Security In Wireless Sensor Networks

1
Security In Wireless Sensor Networks

• A. Perrig, J. Stankovic, and D. Wagner
• Communication of the ACM, 2004
• 2004/9/14
• KAIST CS Dept. CA Lab.
• Hur Jun-beom

2
Contents

• Introduction
• A secure system
• Network security services
• Conclusion

3
Introduction

• Sensor
• An electronic device used to measure a physical
  quantity such as temperature, pressure or
  loudness and convert it into an electronic signal
  of some kind
• A device that produces a measurable response to a
  change in a surrounding condition
• Current application of sensor network
• Monitor ocean and wildlife
• Pollution level
• Freeway traffic
• Climate
• Some military application
• Home environmental sensing systems for
  temperature, light, moisture, and motion

4
Introduction

• Unique challenge in sensor network
• Energy, memory, computation, communication
  constraints
• Deployment in accessible areas
• Risk of physical attack
• Level of dynamics
• Obstacles, weather, terrain, number of nodes,
  failures, captures
• Traditional security techniques cannot be
  applied directly
• Security issues
• Key establishment
• Secrecy
• Authentication
• Privacy
• Robustness to denial-of-service attack
• Secure routing
• Node capture
• High-level security services

5
A Secure System

• Standalone security
• Separate module provides security
• ? Flawed approach to network security
• Integrated security in every components
• Achieve a secure system
• Components designed without security can become a
  point of attack

6
Key Establishment and Trust Setup

• Simple, secure, and efficient key-distribution
  for large scale sensor networks
• Key establishment solution
• Network-wide shared key
• Compromise of even a single node would reveal the
  secret key
• Single shared key to establish a set of link keys
• One per pair of communicating nodes
• Set up the session keys and erase the
  network-wide key
• Does not allow addition of new nodes after
  initial deployment
• Public-key cryptography
• Diffie-Hellman key establishment
• A node can set up a secure key with any other
  node in the network
• Beyond the capabilities of sensor networks

7
Key Establishment and Trust Setup

• Key establishment solution (cont.)
• shared unique symmetric key between each pair of
  nodes
• Doesnt scale well
• Each node needs to store n-1 keys, and n(n-1)/2
  keys in the network
• Bootstrapping keys
• Each node share only a single key with the
  trusted base station
• Set up keys with other nodes through the base
  station
• Random-key predistribution protocols
• Each sensor node chooses key ring from large key
  pool of symmetric keys
• If two nodes share a common key, they can
  establish a session key
• Greater the key establishment probability is,
  more nodes can set up keys to obtain a fully
  connected network
• No central trusted base station

8
Secrecy and Authentication

• Cryptography is the standard defense
• End-to-end cryptography
• High level of security
• Keys be set up among all end points
• Impractical in large sensor network
• Link-layer cryptography (hop-by-hop)
• Network-wide shared key (with its immediate
  neighbors)
• Simple key setup
• Vulnerable to eavesdrop or alter message
• Cryptography entails a performance cost for extra
  computation
• Trade off between security level and computation
  cost

9
Privacy

• Privacy risks
• Spying
• Adversary might deploy secret surveillance
  networks for spying on unaware victims
• Function creep
• Sensor networks initially deployed for legitimate
  purposes might subsequently be used in
  unanticipated and even illegal ways
• Approach to privacy
• Data encryption access control
• Query process in distributed manner
• Technology alone is unlikely to be able to solve
  the privacy problem
• A mix of societal norms, new laws, and
  technological responses are necessary

10
Robustness To Communication DoS

• DoS attack
• Broadcasting a high-energy signal
• If the transmission is powerful enough, the
  entire systems communication could be jammed
• Violating the 802.11 MAC protocol
• By transmitting while a neighbor is also
  transmitting or by continuously requesting
  channel access with a RTS signal
• Defense against jamming
• Spread-spectrum communication
• Not commercially available
• Jamming-resistant network
• Detecting the jamming, mapping the affected
  region, then routing around the jammed area
• Frequency hopping

11
Secure Routing

• Security goals
• Integrity, authenticity, and availability of
  messages
• Attacks for routing
• DoS attack
• Injection attack
• Injecting malicious routing information into the
  network
• Node capture attack
• Routing protocols are susceptible to node-capture
  attack
• Wormhole attack, sybil attack, hello flood attack

12
Resilience To Node Capture

• Node capture attack
• Capture sensor nodes, extract cryptographic
  secrets, modify their programming
• Replace them with malicious nodes under the
  control of the attacker
• Sensor nodes are likely to be placed in locations
  readily accessible to attackers
• Challenge
• Build resilient network
• Operate correctly even when several nodes have
  been compromised

13
Resilience To Node Capture

• Direction for resilient networks
• Detect inconsistencies
• Replicate state across the network and use
  majority voting
• E.g., sending packets along multiple, independent
  paths and checking at the destination for
  consistency
• Crosscheck multiple, redundant views of the
  environment
• Extreme outliers may indicate malicious spoofed
  data
• Defenses based on redundancy are good for sensor
  networks

14
Network Security Services

• High-level network security services
• Secure group management
• In-network data aggregation and analysis
• Low computation and communication costs
• Intrusion detection
• Secure group ? decentralized intrusion detection
• Secure data aggregation
• Avoid overwhelming amounts of traffic back to the
  base station (sink)

15
Secure Group Management

• Limitation in computing and communication
  capabilities
• Data aggregation and analysis can be performed by
  groups of nodes
• Secure protocol for group management
• Nodes comprising the group
• May change continuously and quickly
• Group computation and communication
• The outcome of the groups communication
  transmitted to a base station
• The outcome must be authenticated
• Any solution must be efficient in terms of time
  and energy

16
Intrusion Detection

• Intrusion detection is expensive in terms of the
  networks memory, energy, and limited bandwidth
• Decentralized intrusion detection
• Secure group
• Decentralized intrusion detection
• Fully distributed and inexpensive in terms of
  communication, energy, and memory requirements

17
Secure Data Aggregation

• Data aggregation
• Avoid overwhelming amounts of traffic back to the
  base station
• SIA
• The aggregator and a fraction of the sensor nodes
  may be corrupted
• Randomly sampling a small fraction of nodes
• Checking that they have behaved properly
• The answer given by the aggregator is a good
  approximation of the true value

18
Conclusion

• Security in wireless sensor network is more
  challenging than in the conventional networks
• Sever constraints and demanding deployment
  environments of wireless sensor networks
• We have the opportunity to architect security
  solutions from the outset