Securing Wireless Sensor Networks

1
Securing Wireless Sensor Networks

• Wenliang (Kevin) Du
• Department of Electrical Engineering and Computer
  Science
• Syracuse University

2
Overview

• Overview of Wireless Sensor Networks (WSN).
• Security in wireless sensor networks.
• Security risks
• Security objectives
• Technology limitations
• Key management in WSN

3
Wireless Sensor Networks

• Motes
• Tiny computing platform
• Wireless communication
• Low power operation (using battery)
• Sensors
• Sensing the environment (light, motion, etc.)
• Networks
• Self configuring and maintaining connectivity
• Routing
• Distributed sensing and computing

4
Sensor Network Applications

• Environment monitoring
• Habitat monitoring
• Forrest fire monitoring
• Animal monitoring
• Structure and equipment monitoring
• Supply chain monitoring
• Manufacturing flows, asset tracking
• Battle field surveillance

5
Enabling Technologies

• Very low power electronics (µW)
• Very low cost hardware ()
• Very easy to develop, install, maintain.

6
Mica2, Mica2Dot, MicaZ Motes

• CPU ATMega128L 8-bit, 8MHz,
• 4KB EEPROM, 4KB RAM, 128KB Flash
• Chipcon CC100, C2420 radio.

7
TelosB Mote

• CPU 8 MHz TI MSP430
• 48 KB Flash memory
• 10 KB RAM
• Chipcon CC2420 radio, 2.4GHz
• IEEE 802.15.4

8
Intel Mote

• CPU ARM7TDMI, 12MHz, 32-bit
• 512 KB Flash, 64kB RAM
• Bluetooth 1.1 radio, 30m range
• 2.4 GHz antenna

9
Gateway (Stargate)

• 400 Mhz Intel PXA255 Processor
• Same processor found in IPAQ Dell Axim
• Small, 3.5 x 2.5 form factor
• Embedded Linux BSP

10
Technologies for Energy Saving

• Other source of energy
• Solar energy
• Vibration
• Multi-hop routing
• Sleeping
• Dynamic voltage scaling

11
Operating System and Programming Language

• TinyOS
• Developed by UC Berkeley
• industry standard
• Freely-available and open source
• Programming Language NesC
• An extension of C
• Event driven
• concurrency model enables the motes to be
  programmed to handle many events in parallel

12
Motes on the Market

• 50 - 100 at current price
• prototypes developed by Intel Research and UC
  Berkeley
• 5 over the next five years
• Through re-engineering, Moores Law, and volume
  production
• Crossbow Technology Inc first commercial
  manufacture of motes.

13
Security in Sensor Networks
14
Securing WSN

• Security objectives in sensor networks
• Unique security problems.
• Why not use existing security mechanisms?
• Unique features of sensor networks
• Call for unique security solutions.

15
What should we protect?

• The CIA Model
• Confidentiality
• Integrity
• Availability
• What do they mean in sensor networks?
• Unique meaning
• Difference and similarity with traditional
  networks.

16
Confidentiality and Privacy

• Contents of data
• Eavesdropping
• Source of data
• Example the pander-hunter problem
• Traffic analysis
• Destination of data
• Finding and destroying the base stations

17
Integrity

• Integrity of broadcast
• Broadcast authentication
• Integrity of communication among sensors
• Integrity of sensing
• Integrity of nodes
• Integrity of location
• Location discoveries, e.g. beacon-based schemes
• Location verification
• Integrity of time
• Time synchronization

18
Availability

• Physically destroying sensors
• Denial of Service (DOS) Attacks
• Attack at physical layer jamming
• Attack at link layer (e.g. violating protocols)
• Attack at routing layer (e.g., refusing to route)
• Attack at application layer
• Energy consumption attacks
• Depriving sleep
• Making CPU busy

19
Questions

• Dont we have similar problems in traditional
  networks?
• Why dont we use similar solutions?
• Cant we use encryption to solve most of the
  problems?

Unique properties of sensor networks make the
problems and solutions unique.
20
Unique PropertiesBroadcasting

• Main communication channel Broadcasting
• One-to-many and one-to-one communication
• The channel is easy to access
• Eavesdropping
• Message injection
• Traffic analysis
• Jamming
• Encrypting broadcast is hard
• Broadcast Authentication is hard

21
Unique Properties Physical Security of Nodes

• Nodes Low-Cost, Commodity Hardware
• Ease of access to internal node state
• Physical node protection is impractical
• Nodes are unattended
• Adversary can capture and tamper with nodes
• Detection of tampering in real-time is expensive

22
Unique PropertiesPhysical Security of Nodes
Two Extreme Examples
Low end Smart Cards (lt 40)
High end IBM 4758 co-proc. ( 4K)

• tamper resistance, real time resp.
• independent battery, secure clock
• battery-backed RAM (BBRAM)
• wrapping several layers of non-metallic
• grid of conductors in a grounded shield
• - reduce detectable EM emanations
• tamper detection sensors ( battery)
• temp., humidity, pressure, voltage,
• clock, ionizing radiation
• - response erase BBRAM, reset device

• no tamper resistance
• non-invasive phys. attacks
• side-channel (timing, DPA)
• unusual operating conditions
• temperature, power clock glitches
• invasive phys. attacks
• chip removal from plastic cover
• microprobes, electron beams

23
Unique Properties Physical Security of Nodes

• Friends or Enemy?
• Enemy's malicious nodes
• Good nodes turns malicious (compromised)
• Sybil Attacks A node takes on multiple
  identities
• Encryption cannot solve this problem
• Protecting secret keys depends on physical
  security

24
Unique Properties Trusted Infrastructure

• Many security solutions (for traditional
  networks) depends on trusted infrastructures
• Public Key Infrastructure (PKI) certificate
  servers
• Key distribution center Kerberos
• Location GPS satellites
• Time synchronization trusted time servers
• Not Practical for Sensor Networks
• High cost
• Main target of attacks difficult to protect

25
Unique Properties Constraints on Sensor Nodes

• Sensor Node Constraints
• Energy
• CPU power
• Memory
• Asymmetric Arm Race
• Sensors against powerful attackers

26
Sensor Node Constraints

• Battery Power Constraints
• Computational Energy Consumption
• Crypto algorithms
• Public key vs. Symmetric key
• Communications Energy Consumption
• Exchange of keys, certificates, etc.
• Per-message additions (padding, signatures,
  authentication tags)

27
Constraints (Cont.)Public Key Encryption

• Slow
• 1000 times slower than symmetric encryption
• Hardware is complicated
• Energy consumption is high

Processor Energy Consumption (mJ/Kb) Energy Consumption (mJ/Kb) Energy Consumption (mJ/Kb)
Processor RSA/E/V RSA/D/S AES
MIPS R4000 0.81 16.7 0.00115
MC68328 42 840 0.0130
28
Memory Constraints

• Program Storage and Working Memory
• Embedded OS, security functions (Flash)
• Working memory (RAM)
• Mica2 Motes
• 128KB Flash and 4KB RAM

29
Key Management Problem
30
Key Management Problem
Sensors
31
Key Management Problem
Sensors
Secure Channels
32
General Approaches

• Trusted-Server Schemes
• Finding trusted servers is difficult.
• Public-Key Schemes
• Expensive and impractical for many sensors.
• Key Pre-distribution Schemes

33
Key Pre-distribution

• Loading Keys into sensor nodes prior to
  deployment
• Two nodes find a common key between them after
  deployment
• Challenges
• Memory/Energy efficiency
• Security nodes can be compromised
• Scalability new nodes might be added later

34
Naïve Solutions

• Master-Key Approach
• Memory efficient, but low security.
• Needs Tamper-Resistant Hardware.
• Pair-wise Key Approach
• N-1 keys for each node (e.g. N10,000).
• Security is perfect.
• Need a lot of memory and cannot add new nodes.

35
A Probabilistic Approach
Key Pool S
Each node randomly selects m keys
A
B
E
D
C

• When S 10,000, m75
• Pr (two nodes have a common key) 0.50

36
Establishing Secure Channels
B
A
C
37
Key Pre-Distribution Using Deployment Knowledge
38
Observations and Objectives
A
B
F
Property Pr(A, B) Pr(A, F)
Our objective Pr(A, B) gtgt Pr(A, F)
Using deployment knowledge
39
Modeling Deployment Knowledge
Deployment points for a group of sensors
I
A
J
F
40
Key Pre-distribution Scheme
Key Pools
41
Key Sharing Among Key Pools
Horizontal
a
B
C
A
b
b
a
F
D
a
a
Vertical
Diagonal
a
b
b
G
H
I
b
a
42
Local Connectivity
43
Network Resilience

• What is the damage when x nodes are compromised?
• These x nodes contain keys that are used by the
  good nodes.
• What percentage of communications can be affected?

44
Network Resilience
45
A Pairwise Key Pre-distribution Scheme
46
Objectives

• Pairwise key pre-distribution scheme.
• Each pair of sensor share a unique secret key
• Can be used for Authentication
• Our Approach
• We use Blom Scheme to achieve Pairwise
• We use Random Key Selection scheme to improve
  performance and resilience

47
Blom Scheme

• Public matrix G
• Private matrix D (symmetric).

D
?1
?1
G
N
?1
Let A (D G)T
A G (D G)T G GT DT G GT D G (A G)T
48
Blom Scheme
A (D G)T
G
(D G)T G
j
i
Kij
i

N
Kji
X
j
N
N
?1
49
Properties of Blom Scheme

• Bloms Scheme
• Network size is N
• Any pair of nodes can directly find a secret key
• Tolerate compromise up to ? nodes
• Need to store ?2 keys
• Challenge Can we increase ? without increasing
  the storage usage.

50
Multiple Space Scheme
Key-Space Pool
? spaces
(D1, G)
? spaces
? spaces
(D2, G)
Two nodes can find a pairwise key if they carry
a common key space!
(D?, G)
51
Measure Local Connectivity
plocal the probability that two neighboring
nodes can find a common key.
52
Plocal for different ? and ?
53
Resilience (p 0.33, m200)
Blom
54
Resilience (p 0.50, m 200)
Blom
55
Summary

• Overview of sensor networks technologies
• Security is unique for sensor networks
• Sensor networks unique properties make the
  security problems and solution unique.
• Security is quite different from traditional
  (wired) networks.