View
213
Download
0
Embed Size (px)
Citation preview
Security in Wireless Sensor Networks
Perrig, Stankovic, Wagner
Jason Buckingham
CSCI 7143: Secure Sensor Networks
August 31, 2004
• Introduction to sensor networks• Security Issues
– Key establishment & setup– Secrecy & Authentication– Privacy– Robustness to DOS– Secure Routing– Resilience to node capture– Secure Group Management– Intrusion Detection– Secure Data Aggregation– Secure Sensor Network Research
Broad Range of Applications• Wildlife Monitoring• Machinery Performance• Building Safety• Military Applications• Health Monitoring• Countless other applications
Most applications require some level of security!
Traditional security cannot be applied directly
• Sensor device limitations– Power, Processing, and Communication
• Nodes are often physically accessible, allowing possible physical attacks
• Sensor networks interact with their environments and with people
Security Research Issues
• These new problems present an opportunity to properly address network security
• Security is NOT a standalone component – it must be integrated into every component
Key Establishment & Setup
• Why not use existing protocols?– Public key cryptography has too much
system overhead for sensor networks– Key establishment techniques must scale
well to hundreds or thousands of nodes– Sensor nodes have different
communication needs
Key Establishment - Potential Solutions• Establish a network wide shared key
– Problem: if one node is compromised, the whole network is compromised
• Instead use shared symmetric keys between each pair of nodes that are preconfigured– Problem: It doesn’t scale well!
• For an n node network, each node must store n-1 keys, and n * (n – 1) / 2 total keys are needed.
• Combine the above: use a network wide key to establish link keys, then erase the networkwide key.– Problem: New nodes cannot be added after initial
deployment
Key Establishment - Potential Solutions (cont.)• Bootstrapping Keys
– each node shares a single key with the base station and the base station sets up keys between pairs.
– Problem: requires a trusted base station that is the central point of failure
• Random Key Predistribution – – choose a large pool of symmetric keys, and give each
node a random subset of the pool– not all nodes share a common key, but the network
will still be fully connected if the probability of two nodes sharing a key is sufficiently high
– Problem: once compromising a sufficient number of nodes, attackers could reconstruct the entire pool and break the scheme
Secrecy & Authentication – Cryptography• End-to-end cryptography
– Provides high level of security, but requires that keys be set up among all end points
– Incompatible with passive participation and local broadcast
• Link-layer cryptography– Simplifies key setup– Supports passive participation and local
broadcast– Problem? Intermediate nodes can eavesdrop and
alter messages. Is this really a problem?
Cryptography Issues• Performance Costs
– Extra computation• Could be reduced by additional hardware but this
increases node cost and will it really fix the problem?
– Increases packet size– Recent research shows that most of the
performance overhead is attributable to increased packet size, not additional computation
• This limits how much dedicated cryptographic hardware will help
Robustness to Denial of Service• Adversaries can simply broadcast a high-
energy signal or violate the 802.11 MAC protocol to disrupt communication
• Solutions?– Spread spectrum communication, but
cryptographically secure spread spectrum radios are not commercially available
– Automated defense, by simply routing around the jammed portion of the network
Secure Routing
• Current routing protocols suffer security vulnerabilities– DOS attacks, packet injection, replay
attacks
Resilience to Node Capture
• Sensor networks are highly susceptible – the compromise of a single node usually compromises the entire network
• This is more of a problem because sensor networks often lack physical security
Solutions to Node Capture• Physical solution
– tamper resistant packaging
• Software:– Create algorithms that use majority voting
schemes; send packets along multiple independent paths and check for consistency
– Gather redundant data and analyze for consistency
Secure Group Management
• Groups of nodes perform data aggregation and analysis (tracking a moving object)
• The group may change continuously and quickly
• Protocols are needed for admitting new group members and supporting secure communication with the group
• Solutions conserve time and energy
Intrusion Detection• Classic intrusion detection is very
expensive in terms of memory, energy, and bandwidth
• To develop a solution, typical threat models must be analyzed
• Secure groups may be a possible solution for decentralized intrusion detection
Secure Data Aggregation
• Tons of data can be collected from the various nodes in the network
• How do we aggregate the data so as to reduce network traffic to the base station?
• Aggregation locations must be secured
Privacy
• How do we prevent sensor networks from being used to violate privacy?– Devices are becoming smaller, cheaper,
and more effective at surveillance
• Solutions?– New laws, technological responses, and
awareness
Other Issues• What cryptographic algorithms are best
suited for use in sensor networks?– Public key cryptography? Too expensive!– DES/Triple DES– AES– RC5
• We need something that fits the processing and memory requirements of our nodes