16 bit counter. The counter starts at 0, and the sender
peat [8].
increases it by 1 after each message sent. We analyze the
CBC mode was designed to be used with a random IV,
security of this construction in Section 6.2.
and CBC mode has a separate leakage issue when used with
a counter as IV. Suppose we encrypt two plaintexts P, P
Encryption schemes. In this section we argue why CBC is under IV, IV , respectively. If P1 ⊕ IV = P1 ⊕ IV (where
the most appropriate encryption scheme for sensor networks. P1 denotes the first block of P , etc.), then the first block
Symmetric key encryption schemes generally fall into two of ciphertexts will be equal, and this discloses the value
categories: stream ciphers and modes of operation using P1 ⊕ P1 . In some cases, this can leak partial information
block ciphers. about plaintexts. For instance, suppose the IV is a counter,
A stream cipher (typically) uses a key K and IV as a and let IV, IV be two consecutive IVs. We will often have
seed and stretches it into a large pseudorandom keystream IV = IV ⊕ 1. If the plaintexts occasionally satisfy the
GK (IV ). The keystream is then xored against the message: same pattern, i.e., P = P ⊕ 1, then we will have occasional
C = (IV, GK (IV ) ⊕ P ). The fastest stream ciphers are leakage. This is undesirable.
faster than the fastest block ciphers [41], which might make Fortunately, there is a simple fix that allows CBC mode to
them look tempting in a resource-constrained environment. be used with any non-repeating IV. The fix is to pre-encrypt
However, stream ciphers have a devastating failure mode: if the IV, and we reject standard CBC mode in favor of this
the same IV is ever used to encrypt two different packets, variant.
then it is often possible to recover both plaintexts.3 Naively using CBC mode for encryption with a 8-byte
Guaranteeing that IVs are never reused requires IVs to be block cipher results in ciphertexts which are multiples of
fairly long, say, at least 8 bytes. Since one of our goals is 8 bytes. This may result in message expansion, which in-
to minimize packet overhead, we believe adding 8 additional creases power consumption. We use a technique known as
bytes to a 30-byte packet is unacceptable. The alternative ciphertext stealing [35] to ensure the ciphertext is the same
is require shorter IVs and accept that IV reuse will occur. length as the underlying plaintext. Encrypting data pay-
Therefore, we were guided by the following principle: “Use loads of less than 8 bytes will produce a ciphertext of 8 bytes
an encryption scheme that is as robust as possible in the because ciphertext stealing requires at least one block of ci-
presence of repeated IVs.” Stream ciphers clearly violate phertext. However, the fixed overhead of sending a message
3
(turning on the radio, acquiring the channel, and sending
Given C = (IV, GK (IV )⊕P ) and C = (IV, GK (IV )⊕P ), the start symbol) generally discourages short messages.
one can recover P ⊕ P , which is a lot of information about
P and P . When plaintexts have sufficient redundancy, one
can often recover most or all of P and P from P ⊕ P [15].
6. Block cipher choice. Conventional wisdom says when a 5.3 Packet format
block cipher is needed, choose either AES or Triple-DES. We based TinySec’s packet format on the current packet
However, Triple-DES is too slow for software implementa- format in TinyOS. We show the differences between Tiny-
tion in embedded microcontrollers. Our initial experiments Sec packets and TinyOS packets in Figure 1. The common
showed that AES was quite slow, too. Therefore, we rejected fields are destination address, active message (AM) type,
AES.4 and length. Active message types are similar to port num-
We surveyed other block ciphers to find one that is well- bers in TCP/IP. The AM type specifies the appropriate han-
suited for sensor networks. We found RC5 and Skipjack to dler function to extract and interpret the message on the
most appropriate for software implementation on embedded receiver. These fields are unencrypted because the benefits
microcontrollers. We discuss the performance of these ci- of sending them in the clear generally outweigh any extra
phers in Section 9.1. Although RC5 is slightly faster, it is protection from keeping them secret. To save power, a sen-
patented. Also, for good performance, RC5 requires the key sor node may employ early rejection by turning off its radio
schedule to be precomputed, which uses 104 extra bytes of after determining the message is not addressed to it. With
RAM per key. Because of these drawbacks, the default block broadcast messages, nodes can employ early rejection on
cipher in TinySec is Skipjack. the AM field as well. If the address and AM type are en-
crypted, early rejection cannot be invoked until after these
5.2.2 Message integrity: The need for a MAC fields are decrypted. This wastes power if rejection is fre-
One might ask if encryption is enough; do we need an au- quent. Encrypting the length field adds little to security
thentication mechanism when messages are encrypted? His- since the length of message can be inferred regardless.
tory has proven that using encryption without authentica- To detect transmission errors, TinyOS senders compute a
tion is insecure [10, 12, 27]. For example, flipping bits in 16-bit cycle redundancy check (CRC) over the packet. The
unauthenticated encrypted messages can cause predictable receiver recomputes the CRC during reception and verifies
changes in the plaintext [12], and without an authentica- it with the received CRC field. If they are equal, the receiver
tion mechanism to guarantee integrity, receivers are unable accepts the packet and rejects it otherwise. However, CRCs
to detect the changes. Unauthenticated messages are also provide no security against malicious modification or forgery
vulnerable to cut-and-paste attacks [10]. In a cut-and-paste of packets. To guarantee message integrity and authentic-
attack, an adversary breaks apart an unauthenticated en- ity, TinySec replaces the CRC with a MAC. The MAC pro-
crypted message and constructs another message which de- tects the entire packet, including the destination address,
crypts to something meaningful. For example, if all the au- AM type, length, source address and counter (if present),
thorized nodes share a single key, an adversary can extract and the data (whether encrypted or not). This protects the
the encrypted data payload from a message to one node and data from tampering. It also prevents attackers from re-
send it to different node. Since the encrypted payload is un- directing a packet intended for one node to another node,
altered, the second node will successfully decrypt and accept and prevents packet truncation and other attacks. Since
the message. MACs detect malicious changes, they also detect transmis-
To address these vulnerabilities, TinySec always authen- sion errors, and TinySec does not require a CRC.
ticates messages, but encryption is optional. Message confi- The TinyOS packet format contains a group field to pre-
dentiality is only necessary when there is something to keep vent different sensor networks from interfering with each
secret. Consider a burglar alarm. The actual contents of other. It can thought of as a kind of weak access control
an alarm message could be empty; receiving an alarm mes- mechanism for non-malicious environments. Since TinySec
sage signals an intrusion. Encryption is unnecessary and enforces access control with a MAC, the group byte is un-
only increases latency, computation, and power consump- necessary in TinySec. Instead, different networks should use
tion. However, most all applications require packet authen- different keys.
ticity, meaning authorized nodes will not accept invalid mes-
sages injected by an adversary. In our burglar alarm exam-
ple, this means adversaries cannot trigger false alarms. 6. SECURITY ANALYSIS
TinySec uses a cipher block chaining construction, CBC-
MAC [9], for computing and verifying MACs. CBC-MAC 6.1 Message integrity and authenticity
is efficient and fast, and the fact that it relies on a block The security of CBC-MAC is directly related to the length
cipher as well minimizes the number of cryptographic prim- of the MAC. Conventional security protocols use MACs of
itives we must implement in the limited memory we have 8 or 16 bytes, again erring on the side of caution. We show
available. CBC-MAC is provably secure [9], however the here that our choice of a 4 byte MAC is not detrimental in
standard CBC-MAC construction is not secure for variably the context of sensor networks.
sized messages. Adversaries can forge a MAC for certain We can model TinySec’s CBC-MAC as a function that
messages. Bellare, Kilian, and Rogaway suggest three alter- produces 4 bytes of output [9]. Given a 4 byte MAC, then,
natives for generating MACs for variable sized messages [9]. an adversary has a 1 in 232 chance in blindly forging a valid
The variant we use xors the encryption of the message MAC for a particular message. If an adversary repeatedly
length with the first plaintext block. attempts blind forgeries, she should succeed after about 231
4
tries. Note that adversaries cannot determine off-line if a
We have since been informed that AES can be imple- forgery will be successful or not; an adversary can only test
mented efficiently on our platform, with performance not the validity of an attempted forgery by sending it to an
much worse than RC5 and Skipjack. AES does have the
small disadvantage that its block length is longer. However, authorized receiver. This implies she must send about 231
in retrospect, AES might be a perfectly suitable replace- packets before she can succeed at forging the MAC for a sin-
ment. gle malicious packet. In conventional networks, this number
7. (a) TinySec-AE packet format
(b) TinySec-Auth packet format
(c) TinyOS packet format
Figure 1: The TinySec and TinyOS packet formats. The byte size of each field is indicated below the label.
Fields that have been hatched are protected by the MAC. In TinySec-AE, the data field, shaded gray, is
encrypted.
is not large enough for security. However, in sensor net- the other alternatives are insecure. Having every node gen-
works, this may provide an adequate level of security. Ad- erate IVs from a 4 byte counter starting at 0 is bad idea;
versaries can try to flood the channel with forgeries, but on the first packet sent from one node will reuse the same IV
a 19.2kb/s channel, one can only send 40 forgery attempts as the first packet sent from all other nodes. Generating
per second, so sending 231 packets at this rate would take IVs randomly is also a poor choice; the birthday paradox
over 20 months. Battery-operated sensor nodes do not have implies we can expect a collision after 216 total packets in
enough energy to receive that many messages. Furthermore, the network.
the adversary will have launched a quite effective denial of Our format for the last 4 bytes strives to maximize the
service attack since they need to occupy the radio channel number of packets each node can send before there is a global
for such a long time. repetition of an IV value. The src||ctr format of the last 4
Clearly, it is both desirable and feasible to detect when bytes guarantees each node can send at least 216 packets
such a attack is underway. A simple heuristic is probably before IV reuse occurs. For a network of n nodes all send-
sufficient: nodes could signal the base station when the rate ing packets at approximately the same rate, this results in
of MAC failures exceeds some predetermined threshold. about n·216 total packets before we expect an instance of IV
reuse. In conventional networks, end hosts transmitting at
6.2 Confidentiality 1 Mb/s will send 216 packets in less than an hour. However,
The security of CBC mode encryption reduces to the length since sensor nodes must conserve power to be long-lived, we
of the IV, but this security assumes no IV reuse.5 With an envision the average data rate in most sensor networks will
8 byte counter or 16 byte random IV, avoiding repetition be dramatically less than conventional networks. For ex-
is relatively easy. Although TinySec uses an 8 byte IV, we ample, the sensors deployed at Great Duck Island send a
limited ourselves to 4 additional bytes of overhead in the reading once every 70 seconds [39]. We expect data rates to
packet to represent the IV. The other 4 bytes of the IV bor- be on the order of 1 packet per minute, hour, or day. At
row from the existing header fields: the destination address, one packet per minute per node, IV reuse will not occur for
the AM type, and the length. over 45 days.
TinySec partitions the last 4 bytes of the IV into src||ctr, IV reuse is only a problem when we reuse the same IV
where src is the source address of the sender and ctr is a 16 with the same key. If IV reuse is imminent, a key update
bit counter starting at 0. We selected this format because protocol can be used to exchange new TinySec keys. Other
researchers are currently exploring key update protocols in
5
The security of CBC mode also depends on the security of TinySec, and we do not address them here.
underlying block cipher, but we assume Skipjack is a secure We specifically selected CBC mode for TinySec because
block cipher. of its robustness to information leakage when IVs repeat.
8. In contrast to stream ciphers, where a repeated IV can re- ter resilience against node capture attacks: a compromised
veal the plaintext of both messages, in CBC mode IV reuse node can only decrypt traffic addressed to it and can only
reveals only the length (in blocks) of the longest shared inject traffic to its immediate neighbors. This approach has
prefix of the two messages. The first 4 bytes of the IV, drawbacks. Key distribution becomes challenging, but re-
dst||AM|| , help prevent information leakage during the un- cent research is beginning to address this issue [14, 16, 19,
fortunate event of a counter on a node repeating. If a 28]. Also, per-link keying limits passive participation [26],
counter value for a particular source address is reused, there a type of in-network processing where nodes take actions
is only potential information leakage when the dst||AM|| based on messages they overhear, and local broadcast, where
values are exactly the same for both messages. The means nodes can cheaply send a packet to all their neighbors. Since
both messages were sent to the same destination and AM a node cannot decrypt and authenticate messages not ad-
type, and both messages have the same length. Moreover, dressed to it, passive participation and local broadcast are
even in this case, information only leaks if both plaintexts incompatible with per-link keying.
agree in their first block. Consequently, information only A less restrictive approach is for groups of neighboring
leaks when one node sends two different packets with the nodes to share a TinySec key rather than each pair. This
same first 8 bytes and IV, to the same destination, with the enables passive participation and local broadcast, but key
same AM type, and of the same length. distribution and setup is still an issue. Group keying pro-
In summary, the combination of carefully formatted IVs, vides an intermediate level of resilience to node capture at-
low data rates, and CBC mode for encryption enables Tiny- tacks: a compromised node can decrypt all messages from
Sec to provide strong confidentiality guarantees for appli- nodes in its group, but cannot violate the confidentiality of
cations in sensor networks. Conventional network security other groups’ messages and cannot inject messages to other
protocols are overly conservative because they can afford to groups.
be. In sensor networks we cannot afford this luxury. Fortu-
nately, by selecting the right cryptographic primitives and
using them carefully, we can tune down the security param-
8. IMPLEMENTATION
eters and get the most out of the overhead. We have implemented TinySec for the Berkeley sensor
nodes. TinySec currently runs on the Mica, Mica2, and
Mica2Dot platforms, each using Atmel processors; the Mica
7. KEYING MECHANISMS sensor node uses the RFM TR1000 radio, while the Mica2
A keying mechanism determines how cryptographic keys and Mica2Dot nodes use the Chipcon CC1000 radio. Addi-
are distributed and shared throughout the network. The tionally, TinySec is integrated into the TOSSIM simulator,
TinySec protocol is not limited to any particular keying which runs on an Intel x86 platform. Others have ported
mechanism; any can be used in conjunction with TinySec. TinySec to a Texas Instruments microprocessor. Given the
In this section, we discuss the tradeoffs among different pos- broad range of platforms that TinySec runs on, we believe
sible keying mechanisms in sensor networks. See Table 1 for it will be easily portable to both new processors as well as
a summary. new radio architectures.
The appropriate keying mechanism for a particular net- We implemented TinySec in 3000 lines of nesC code [21],
work depends on several factors such as the target threat the programming language used for TinyOS. Our implemen-
model, ease of use, and the networking and security require- tation of TinySec requires 728 bytes of RAM and 7146 bytes
ments of applications. In cryptographic design, a good rule of program space.6
of thumb is to use different keys for different applications. We modified the default TinyOS 1.1.2 radio stack to in-
When we refer to a TinySec key, we mean a pair of Skipjack corporate TinySec. We modified the stack to re-direct byte
keys, one for encrypting data, and one for computing MACs. level radio events to the TinySecM module.
The simplest keying mechanism is to use a single network- Integration into TinyOS required some modifications to
wide TinySec key among the authorized nodes. A network- the scheduler. When the media access control layer success-
wide shared key provides a baseline level of security, max- fully acquires the channel, it signals TinySecM. At this point,
imizes usability, and minimizes configuration. Any autho- the security module begins the cryptographic computations.
rized node can exchange messages with any other authorized The cryptographic computations must be completed by the
node, and all communication is encrypted. Messages from time the radio finishes sending the start symbol. To achieve
unauthorized nodes are rejected. Key distribution is rela- the real-time deadline, we modified the TinyOS scheduling
tively simple; nodes are loaded with the shared key before process. TinyOS provides a rudimentary form of process
deployment. This also makes it easy to secure legacy ap- management. Tasks run until completion in FIFO order.
plications, since TinySec is transparent and can be enabled One option for implementing TinySec would be to submit
without disrupting existing code. a task with the cryptographic operations to the scheduler.
However, network-wide keying cannot protect against node However, if the task queue is non-empty, the cryptographic
capture attacks. If an adversary compromises a single node operations may not complete in time, since they must wait
or learns the secret key, she can eavesdrop on traffic and until the task queue empties. We instead implement a two-
inject messages anywhere in the network. To address the priority scheduler, where cryptographic operations are run
node capture threat, we need a keying mechanism with finer
6
granularity. We have subsequently improved the RAM usage of our
A more robust option is for nodes to share a key for com- TinySec implementation, which requires 256 bytes of RAM
munication only if they need to communicate with each and 8152 bytes of ROM. Our optimizations save 472 bytes of
RAM at the expense of 6% slower block cipher operations.
other. The simplest example of this idea is per-link key- All performance results in this paper use the old implemen-
ing, where we use a separate TinySec key for each pair of tation, but we do not expect significant differences with our
nodes who might wish to communicate. This provides bet- new implementation.
9. Keying mechanism Benefits Costs
Single network-wide key Simple; easy to deploy; supports passive Not robust to node compromise
participation and local broadcast
Per-link keys between Graceful degradation in the presence of com- Needs a key distribution protocol; prohibits
neighboring nodes promised nodes passive participation and local broadcast
Group keys Graceful degradation in the presence of Requires key distribution; trades off robust-
compromised nodes; supports passive ness to node compromise for added function-
participation and local broadcast ality
Table 1: A summary of different keying mechanisms for link-layer security.
with high priority and all other tasks run at low priority. Cipher & Time Time
The two-priority scheduler ensures that cryptographic oper- Impl. (ms) (byte times)
ations complete on time so that encryption and decryption RC5 (C) 0.90 2.2
execute concurrently with packet transmission and recep- Skipjack (C) 0.38 0.9
tion. RC5 (C, assembly) 0.26 0.6
TinySec is cipher independent. We have implemented
both RC5 and Skipjack and can switch between them with- Table 3: Time to execute cipher operations on the
out difficulty. Mica2 sensor nodes. We display the time both in
Since the maximum data payload in TinyOS is 29 bytes, milliseconds and in byte times.
we can safely use the upper two bits of the length byte to
indicate which level of protection is enabled on that packet:
TinySec-AE, TinySec-Auth, or unprotected TinyOS pack-
ets. When sending a packet, the TinySec stack encodes the duce bandwidth; second, because the communications chan-
TinySec mode of the packet into the length bit. nel is fairly slow, they increase latency; third, they increase
For ease of deployment, we implemented a network-wide energy consumption, because the radio must be turned on
shared key model. We modified the application build pro- longer when transmitting longer packets. We first calculate
cess to include the key at compile time to ease key deploy- the expected contribution to TinySec’s overhead that comes
ment hassles. The build process maintains a key file at the solely from increased packet sizes. Table 2 shows the extra
developer’s machine and uses a key from the file. Other re- time needed to transmit a packet using TinySec. We ex-
searchers have extended TinySec to use finer grained keying pect TinySec-AE to increase packet latencies (compared to
mechanisms. Refer to Section 9.2 for further details. the current TinyOS stack) by 8.0%; for TinySec-Auth, the
To enable the TinySec stack, an application writer needs corresponding figure is 1.5%. Note that sending a packet
involves sending many more bits than just the data and its
only to specify “TINYSEC=true” on the command line to
make (or in the Makefile). Messages sent in this configura- associated header; as a part of the media access control pro-
tion will then be sent using TinySec-Auth. We chose this as tocol, a 28 byte start symbol and additional synchronization
the default TinySec mode since it imposes a minimal amount bytes are also sent. This reduces the impact of adding an
of overhead (Section 9.1). An application writer can send additional byte of overhead to a header, since there is a high
authenticated and encrypted packets with TinySec-AE by fixed cost for sending a packet.
simply making a function call to switch modes. Next, we implemented TinySec and experimentally mea-
TinySec is currently distributed with the official TinyOS sured its performance costs. In these experiments, we empir-
releases. ically determined TinySec’s impact on bandwidth, energy,
and latency on the Berkeley Mica2 sensor nodes. We used a
variety of microbenchmarks and macrobenchmarks to eval-
9. EVALUATION uate TinySec. In addition to allowing us to obtain latency
figures, the macrobenchmark allowed us to evaluate the dif-
9.1 Measurements ficulty in enabling TinySec for an existing, large sensor net-
TinySec increases the computational and energy costs of work application.
sending a packet. For application writers to adopt TinySec, We introduce the term byte time to refer to the duration
these costs must be modest compared to the benefits that that it takes to transmit a single byte of data over the radio.
TinySec provides. There are two main components to these On the Mica2, a byte time is 0.42 ms. Measuring time in
costs: larger packet sizes when using TinySec, and the ex- byte times is a convenience that allows us to relate the time
tra computation time and energy needed for cryptography. of an operation to the packet length.
The costs due to increased packet length will be borne by
all implementations, even those using cryptographic hard- Cipher performance. We tested the performance of two
ware. Naturally, the computation costs will vary based on 64-bit block ciphers, Skipjack and RC5, to determine their
the implementation. speed. We must be able to complete a block cipher operation
To analytically estimate the costs of the cryptography, we quickly since the cryptographic operations are overlapped
first calculate the effect of packet lengths in TinySec. Re- with the radio operations; if the cipher operation doesn’t
call that TinySec increases packet lengths by 1 or 5 bytes complete in time, the data needed for the radio will not be
(according to whether TinySec-Auth or TinySec-AE is in available. More importantly, faster block ciphers consume
use). Longer packets cost us in several ways: first, they re- less energy.
10. Application Packet Total Time to Increase Over Current
Data (b) Overhead (b) Size (b) Transmit(ms) TinyOS Stack
Current TinyOS Stack 24 39 63 26.2 —
TinySec-Auth 24 40 64 26.7 1.6%
TinySec-AE 24 44 68 28.3 7.9%
Table 2: Table listing the expected latency overhead incurred by TinySec. The packet overhead includes
space needed for the header and media access control information, such as the start symbol. Since TinySec
increases the packet size by a fixed amount, it will increase the time needed to send the packet over the
radio. This impacts bandwidth, latency, and the energy needed to send a packet. We confirm this predicted
overhead increase experimentally.
Energy Increase No TinySec
(mAH) 0.03
Current TinyOS 0.000160 — 0.02
Stack 0.01
TinySec-Auth 0.000165 3% 0
0 0.005 0.01 0.015 0.02 0.025 0.03 0.035
TinySec-AE 0.000176 10% TinySec: Authentication only
0.03
current (amps)
Table 4: Total energy consumed to send a 24 byte 0.02
packet. 0.01
0
0 0.005 0.01 0.015 0.02 0.025 0.03 0.035
TinySec: Authentication and Encryption
0.03
The results in Table 3 indicate that both RC5 and Skip- 0.02
jack are reasonable choices for use in link layer security: each
0.01
block cipher operation takes less than a byte time. Because
each such operation operates on 8 bytes, this is reasonably 0
0 0.005 0.01 0.015 0.02 0.025 0.03 0.035
time (s)
fast. We use the rule of thumb that the block cipher op-
eration should complete in under a few byte times. If it
does not, we can encounter problems when the radio must Figure 2: The power consumption for sending a
wait for the processor to complete the cryptographic oper- packet. All packets contained 24 byte payloads. The
ation. Note that our initial C-only version of RC5 was not top graph shows the power consumption when send-
fast enough in all cases, so we optimized its inner loop using ing the packet with the current TinyOS stack (no se-
in-line assembly code to get better performance. We have curity). In the middle graph, we use TinySec-Auth,
not optimized Skipjack similarly, but we believe it would while the bottom graph uses TinySec-AE. Notice
be possible to improve Skipjack’s performance so that it is the large power draw at the beginning of sending as
fairly competitive with RC5. As we mentioned, we settled on the encryption and MAC computation is overlapped
Skipjack for the default TinySec configuration even though with the sending of the start symbol. Additionally,
it is slower than our best RC5 implementation since it has note that when sending with TinySec, the packets
minimal key setup costs and is free from patent issues. We are larger in length.
use Skipjack as our cipher for all of our experiments.
35
Energy costs. To determine the energy overhead in using
TinySec, we sampled the instantaneous current drawn by 30
a transmitter sending 24 bytes of application data. Fig-
ure 2 shows the current as a function of time for sending the 25
Total received packets/second
packet. We provide graphs for the current TinyOS stack (no
security), TinySec-Auth, and TinySec-AE. 20
The radio exposes a byte-level interface. Small periodic
spikes occur once every byte time. When the radio is in 15
transmit mode, the radio stack delivers a new byte to the
10
radio once every byte time. When the radio isn’t transmit-
ting, the stack samples the radio once a byte time looking
5
for the start symbol from a new packet. Authentication and encryption
Authentication
There are a number of features of the graph that illustrate 0
No TinySec
TinySec’s implementation. The large power draw at the 1 2 3 4 5 6 7 8 9 10 11
Number of senders
12 13 14 15 16 17 18
start of sending a packet for both TinySec graphs is due to
the cryptographic operations. When sending a packet, Tiny- Figure 3: Bandwidth, plotted as a function of the
Sec overlaps the MAC and encryption computation with the number of send-receive pairs. We compare TinySec-
sending of the start symbol. The start symbol lasts for 28 Auth and TinySec-AE to the bandwidth without us-
bytes. For the largest possible packet size using TinySec- ing TinySec.
AE, a maximum of 10 block cipher operations are required,
11. 650
hence the block cipher must take no more than 28/10 = 2.8
byte times per operation. The block cipher uses the proces- 600
sor heavily, leading to a large initial power draw while the 550
packet is encrypted. As one would expect, the computation
500
period is larger when using encryption since there are more
block cipher operations. 450
Route time (ms)
The power consumption measurements show that the send- 400
ing period for TinySec-AE is about 5 byte times longer than
350
without TinySec. Also, TinySec-Auth is longer by a single
additional byte time. This is due to the extra packet over- 300
head that TinySec imposes. 250
After integrating to calculate the area under the curves for
the sending period, we find that the total energy consumed 200 TinySec: authentication and encryption
TinySec: authentication only
No security
for sending a packet with the default stack is 0.00016 mAH. 150
4 5 6 7 8 9 10 11 12
Using TinySec-Auth, it is 0.000165 mAH, a 3% increase. Number of hops
Using TinySec-AE, the total energy to send a packet is
0.000176 mAH, a 10% increase over the energy costs for Figure 4: End-to-end latency in a large system using
sending a packet without TinySec. TinySec. We measured the time to route a message
Comparing these figures to Table 2 illustrates an interest- over a number of hops. We used 37 nodes in this
ing point: the cryptographic operations do not consume a experiment. Note that TinySec increases end-to-end
significant amount of energy. TinySec’s energy costs come latency. As shown in Figure 5, the extra latency can
from two sources: increased packet lengths, and extra com- be fully explained by TinySec’s impact on packet
putation from the cryptography. Using the fact that TinySec- sizes: longer packets take longer to transmit and
AE performs about twice as many block cipher operations hence increase latency.
as TinySec-Auth, it is possible to estimate the relative mag-
nitude of these two sources of energy overhead. We esti-
mate that, of TinySec-Auth’s measured 3% energy overhead, since at higher bandwidths, the lifetime of the network will
roughly 1% comes from increased packets lengths and 2% be limited.
from extra computation. Of TinySec-AE’s measured 10% As further confirmation that the throughput difference is
energy overhead, perhaps 6% comes from increased packet only due to the differences in packet length and not the
lengths and 4% from extra computation. Our measurements computational costs, we reran the experiments with the to-
provide an upper bound on the energy savings that hard- tal packet size adjusted to be the same for all three radio
ware support for cryptography could provide: at best, hard- stacks. We compared TinySec-AE with a 24 byte data pay-
ware could eliminate the energy costs due to the crypto- load, TinySec-Auth with a 28 byte data payload, and the
graphic computations, but even hardware-accelerated ver- current TinyOS stack with a 29 byte payload so that all
sions of TinySec would still have to pay the energy overhead three packets were 36 bytes in total. We then reran the
associated with TinySec’s increased packet lengths. bandwidth tests, again varying the number of senders, and
This demonstrates that hardware support is not a pre- all three stacks delivered the same bandwidth. We thus
condition for efficient link-layer cryptography in sensor net- conclude that the bandwidth difference is fully explained by
works; software cryptography achieves acceptable energy the difference in packet sizes, and not due to any increased
costs. Also, as we have shown, even hardware-assisted cryp- computation costs.
tography would not perform significantly better than Tiny-
Sec’s software-only implementation.
Latency macrobenchmarks. For our final test, we inte-
grated TinySec into a large existing TinyOS sensor network
Throughput. To measure the maximum throughput when application. The test had two purposes: we wanted to mea-
using TinySec, we computed the total number of packets sure the latency when routing packets and to see how usable
that could be sent in a 30 second time period. In this ex- TinySec is with a large existing system.
periment, we configured a network of nodes so that multiple The NEST Pursuit-Evasion Midterm Demo Game is a
nodes would simultaneously transmit as rapidly as possible. sensor network application that tracks the movements of
Since the number of senders affects the channel utilization, a mobile evader using magnetometers. The sensor nodes
we varied the number of senders. This allows us to char- are deployed in a field and form a landmark based routing
acterize the throughput at different regimes. We sent 24 tree [40]. Separately, autonomous mobile pursuer robots
bytes of application data using the current TinyOS stack, collect data from the sensor networks to follow the evaders.
TinySec-Auth, and TinySec-AE. We measured the number Nodes that have magnetometer readings from the the evader
of packets that were successfully received. The results are route the data to a central landmark node that routes it to
in Figure 3. the mobile pursuers.
TinySec-Auth’s bandwidth characteristics are nearly iden- In our test, we set up 36 nodes in a 6 foot by 7.75 foot grid.
tical to those of the current TinyOS stack. TinySec-AE, The total network diameter was 10 hops. Additionally, we
with its 5 byte larger packets, consistently achieved 6% lower used a base station connected to a computer to control the
throughput when more than 5 senders participated. With network and snoop on traffic. For our tests, we measured
fewer senders, channel contention is less of an issue, so the the time it took for a message to go from the base station to
packet length overhead does not affect the throughput. We a sensor network node and get routed through the landmark
expect sensor networks to largely operate in the latter regime, to another node which broadcasts a reply back to the base
12. 9
Authentication and encryption
Authentication
is expected to be 25.20 ms worse; we observed a 26 ms differ-
8 ence. We quantify this effect more precisely in Figure 5. We
7
compare the average byte time difference between the two
TinySec modes and the current TinyOS radio stack. We
Extra latency over no security in byte times
6
normalize the result by the hop count. The outliers from
5 the heavy tail skew the average, so we remove those values
4
from consideration. Recall the heavy tail is due to the me-
dia access control protocol backing off erroneously, and are
3
not material to the metric we are measuring. In the chart,
2 then, we see byte time differences that we measure match
1
our expectations: it takes an extra 5 byte times to trans-
mit a TinySec-AE packet one hop, and 1 extra byte-time to
0
transmit a TinySec-Auth packet.
−1
4 5 6 7 8 9 10 11 12
Number of hops
Summary. In all cases, the energy, bandwidth, and latency
overhead of using TinySec is less than 10%. Much of the
Figure 5: The increase in latency when routing pack- overhead can be fully explained by the increased packet
ets using TinySec. We display the results in byte length that TinySec imposes. There is an additional en-
times, the time it takes to transmit one byte of in- ergy cost to performing the cryptographic computations,
formation over the radio. This shows that TinySec’s amounting to less than 1/2 of the total energy increase of
impact on end-to-end latency is caused by the in- TinySec-AE. Thus, TinySec will be very competitive with
creased length of TinySec packets. There is a close hardware solutions.
correspondence between theory and practice: us-
ing authentication and encryption increases packet 9.2 Ease of Use
length by 5 bytes, and empirically, we see that la-
We use an indirect means to evaluate TinySec’s ease of
tency is increased by 4.6 byte times; similarly, using
use. In the first test, noted above in our latency measure-
authentication alone increases packet lengths by 1
ments, we integrated TinySec into a large, existing applica-
byte, and empirically it increases latency by 1.1 byte
tion. Including TinySec did not require any changes to the
times. Note that we have normalized by the route
application code and only required a one line change to the
distance.
makefile. Other applications can enable TinySec with the
same ease.
TinySec has gathered a number of external users. In par-
station. Since all routes in our landmark routing scheme ticular, we are aware of five other projects that are using
pass through the landmark, sending a message from A to B TinySec as a research platform to enable their research in
takes at least two hops. Additionally, the base station must key distribution. TinyPK uses RSA to authenticate network
send a message to A telling it to initiate its transmission, downloaded code and to exchange TinySec keys [43]; it is
and B sends a message back to the base station. This means built on top of TinySec, and relies upon TinySec for link-
that all paths in our test are at least 4 hops in length. layer security. TinyCrypt, still in development at Harvard,
We measured the round-trip time it took to transmit pack- aims to use elliptic curve cryptography to exchange TinySec
ets across paths of different hop lengths. For each route keys for the Mica2 sensor nodes [32]. Meanwhile, researchers
length, we routed 200 packets with the current TinyOS radio at SRI have designed a scheme for key exchange, group man-
stack (no security), with TinySec-Auth, and with TinySec- agement, and key revocation [18]; they use TinySec’s packet
AE. The media access control protocol waits a uniformly format for transport-level security. Also, SecureSense pro-
random amount of time before sending the packet. The sum vides dynamic security service composition using the Tiny-
of many uniformly distributed random variables approaches Sec infrastructure [46], and the Bosch corporation used a
a normal distribution, which is what we see with the longest modified version of TinySec to implement a prototype bur-
routes. Note that the carrier sense in the media access con- glar alarm security system. Finally, our TinySec implemen-
trol protocol is occasionally wrong, so that it backs off for a tation is included in the current TinyOS public release and
longer time; this leads to a heavy tail in the distribution. is available for routine use as well.
To compare the different radio stacks to each other, we
average the individual experimental results to obtain an av-
erage single route time per route length. We plot the results 10. RELATED WORK
in Figure 4. Each data point represents the average elapsed
time needed to transmit the packets across a route of a given GSM, IEEE 802.11, and Bluetooth. The GSM frame
hopcount. Routing with TinySec-Auth takes longer than format was intended to provide confidentiality (but not in-
with the current TinyOS radio stack; routing with TinySec- tegrity) protection of voice data with little overhead. Un-
AE takes longer than both. As one example, across 12-hop fortunately, researchers have found serious vulnerabilities
routes, the total difference between TinySec-AE and the cur- with the GSM security mechanisms [7]. The 802.11 wireless
rent TinyOS stack is 26 ms. As before, the latency difference networking standard initially specified WEP, a scheme that
can be explained by the increased packet size. used RC4 encryption for confidentiality and a CRC check-
We would expect the total time to transmit a packet to sum for integrity protection. However, security researchers
increase by 5 byte times per link when using TinySec-AE. quickly found WEP to be thoroughly flawed [12, 20, 38, 42]:
Since each byte time is 0.42 ms, over a 12 hop route, latency its 24-bit IVs are too short; the CRC checksum fails to pro-
13. tect integrity; and, naive use of the IV to diversify RC4’s the sensor network community. We know of researchers
key enables devastating cryptanalytic related-key attacks. building key exchange protocols on top of TinySec. Others
Subsequently, the standards group has designed TKIP, an have ported TinySec to their own custom hardware. Tiny-
interim replacement for WEP with stronger message au- Sec is simple enough to integrate into existing applications
thentication and more careful mixing of the IV with the that the burden on application programmers is minimal.
key. However, TKIP is only designed as a short-term band- Finally, we have extensively measured the performance
aid, and its per-packet overhead is substantial. The long- characteristics of TinySec. Its energy consumption, even
term successor to WEP and TKIP will be 802.11i’s CCMP, when used in the most resource-intensive and most secure
which uses AES in CCM mode, 48-bit IVs, and a strong mode, is a modest 10%. Using TinySec-Auth, the extra
64-bit message authentication code. CCMP appears to be energy consumed is a scant 3%. Similarly low impacts on
well-designed, but unfortunately for our purposes, the per- bandwidth and latency prove that software based link layer
packet overhead is too high to be practical for use in sensor security is a feasible reality for devices with extreme resource
networks [13]. The Bluetooth specification also includes a limitations.
cryptographic security mechanism, but this has also been
shown to be flawed [25]. Acknowledgements
SNEP. The closest previous work is SNEP [33], which specif- Robert Szewczyk helped us measure the power consump-
ically targets sensor networks, but SNEP was unfortunately tion of TinySec. This work was supported in part by re-
neither fully specified nor fully implemented. Also, each search grants and contracts from the Defense Advanced Re-
recipient must maintain a counter for each sender commu- search Project Agency (NEST contract F33615-01-C-1895),
nicating with it. Managing this state encounters similar the National Science Foundation, and the US Postal Service,
complexity as maintaining replay counters, as we discussed and gifts from Bosch and Intel.
in Section 3.1.
12. REFERENCES
IEEE 802.15.4. Recently, the IEEE adopted the 802.15.4 [1] Crossbow technology inc. http://www.xbow.com.
standard, specifying a physical and media access control [2] Moteiv. http://www.moteiv.com/.
layer for low data rate wireless applications [6]. Vendors [3] OpenSSL. http://www.openssl.org.
are starting to sell sensor nodes equipped with this radio [4] Security architecture for the Internet Protocol. RFC
platform [1, 2]. 2401, November 1998.
The 802.15.4 standard includes provisions for link-layer
[5] Smart buildings admit their faults. Lab Notes:
security. Many features of their architecture are similar to
Research from the College of Engineering, UC
TinySec, although there are important differences. For ex-
Berkeley, http://www.coe.berkeley.edu/labnotes/
ample, 802.15.4 specifies a stream cipher mode of encryp-
1101smartbuildings.html, November 2001.
tion, and to avoid IV reuse they require a larger IV. They
have also chosen to include replay protection, as an optional [6] Wireless medium access control and physical layer
feature, into the link-layer security package. specifications for low-rate wireless personal area
IEEE 802.15.4 radio chips perform all of their computa- networks. IEEE Standard, 802.15.4-2003, May 2003.
tions in hardware, reducing energy consumption and CPU ISBN 0-7381-3677-5.
utilization. However, as we have shown, in retrospect the [7] Elad Barkan, Eli Biham, and Nathan Keller. Instant
use of hardware was not strictly necessary for security: soft- ciphertext-only cryptanalysis of GSM encrypted
ware cryptography could have been used with only a small communication. In Advances in Cryptology –
increase in energy consumption. CRYPTO 2003, volume 2729 of Lecture Notes in
Sastry and Wagner have found a few problems with some Computer Science, 2003.
of the optional modes in the 802.15.4 specification and the [8] M. Bellare, A. Desai, E. Jokipii, and P. Rogaway. A
feasibility of supporting different keying models [34]. De- concrete security treatment of symmetric encryption:
spite the presence of these defects, the 802.15.4 security ar- Analysis of the DES modes of operation. In
chitecture is sound. It includes many well designed security Proceedings of 38th Annual Symposium on
features and presents a step forward for embedded device Foundations of Computer Science (FOCS 97), 1997.
wireless security. Proper use of the security API can lead to [9] Mihir Bellare, Joe Kilian, and Phillip Rogaway. The
secure applications. security of the cipher block chaining message
authentication code. Journal of Computer and System
Sciences, 61(3):362–399, December 2000.
11. CONCLUSION [10] Steven M. Bellovin. Problem areas for the IP security
TinySec addresses security in devices where energy and protocols. In Proceedings of the Sixth USENIX
computation power present significant resource limitations. Security Symposium, 1996.
We have designed TinySec to address these deficiencies us- [11] Steven M. Bellovin and Matt Blaze. Cryptographic
ing the lessons we have learned from other security proto- modes of operation for the internet. In Second NIST
cols. We have tried to highlight our design process from Workshop on Modes of Operation, August 2001.
a cryptographic perspective that meets both the intended [12] Nikita Borisov, Ian Goldberg, and David Wagner.
resource constraints and security requirements. TinySec re- Intercepting mobile communications: The insecurity
lies on cryptographic primitives that have been vetted in the of 802.11. In The Seventh Annual International
security community for many years. Conference on Mobile Computing and Networking
Our TinySec implementation is in wide use throughout (MobiCom 2001), 2001.