Chapter 19: Security in Sensor Networks

Chapter 19: Chapter 19: Security in Sensor Networks

Guide to Computer Network Security

Kizza - Guide to Computer Network SecuriKizza - Guide to Computer Network Securityty

Wireless sensor networks (WSNs) or just Wireless sensor networks (WSNs) or just sensor networks are grids or networks sensor networks are grids or networks made of made of spatially distributed autonomous spatially distributed autonomous but cooperating tiny devices called but cooperating tiny devices called sensorssensors

All these devices have sensing capabilities All these devices have sensing capabilities that are used to detect, monitor and track that are used to detect, monitor and track physical or environmental conditions, such physical or environmental conditions, such as temperature, sound, vibration, as temperature, sound, vibration, pressure, motion or pollutants, at different pressure, motion or pollutants, at different locations. locations.


Power Source

Communication Module

Central Unit(Memory, Processor)

Sensing Module

Actuator

A Wireless Sensor Node


In many cases, sensor networks do In many cases, sensor networks do not require predetermined not require predetermined positioningpositioning

They are randomly deployed making They are randomly deployed making them viable for inaccessible terrains them viable for inaccessible terrains where they can quickly self organize where they can quickly self organize and form a network on the fly. and form a network on the fly.


The Growth of Sensor Networks The Growth of Sensor Networks WSNs evolved from simple point-to-point WSNs evolved from simple point-to-point networks with simple interface protocols networks with simple interface protocols providing sensing and control information and providing sensing and control information and analog signal to large number and wireless analog signal to large number and wireless sensor nodes networks. sensor nodes networks. The sensor node has increased onboard The sensor node has increased onboard intelligence and processing capabilities thus intelligence and processing capabilities thus providing it with different computing capabilities. providing it with different computing capabilities. The development of the Manufacturing The development of the Manufacturing Automation Protocol (MAP), reduced the cost of Automation Protocol (MAP), reduced the cost of integrating various networking schemes into a integrating various networking schemes into a plant wide system. plant wide system. The development of other communication The development of other communication protocols allowed simultaneous analog and digital protocols allowed simultaneous analog and digital communications created a sensor network we communications created a sensor network we know today. know today.


Design Factors in Sensor Networks Design Factors in Sensor Networks Several factors influence the design philosophy of Several factors influence the design philosophy of sensor networks. sensor networks. Among these factors are first whether the nodes Among these factors are first whether the nodes are stationary or moving and whether the are stationary or moving and whether the network is deterministic or self-organizing. network is deterministic or self-organizing. Most sensor network applications use stationary Most sensor network applications use stationary nodes. nodes. In a deterministic topology, the positions of the In a deterministic topology, the positions of the nodes and the routes in the network are pre-nodes and the routes in the network are pre-determined and the nodes are manually placed. determined and the nodes are manually placed. In self-organizing topology, node positions are In self-organizing topology, node positions are random and the routes are also random and random and the routes are also random and unreliable. Routing in these networks, therefore, unreliable. Routing in these networks, therefore, becomes the main design concern. becomes the main design concern. – These demand a lot of energy, direct routing is not These demand a lot of energy, direct routing is not

desirable and multi-hop routing is more energy efficient. desirable and multi-hop routing is more energy efficient.


Factors that influence the design Factors that influence the design philosophy of sensor networks are:philosophy of sensor networks are:– Routing - communication in wireless Routing - communication in wireless

sensor networks, is based on a protocol sensor networks, is based on a protocol stack with several layersstack with several layers

– Power Consumption - most sensor Power Consumption - most sensor networks are entirely self-organizing networks are entirely self-organizing and operate with extremely limited and operate with extremely limited energy and computational resources. energy and computational resources. The functionality of the network, The functionality of the network, therefore, depends on the consumption therefore, depends on the consumption rate of energy by node units. rate of energy by node units.


– Fault Tolerance –in case of anyone Fault Tolerance –in case of anyone sensor node failure, the network should sensor node failure, the network should sustain all its functionalities. sustain all its functionalities.

– Scalability - the addition of more nodes Scalability - the addition of more nodes to the network should not have any to the network should not have any diverse effects to the functionality of the diverse effects to the functionality of the networknetwork

– Production Costs – the unit cost of each Production Costs – the unit cost of each individual sensor node plays a crucial individual sensor node plays a crucial role in determining the overall costs of role in determining the overall costs of the entire sensor network. The network the entire sensor network. The network should have a least unit cost for should have a least unit cost for individual nodes individual nodes


– Nature of Hardware Deployed - A sensor node consists Nature of Hardware Deployed - A sensor node consists of four basic parts:of four basic parts:

the sensing unit, the sensing unit, the processing unit, the processing unit, the transceiver unit, the transceiver unit, the power unit. All these units must be packaged in a very the power unit. All these units must be packaged in a very small, match-box-sized package. And consumer very low small, match-box-sized package. And consumer very low power.power.

– Topology of Sensor Networks - a normal sensor network Topology of Sensor Networks - a normal sensor network may contain thousands of sensor nodes deployed may contain thousands of sensor nodes deployed randomly throughout the field of observation, resulting randomly throughout the field of observation, resulting in uneven densities depending on how the nodes where in uneven densities depending on how the nodes where deployed. deployed.

– Transmission Media – nodes in wireless sensor network Transmission Media – nodes in wireless sensor network are linked by a wireless medium. The medium could be are linked by a wireless medium. The medium could be by radio like RF and Bluetooth, infrared or optical waves. by radio like RF and Bluetooth, infrared or optical waves. The functionality of the network may depend on these The functionality of the network may depend on these media media


Security in Sensor Networks Security in Sensor Networks

Modern wireless sensor networks Modern wireless sensor networks consist of hundreds to thousands of consist of hundreds to thousands of inexpensive wireless nodes, each inexpensive wireless nodes, each with some computational power and with some computational power and sensing capability and usually sensing capability and usually operating in a random unsupervised operating in a random unsupervised environments. environments.

This kind of environment presents This kind of environment presents several security challenges several security challenges


Security Challenges:Security Challenges:– Aggregation - Data aggregation in Aggregation - Data aggregation in

sensor networks is the process of sensor networks is the process of gathering data from different sensor gathering data from different sensor “source” nodes and expressing it in a “source” nodes and expressing it in a summary form before it is sent off to a summary form before it is sent off to a “sink” node or to a base station. “sink” node or to a base station.

– Energy Consumption Energy Consumption – Large Numbers of Large Numbers of

nodes/Communication challengesnodes/Communication challenges


Sensor Network Vulnerabilities and Sensor Network Vulnerabilities and Attacks Attacks – Attacks- several attack types including:Attacks- several attack types including:

eavesdroppingeavesdropping, ,

disruptiondisruption, ,

hijacking hijacking

rushing rushing


Securing Sensor Networks Securing Sensor Networks The choice of a good security mechanisms The choice of a good security mechanisms for wireless sensor networks depends on for wireless sensor networks depends on network application and environmental network application and environmental conditions. conditions.

It also depends on other factors like sensor It also depends on other factors like sensor node processor performance, memory node processor performance, memory capacity and energy.capacity and energy.

In sensor networks, special security In sensor networks, special security requirements such as message freshness, requirements such as message freshness, intrusion detection, intrusion tolerance, intrusion detection, intrusion tolerance, are necessary in addition. are necessary in addition.


Necessary Conditions for a Necessary Conditions for a Secure Sensor Network Secure Sensor Network

Data ConfidentialityData Confidentiality

Data IntegrityData Integrity

Data AuthenticationData Authentication

Data Freshness/Non-replayData Freshness/Non-replay


Security Mechanisms and Best Security Mechanisms and Best Practices for Sensor NetworksPractices for Sensor Networks

We cannot ensure the confidentiality, We cannot ensure the confidentiality, integrity, authentication, and freshness of integrity, authentication, and freshness of data in sensor networks without the data in sensor networks without the following issues particular to sensor following issues particular to sensor networks:networks:– Data aggregationData aggregation – AntijammingAntijamming – Access controlAccess control – Key managementKey management – Link layer encryptionLink layer encryption – Data replicationData replication – Resilience to node captureResilience to node capture


Trends in Sensor Network Trends in Sensor Network Security ResearchSecurity Research

It is possible to design security protocols that are specific It is possible to design security protocols that are specific for a particular security issue. This is the direction current for a particular security issue. This is the direction current sensor network security research is taking in:sensor network security research is taking in:– Cryptography - There are several cryptographic approaches Cryptography - There are several cryptographic approaches

being used to secure sensor networks. One of the first tasks in being used to secure sensor networks. One of the first tasks in setting up a sensor network is to establish cryptographic setting up a sensor network is to establish cryptographic system with secure keys for secure communicationsystem with secure keys for secure communication

– Key Management -Because of sensor nodes deployment and Key Management -Because of sensor nodes deployment and other sensor network limitations, it is not possible to use key other sensor network limitations, it is not possible to use key management as usually done in traditional networks where management as usually done in traditional networks where there may be a relationship in key sharing among members of there may be a relationship in key sharing among members of the network. Several extensions of key management have the network. Several extensions of key management have been developed including:been developed including:


The q-composite random key pre-distribution The q-composite random key pre-distribution frameworkframework – where two nodes share a common key – where two nodes share a common key hashed from q common keys. This approach adds hashed from q common keys. This approach adds more strength to the above approach. Because now more strength to the above approach. Because now an intruder would need to capture communication an intruder would need to capture communication from more nodes in order to be able to compute a from more nodes in order to be able to compute a shared key.shared key.Multi-key reinforcement frameworkMulti-key reinforcement framework – where a – where a message from a node is partitioned into several message from a node is partitioned into several fragments and each fragment is routed through a fragments and each fragment is routed through a separate secure path. Its advantages are balanced separate secure path. Its advantages are balanced by its high overhead.by its high overhead.RandomRandom--pairwise frameworkpairwise framework - where in the pre- - where in the pre-deployment phase, N unique identities are generated deployment phase, N unique identities are generated for each network node. Each node identity is for each network node. Each node identity is matched up with other matched up with other mm randomly selected distinct randomly selected distinct node identities and a unique pairwise key is node identities and a unique pairwise key is generated for each pair of nodes. The new key and generated for each pair of nodes. The new key and the pair of node identities are stored on both key the pair of node identities are stored on both key rings. After deployment, the nodes then broadcast rings. After deployment, the nodes then broadcast their identities to their neighborstheir identities to their neighbors


– Confidentiality , Authentication and Confidentiality , Authentication and Freshness - the use of strong Freshness - the use of strong cryptographic techniques strengthens cryptographic techniques strengthens the security of communication. Several the security of communication. Several studies are being studied including studies are being studied including SPINS which has two building blocks: SPINS which has two building blocks:

Secure Network Encryption Protocol (SNED) Secure Network Encryption Protocol (SNED) which provides data confidentiality, a two-which provides data confidentiality, a two-part data authentication, and data part data authentication, and data freshness; freshness;

micro Timed, Efficient, Streaming, Loss-micro Timed, Efficient, Streaming, Loss-tolerant Authentication (µTESLA) which tolerant Authentication (µTESLA) which provides authentication to node streaming provides authentication to node streaming broadcasts. broadcasts.


– Resilience to Capture - in sensor networks Resilience to Capture - in sensor networks node compromise poses a very serious security node compromise poses a very serious security problem in these networks. Many of the problem in these networks. Many of the existing solutions cannot scale up when the existing solutions cannot scale up when the numbers of nodes in the network grows. Also numbers of nodes in the network grows. Also when the node number is high and typically when the node number is high and typically these nodes are unattended, they are prone to these nodes are unattended, they are prone to node compromise. node compromise.

A novel location-based key management solution is A novel location-based key management solution is through two techniques in which they bind symmetric through two techniques in which they bind symmetric secret keys to geographic locations and then assign secret keys to geographic locations and then assign those location-bound keys to sensor nodes based on those location-bound keys to sensor nodes based on the nodes’ deployed locations through:the nodes’ deployed locations through:

– location-binding keys location-binding keys – location-based keys. location-based keys.

Chapter 19: Security in Sensor Networks

Documents

Transcript of Chapter 19: Security in Sensor Networks