1 Security and Privacy in Sensor Networks: Research Challenges Radha Poovendran University of Washington

2 Outline Panda-Hunter Game Sensor Network Security How is it different? Incomplete List of challenges Problem #1- Problem #5

3 Panda-Hunter Game Model A generic asset monitoring sensor network application Panda-Hunter Game:  Sensor Network monitors Panda  Hunter observes Panda_Here messages and go after Panda Panda’s Challenge  Want Location Privacy Hunter’s Challenge  Want valid message  Want the network to work reliably  Detect any faulty or compromised sensor Both need different services Data Sink Sensor Node

4 Sensor Network Security What do we mean by sensor network security?  Conventional view of security from cryptography community: cryptographically unbreakable design in practical sense  Network Reality: very few security breaches in practice are to exploit flaws in cryptographic algorithms; side channel attacks Malicious versus selfish (DoS vs. resource gobbler) Security v.s. robustness, fault tolerance, resiliency Security is not a black/white world, it is progressive We must secure entire networked system, not just an individual component Solutions must be robust/adapt to new threats as much as possible

5 How is it Different? Wireless Sensor networks have NO clear line of defense  Each node is a host as well as a “router”  Security solutions in wired or cellular networks may leverage the networking infrastructure  Secure Network/service “infrastructure” has to be collaboratively established Wireless channel is easily accessible by both good citizens and attackers Resource constraints on portable devices  Energy, computation, memory, etc.  Some devices may be compromised  Heterogeneity prevents a single security solution

6 BN RN BN RN Processing Capabilities Network Granularity Capability-based Abstraction A B Capability based Abstraction of a Heterogeneous Network BN-Backbone node RN-Regular Node

7 Incomplete List of Challenges Resource-Efficient Secure Network Services  Network Initialization, single/multihop neighbor discovery  Multihop path establishment & Routing  Supporting application services Cryptographic services  Broadcast authentication  Key management Security mechanisms for fundamental services  Clock synchronization  Secure location discovery and verification of claims  Location privacy  Secure aggregation and in-network processing  Cluster formation/cluster head election  Middleware (will not discuss further)

8 Incomplete List of Challenges Modeling vulnerabilities  VERY POOR state of understanding  Needed by services and applications Cross-layer design techniques  Routing/location-aware protocols that are also robust!  Incorporating semantics such as geometry, radio model and range for context-based security  Functionality instead of optimality

9 Problem #1: Robust Designs Attacks and compromise of network are reality  Misconfiguration cannot be fully eliminated  Maybe we can never enumerate  Software bugs are #1 cause for all possible attacks  Not every device can implement maximum-strength solutions Shift from prevention to tolerance  Building trustworthy system out of untrustworthy components  Ability to detect, and function, even in the presence of problems  Similar analogy to IP building reliable system out of unreliable components  How? Can be application specific

10 Problem #2: Adaptive Security Adaptation to handle many dimensions of dynamics:  Adaptive to user requirements Differential security services used in government and military  Adaptive to user devices  Adaptive to channel dynamics: Partial connectivity, disconnectivity, full connectivity  Adaptive to mobility Cross-domain service for roaming users  Adaptive to dynamic membership Node join, leave, fail

11 Problem #3: Joint Design of QoS and Security Incorporating network metrics and security: scalability, communication overhead, computation complexity, energy efficiency, device capability, … Different performance metrics may be in (partial) conflict  Probably the most secure system is of minimal usability  Example: energy efficiency/computation complexity versus cryptography strength Many conventional security solutions take a centralized approach

12 Problem #4: Evaluation of Design Current designs have an explicit threat model in mind NOT Realistic –Real trace analysis for practical attacks? Benchmarking ? –Other areas in computer systems have well defined benchmarks: SPEC CPU, TPC-C Analytical tools Current effort: game theory, graph theory

13 Problem #5: Securing the Chain The system is only as secure as the weakest link  Many supporting components: DNS, ARP, DHCP,…  Other supporting protocols: bootstrapping, discovery, time synchronization How to secure these supporting components  Often ignored  Secure the entire system chain Build multiple fences  Each fence is built based on a component’s resource constraint