Security in Wireless
Sensor Networks
Perrig, Stankovic, Wagner
Jason Buckingham
CSCI 7143: Secure Sensor Networks
August 31, 2004
• Introduction to sensor networks
• Security Issues
–
–
–
–
–
–
–
–
–
–
Key establishment & setup
Secrecy & Authentication
Privacy
Robustness to DOS
Secure Routing
Resilience to node capture
Secure Group Management
Intrusion Detection
Secure Data Aggregation
Secure Sensor Network Research
Broad Range of Applications
•
•
•
•
•
•
Wildlife Monitoring
Machinery Performance
Building Safety
Military Applications
Health Monitoring
Countless other applications
Most applications require some level of security!
Traditional security cannot
be applied directly
• Sensor device limitations
– Power, Processing, and Communication
• Nodes are often physically accessible,
allowing possible physical attacks
• Sensor networks interact with their
environments and with people
Security Research Issues
• These new problems present an
opportunity to properly address network
security
• Security is NOT a standalone
component – it must be integrated into
every component
Key Establishment & Setup
• Why not use existing protocols?
– Public key cryptography has too much
system overhead for sensor networks
– Key establishment techniques must scale
well to hundreds or thousands of nodes
– Sensor nodes have different
communication needs
Key Establishment - Potential
Solutions
• Establish a network wide shared key
– Problem: if one node is compromised, the whole
network is compromised
• Instead use shared symmetric keys between
each pair of nodes that are preconfigured
– Problem: It doesn’t scale well!
• For an n node network, each node must store n-1 keys,
and n * (n – 1) / 2 total keys are needed.
• Combine the above: use a network wide key
to establish link keys, then erase the
networkwide key.
– Problem: New nodes cannot be added after initial
deployment
Key Establishment - Potential
Solutions (cont.)
• Bootstrapping Keys
– each node shares a single key with the base station
and the base station sets up keys between pairs.
– Problem: requires a trusted base station that is the
central point of failure
• Random Key Predistribution –
– choose a large pool of symmetric keys, and give each
node a random subset of the pool
– not all nodes share a common key, but the network
will still be fully connected if the probability of two
nodes sharing a key is sufficiently high
– Problem: once compromising a sufficient number of
nodes, attackers could reconstruct the entire pool and
break the scheme
Secrecy & Authentication
– Cryptography
• End-to-end cryptography
– Provides high level of security, but requires that
keys be set up among all end points
– Incompatible with passive participation and local
broadcast
• Link-layer cryptography
– Simplifies key setup
– Supports passive participation and local
broadcast
– Problem? Intermediate nodes can eavesdrop and
alter messages. Is this really a problem?
Cryptography Issues
• Performance Costs
– Extra computation
• Could be reduced by additional hardware but this
increases node cost and will it really fix the problem?
– Increases packet size
– Recent research shows that most of the
performance overhead is attributable to increased
packet size, not additional computation
• This limits how much dedicated cryptographic hardware
will help
Robustness to Denial of
Service
• Adversaries can simply broadcast a highenergy signal or violate the 802.11 MAC
protocol to disrupt communication
• Solutions?
– Spread spectrum communication, but
cryptographically secure spread spectrum radios
are not commercially available
– Automated defense, by simply routing around the
jammed portion of the network
Secure Routing
• Current routing protocols suffer security
vulnerabilities
– DOS attacks, packet injection, replay
attacks
Resilience to Node Capture
• Sensor networks are highly susceptible
– the compromise of a single node
usually compromises the entire network
• This is more of a problem because
sensor networks often lack physical
security
Solutions to Node Capture
• Physical solution
– tamper resistant packaging
• Software:
– Create algorithms that use majority voting
schemes; send packets along multiple
independent paths and check for consistency
– Gather redundant data and analyze for
consistency
Secure Group Management
• Groups of nodes perform data aggregation
and analysis (tracking a moving object)
• The group may change continuously and
quickly
• Protocols are needed for admitting new
group members and supporting secure
communication with the group
• Solutions conserve time and energy
Intrusion Detection
• Classic intrusion detection is very
expensive in terms of memory, energy,
and bandwidth
• To develop a solution, typical threat
models must be analyzed
• Secure groups may be a possible
solution for decentralized intrusion
detection
Secure Data Aggregation
• Tons of data can be collected from the
various nodes in the network
• How do we aggregate the data so as to
reduce network traffic to the base
station?
• Aggregation locations must be secured
Privacy
• How do we prevent sensor networks
from being used to violate privacy?
– Devices are becoming smaller, cheaper,
and more effective at surveillance
• Solutions?
– New laws, technological responses, and
awareness
Other Issues
• What cryptographic algorithms are best
suited for use in sensor networks?
–
–
–
–
Public key cryptography? Too expensive!
DES/Triple DES
AES
RC5
• We need something that fits the processing
and memory requirements of our nodes
Secure Sensor Network
Research
• How can we build security into sensor
networks from the outset?
• Advantages of sensor networks
– Many applications will be deployed under
a single administrative domain
– It may be possible to exploit redundancy,
scale, and physical characteristics