Security in Wireless

flangeeasyΚινητά – Ασύρματες Τεχνολογίες

21 Νοε 2013 (πριν από 3 χρόνια και 8 μήνες)

81 εμφανίσεις

Security in Wireless
Sensor Networks

Perrig, Stankovic, Wagner

Jason Buckingham

CSCI 7143: Secure Sensor Networks

August 31, 2004


Introduction to sensor networks


Security Issues


Key establishment & setup


Secrecy & Authentication


Privacy


Robustness to DOS


Secure Routing


Resilience to node capture


Secure Group Management


Intrusion Detection


Secure Data Aggregation


Secure Sensor Network Research



Broad Range of Applications


Wildlife Monitoring


Machinery Performance


Building Safety


Military Applications


Health Monitoring


Countless other applications



Most applications require some level of security!

Traditional security cannot
be applied directly


Sensor device limitations


Power, Processing, and Communication


Nodes are often physically accessible,
allowing possible physical attacks


Sensor networks interact with their
environments and with people

Security Research Issues



These new problems present an
opportunity to properly address network
security


Security is NOT a standalone
component


it must be integrated into
every component

Key Establishment & Setup


Why not use existing protocols?


Public key cryptography has too much
system overhead for sensor networks


Key establishment techniques must scale
well to hundreds or thousands of nodes


Sensor nodes have different
communication needs

Key Establishment
-

Potential
Solutions


Establish a network wide shared key


Problem: if one node is compromised, the whole
network is compromised


Instead use shared symmetric keys between
each pair of nodes that are preconfigured


Problem: It doesn’t scale well!


For an
n

node network, each node must store
n
-
1 keys,
and
n

* (
n


1) / 2
total keys are needed.


Combine the above: use a network wide key
to establish link keys, then erase the
networkwide key.


Problem: New nodes cannot be added after initial
deployment


Key Establishment
-

Potential
Solutions (cont.)


Bootstrapping Keys


each node shares a single key with the base station
and the base station sets up keys between pairs.


Problem: requires a trusted base station that is the
central point of failure


Random Key Predistribution





choose a large pool of symmetric keys, and give each
node a random subset of the pool


not all nodes share a common key, but the network
will still be fully connected if the probability of two
nodes sharing a key is sufficiently high


Problem: once compromising a sufficient number of
nodes, attackers could reconstruct the entire pool and
break the scheme

Secrecy & Authentication


Cryptography


End
-
to
-
end cryptography


Provides high level of security, but requires that
keys be set up among all end points


Incompatible with passive participation and local
broadcast


Link
-
layer cryptography


Simplifies key setup


Supports passive participation and local
broadcast


Problem? Intermediate nodes can eavesdrop and
alter messages. Is this really a problem?

Cryptography Issues


Performance Costs


Extra computation


Could be reduced by additional hardware but this
increases node cost and will it really fix the problem?


Increases packet size


Recent research shows that most of the
performance overhead is attributable to increased
packet size, not additional computation


This limits how much dedicated cryptographic hardware
will help

Robustness to Denial of
Service


Adversaries can simply broadcast a high
-
energy signal or violate the 802.11 MAC
protocol to disrupt communication


Solutions?


Spread spectrum communication, but
cryptographically secure spread spectrum radios
are not commercially available


Automated defense, by simply routing around the
jammed portion of the network

Secure Routing


Current routing protocols suffer security
vulnerabilities


DOS attacks, packet injection, replay
attacks

Resilience to Node Capture


Sensor networks are highly susceptible


the compromise of a single node
usually compromises the entire network


This is more of a problem because
sensor networks often lack physical
security

Solutions to Node Capture


Physical solution


tamper resistant packaging


Software:


Create algorithms that use majority voting
schemes; send packets along multiple
independent paths and check for consistency


Gather redundant data and analyze for
consistency

Secure Group Management


Groups of nodes perform data aggregation
and analysis (tracking a moving object)


The group may change continuously and
quickly


Protocols are needed for admitting new
group members and supporting secure
communication with the group


Solutions conserve time and energy

Intrusion Detection


Classic intrusion detection is very
expensive in terms of memory, energy,
and bandwidth


To develop a solution, typical threat
models must be analyzed


Secure groups may be a possible
solution for decentralized intrusion
detection

Secure Data Aggregation


Tons of data can be collected from the
various nodes in the network


How do we aggregate the data so as to
reduce network traffic to the base
station?


Aggregation locations must be secured


Privacy


How do we prevent sensor networks
from being used to violate privacy?


Devices are becoming smaller, cheaper,
and more effective at surveillance


Solutions?


New laws, technological responses, and
awareness

Other Issues


What cryptographic algorithms are best
suited for use in sensor networks?


Public key cryptography? Too expensive!


DES/Triple DES


AES


RC5


We need something that fits the processing
and memory requirements of our nodes


Secure Sensor Network
Research


How can we build security into sensor
networks from the outset?


Advantages of sensor networks


Many applications will be deployed under
a single administrative domain


It may be possible to exploit redundancy,
scale, and physical characteristics