Security in Wireless Sensor Networks

1
Security in Wireless Sensor Networks

• Group Meeting
• Fall 2004
• Presented by Edith Ngai

2
Outline

• Wireless Sensor Networks (WSN)
• Security in WSN
• Key Management Approaches
• Straight Forward Approach
• Basic Probabilistic Approach
• Deployment-based Approach
• Conclusion
• References

3
Wireless Sensor Networks

• A sensor network is composed of a large number of
  sensor nodes
• Sensor nodes are small, low-cost, low-power
  devices that have following functionality
• communicate on short distances
• sense environmental data
• perform limited data processing
• The network usually also contains sink node
  which connects it to the outside world

Berkeley Motes

4
Applications

• WSN can be used to monitor the conditions of
  various objects / processes
• Military battlefield surveillance, biological
  attack detection, targeting
• Ecological fire detection, flood detection,
  agricultural uses
• Health related human physiological data
  monitoring
• Miscellaneous car theft detection, inventory
  control, home applications
• Sensors are densely deployed either inside or
  very close to the monitored object / process

5
Security in WSN

• Main security threats in WSN are
• Radio links are insecure eavesdropping /
  injecting faulty information is possible
• Sensor nodes are not temper resistant if it is
  compromised the attacker obtains all security
  information
• Protecting confidentiality, integrity, and
  availability of the communications and
  computations

6
Why Security is Different?

• Sensor Node Constraints
• Battery
• CPU power
• Memory
• Networking Constraints and Features
• Wireless
• Ad hoc
• Unattended

7
Key Management Goals

• The protocol must establish a key between all
  sensor nodes that must exchange data securely
• Node addition / deletion should be supported
• It should work in undefined deployment
  environment
• Unauthorized nodes should not be allowed to
  establish communication with network nodes

8
Key Management Problem
Secure Channels
9
Approaches

• Trusted-server schemes
• Finding trusted servers is difficult
• Public-key schemes
• Expensive and infeasible for sensors
• Key pre-distribution schemes

10
Key Pre-distribution

• Loading Keys into sensor nodes prior to
  deployment
• Two nodes find a common key between them after
  deployment
• Challenges
• Memory/Energy efficiency
• Security nodes can be compromised
• Scalability new nodes might be added later

11
Straight Forward Approach

• Single mission key is obviously unacceptable
• Pairwise private key sharing between every two
  nodes is impractical because of the following
  reasons
• it requires pre-distribution and storage of n-1
  keys in each node which is n(n-1)/2 per WSN
• most of the keys would be unusable since direct
  communication is possible only in the nodes
  neighborhood
• addition / deletion of the node and re-keying are
  complex

12
Basic Probabilistic Approach

• Proposed by Eschenauer and Gligor
• Relies on probabilistic key sharing among nodes
  of WSN
• Uses simple shared-key discovery protocol for key
  distribution, revocation and node re-keying
• Three phases are involved key pre-distribution,
  shared-key discovery, path-key establishment

13
Eschenauer-Gligor Scheme
Key Pool S
Each node randomly selects m keys
A
B
E
D
C

• When S 10,000, m75
• Pr (two nodes have a common key) 0.50

14
Establishing Secure Channels
B
A
C
15
Observations and Objectives
A
B
F
Problem How to pick a large key pool while
maintaining high connectivity? (i.e. maintain
resilience while ensuring connectivity)
16
Deployment-based Scheme

• Proposed by Du, et. al (IEEE Infocom 2004)
• Improves Random Key Predistribution (Eschenauer
  and Gligor) by exploiting Location Information
• Studies a Gaussian distribution for deployment of
  Sensor nodes to improve security and memory usage

17
Deployment-based Scheme

• Groups select from key group S (i,j)
• Probability node is in a certain group is (1 /
  tn).

18
Step 1 Key Pre-distribution - Key Sharing
Among Key Pools -
Horizontal
a
B
C
A
b
b
a
F
D
a
a
Vertical
Diagonal
a
b
b
G
H
I
b
a
19
Step 1 Key Pre-distribution - Key Sharing
Among Key Pools -

• Determining Sc
• When S 100,000, t n 10, a 0.167, b
  0.083
• Sc 1770

20
Step 2 Shared-key Discovery

• Takes place during initialization phase after WSN
  deployment. Each node discovers its neighbor in
  communication range with which it shares at least
  one key
• Nodes can exchange IDs of keys that they poses
  and in this way discover a common key
• A more secure approach would involve broadcasting
  a challenge for each key in the key ring such
  that each challenge is encrypted with some
  particular key. The decryption of a challenge is
  possible only if a shared key exists

21
Step 3 Path-key Establishment

• During the path-key establishment phase path-keys
  are assigned to selected pairs of sensor nodes
  that are within communication range of each
  other, but do not share a key
• Find secure path by using flooding method
• Limit the lifetime of the flooding message to
  three hops to reduce flooding overhead
• Share random key K by using secure path

22
Local Connectivity

• With 100 keys, location management improves local
  connectivity from 0.095 to 0.687

23
Network Resilience

• What is the damage when x nodes are compromised?
• These x nodes contain keys that are used by the
  good nodes
• What percentage of communications can be affected?

24
Conclusion

• Robust security mechanisms are vital to the wide
  acceptance and use of senor networks for many
  applications
• Security in WSN is quite different from
  traditional (wired) network security
• Various peculiarities of WSN make the development
  of good key scheme a challenging task
• We have discussed several approaches to key
  management in WSN

25
References

• I. F. Akyildiz, W. Su, Y. Sankarasubramaniam, and
  E. Cyirci. Wireless Sensor Networks A Survey.
  Computer Networks, 38(4)393-422, 2002.
• L. Eschenauer and V. Gligor. A Key-Management
  Scheme for Distributed Sensor Networks. In Proc.
  of ACM CCS02, November 2002.
• H. Chan, A. Perrig, and D. Song. Random Key
  Predistribution Schemes for Sensor Networks. In
  2003 IEEE Symposium on Research in Security and
  Privacy.
• W. Du, J. Deng, Y. Han, S. Chen, and P. Varshney.
  A Key Management Scheme for Wireless Sensor
  Networks Using Deployment Knowledge. IEEE Infocom
  2004.