Security in Sensor Networks Overview of wireless sensor network Security in Sensor Network
Sensor Node Consists of sensing, data processing and communicating component. Randomly deployed in inaccessible terrain. Processes sensed (raw) data and transmits it. Characteristics Rapid deployment Self-organization Fault tolerance
Wireless Sensor Berkeley Motes
Mica Motes Prototype Sensor developed by UC Berkley Processor 4 MHz Memory 128 Kb flash & 4 Kb RAM Radio 916 MHz and 40Kbits/sec Transmission range 100 feet Tiny OS operating system: small, open source and energy efficient
Sensor Node Deployment Sensors Deploy
Application of Sensor Network Battle ground surveillance Enemy movement Environmental monitoring Habitat monitoring Forrest fire monitoring Hospital Tracking system Tracking patients,drug administration
Sensor Network vs. Wireless ad-hoc network Number of sensor nodes is much higher than nodes in ad hoc network. Sensor nodes are densely deployed. Topology changes frequently. Sensor nodes mainly use broadcasts as opposed to point-to-point used by ad hoc network. Sensor nodes have limited power, computational capacities and memory. No global addressing scheme for sensor nodes
Sensor node deployment Sink Sensor Network Internet & Satellite Task manager Node
Design Issues Fault tolerance Scalability Production Cost Hardware Constraints Network Topology Environment Transmission media Power consumption
Protocol Stack Application Transport Network Data Link Physical T A S M N G E P L M O B I L T Y A N G E P P O W E R M A N G T L Application Transport Network Data Link Physical
Dissection of Protocol Physical Layer Frequency selection, carried frequency generation, signal detection, modulation & data encryption (not always). Data Link Layer Multiplexing data streams, data frame detection, medium access and error control. MAC protocol in wireless multi-hop self-organizing sensor network must Creation of network infrastructure Efficiently share communication resources
Existing MAC protocols Cellular system Nodes only single hop away from nearest base station. MAC layer provides high QoS and bandwidth efficiency. Power efficiency not an issue. Bluetooth & mobile ad hoc network ( MANET ) Closest peer to sensor network. MAC protocol forms the network and maintains mobility. Primary goal is providing high QoS in face of mobility. Sensor network Much larger nodes with transmission power ( ~0dBm ) Radio range is much less. Topology changes more frequent. Primary importance on power conservation renders cellular and MANET useless.
MAC for sensor Self organizing medium access control for sensor networks (SMACS) and Eavesdrop-and-Register (EAR) algorithm SMACS is a distributed protocol which achieves network startup by neighbor discovery and channel assignment. EAR protocol attempts to offer continuous service to nodes under mobile and static conditions. CSMA based Medium Access Traditional protocol is ineffective because of the assumption that traffic is stochastically distributed. MAC protocol for sensor network should support periodic traffic. Hybrid TDMA/FDMA based TDMA dedicates full bandwidth while FDMA allocates minimum Optimum number of channels is calculated for lowest power consumption.
MAC for sensors (Cont…) Error control 2 different modes Forward Error Control (FEC) Automatic Repeat Request (ARQ) Both unsuitable for overhead (decoding complexity for FEC and retransmissions for ARQ) Simple error control with low complexity encoding/decoding is desirable.
Research issues SMACS and EAR are effective for static sensor networks. Improvement required for extensive mobility. Determination of lower bounds on energy required for sensor network self-organization. Error control coding schemes. Power saving modes of operation. To prolong network activity nodes must enter into periods of reduced activity specially when running low on battery.
Network Layer Mainly concerned with routing traffic Power efficiency important consideration. Sensor network mainly data-centric. Ideal sensor network has attribute-based addressing and location awareness. Interconnecting with external network, command and control system and Internet. Data aggregation Solves overlap problem in data-centric routing. Method for combining the data coming from multiple sensor nodes into meaningful information.
Routing protocols Small Minimum Energy Communication Network Flooding Computes energy-efficient sub-network given a communication network. Maintains minimum energy property such that there is a minimum energy path in sub-graph for every pair of node. Flooding Each node broadcasts the data until maximum hops or destination reached. Not suitable because of implosion, overlap and resource blindness. Gossiping Here node randomly picks up a neighbor and forwards the packet. Avoids implosions but takes longer time to route the packet.
Routing Protocols (Cont…) Sensor protocol for information via negotiation (SPIN) Addresses deficiency of flooding by negotiation and resource adaptation. Based on data-centric routing where sensor nodes broadcast an advertisement for available data and waits for request from interested nodes. Sequential Assignment Routing (SAR) Creates multiple trees such that root is one hop away from sink. Each tree grows outwards avoiding nodes with low QoS and energy reserves. Nodes belong to multiple trees and selects one tree to relay information back to sink based on 2 parameters and priority level of the packet. Two parameters associated with each path Energy resource Additive QoS metric
Routing Protocols (Cont…) Low-Energy Adaptive Clustering Hierarchy Minimizes energy dissipation Two phases: Setup Randomly selects clusterheads which communicates with sink. Clusterheads broadcast their address and sensor nodes pickup clusterheads based on signal strength of clusterheads. Steady Begin sensing and transmitting data Clusterheads do data aggregation After sometime in this phase the network goes back in setup phase.
Routing Protocols (Cont…) Directed Diffusion Sink sends out interest ( task description ) to all sensor. Node stores interest entry which contains timestamp and several gradient fields. As interest propagates in network the gradient from source to sink is setup. Sink must refresh and reinforce the interest when it starts to receive data from the source.
Research Issue New improved protocol to address high topology changes and higher scalability.
Transport Layer Needed when the system is accessed through internet or external network. Clearly TCP is not suitable. Communication between user and sink can be done using TCP or UDP via internet or satellite Between sink and nodes can be done using UDP.
Research Issues Development of transport layer protocol considering the hardware constraints such as limited power & memory.
Application Layer Sensor Management Protocol Sysadmin can interact using SMP. Nodes have no global addressing and so SMP needs to access them using attribute based naming. SMP can be used to carry out tasks such as Introducing new rules to data aggregation. Exchanging data Moving sensors Turning sensor on and off. Authentication, key distribution and security in data communication. Reconfiguring the sensor nodes.
Research Issues Application layer protocol needs to be developed with basic functionalities of monitoring the sensor network and high level functions such as interest dissemination.
Dissection of Protocol (Cont…) Power management plane efficiently manages the power usage of sensor nodes. Mobility planes detects and registers the movement ..so remembers the route back to a user and keep track of neighbors. Task management plane balances and schedules the sensing task given to a specific region.
Why security? Protecting confidentiality,integrity and availability of communications. Conventional view of security from cryptography community: cryptographically unbreakable design in practical sense Vulnerable to sniffing due to broadcast nature of communication. Physical threat.
How is Security Different? Wireless Sensor networks have NO clear line of defense Each node is a host as well as a “router” Secure Network/service “infrastructure” has to be collaboratively established Wireless channel is easily accessible by both good citizens and attackers Resource Constraints - battery - cpu power - memory
Incomplete List of Challenges Resource-Efficient Secure Network Services Network Initialization, single/multihop neighbor discovery Multihop path establishment & Routing Supporting application services Cryptographic services Broadcast authentication Key management Security mechanisms for fundamental services Clock synchronization Secure location discovery and verification of claims Location privacy Secure aggregation and in-network processing Cluster formation/cluster head election
Sensor Node Constraints Battery Power Constraints Computational Energy Consumption Crypto algorithms Public key vs. Symmetric key Communications Energy Consumption Exchange of keys, certificates, etc. Per-message additions (padding, signatures, authentication tags)
Sensor Node Constraints (Cont…) Public Key Cryptography Slow 1000 times slower than symmetric encryption Hardware is complicated Energy consumption is high Processor Energy Consumption (mJ/Kb) RSA/E/V RSA/D/S AES MIPS R4000 0.81 16.7 0.00115 MC68328 42 840 0.0130
Related Work Security Aware Ad hoc Routing (SAR) SPINS Uses trust values of nodes to do secure routing Employ route discovery protocol where nodes with security metric equivalent to sender receiver participate. Based on Bell-La Confidentiality model. SPINS Comprises of SNEP & Mu-TESLA. SNEP provides confidentiality, integrity and freshness. Mu-TESLA provides authentication to data broadcasts. Each node shares a master key with base station and also a counter which is used as an input to RC5 to get encryption key. Mu-TESLA uses symmetric mechanisms with a delayed disclosure of keys achieving asymmetry in digital signature.
Related Work (Cont…) Key Management Problem Trusted server scheme Finding trusted server is difficult. Public key scheme Expensive and infeasible for sensors Key Pre-distribution schemes Loading keys into sensor prior to deployment. Two nodes should find a common key after deployment.
Key Pre-Distribution scheme Master key approach Memory efficient but low security Requires tamper resistant hardware. Pair-wise key approach (N-1) keys for each node Security perfect but memory is an issue. New nodes cannot be added.
Eschenauer-Gligor Scheme Key Pool S Each node randomly selects m keys A B C D E When |S| = 10,000, m=75 Pr (two nodes have a common key) = 0.50
Eschenauer-Gligor Scheme (Cont…) B A C
Conclusion The low cost,flexibility,fault tolerance,high sensing fidelity and rapid deployment makes way for new applications on remote sensing. Realization needs to satisfy the constraints such as scalability,topology changes, power consumption, environment etc. New wireless ad hoc networking techniques are required to overcome this contraints.