Security in Sensor Networks

slurpslapoutΔίκτυα και Επικοινωνίες

20 Νοε 2013 (πριν από 3 χρόνια και 6 μήνες)

79 εμφανίσεις

Security in Sensor Networks


Overview of wireless sensor network


Security in Sensor Network


Sensor Node


Consists of sensing, data processing and communicating component.


Randomly deployed in inaccessible terrain.


Processes sensed (raw) data and transmits it.


Characteristics


Rapid deployment


Self
-
organization


Fault tolerance

Berkeley Motes

Wireless Sensor

Mica Motes


Prototype Sensor developed by UC Berkley


Processor 4 MHz


Memory 128 Kb flash & 4 Kb RAM


Radio 916 MHz and 40Kbits/sec


Transmission range 100 feet


Tiny OS operating system: small, open source and energy efficient

Deploy

Sensors

Sensor Node Deployment

Application of Sensor Network



Battle ground surveillance


Enemy movement


Environmental monitoring


Habitat monitoring


Forrest fire monitoring


Hospital Tracking system


Tracking patients,drug administration

Sensor Network vs. Wireless ad
-
hoc
network


Number of sensor nodes is much higher than nodes in ad hoc network.


Sensor nodes are densely deployed.


Topology changes frequently.


Sensor nodes mainly use broadcasts as opposed to point
-
to
-
point used
by ad hoc network.


Sensor nodes have limited power, computational capacities and
memory.


No global addressing scheme for sensor nodes

Sensor node deployment

Sink

Internet &
Satellite

Task manager
Node

Sensor
Network

Design Issues


Fault tolerance


Scalability


Production Cost


Hardware Constraints


Network Topology


Environment


Transmission media


Power consumption


Protocol Stack

Application

Transport

Network

Data Link

Physical

P

O

W

E

R

M

A

N

A

G

E

M

E

N

T

P

L

A

N

E


M

O

B

I

L

I

T

Y

M

A

N

A

G

E

M

E

N

T

P

L

A

N

E

T

A

S

K

M

A

N

A

G

E

M

E

N

T

P

L

A

N

E


Dissection of Protocol


Physical Layer


Frequency selection, carried frequency generation, signal detection,
modulation & data encryption (not always).


Data Link Layer


Multiplexing data streams, data frame detection, medium access and error
control.


MAC protocol in wireless multi
-
hop self
-
organizing sensor network must


Creation of network infrastructure


Efficiently share communication resources





Existing MAC protocols


Cellular system


Nodes only single hop away from nearest base station.


MAC layer provides high QoS and bandwidth efficiency.


Power efficiency not an issue.


Bluetooth & mobile ad hoc network ( MANET )


Closest peer to sensor network.


MAC protocol forms the network and maintains mobility.


Primary goal is providing high QoS in face of mobility.


Sensor network


Much larger nodes with transmission power ( ~0dBm )


Radio range is much less.


Topology changes more frequent.


Primary importance on power conservation renders cellular and MANET useless.






MAC for sensor


Self organizing medium access control for sensor networks (SMACS) and Eavesdrop
-
and
-
Register (EAR) algorithm


SMACS is a distributed protocol which achieves network startup by neighbor discovery
and channel assignment.


EAR protocol attempts to offer continuous service to nodes under mobile and static
conditions.


CSMA based Medium Access


Traditional protocol is ineffective because of the assumption that traffic is stochastically
distributed.


MAC protocol for sensor network should support periodic traffic.


Hybrid TDMA/FDMA based


TDMA dedicates full bandwidth while FDMA allocates minimum


Optimum number of channels is calculated for lowest power consumption.


MAC for sensors (Cont…)


Error control


2 different modes


Forward Error Control (FEC)


Automatic Repeat Request (ARQ)


Both unsuitable for overhead (decoding complexity for FEC and
retransmissions for ARQ)


Simple error control with low complexity encoding/decoding is
desirable.

Research issues



SMACS and EAR are effective for static sensor networks.
Improvement required for extensive mobility.


Determination of lower bounds on energy required for sensor
network self
-
organization.


Error control coding schemes.


Power saving modes of operation.


To prolong network activity nodes must enter into periods of
reduced activity specially when running low on battery.

Network Layer


Mainly concerned with routing traffic


Power efficiency important consideration.


Sensor network mainly data
-
centric.


Ideal sensor network has attribute
-
based addressing and location
awareness.


Interconnecting with external network, command and control
system and Internet.


Data aggregation


Solves overlap problem in data
-
centric routing.


Method for combining the data coming from multiple sensor nodes
into meaningful information.

Routing protocols


Small Minimum Energy Communication Network


Computes energy
-
efficient sub
-
network given a communication
network.


Maintains minimum energy property such that there is a minimum
energy path in sub
-
graph for every pair of node.


Flooding


Each node broadcasts the data until maximum hops or destination
reached.


Not suitable because of implosion, overlap and resource blindness.


Gossiping


Here node randomly picks up a neighbor and forwards the packet.


Avoids implosions but takes longer time to route the packet.


Routing Protocols (Cont…)


Sensor protocol for information via negotiation (SPIN)


Addresses deficiency of flooding by negotiation and resource adaptation.


Based on data
-
centric routing where sensor nodes broadcast an
advertisement for available data and waits for request from interested
nodes.


Sequential Assignment Routing (SAR)


Creates multiple trees such that root is one hop away from sink.


Each tree grows outwards avoiding nodes with low QoS and energy
reserves.


Nodes belong to multiple trees and selects one tree to relay information
back to sink based on 2 parameters and priority level of the packet.


Two parameters associated with each path


Energy resource


Additive QoS metric

Routing Protocols (Cont…)


Low
-
Energy Adaptive Clustering Hierarchy


Minimizes energy dissipation


Two phases:


Setup


Randomly selects clusterheads which communicates with
sink.


Clusterheads broadcast their address and sensor nodes
pickup clusterheads based on signal strength of
clusterheads.


Steady


Begin sensing and transmitting data


Clusterheads do data aggregation


After sometime in this phase the network goes back in
setup phase.




Routing Protocols (Cont…)



Directed Diffusion


Sink sends out interest ( task description ) to all sensor.


Node stores interest entry which contains timestamp and several
gradient fields.


As interest propagates in network the gradient from source to sink
is setup.


Sink must refresh and reinforce the interest when it starts to receive
data from the source.



Research Issue


New improved protocol to address high topology changes and
higher scalability.

Transport Layer


Needed when the system is accessed through internet or
external network.


Clearly TCP is not suitable.


Communication between user and sink can be done using TCP
or UDP via internet or satellite


Between sink and nodes can be done using UDP.


Research Issues


Development of transport layer protocol considering the
hardware constraints such as limited power & memory.

Application Layer


Sensor Management Protocol


Sysadmin can interact using SMP.


Nodes have no global addressing and so SMP needs to access
them using attribute based naming.


SMP can be used to carry out tasks such as


Introducing new rules to data aggregation.


Exchanging data


Moving sensors


Turning sensor on and off.


Authentication, key distribution and security in data
communication.


Reconfiguring the sensor nodes.

Research Issues


Application layer protocol needs to be developed with basic
functionalities of monitoring the sensor network and high level functions
such as interest dissemination.

Dissection of Protocol (Cont…)


Power management plane efficiently manages the power usage
of sensor nodes.


Mobility planes detects and registers the movement ..so
remembers the route back to a user and keep track of
neighbors.


Task management plane balances and schedules the sensing
task given to a specific region.

Why security?


Protecting confidentiality,integrity and availability of
communications.


Conventional view of security from cryptography community:
cryptographically unbreakable design in practical sense


Vulnerable to sniffing due to broadcast nature of
communication.


Physical threat.

How is Security Different?


Wireless Sensor networks have NO clear line of defense


Each node is a host as well as a “router”


Secure Network/service “infrastructure” has to be collaboratively established


Wireless channel is easily accessible by both good citizens
and attackers


Resource Constraints


-

battery


-

cpu power


-

memory

Incomplete List of Challenges


Resource
-
Efficient Secure Network Services


Network Initialization, single/multihop neighbor discovery


Multihop path establishment & Routing


Supporting application services


Cryptographic services


Broadcast authentication


Key management


Security mechanisms for fundamental services


Clock synchronization


Secure location discovery and verification of claims


Location privacy


Secure aggregation and in
-
network processing


Cluster formation/cluster head election




Battery Power Constraints


Computational Energy Consumption


Crypto algorithms


Public key vs.
Symmetric key


Communications Energy Consumption


Exchange of keys, certificates, etc.


Per
-
message additions (padding, signatures, authentication tags)

Sensor Node Constraints


Public Key Cryptography


Slow


1000 times slower than symmetric encryption


Hardware is complicated


Energy consumption is high

Processor

Energy Consumption (mJ/Kb)

RSA/E/V

RSA/D/S

AES

MIPS R4000

0.81

16.7

0.00115

MC68328

42

840

0.0130

Sensor Node Constraints (Cont…)

Related Work


Security Aware Ad hoc Routing (SAR)


Uses trust values of nodes to do secure routing


Employ route discovery protocol where nodes with security metric
equivalent to sender receiver participate.


Based on Bell
-
La Confidentiality model.


SPINS


Comprises of SNEP & Mu
-
TESLA.


SNEP provides confidentiality, integrity and freshness.


Mu
-
TESLA provides authentication to data broadcasts.


Each node shares a master key with base station and also a
counter which is used as an input to RC5 to get encryption key.


Mu
-
TESLA uses symmetric mechanisms with a delayed disclosure
of keys achieving asymmetry in digital signature.

Related Work (Cont…)


Key Management Problem


Trusted server scheme


Finding trusted server is difficult.


Public key scheme


Expensive and infeasible for sensors


Key Pre
-
distribution schemes


Loading keys into sensor prior to deployment.


Two nodes should find a common key after deployment.

Key Pre
-
Distribution scheme


Master key approach


Memory efficient but low security


Requires tamper resistant hardware.


Pair
-
wise key approach


(N
-
1) keys for each node


Security perfect but memory is an issue.


New nodes cannot be added.


Each node

randomly

selects m

keys

A

B

E

Key Pool



S

D

C


When

|S| = 10,000, m=75

Pr
(two nodes have a common key) =

0.50


Eschenauer
-
Gligor Scheme

Eschenauer
-
Gligor Scheme (Cont…)

A

C

B

Conclusion


The low cost,flexibility,fault tolerance,high sensing fidelity and
rapid deployment makes way for new applications on remote
sensing.


Realization needs to satisfy the constraints such as
scalability,topology changes, power consumption, environment
etc.


New wireless ad hoc networking techniques are required to
overcome this contraints.