Security in Wireless Sensor Networks Perrig Stankovic Wagner Jason Buckingham CSCI 7143 Secure Sensor Networks August 31 2004 Introduction to sensor networks Security Issues Key establishment setup Secrecy Authentication Privacy Robustness to DOS Secure Routing Resilience to node capture Secure Group Management Intrusion Detection Secure Data Aggregation Secure Sensor Network Research Broad Range of Applications Wildlife Monitoring Machinery Performance Building Safety Military Applications Health Monitoring Countless other applications Most applications require some level of security Traditional security cannot be applied directly Sensor device limitations Power Processing and Communication Nodes are often physically accessible allowing possible physical attacks Sensor networks interact with their environments and with people Security Research Issues These new problems present an opportunity to properly address network security Security is NOT a standalone component it must be integrated into every component Key Establishment Setup Why not use existing protocols Public key cryptography has too much system overhead for sensor networks Key establishment techniques must scale well to hundreds or thousands of nodes Sensor nodes have different communication needs Key Establishment Potential Solutions Establish a network wide shared key Problem if one node is compromised the whole network is compromised Instead use shared symmetric keys between each pair of nodes that are preconfigured Problem It doesn t scale well For an n node network each node must store n 1 keys and n n 1 2 total keys are needed Combine the above use a network wide key to establish link keys then erase the networkwide key Problem New nodes cannot be added after initial deployment Key Establishment Potential Solutions cont Bootstrapping Keys each node shares a single key with the base station and the base station sets up keys between pairs Problem requires a trusted base station that is the central point of failure Random Key Predistribution choose a large pool of symmetric keys and give each node a random subset of the pool not all nodes share a common key but the network will still be fully connected if the probability of two nodes sharing a key is sufficiently high Problem once compromising a sufficient number of nodes attackers could reconstruct the entire pool and break the scheme Secrecy Authentication Cryptography End to end cryptography Provides high level of security but requires that keys be set up among all end points Incompatible with passive participation and local broadcast Link layer cryptography Simplifies key setup Supports passive participation and local broadcast Problem Intermediate nodes can eavesdrop and alter messages Is this really a problem Cryptography Issues Performance Costs Extra computation Could be reduced by additional hardware but this increases node cost and will it really fix the problem Increases packet size Recent research shows that most of the performance overhead is attributable to increased packet size not additional computation This limits how much dedicated cryptographic hardware will help Robustness to Denial of Service Adversaries can simply broadcast a highenergy signal or violate the 802 11 MAC protocol to disrupt communication Solutions Spread spectrum communication but cryptographically secure spread spectrum radios are not commercially available Automated defense by simply routing around the jammed portion of the network Secure Routing Current routing protocols suffer security vulnerabilities DOS attacks packet injection replay attacks Resilience to Node Capture Sensor networks are highly susceptible the compromise of a single node usually compromises the entire network This is more of a problem because sensor networks often lack physical security Solutions to Node Capture Physical solution tamper resistant packaging Software Create algorithms that use majority voting schemes send packets along multiple independent paths and check for consistency Gather redundant data and analyze for consistency Secure Group Management Groups of nodes perform data aggregation and analysis tracking a moving object The group may change continuously and quickly Protocols are needed for admitting new group members and supporting secure communication with the group Solutions conserve time and energy Intrusion Detection Classic intrusion detection is very expensive in terms of memory energy and bandwidth To develop a solution typical threat models must be analyzed Secure groups may be a possible solution for decentralized intrusion detection Secure Data Aggregation Tons of data can be collected from the various nodes in the network How do we aggregate the data so as to reduce network traffic to the base station Aggregation locations must be secured Privacy How do we prevent sensor networks from being used to violate privacy Devices are becoming smaller cheaper and more effective at surveillance Solutions New laws technological responses and awareness Other Issues What cryptographic algorithms are best suited for use in sensor networks Public key cryptography Too expensive DES Triple DES AES RC5 We need something that fits the processing and memory requirements of our nodes Secure Sensor Network Research How can we build security into sensor networks from the outset Advantages of sensor networks Many applications will be deployed under a single administrative domain It may be possible to exploit redundancy scale and physical characteristics