Security in Wireless

Security in Wireless
Sensor Networks

Perrig, Stankovic, Wagner

Jason Buckingham

CSCI 7143: Secure Sensor Networks

August 31, 2004

•
Introduction to sensor networks

•
Security Issues

–
Key establishment & setup

–
Secrecy & Authentication

–
Privacy

–
Robustness to DOS

–
Secure Routing

–
Resilience to node capture

–
Secure Group Management

–
Intrusion Detection

–
Secure Data Aggregation

–
Secure Sensor Network Research



Broad Range of Applications

•
Wildlife Monitoring

•
Machinery Performance

•
Building Safety

•
Military Applications

•
Health Monitoring

•
Countless other applications



Most applications require some level of security!

Traditional security cannot
be applied directly

•
Sensor device limitations

–
Power, Processing, and Communication

•
Nodes are often physically accessible,
allowing possible physical attacks

•
Sensor networks interact with their
environments and with people

Security Research Issues


•
These new problems present an
opportunity to properly address network
security

•
Security is NOT a standalone
component
–

it must be integrated into
every component

Key Establishment & Setup

•
Why not use existing protocols?

–
Public key cryptography has too much
system overhead for sensor networks

–
Key establishment techniques must scale
well to hundreds or thousands of nodes

–
Sensor nodes have different
communication needs

Key Establishment
-

Potential
Solutions

•
Establish a network wide shared key

–
Problem: if one node is compromised, the whole
network is compromised

•
Instead use shared symmetric keys between
each pair of nodes that are preconfigured

–
Problem: It doesn’t scale well!

•
For an
n

node network, each node must store
n
-
1 keys,
and
n

* (
n
–

1) / 2
total keys are needed.

•
Combine the above: use a network wide key
to establish link keys, then erase the
networkwide key.

–
Problem: New nodes cannot be added after initial
deployment


Key Establishment
-

Potential
Solutions (cont.)

•
Bootstrapping Keys

–
each node shares a single key with the base station
and the base station sets up keys between pairs.

–
Problem: requires a trusted base station that is the
central point of failure

•
Random Key Predistribution

–


–
choose a large pool of symmetric keys, and give each
node a random subset of the pool

–
not all nodes share a common key, but the network
will still be fully connected if the probability of two
nodes sharing a key is sufficiently high

–
Problem: once compromising a sufficient number of
nodes, attackers could reconstruct the entire pool and
break the scheme

Secrecy & Authentication
–

Cryptography

•
End
-
to
-
end cryptography

–
Provides high level of security, but requires that
keys be set up among all end points

–
Incompatible with passive participation and local
broadcast

•
Link
-
layer cryptography

–
Simplifies key setup

–
Supports passive participation and local
broadcast

–
Problem? Intermediate nodes can eavesdrop and
alter messages. Is this really a problem?

Cryptography Issues

•
Performance Costs

–
Extra computation

•
Could be reduced by additional hardware but this
increases node cost and will it really fix the problem?

–
Increases packet size

–
Recent research shows that most of the
performance overhead is attributable to increased
packet size, not additional computation

•
This limits how much dedicated cryptographic hardware
will help

Robustness to Denial of
Service

•
Adversaries can simply broadcast a high
-
energy signal or violate the 802.11 MAC
protocol to disrupt communication

•
Solutions?

–
Spread spectrum communication, but
cryptographically secure spread spectrum radios
are not commercially available

–
Automated defense, by simply routing around the
jammed portion of the network

Secure Routing

•
Current routing protocols suffer security
vulnerabilities

–
DOS attacks, packet injection, replay
attacks

Resilience to Node Capture

•
Sensor networks are highly susceptible
–

the compromise of a single node
usually compromises the entire network

•
This is more of a problem because
sensor networks often lack physical
security

Solutions to Node Capture

•
Physical solution

–
tamper resistant packaging

•
Software:

–
Create algorithms that use majority voting
schemes; send packets along multiple
independent paths and check for consistency

–
Gather redundant data and analyze for
consistency

Secure Group Management

•
Groups of nodes perform data aggregation
and analysis (tracking a moving object)

•
The group may change continuously and
quickly

•
Protocols are needed for admitting new
group members and supporting secure
communication with the group

•
Solutions conserve time and energy

Intrusion Detection

•
Classic intrusion detection is very
expensive in terms of memory, energy,
and bandwidth

•
To develop a solution, typical threat
models must be analyzed

•
Secure groups may be a possible
solution for decentralized intrusion
detection

Secure Data Aggregation

•
Tons of data can be collected from the
various nodes in the network

•
How do we aggregate the data so as to
reduce network traffic to the base
station?

•
Aggregation locations must be secured


Privacy

•
How do we prevent sensor networks
from being used to violate privacy?

–
Devices are becoming smaller, cheaper,
and more effective at surveillance

•
Solutions?

–
New laws, technological responses, and
awareness

Other Issues

•
What cryptographic algorithms are best
suited for use in sensor networks?

–
Public key cryptography? Too expensive!

–
DES/Triple DES

–
AES

–
RC5

•
We need something that fits the processing
and memory requirements of our nodes


Secure Sensor Network
Research

•
How can we build security into sensor
networks from the outset?

•
Advantages of sensor networks

–
Many applications will be deployed under
a single administrative domain

–
It may be possible to exploit redundancy,
scale, and physical characteristics