Securing
Wireless Sensor Networks
Wenliang (Kevin) Du
Department of Electrical Engineering and
Computer Science
Syracuse University
Excerpted from
http://www.cis.syr.edu/~wedu/Research/slides/Purdue04.ppt
1
Overview
• Overview of Wireless Sensor Networks (WSN).
• Security in wireless sensor networks.
– Why is it different?
• Our work on key pre-distribution in WSN
– Deployment-based scheme (INFOCOM’04)
– Pair-wise Scheme (ACM CCS’03)
• Summary.
2
Wireless Sensors
Berkeley Motes
3
Mica Motes
• Mica Mote:
–
–
–
–
Processor: 4Mhz
Memory: 128KB Flash and 4KB RAM
Radio: 916Mhz and 40Kbits/second.
Transmission range: 100 Feet
• TinyOS operating System: small, open
source and energy efficient.
4
Spec Motes
5
Wireless Sensor Networks (WSN)
Sensors
Deploy
6
Applications of WSN
• Battle ground surveillance
– Enemy movement (tanks, soldiers, etc)
• Environmental monitoring
– Habitat monitoring
– Forrest fire monitoring
• Hospital tracking systems
– Tracking patients, doctors, drug administrators.
7
Securing WSN
• Motivation: why security?
• Why not use existing security mechanisms?
– WSN features that affect security.
• Our work:
– Two key management schemes.
8
Why Security?
• Protecting confidentiality, integrity, and
availability of the communications and
computations
• Sensor networks are vulnerable to security
attacks due to the broadcast nature of
transmission
• Sensor nodes can be physically captured or
destroyed
9
Why Security is Different?
• Sensor Node Constraints
– Battery,
– CPU power,
– Memory.
• Networking Constraints and Features
– Wireless,
– Ad hoc,
– Unattended.
10
Sensor Node Constraints
• Battery Power Constraints
– Computational Energy Consumption
• Crypto algorithms
• Public key vs. Symmetric key
– Communications Energy Consumption
• Exchange of keys, certificates, etc.
• Per-message additions (padding, signatures,
authentication tags)
11
Constraints (Cont.)
Public Key Encryption
• Slow
– 1000 times slower than symmetric encryption
• Hardware is complicated
• Energy consumption is high
Processor
Energy Consumption (mJ/Kb)
RSA/E/V
RSA/D/S
AES
MIPS R4000
0.81
16.7
0.00115
MC68328
42
840
0.0130
12
Memory Constraints
• Program Storage and Working Memory
– Embedded OS, security functions (Flash)
– Working memory (RAM)
• Mica Motes:
• 128KB Flash and 4KB RAM
13
Objectives of Our Research
• Long-term Goals
– Study how WSN’s constraints/features affect the
design of security mechanisms.
– Develop security mechanisms for WSN.
• Current Projects
– Key Management Problems
– Data Fusion Assurance
14
Key Management Problem
15
Key Management Problem
Sensors
Deploy
16
Key Management Problem
Sensors
Deploy
Secure Channels
17
Approaches
• Trusted-Server Schemes
– Finding trusted servers is difficult.
• Public-Key Schemes
– Expensive and infeasible for sensors.
• Key Pre-distribution Schemes
18
Key Pre-distribution



Loading Keys into sensor nodes prior to
deployment
Two nodes find a common key between them
after deployment
Challenges



Memory/Energy efficiency
Security: nodes can be compromised
Scalability: new nodes might be added later
19
Naïve Solutions

Master-Key Approach



Memory efficient, but low security.
Needs Tamper-Resistant Hardware.
Pair-wise Key Approach



N-1 keys for each node (e.g. N=10,000).
Security is perfect.
Need a lot of memory and cannot add new
nodes.
20
Eschenauer-Gligor Scheme
Key Pool
Each node
randomly
selects m keys
A
S
B
C
D
E
• When |S| = 10,000, m=75
Pr (two nodes have a common key) = 0.50
9925
C75
1  10000  1  0.57  0.43
C75
21
Establishing Secure Channels
A
B
D
C
E
22
Exercise 7
• Write a program to calculate the probability:
– Input:
• G=(V,E)
• Pr (two nodes have a common key) = 
– Output:
• Let E’E denote the subset of secure channels,
calculate the probability that G=(V,E’) is a
connected graph.
– Due: June 4th
23
Example 1
• =1/2
24
1 1 1 1
  
8 8 8 81
1
2
8
8
25
Example 2
• =2/3
2 2 1
2 2 2
(    3)  (    1)
3 3 3
3 3 3
20

27
26
Input Format
3
12
23
31
• |V|=3
• Undirected edges (1,2)
(2,3) (3,1)
• Note: the given graph
may not be complete.
27