security in sensor networks overview of wireless sensor network security in sensor network
TRANSCRIPT
Security in Sensor Networks
•Overview of wireless sensor network•Security in Sensor Network
Sensor Node
Consists of sensing, data processing and communicating component. Randomly deployed in inaccessible terrain. Processes sensed (raw) data and transmits it. Characteristics
Rapid deployment Self-organization Fault tolerance
Berkeley Motes
Wireless Sensor
Mica Motes
Prototype Sensor developed by UC Berkley Processor 4 MHz Memory 128 Kb flash & 4 Kb RAM Radio 916 MHz and 40Kbits/sec Transmission range 100 feet Tiny OS operating system: small, open source and energy efficient
DeploySensors
Sensor Node Deployment
Application of Sensor Network
Battle ground surveillance Enemy movement
Environmental monitoring Habitat monitoring Forrest fire monitoring
Hospital Tracking system Tracking patients,drug administration
Sensor Network vs. Wireless ad-hoc network
Number of sensor nodes is much higher than nodes in ad hoc network. Sensor nodes are densely deployed. Topology changes frequently. Sensor nodes mainly use broadcasts as opposed to point-to-point used
by ad hoc network. Sensor nodes have limited power, computational capacities and
memory. No global addressing scheme for sensor nodes
Sensor node deployment
Sink
Internet & Satellite
Task manager Node
Sensor Network
Design Issues
Fault tolerance Scalability Production Cost Hardware Constraints Network Topology Environment Transmission media Power consumption
Protocol Stack
Application
Transport
Network
Data Link
Physical
POWERMANAGEMENTPLANE
MOBILITYMANAGEMENTPLANE
TASKMANAGEMENTPLANE
Dissection of Protocol
Physical Layer Frequency selection, carried frequency generation, signal detection,
modulation & data encryption (not always). Data Link Layer
Multiplexing data streams, data frame detection, medium access and error control.
MAC protocol in wireless multi-hop self-organizing sensor network must Creation of network infrastructure Efficiently share communication resources
Existing MAC protocols Cellular system
Nodes only single hop away from nearest base station. MAC layer provides high QoS and bandwidth efficiency. Power efficiency not an issue.
Bluetooth & mobile ad hoc network ( MANET ) Closest peer to sensor network. MAC protocol forms the network and maintains mobility. Primary goal is providing high QoS in face of mobility.
Sensor network Much larger nodes with transmission power ( ~0dBm ) Radio range is much less. Topology changes more frequent. Primary importance on power conservation renders cellular and MANET useless.
MAC for sensor Self organizing medium access control for sensor networks (SMACS) and Eavesdrop-and-
Register (EAR) algorithm SMACS is a distributed protocol which achieves network startup by neighbor discovery
and channel assignment. EAR protocol attempts to offer continuous service to nodes under mobile and static
conditions. CSMA based Medium Access
Traditional protocol is ineffective because of the assumption that traffic is stochastically distributed.
MAC protocol for sensor network should support periodic traffic. Hybrid TDMA/FDMA based
TDMA dedicates full bandwidth while FDMA allocates minimum Optimum number of channels is calculated for lowest power consumption.
MAC for sensors (Cont…)
Error control 2 different modes
Forward Error Control (FEC) Automatic Repeat Request (ARQ)
Both unsuitable for overhead (decoding complexity for FEC and retransmissions for ARQ)
Simple error control with low complexity encoding/decoding is desirable.
Research issues
SMACS and EAR are effective for static sensor networks. Improvement required for extensive mobility.
Determination of lower bounds on energy required for sensor network self-organization.
Error control coding schemes. Power saving modes of operation.
To prolong network activity nodes must enter into periods of reduced activity specially when running low on battery.
Network Layer
Mainly concerned with routing traffic Power efficiency important consideration. Sensor network mainly data-centric. Ideal sensor network has attribute-based addressing and location
awareness. Interconnecting with external network, command and control
system and Internet. Data aggregation
Solves overlap problem in data-centric routing. Method for combining the data coming from multiple sensor nodes
into meaningful information.
Routing protocols
Small Minimum Energy Communication Network Computes energy-efficient sub-network given a communication
network. Maintains minimum energy property such that there is a minimum
energy path in sub-graph for every pair of node. Flooding
Each node broadcasts the data until maximum hops or destination reached.
Not suitable because of implosion, overlap and resource blindness. Gossiping
Here node randomly picks up a neighbor and forwards the packet. Avoids implosions but takes longer time to route the packet.
Routing Protocols (Cont…)
Sensor protocol for information via negotiation (SPIN) Addresses deficiency of flooding by negotiation and resource adaptation. Based on data-centric routing where sensor nodes broadcast an
advertisement for available data and waits for request from interested nodes.
Sequential Assignment Routing (SAR) Creates multiple trees such that root is one hop away from sink. Each tree grows outwards avoiding nodes with low QoS and energy
reserves. Nodes belong to multiple trees and selects one tree to relay information
back to sink based on 2 parameters and priority level of the packet. Two parameters associated with each path
Energy resource Additive QoS metric
Routing Protocols (Cont…)
Low-Energy Adaptive Clustering Hierarchy Minimizes energy dissipation Two phases:
Setup Randomly selects clusterheads which communicates with
sink. Clusterheads broadcast their address and sensor nodes
pickup clusterheads based on signal strength of clusterheads.
Steady Begin sensing and transmitting data Clusterheads do data aggregation After sometime in this phase the network goes back in
setup phase.
Routing Protocols (Cont…)
Directed Diffusion Sink sends out interest ( task description ) to all sensor. Node stores interest entry which contains timestamp and several
gradient fields. As interest propagates in network the gradient from source to sink
is setup. Sink must refresh and reinforce the interest when it starts to receive
data from the source.
Research Issue
New improved protocol to address high topology changes and higher scalability.
Transport Layer
Needed when the system is accessed through internet or external network.
Clearly TCP is not suitable. Communication between user and sink can be done using TCP
or UDP via internet or satellite Between sink and nodes can be done using UDP.
Research Issues
Development of transport layer protocol considering the hardware constraints such as limited power & memory.
Application Layer
Sensor Management Protocol Sysadmin can interact using SMP. Nodes have no global addressing and so SMP needs to access
them using attribute based naming. SMP can be used to carry out tasks such as
Introducing new rules to data aggregation. Exchanging data Moving sensors Turning sensor on and off. Authentication, key distribution and security in data
communication. Reconfiguring the sensor nodes.
Research Issues
Application layer protocol needs to be developed with basic functionalities of monitoring the sensor network and high level functions such as interest dissemination.
Dissection of Protocol (Cont…)
Power management plane efficiently manages the power usage of sensor nodes.
Mobility planes detects and registers the movement ..so remembers the route back to a user and keep track of neighbors.
Task management plane balances and schedules the sensing task given to a specific region.
Why security?
Protecting confidentiality,integrity and availability of communications.
Conventional view of security from cryptography community: cryptographically unbreakable design in practical sense
Vulnerable to sniffing due to broadcast nature of communication.
Physical threat.
How is Security Different?
Wireless Sensor networks have NO clear line of defense Each node is a host as well as a “router” Secure Network/service “infrastructure” has to be collaboratively established
Wireless channel is easily accessible by both good citizens and attackers
Resource Constraints
- battery
- cpu power
- memory
Incomplete List of Challenges Resource-Efficient Secure Network Services
Network Initialization, single/multihop neighbor discovery Multihop path establishment & Routing Supporting application services
Cryptographic services Broadcast authentication Key management
Security mechanisms for fundamental services Clock synchronization Secure location discovery and verification of claims Location privacy Secure aggregation and in-network processing Cluster formation/cluster head election
• Battery Power Constraints– Computational Energy Consumption
• Crypto algorithms• Public key vs. Symmetric key
– Communications Energy Consumption• Exchange of keys, certificates, etc.• Per-message additions (padding, signatures, authentication tags)
Sensor Node Constraints
• Public Key Cryptography• Slow
– 1000 times slower than symmetric encryption
• Hardware is complicated
• Energy consumption is high
Processor Energy Consumption (mJ/Kb)
RSA/E/V RSA/D/S AES
MIPS R4000 0.81 16.7 0.00115
MC68328 42 840 0.0130
Sensor Node Constraints (Cont…)
Related Work
Security Aware Ad hoc Routing (SAR) Uses trust values of nodes to do secure routing Employ route discovery protocol where nodes with security metric
equivalent to sender receiver participate. Based on Bell-La Confidentiality model.
SPINS Comprises of SNEP & Mu-TESLA. SNEP provides confidentiality, integrity and freshness. Mu-TESLA provides authentication to data broadcasts. Each node shares a master key with base station and also a
counter which is used as an input to RC5 to get encryption key. Mu-TESLA uses symmetric mechanisms with a delayed disclosure
of keys achieving asymmetry in digital signature.
Related Work (Cont…)
Key Management Problem Trusted server scheme
Finding trusted server is difficult. Public key scheme
Expensive and infeasible for sensors Key Pre-distribution schemes
Loading keys into sensor prior to deployment. Two nodes should find a common key after deployment.
Key Pre-Distribution scheme
Master key approach Memory efficient but low security Requires tamper resistant hardware.
Pair-wise key approach (N-1) keys for each node Security perfect but memory is an issue. New nodes cannot be added.
Each noderandomly selects m keys
AB E
Key Pool S
DC
• When |S| = 10,000, m=75Pr (two nodes have a common key) = 0.50
Eschenauer-Gligor Scheme
Eschenauer-Gligor Scheme (Cont…)
A
C
B
Conclusion
The low cost,flexibility,fault tolerance,high sensing fidelity and rapid deployment makes way for new applications on remote sensing.
Realization needs to satisfy the constraints such as scalability,topology changes, power consumption, environment etc.
New wireless ad hoc networking techniques are required to overcome this contraints.