Security in Sensor Networks

1
Security in Sensor Networks

• Overview of wireless sensor network
• Security in Sensor Network

2
Sensor Node

• Consists of sensing, data processing and
  communicating component.
• Randomly deployed in inaccessible terrain.
• Processes sensed (raw) data and transmits it.
• Characteristics
• Rapid deployment
• Self-organization
• Fault tolerance

3
Wireless Sensor
Berkeley Motes
4
Mica Motes

• Prototype Sensor developed by UC Berkley
• Processor 4 MHz
• Memory 128 Kb flash 4 Kb RAM
• Radio 916 MHz and 40Kbits/sec
• Transmission range 100 feet
• Tiny OS operating system small, open source and
  energy efficient

5
Sensor Node Deployment
Sensors
6
Application of Sensor Network

• Battle ground surveillance
• Enemy movement
• Environmental monitoring
• Habitat monitoring
• Forrest fire monitoring
• Hospital Tracking system
• Tracking patients,drug administration

7
Sensor Network vs. Wireless ad-hoc network

• Number of sensor nodes is much higher than nodes
  in ad hoc network.
• Sensor nodes are densely deployed.
• Topology changes frequently.
• Sensor nodes mainly use broadcasts as opposed to
  point-to-point used by ad hoc network.
• Sensor nodes have limited power, computational
  capacities and memory.
• No global addressing scheme for sensor nodes

8
Sensor node deployment
Sink
Sensor Network
Internet Satellite
Task manager Node
9
Design Issues

• Fault tolerance
• Scalability
• Production Cost
• Hardware Constraints
• Network Topology
• Environment
• Transmission media
• Power consumption

10
Protocol Stack
T A S K M A N A G E M E N T P L A N E
M O B I L I T Y M A N A G E M E N T P L A N E
P O W E R M A N A G E M E N T P L A N E
Application
Transport
Network
Data Link
Physical
11
Dissection of Protocol

• Physical Layer
• Frequency selection, carried frequency
  generation, signal detection, modulation data
  encryption (not always).
• Data Link Layer
• Multiplexing data streams, data frame detection,
  medium access and error control.
• MAC protocol in wireless multi-hop
  self-organizing sensor network must
• Creation of network infrastructure
• Efficiently share communication resources

12
Existing MAC protocols

• Cellular system
• Nodes only single hop away from nearest base
  station.
• MAC layer provides high QoS and bandwidth
  efficiency.
• Power efficiency not an issue.
• Bluetooth mobile ad hoc network ( MANET )
• Closest peer to sensor network.
• MAC protocol forms the network and maintains
  mobility.
• Primary goal is providing high QoS in face of
  mobility.
• Sensor network
• Much larger nodes with transmission power ( 0dBm
  )
• Radio range is much less.
• Topology changes more frequent.
• Primary importance on power conservation renders
  cellular and MANET useless.

13
MAC for sensor

• Self organizing medium access control for sensor
  networks (SMACS) and Eavesdrop-and-Register (EAR)
  algorithm
• SMACS is a distributed protocol which achieves
  network startup by neighbor discovery and channel
  assignment.
• EAR protocol attempts to offer continuous service
  to nodes under mobile and static conditions.
• CSMA based Medium Access
• Traditional protocol is ineffective because of
  the assumption that traffic is stochastically
  distributed.
• MAC protocol for sensor network should support
  periodic traffic.
• Hybrid TDMA/FDMA based
• TDMA dedicates full bandwidth while FDMA
  allocates minimum
• Optimum number of channels is calculated for
  lowest power consumption.

14
MAC for sensors (Cont)

• Error control
• 2 different modes
• Forward Error Control (FEC)
• Automatic Repeat Request (ARQ)
• Both unsuitable for overhead (decoding complexity
  for FEC and retransmissions for ARQ)
• Simple error control with low complexity
  encoding/decoding is desirable.

15
Research issues

• SMACS and EAR are effective for static sensor
  networks. Improvement required for extensive
  mobility.
• Determination of lower bounds on energy required
  for sensor network self-organization.
• Error control coding schemes.
• Power saving modes of operation.
• To prolong network activity nodes must enter into
  periods of reduced activity specially when
  running low on battery.

16
Network Layer

• Mainly concerned with routing traffic
• Power efficiency important consideration.
• Sensor network mainly data-centric.
• Ideal sensor network has attribute-based
  addressing and location awareness.
• Interconnecting with external network, command
  and control system and Internet.
• Data aggregation
• Solves overlap problem in data-centric routing.
• Method for combining the data coming from
  multiple sensor nodes into meaningful
  information.

17
Routing protocols

• Small Minimum Energy Communication Network
• Computes energy-efficient sub-network given a
  communication network.
• Maintains minimum energy property such that there
  is a minimum energy path in sub-graph for every
  pair of node.
• Flooding
• Each node broadcasts the data until maximum hops
  or destination reached.
• Not suitable because of implosion, overlap and
  resource blindness.
• Gossiping
• Here node randomly picks up a neighbor and
  forwards the packet.
• Avoids implosions but takes longer time to route
  the packet.

18
Routing Protocols (Cont)

• Sensor protocol for information via negotiation
  (SPIN)
• Addresses deficiency of flooding by negotiation
  and resource adaptation.
• Based on data-centric routing where sensor nodes
  broadcast an advertisement for available data and
  waits for request from interested nodes.
• Sequential Assignment Routing (SAR)
• Creates multiple trees such that root is one hop
  away from sink.
• Each tree grows outwards avoiding nodes with low
  QoS and energy reserves.
• Nodes belong to multiple trees and selects one
  tree to relay information back to sink based on 2
  parameters and priority level of the packet.
• Two parameters associated with each path
• Energy resource
• Additive QoS metric

19
Routing Protocols (Cont)

• Low-Energy Adaptive Clustering Hierarchy
• Minimizes energy dissipation
• Two phases
• Setup
• Randomly selects clusterheads which communicates
  with sink.
• Clusterheads broadcast their address and sensor
  nodes pickup clusterheads based on signal
  strength of clusterheads.
• Steady
• Begin sensing and transmitting data
• Clusterheads do data aggregation
• After sometime in this phase the network goes
  back in setup phase.

20
Routing Protocols (Cont)

• Directed Diffusion
• Sink sends out interest ( task description ) to
  all sensor.
• Node stores interest entry which contains
  timestamp and several gradient fields.
• As interest propagates in network the gradient
  from source to sink is setup.
• Sink must refresh and reinforce the interest when
  it starts to receive data from the source.

21
Research Issue

• New improved protocol to address high topology
  changes and higher scalability.

22
Transport Layer

• Needed when the system is accessed through
  internet or external network.
• Clearly TCP is not suitable.
• Communication between user and sink can be done
  using TCP or UDP via internet or satellite
• Between sink and nodes can be done using UDP.

23
Research Issues

• Development of transport layer protocol
  considering the hardware constraints such as
  limited power memory.

24
Application Layer

• Sensor Management Protocol
• Sysadmin can interact using SMP.
• Nodes have no global addressing and so SMP needs
  to access them using attribute based naming.
• SMP can be used to carry out tasks such as
• Introducing new rules to data aggregation.
• Exchanging data
• Moving sensors
• Turning sensor on and off.
• Authentication, key distribution and security in
  data communication.
• Reconfiguring the sensor nodes.

25
Research Issues

• Application layer protocol needs to be developed
  with basic functionalities of monitoring the
  sensor network and high level functions such as
  interest dissemination.

26
Dissection of Protocol (Cont)

• Power management plane efficiently manages the
  power usage of sensor nodes.
• Mobility planes detects and registers the
  movement ..so remembers the route back to a user
  and keep track of neighbors.
• Task management plane balances and schedules the
  sensing task given to a specific region.

27
Why security?

• Protecting confidentiality,integrity and
  availability of communications.
• Conventional view of security from cryptography
  community cryptographically unbreakable design
  in practical sense
• Vulnerable to sniffing due to broadcast nature of
  communication.
• Physical threat.

28
How is Security Different?

• Wireless Sensor networks have NO clear line of
  defense
• Each node is a host as well as a router
• Secure Network/service infrastructure has to be
  collaboratively established
• Wireless channel is easily accessible by both
  good citizens and attackers
• Resource Constraints
• - battery
• - cpu power
• - memory

29
Incomplete List of Challenges

• Resource-Efficient Secure Network Services
• Network Initialization, single/multihop neighbor
  discovery
• Multihop path establishment Routing
• Supporting application services
• Cryptographic services
• Broadcast authentication
• Key management
• Security mechanisms for fundamental services
• Clock synchronization
• Secure location discovery and verification of
  claims
• Location privacy
• Secure aggregation and in-network processing
• Cluster formation/cluster head election

30
Sensor Node Constraints

• Battery Power Constraints
• Computational Energy Consumption
• Crypto algorithms
• Public key vs. Symmetric key
• Communications Energy Consumption
• Exchange of keys, certificates, etc.
• Per-message additions (padding, signatures,
  authentication tags)

31
Sensor Node Constraints (Cont)

• Public Key Cryptography
• Slow
• 1000 times slower than symmetric encryption
• Hardware is complicated
• Energy consumption is high

Processor Energy Consumption (mJ/Kb) Energy Consumption (mJ/Kb) Energy Consumption (mJ/Kb)
Processor RSA/E/V RSA/D/S AES
MIPS R4000 0.81 16.7 0.00115
MC68328 42 840 0.0130
32
Related Work

• Security Aware Ad hoc Routing (SAR)
• Uses trust values of nodes to do secure routing
• Employ route discovery protocol where nodes with
  security metric equivalent to sender receiver
  participate.
• Based on Bell-La Confidentiality model.
• SPINS
• Comprises of SNEP Mu-TESLA.
• SNEP provides confidentiality, integrity and
  freshness.
• Mu-TESLA provides authentication to data
  broadcasts.
• Each node shares a master key with base station
  and also a counter which is used as an input to
  RC5 to get encryption key.
• Mu-TESLA uses symmetric mechanisms with a delayed
  disclosure of keys achieving asymmetry in digital
  signature.

33
Related Work (Cont)

• Key Management Problem
• Trusted server scheme
• Finding trusted server is difficult.
• Public key scheme
• Expensive and infeasible for sensors
• Key Pre-distribution schemes
• Loading keys into sensor prior to deployment.
• Two nodes should find a common key after
  deployment.

34
Key Pre-Distribution scheme

• Master key approach
• Memory efficient but low security
• Requires tamper resistant hardware.
• Pair-wise key approach
• (N-1) keys for each node
• Security perfect but memory is an issue.
• New nodes cannot be added.

35
Eschenauer-Gligor Scheme
Key Pool S
Each node randomly selects m keys
A
B
E
D
C

• When S 10,000, m75
• Pr (two nodes have a common key) 0.50

36
Eschenauer-Gligor Scheme (Cont)
B
A
C
37
Conclusion

• The low cost,flexibility,fault tolerance,high
  sensing fidelity and rapid deployment makes way
  for new applications on remote sensing.
• Realization needs to satisfy the constraints such
  as scalability,topology changes, power
  consumption, environment etc.
• New wireless ad hoc networking techniques are
  required to overcome this contraints.