S ecurity I N W IRELESS S ENSOR N ETWORKS Prepared by: Ahmed EzzEldin
W hy ? WSNs relay important data from the sources to where decision can be made accordingly. WSNs are used in extremely important applications, thus need to ensure: – Data Confidentiality and Integrity. – Data Freshness. – Authorization and Authentication. But for the unique characteristics of WSNs, we are in need to special security protocols.
But WSNs are characterized to be: – Limited resources. – Wireless medium. – No infrastructure. – Multi-hop routing. – Node mobility. The traditional security protocols can not suit well to WSNs. We are in need to special security protocols.
The Famous Attacks on WSNs Security attacks are either Passive or Active. Passive: adversaries do not make any emissions, are mainly against data confidentiality. – Eavesdropping – Traffic analysis types Active: malicious acts are carried out not only against data confidentiality but also data integrity (can be detected).
Active Attacks: Physically compromising the node: – Disassemble to extract all secure materials. – Use it to as fake node within the population. – Tamper proof solution is expensive to low-cost WSNs. Selective forwarding: – WSNs are Multi-hop fashioned networks. – Faithful nodes forward received packets. – Compromised node might just drop packets, however neighbors will use another route – More dangerous if this node forwards selected packets !
Acknowledgment spoofing: – Some routing protocols use acknowledgments. – Attacker may spoof acks to convince that: Weak link is strong. Dead node is alive. – Consequently these weak links may be selected for routing, leads to either lose or corrupt the packets sent through. HELLO flood attack: – Some routing protocols require nodes to broadcast HELLO packets after deployment, for neighbor discovery. – malicious more powerful nodes can broadcast HELLO messages advertising high-quality route to sink
Thus …. link verification and node authentication can be verified by using Key Management Techniques
K ey M anagement Techniques “Pairwise key establishment”: fundamental security service allowing nodes to communicate in cryptographic way. Due to limited resources we can't use any of: -Public-Key-Cryptography -Key-Distribution-Center used in traditional networks. Instead, we use Key Pre(before deployment)-schemes
K ey P re-distribution S chemes Symmetric-key schemes: Single key for encryption and decryption. 1-Unique Random key. 2-Networkwide shared key. 3-Probabilistic key pre-distribution. 4-Polynomial based key pre-distribution. Public-key schemes: Singly key for encryption, while another one for decryption. 1-Reza Scheme. 2-VEGK Scheme.
Symmetric-key schemes: Unique Random Key: 1.Each node is assigned unique random key. 2.To communicate with any node, must use its key. 3.Introduces huge storage overhead: network of n nodes, each must store (n-1) keys. Networkwide Shared Key: Master key used by all nodes, but single node compromise is disaster. Variant, establish link keys with neighbors then erase the master key. Does not allow new nodes to be deployed.
Probabilistic Key Pre-distribution 1.Setup server generates large pool of random keys each is with unique ID. 2.Each node randomly picks subset of keys and their Ids. 3.Two nodes can communicate only if they share a common key. 4.After deployment, each sends list of its keys’ IDs, then use the common keys. If don't have a common key.... need to find number of other nodes to help establish a session key ( called path key ).
This technique: 1.Needs less memory. 2.Can guarantee a high probability of sharing common keys. But compromising small number of nodes discloses a large fraction of keys, as single key may be shared by more than two nodes. For more security, q-composite scheme proposes that two nodes setup key only if they share at least q-common keys.
Polynomial key Pre-distribution Setup server randomly generates a bivariate t-degree polynomial, where f(x,y)=f(y,x). For node with id i, setup server will compute polynomial share of f(i,y) to be pre-loaded for node i. Nodes i and j compute common key f(i,j) as follows: i evaluates f(i,y) at j gets f(i,j) j evaluates f(j,y) at i gets f(j,i) Features: Complex mathematical operations and storage overhead. No communication overhead, as only need the other node’s id.
Elliptic Curve Cryptography is light weight Public Key Cryptography suitable for WSNs
E lliptic C urve Cryptography Reza Scheme: Targets heterogeneous WSNs: nodes, gateways and base-station. Gateways are powerful in terms of energy, computation and memory. Before deployment, server generates and pre-loads ECC keys into sensor and gateways as follows:
Sensor node is pre-loaded with: Unique id. Its own public and private keys. Public key of all gateways in the network. Gateway is pre-loaded with: Unique id. Its own public and private keys. Public key of the base station. public key of all sensor nodes in the network. Sensor nodes are randomly deployed, while Gateways are deployed such that each node can hear form at least one gateway.
Each gateway broadcasts encrypted message with its private key, to all nodes. Each node: 1.Verify the message using the public key of the gateway. 2.Select its neighbor gateway based on Signal-to-Noise-Ratio. Each node can send a session-key request to the gateway with list of its neighbors. Gateway sends the requested key, encrypted with the node’s public key.
This protocol: o Static membership for nodes. o Nodes are tamper proofed which is costly to be considered. o Nodes with high or low power level must store set of ECC keys of other nodes in the whole network. Adversary is unable to impersonate node’s identity except by capturing it. Capturing node: Reveals Its public and private keys. Reveals Pubic key of all gateways. Capturing node reveals does not effect the security of the rest nodes, as no reveal for their private keys.
Virtual ECC Group Key Hierarchical structure of nodes prolong the lifetime. LEACH, the most famous algorithm, balances energy drainage among nodes by randomly rotating CH membership. LEACH toggles between 2 phases, Setup and Steady state. VEGK is a security framework merging ECC with symmetric pairwise keys while making use of clustering for energy saving. * Low-Energy Adaptive Clustering Hierarchy (LEACH)
VEGK Phases Phase 1 “Pre-deployment Key Distribution”: The network is divided into k virtual groups, with G id as identifier. Each group is assigned ECC public and private key. Each node is randomly assigned to a single group regardless its positions in the field. Consequently, each node is pre-loaded with: – The corresponding group identifier G id. – Its private keys – The public keys of all of the k groups. – Unique identifier – ECC private key and public key pair. Nodes can run ECDSA for authenticity checking. * ECDSA :Elliptic Curve Digital Signature Algorithm Group related Node related
Phase 2 “Neighbors Discovery”: Each node broadcasts a message with low power level L to be heard by small number of neighbors. All other nodes within the range: – Decrypt using the corresponding group public key. – Save the id and public key for future communication.
Phase 3 “Cluster Head Announcement”: During setup-phase, all nodes capable to operate as CHs, announce themselves as CHs to their neighbors with low power level L. The node might select its potential CH based on one or more criteria. Not CHs Nodes can safely delete its group’s private key and still can communicate with new nodes.
Phase 4 “CHs Tree Construction”: Tree rooted at the BS is constructed to guarantee the network connectivity and to ensure security. Any selected CH joins the tree by a Join-Tree-Request message, sent with power level R (greater than L). CHs decrypt, save and verify messages heard with no reply.
BS hears from the closest CHs, saves their ids and verifies them. The BS replies with Accept- (Reject)-Tree-Joining message. The Accept consists of “1 st level” notification, session key and f(Nonce) encrypted using node’s public key of the received identifier. The first level CHs, reply to all previously saved CHs, with “2 nd level” notification, session key and f(Nonce) encrypted using node’s public key of the received identifier.
This process is repeated till a tree of CHs is constructed. To avoid looping, any CH must have one parent CH and any CHs as children. CHs can safely delete its group’s private key and still can communicate with new nodes by the public key of the corresponding group.
Phase 5 “Clusters Formation”: To form the clusters, each CH sends Join-Me request to all of its neighbors with power level L, encrypted by its private key. The node replies to the CH with Join-Accept message encrypted by the public key of the CH. Extra message (S-Key message) is transmitted from the CH to each, for session key and time slot identifier.
Attach scenarios ! Attacker with no signed public/private key pair of any group, will be discarded from the first phase by using ECDSA. Assume he got at least single group key pair and does not have signed private/public for his own usage, will be discarded from the first phase using ECDSA. Assume he faked tree level indicator without being aware of the nonce function used, will be discarded in the last phase for the incorrect value of the calculated nonce.
This protocol: o No Static membership for nodes, as no node is CH for its whole life. o No tamper proof needed, as for the random rotation of CH membership, the adversary faces difficulties in identifying the CHs. o No need to store set of ECC keys of other nodes in the whole network in each node, as each node saves only the ECC keys of its neighbors. o VEGK allows scalability by adding new nodes.
ECC Security Analysis This hybrid method supports: – Data confidentiality. – Integrity. – Node authentication. Public key cryptography prevents a huge set of famous attacks, in addition of the replay attack using nonce. Capturing node does not affect the security of the rest of the nodes as no reveal for their private keys.
Thanks ! Any Questions ?
R eferences “A Key Management Scheme for Cluster Based Wireless Sensor Networks” 2008 IEEE/IFIP International Conference. “Security in wireless sensor networks” communication of the ACM june 2004/Vol 47. “Security for wireless sensor networks” Advances in information security springer. “Analyzing the Key Distribution from Security Attacks in Wireless Sensor” Piya Techateerawat and Andrew Jennings. “Secure Clustering and symmetric key establishment in heterogeneous wireless sensor newtorks” Research article Reza Azarderskhsh and Arash reyhani. “Cryptography and Security in Wireless Sensor Networks” Pyrgelis Apostolos, University of Patras. “Security and Privacy in Sensor Networks” Haowen Chan and Adrian Perrig, Carnegie Mellon University. “VEGK: Virtual ECC Group Key for Wireless Sensor Networks”, ICNC’13, Ahmed E. El-Din, Rabie A. Ramadan and Magda B. Fayek.