Page 1

Theodore Zahariadis 1st Student workshop on Wireless Sensor Networks

AWISSENET AWISSENET AAd-hoc PAN & d-hoc PAN & WIWIreless reless SSensor ensor SESEcure cure

NETNETworkwork

Theodore Zahariadis

TEI of ChalkidaElectrical Engineering Department

Psachna, GR34400, Greece. Email: zahariad@teihal.gr

Athens, 1 November2008

AWISSENET AWISSENET AAd-hoc PAN & d-hoc PAN & WIWIreless reless SSensor ensor SESEcure cure

NETNETworkwork

Theodore Zahariadis

TEI of ChalkidaElectrical Engineering Department

Psachna, GR34400, Greece. Email: zahariad@teihal.gr

Athens, 1 November2008

Page 2 Theodore Zahariadis 1st Student workshop on Wireless Sensor Networks

Ultra-wide-band Sensor Node

Ultra small sensor node The smallest UWB sensor node in the

world: 10mm×10mm×10mm On board temperature sensor

Ultra low power Low power communication: 3nW/bps More than 9 years battery life using

button cell (CR-2032)(Communication every five minutes)

High speed communication 　　 From 250kbps to10Mbps

Antenna

Main board

Power supply board

Page 3 Theodore Zahariadis 1st Student workshop on Wireless Sensor Networks

Chips will be invisibleChips will be invisible

Newly developed ultra small µ-Chip, size of 50 µm x 50 µm Thickness 7.5 µm For directlyembedding intopaper

Compared with crystal of granulated sugar

Page 4 Theodore Zahariadis 1st Student workshop on Wireless Sensor Networks

Monitoring the Environment

Page 5 Theodore Zahariadis 1st Student workshop on Wireless Sensor Networks

Ad-hoc PAN & Sensor Networks

Ad-hoc PAN and Wireless Sensor Networks (AWSN) are expected to: form an integral part of the foreseen Future Internet (of Things) play a key role in the vision of offering mobile, personalised services,

whenever and wherever needed Support applications with broadband, wireless connectivity anytime and

anywhere.

Applications: environmental surveillance, asset management, physical phenomenon monitoring, creation of smart, interactive and immerse spaces

However, they face essential security and resilience limitations, especially across insecure, heterogeneous and multi-administration domains

Page 6 Theodore Zahariadis 1st Student workshop on Wireless Sensor Networks

Security and Operational Requirements (1/2)

Confidentiality: ensures that the data is well protected and remains secret from unauthorized parties

=> encrypting the data with a secret key that only intended recipients possess.

Data Integrity: ensures that any received data has not been altered or modified => applying an appropriate hashing technique prior to message encryption.

Data Freshness: implies that the data is recent and it ensures that old messages are not replayed.

=>a time related counter (nonce) can be added into the packet to ensure data freshness.

Non-repudiation: ensure that a node cannot deny the sending of a message that it originated.

=>digital signatures are used to ensure this requirement.

Availability of services and information: ensures that services and information can be accessed at the time they are required, despite of the presence of attacks.

=> lack of availability weakens the overall operation of an AWSN network, making it more vulnerable to a variety of attacks, such as denial of service.

Page 7 Theodore Zahariadis 1st Student workshop on Wireless Sensor Networks

Security and Operational Requirements (2/2)

Network reliability: is the capability to keep the functionality of the AWSN even if some nodes fail and is tightly coupled to resilience.

Authentication-survivability: is the capability to verify that the data received was really sent by a trusted sender and not by an adversary that injected data in the network.

Self-Organization and self-healing: is the ability of the AWSN to mitigate adverse situations as well as frequent nodes movement.

Secure Localization: is the ability of an AWSN to accurately and automatically locate each sensor in the network.

Scalability: is the ability to support a large number of wireless sensor nodes.

Page 8 Theodore Zahariadis 1st Student workshop on Wireless Sensor Networks

Sensor Node Constraints

Energy Limitation. Every security measure taken in order to mitigate attacks on an AWSN has an impact on energy consumption (e.g. encryption, hashing, overhead bits).

Transmission Range. The transmission range of wireless ad-hoc/sensor nodes is limited in order to conserve energy thus allowing the nodes to restrict their transmission range.

Limited memory and storage capacities. TelosB: 16-bit, 8 MHz RISC CPU, 10K RAM, 48K Program Memory, 1024K FLASH Mica mote2: 4 MHz 8-bit CPU, 4 KB of RAM, 128K Program memory, 512KFLASH.

Unattended Operation. The nodes may be deployed in an environment open to adversaries, interference, harsh environmental conditions, etc. The likelihood that a node suffers a physical attack in such an environment is therefore much higher than in another typical network which is located in a secure place and mainly faces attacks from a network.

Page 9 Theodore Zahariadis 1st Student workshop on Wireless Sensor Networks

Network Constraints

Mobility and Hierarchy. AWSN are ad hoc in nature with the composition of the network determined at the time of deployment. During the network mission, the composition of the network and its routing topology may change. This constraint must be taken into account since it might limit the ability to pre-configure AWSN nodes for specific purposes.

Data Rate and Packet Size. Both data rate and packet size affect the overall sensor node energy consumption, as explained in the previous section. Packet sizes within the AWSN are relatively small, while data rates are relatively low.

Unreliable Communications. Normally the packet-based routing of an AWSN is connectionless and thus inherently unreliable. Furthermore, the unreliable wireless communication channel also results in damaged packets.

Conflicts. Even if the channel is reliable, the communication may still be unreliable. This is due to the broadcast nature of the wireless sensor network.

Latency. The multi-hop routing, network congestion and node processing can lead to greater latency in the network, thus making it difficult to achieve synchronization among nodes.

Page 10 Theodore Zahariadis 1st Student workshop on Wireless Sensor Networks

AWISSENET Summary

AWISSENET (Ad-hoc personal area network & WIreless Sensor SEcure NETwork) is a project focused on security and resilience across ad-hoc PANs and wireless sensor networks.

AWISSENET optimisations will focus on four key principles: Discovery, evaluation and selection of trusted routes based on multiple security metrics

and key pre-distribution methods. The overall scheme must support secure routing even with disappearing nodes, multiple levels of in-network processing and multiple layers of aggregation.

Secure Service Discovery, providing network-level security framework, which will protect service discovery messages inside the AWISSENET, when crossing unknown domains or when interacting with public service providers.

Intrusion detection, intruder identification and recovery based on distributed trust to provide security against malicious attacks.

Highly Secure sensor nodes against attacks from malicious users having actual access to the sensor nodes.

The AWISSENET results will be packed in a security toolbox, which will be prototyped and validated in a large trial of more than 100 sensor nodes.

Page 11 Theodore Zahariadis 1st Student workshop on Wireless Sensor Networks

AWISSENET Consortium

Hellenic Aerospace Industry (GR) Alcatel-Lucent Deutschland (DE) Thales Communications (FR) Northern Venture (CY) Telecommunication Systems Institute (GR) University of Helsinki (FI) University Politechnico de Madrid (ES) TEI of Chalkida (GR)

AWISSENET Consortium in numbers 8 participants from 6 Member Countries 3 Industries, 1 SME and 4 Institutes/Universities

Page 12 Theodore Zahariadis 1st Student workshop on Wireless Sensor Networks

Generic Representation of an AWSN topology

IPNetwork

s1

s2

s3

s4

s5

s7

s6

s9

s10

s8

Sensor Node Aggregator Node Application Node

Sensory Network

3

SensoryNetwork

2

AN2

AN1

AP1

AP2

Page 13 Theodore Zahariadis 1st Student workshop on Wireless Sensor Networks

Workplan (1/2)

Page 14 Theodore Zahariadis 1st Student workshop on Wireless Sensor Networks

Workplan (2/2)

Page 15 Theodore Zahariadis 1st Student workshop on Wireless Sensor Networks

AWISSENET TRUST MODELINGDirect Trust

Forwarding (E1) # of Success # of Failures

Network-ACK (E2) # of Success # of Failures

Packet precision- Integrity (E3) # of Success # of Failures

Authentication (E4) # of Success # of Failures

Cryptography-Confidentiality (E5) # of Success # of Failures

Reputation RES (E6) # of Response # of no Response

Reputation Validation (E7) Value

Remaining Energy (E8) Value

Network ACK History Log (E9) 1 0 1 1 0 1 0 0 1 1 0 1 0 1 1 1

Number of Interactions (E10) Value

Distance to the sink node (E11) Value

BAii

BAii

BAii

BAiiBA

i FbSa

FbSaT

,,

,,,

initialnow

initialnowBA

VbVa

VbVaT

88

88,8

10

, 11

anoiC BA

k

i

BAii

BABA TWCDT1

,,, )*(

Page 16 Theodore Zahariadis 1st Student workshop on Wireless Sensor Networks

AWISSENET TRUST MODELINGIndirect Trust

Direct Trust Value of responding node DTA, Nj

Value

Reputation RES # of Response # of no Response

 Reputation value of responding node DTNj,B Value

 Reputation Correctness History Log

1 0 1 1 0 1 0 0 1 1 0 1 0 1

n

j

BNNABA jj DTDTWIT1

,,, )(

BABABABABA ITITWDTDTWTT ,,,,, )()(

Total Trust

Page 17 Theodore Zahariadis 1st Student workshop on Wireless Sensor Networks

Next Steps

Validate the trust model in JSIM and evaluate all parameters Define a trusted routing algorithm by combining trust metrics with

geographic routing algorithm (GPSR) Define a Secure cross-domain Service discovery mechanism

Wrist band

PaperLabel

CoinTags

Transparent Coin Tags

RFIDcard

RFIDReader

IPNetwork

Motes island Motes island RFID island Multimedia island

Page 18

Theodore Zahariadis 1st Student workshop on Wireless Sensor Networks

Thank you