Sensor Network Security: Sensor Network Security: SurveySurvey

Team MembersTeam MembersPardeep KumarPardeep Kumar

Md. Iftekhar SalamMd. Iftekhar Salam

Ah. Galib RezaAh. Galib Reza

1104/20/2304/20/23

Outlines……Outlines……

► IntroductionIntroduction►WSN Security WSN Security ►WhyWhy, different from traditional network ?, different from traditional network ?►Seven Categories of security issuesSeven Categories of security issues

►Existing Research in WSNExisting Research in WSN►Spins Spins ►TinySecTinySec►TinyPKTinyPK

►Motivation for Security at Link LayerMotivation for Security at Link Layer204/20/23

Introduction: WSNIntroduction: WSN

► A WSN is a A WSN is a networknetwork made of many small made of many small devices consisting of:devices consisting of:

► Battery, Battery, ► Radio Communication,Radio Communication,► Microcontroller and sensors.Microcontroller and sensors.

Wireless Sensor Network

304/20/23

Motes….Motes….

404/20/23

Application of WSN…Application of WSN…

►Body Area Sensor Network (BASN):

ECG SensorSpO2 & Motion sensorMotion Sensor

504/20/23

WSN Security WSN Security

►Sensor networks are vulnerable to Sensor networks are vulnerable to security attacks due to the security attacks due to the broadcast broadcast nature nature of transmissionof transmission

►Sensor nodes can be Sensor nodes can be physicallyphysically captured captured or destroyedor destroyed

►Protecting Protecting confidentialityconfidentiality, , integrityintegrity, and , and availabilityavailability of the communications and of the communications and computationscomputations

604/20/23

WhyWhy Security different from Security different from traditional network ?traditional network ?

►Sensor Node Constraints:Sensor Node Constraints:►CPU power:CPU power:

8-bit CPU8-bit CPU

►Memory:Memory: Program Storage(Flash) and Working Program Storage(Flash) and Working

Memory(RAM)Memory(RAM)

►Battery:Battery: Computational Energy ConsumptionComputational Energy Consumption Communications Energy ConsumptionCommunications Energy Consumption

704/20/23

Security issues are divided in Security issues are divided in Seven Categories as referenced Seven Categories as referenced

paperpaper

►CryptographyCryptography►Key ManagementKey Management►Attack Detections and Attack Detections and

preventionprevention

►Secure RoutingSecure Routing►Secure Location Secure Location ►Secure Data FusionSecure Data Fusion►And other Security And other Security

issuesissues

Reference : Xiangqian Chen, k. Makki, Kang Yen, Niki P.,”Sensor network Security: A Survey”, IEEE communication surveys & Tutorial, Vol. 11, No. 2, Second Quarter 2009.

804/20/23

Existing Research:Existing Research:

►SPINS: SPINS: Security Protocol for Sensor Network Security Protocol for Sensor Network ►SENP: SENP:

Sensor-Network Encryption Protocol.Sensor-Network Encryption Protocol. Secures point-to-point communicationSecures point-to-point communication

►TESLA:TESLA: Micro Timed Efficient Stream Loss-tolerant Micro Timed Efficient Stream Loss-tolerant

AuthenticationAuthentication Provides broadcast authenticationProvides broadcast authentication

Reference: Adrian Perrig, Robert Szewczyk, Victor Wen, David Culler, J. D. Tygar, “SPINS: Security Protocols for Sensor Networks”, Proceedings of 7th Annual International Conference on Mobile Computing and Networks (MOBICOM 2001), Rome, Italy July 2001

904/20/23

Cont…Cont…

► Use simple symmetric encryption function (RC5) Use simple symmetric encryption function (RC5) provides:provides:►Encryption & DecryptionEncryption & Decryption

►Message Authentication CodeMessage Authentication Code

► Pseudorandom number generationPseudorandom number generation

►Hash FunctionHash Function

► TESLA : efficient source authentication in multicast TESLA : efficient source authentication in multicast for wired networks. for wired networks.

► µTESLA: authentication in broadcast for WSNs.µTESLA: authentication in broadcast for WSNs.►µµTESLA removes or adapts the expensive features of TESLA removes or adapts the expensive features of

TESLATESLA

1004/20/23

TinySec…..TinySec…..

►Light weight and efficient generic link layer Light weight and efficient generic link layer security package.security package.

►Developers can easily integrate into sensor Developers can easily integrate into sensor network applications.network applications.

►A research platform that is easily extensible and A research platform that is easily extensible and has been incorporated into higher level has been incorporated into higher level protocols.protocols.

Reference: Chris Karlof, Naveen Sastry, David Wagner, “TinySec: A Link Layer Security Architecture for Wireless Sensor Networks”, Proceedings of the 2nd ACM Conference on Embedded Networked Sensor Systems (SenSys 2004), Baltimore, MD, November 2004.

1104/20/23

TinySec-DesignTinySec-Design

►Two Security OptionsTwo Security Options Authentication Encryption (Tinysec-AE)Authentication Encryption (Tinysec-AE) Authentication only (Tinysec-Au)Authentication only (Tinysec-Au)

►Encryption : Encryption : Specifying the IV format Specifying the IV format Selecting an encryption Scheme( CBC)Selecting an encryption Scheme( CBC)

1204/20/23

TinyPKTinyPK

►In order to make TinyPK practical, protocol In order to make TinyPK practical, protocol require only public key operations on the sensor.require only public key operations on the sensor.►TinyPK is based on RSA cryptosystem.TinyPK is based on RSA cryptosystem.

►TinyPK requires a Certificate Authority.TinyPK requires a Certificate Authority.

►Any external party that wishes to interact with the node also Any external party that wishes to interact with the node also requires its own Public/private keyrequires its own Public/private key

1304/20/23

Reference: TinyPK: Securing Sensor Networks with Public Key Technology”,R. Watro et al., ACM SASN, October 2004.

Motivation for Link Layer SecurityMotivation for Link Layer Security

►End-End security Mechanisms : Suitable only End-End security Mechanisms : Suitable only for conventional networks using end-end for conventional networks using end-end communications where intermediate routers only communications where intermediate routers only need to view the message headers. need to view the message headers.

►BUT, in Sensor networks In-network processing BUT, in Sensor networks In-network processing is done to avoid redundant messages-Requires is done to avoid redundant messages-Requires intermediate nodes to have access to whole intermediate nodes to have access to whole message packets and just not the headers as in message packets and just not the headers as in conventional networks.conventional networks.

04/20/23 14

Cont…Cont…

►Why end-end security mechanisms not suitable Why end-end security mechanisms not suitable for sensor networks?for sensor networks?

► If message integrity checked only at the If message integrity checked only at the destination, the networks may route packets destination, the networks may route packets injected by an adversary many hops before they injected by an adversary many hops before they are detected. This will waste precious energy.are detected. This will waste precious energy.

►A link layer security mechanism can detect A link layer security mechanism can detect unauthorized packets when they are first injected unauthorized packets when they are first injected onto the network.onto the network.

04/20/23 15

Next Plan….Next Plan….

►Discuss more about related topic.Discuss more about related topic.►Discuss Problems in existing research.Discuss Problems in existing research.

04/20/23 16

Any Question ?