Security in Sensor Networks

•Overview of wireless sensor network•Security in Sensor Network

Sensor Node

Consists of sensing, data processing and communicating component. Randomly deployed in inaccessible terrain. Processes sensed (raw) data and transmits it. Characteristics

Rapid deployment Self-organization Fault tolerance

Berkeley Motes

Wireless Sensor

Mica Motes

Prototype Sensor developed by UC Berkley Processor 4 MHz Memory 128 Kb flash & 4 Kb RAM Radio 916 MHz and 40Kbits/sec Transmission range 100 feet Tiny OS operating system: small, open source and energy efficient

DeploySensors

Sensor Node Deployment

Application of Sensor Network

Battle ground surveillance Enemy movement

Environmental monitoring Habitat monitoring Forrest fire monitoring

Hospital Tracking system Tracking patients,drug administration

Sensor Network vs. Wireless ad-hoc network

Number of sensor nodes is much higher than nodes in ad hoc network. Sensor nodes are densely deployed. Topology changes frequently. Sensor nodes mainly use broadcasts as opposed to point-to-point used

by ad hoc network. Sensor nodes have limited power, computational capacities and

memory. No global addressing scheme for sensor nodes

Sensor node deployment

Sink

Internet & Satellite

Task manager Node

Sensor Network

Design Issues

Fault tolerance Scalability Production Cost Hardware Constraints Network Topology Environment Transmission media Power consumption

Protocol Stack

Application

Transport

Network

Data Link

Physical

POWERMANAGEMENTPLANE

MOBILITYMANAGEMENTPLANE

TASKMANAGEMENTPLANE

Dissection of Protocol

Physical Layer Frequency selection, carried frequency generation, signal detection,

modulation & data encryption (not always). Data Link Layer

Multiplexing data streams, data frame detection, medium access and error control.

MAC protocol in wireless multi-hop self-organizing sensor network must Creation of network infrastructure Efficiently share communication resources

Existing MAC protocols Cellular system

Nodes only single hop away from nearest base station. MAC layer provides high QoS and bandwidth efficiency. Power efficiency not an issue.

Bluetooth & mobile ad hoc network ( MANET ) Closest peer to sensor network. MAC protocol forms the network and maintains mobility. Primary goal is providing high QoS in face of mobility.

Sensor network Much larger nodes with transmission power ( ~0dBm ) Radio range is much less. Topology changes more frequent. Primary importance on power conservation renders cellular and MANET useless.

MAC for sensor Self organizing medium access control for sensor networks (SMACS) and Eavesdrop-and-

Register (EAR) algorithm SMACS is a distributed protocol which achieves network startup by neighbor discovery

and channel assignment. EAR protocol attempts to offer continuous service to nodes under mobile and static

conditions. CSMA based Medium Access

Traditional protocol is ineffective because of the assumption that traffic is stochastically distributed.

MAC protocol for sensor network should support periodic traffic. Hybrid TDMA/FDMA based

TDMA dedicates full bandwidth while FDMA allocates minimum Optimum number of channels is calculated for lowest power consumption.

MAC for sensors (Cont…)

Error control 2 different modes

Forward Error Control (FEC) Automatic Repeat Request (ARQ)

Both unsuitable for overhead (decoding complexity for FEC and retransmissions for ARQ)

Simple error control with low complexity encoding/decoding is desirable.

Research issues

SMACS and EAR are effective for static sensor networks. Improvement required for extensive mobility.

Determination of lower bounds on energy required for sensor network self-organization.

Error control coding schemes. Power saving modes of operation.

To prolong network activity nodes must enter into periods of reduced activity specially when running low on battery.

Network Layer

Mainly concerned with routing traffic Power efficiency important consideration. Sensor network mainly data-centric. Ideal sensor network has attribute-based addressing and location

awareness. Interconnecting with external network, command and control

system and Internet. Data aggregation

Solves overlap problem in data-centric routing. Method for combining the data coming from multiple sensor nodes

into meaningful information.

Routing protocols

Small Minimum Energy Communication Network Computes energy-efficient sub-network given a communication

network. Maintains minimum energy property such that there is a minimum

energy path in sub-graph for every pair of node. Flooding

Each node broadcasts the data until maximum hops or destination reached.

Not suitable because of implosion, overlap and resource blindness. Gossiping

Here node randomly picks up a neighbor and forwards the packet. Avoids implosions but takes longer time to route the packet.

Routing Protocols (Cont…)

Sensor protocol for information via negotiation (SPIN) Addresses deficiency of flooding by negotiation and resource adaptation. Based on data-centric routing where sensor nodes broadcast an

advertisement for available data and waits for request from interested nodes.

Sequential Assignment Routing (SAR) Creates multiple trees such that root is one hop away from sink. Each tree grows outwards avoiding nodes with low QoS and energy

reserves. Nodes belong to multiple trees and selects one tree to relay information

back to sink based on 2 parameters and priority level of the packet. Two parameters associated with each path

Energy resource Additive QoS metric

Routing Protocols (Cont…)

Low-Energy Adaptive Clustering Hierarchy Minimizes energy dissipation Two phases:

Setup Randomly selects clusterheads which communicates with

sink. Clusterheads broadcast their address and sensor nodes

pickup clusterheads based on signal strength of clusterheads.

Steady Begin sensing and transmitting data Clusterheads do data aggregation After sometime in this phase the network goes back in

setup phase.

Routing Protocols (Cont…)

Directed Diffusion Sink sends out interest ( task description ) to all sensor. Node stores interest entry which contains timestamp and several

gradient fields. As interest propagates in network the gradient from source to sink

is setup. Sink must refresh and reinforce the interest when it starts to receive

data from the source.

Research Issue

New improved protocol to address high topology changes and higher scalability.

Transport Layer

Needed when the system is accessed through internet or external network.

Clearly TCP is not suitable. Communication between user and sink can be done using TCP

or UDP via internet or satellite Between sink and nodes can be done using UDP.

Research Issues

Development of transport layer protocol considering the hardware constraints such as limited power & memory.

Application Layer

Sensor Management Protocol Sysadmin can interact using SMP. Nodes have no global addressing and so SMP needs to access

them using attribute based naming. SMP can be used to carry out tasks such as

Introducing new rules to data aggregation. Exchanging data Moving sensors Turning sensor on and off. Authentication, key distribution and security in data

communication. Reconfiguring the sensor nodes.

Research Issues

Application layer protocol needs to be developed with basic functionalities of monitoring the sensor network and high level functions such as interest dissemination.

Dissection of Protocol (Cont…)

Power management plane efficiently manages the power usage of sensor nodes.

Mobility planes detects and registers the movement ..so remembers the route back to a user and keep track of neighbors.

Task management plane balances and schedules the sensing task given to a specific region.

Why security?

Protecting confidentiality,integrity and availability of communications.

Conventional view of security from cryptography community: cryptographically unbreakable design in practical sense

Vulnerable to sniffing due to broadcast nature of communication.

Physical threat.

How is Security Different?

Wireless Sensor networks have NO clear line of defense Each node is a host as well as a “router” Secure Network/service “infrastructure” has to be collaboratively established

Wireless channel is easily accessible by both good citizens and attackers

Resource Constraints

- battery

- cpu power

- memory

Incomplete List of Challenges Resource-Efficient Secure Network Services

Network Initialization, single/multihop neighbor discovery Multihop path establishment & Routing Supporting application services

Cryptographic services Broadcast authentication Key management

Security mechanisms for fundamental services Clock synchronization Secure location discovery and verification of claims Location privacy Secure aggregation and in-network processing Cluster formation/cluster head election

• Battery Power Constraints– Computational Energy Consumption

• Crypto algorithms• Public key vs. Symmetric key

– Communications Energy Consumption• Exchange of keys, certificates, etc.• Per-message additions (padding, signatures, authentication tags)

Sensor Node Constraints

• Public Key Cryptography• Slow

– 1000 times slower than symmetric encryption

• Hardware is complicated

• Energy consumption is high

Processor Energy Consumption (mJ/Kb)

RSA/E/V RSA/D/S AES

MIPS R4000 0.81 16.7 0.00115

MC68328 42 840 0.0130

Sensor Node Constraints (Cont…)

Related Work

Security Aware Ad hoc Routing (SAR) Uses trust values of nodes to do secure routing Employ route discovery protocol where nodes with security metric

equivalent to sender receiver participate. Based on Bell-La Confidentiality model.

SPINS Comprises of SNEP & Mu-TESLA. SNEP provides confidentiality, integrity and freshness. Mu-TESLA provides authentication to data broadcasts. Each node shares a master key with base station and also a

counter which is used as an input to RC5 to get encryption key. Mu-TESLA uses symmetric mechanisms with a delayed disclosure

of keys achieving asymmetry in digital signature.

Related Work (Cont…)

Key Management Problem Trusted server scheme

Finding trusted server is difficult. Public key scheme

Expensive and infeasible for sensors Key Pre-distribution schemes

Loading keys into sensor prior to deployment. Two nodes should find a common key after deployment.

Key Pre-Distribution scheme

Master key approach Memory efficient but low security Requires tamper resistant hardware.

Pair-wise key approach (N-1) keys for each node Security perfect but memory is an issue. New nodes cannot be added.

Each noderandomly selects m keys

AB E

Key Pool S

DC

• When |S| = 10,000, m=75Pr (two nodes have a common key) = 0.50

Eschenauer-Gligor Scheme

Eschenauer-Gligor Scheme (Cont…)

A

C

B

Conclusion

The low cost,flexibility,fault tolerance,high sensing fidelity and rapid deployment makes way for new applications on remote sensing.

Realization needs to satisfy the constraints such as scalability,topology changes, power consumption, environment etc.

New wireless ad hoc networking techniques are required to overcome this contraints.