160 likes | 334 Views
Security Issues In Sensor Networks. By Priya Palanivelu. What Is A Sensor Network ?. A network is formed when a set of small sensor devices that are deployed in an ad hoc fashion cooperate for sensing a physical phenomenon. Typical application of sensor networks.
E N D
Security Issues In Sensor Networks By Priya Palanivelu
What Is A Sensor Network? • A network is formed when a set of small sensor devices that are deployed in an ad hoc fashion cooperate for sensing a physical phenomenon.
Typical application of sensor networks • Military sensor networks to detect enemy movements, the presence of hazardous material (such as poison gases or radiation, explosions, etc.) • Environmental sensor networks (such as in plains or deserts or on mountains or ocean surfaces) to detect and monitor environmental changes. • Wireless traffic sensor networks to monitor vehicle traffic on a highway or in a congested part of a city. • Wireless surveillance sensor networks for providing security in a shopping mall, parking garage, or other facility.
Communication Architecture • The sensor nodes communicate using RF • The sensor nodes establish a routing forest, with a base station at the root of every tree • Periodic transmission of beacons allows nodes to create a routing topology. • The base station accesses individual nodes using source routing.
Challenges Of Sensor Network • Energy consumption primarily • By radio communication • Need to minimize communication overhead • Reliance on asymmetric digital signature • Long signatures with high communication overhead of 50-1000 bytes per packet • Very high overhead to create & verify signature “Symmetric broadcast authentication is impractical
Requirements for sensor networks security • Data Confidentiality • From the observed communication pattern set up secure channels between nodes and base stations • Data Authentication • Construct authenticated broadcast from symmetric primitives only • Introduce asymmetry with delayed key disclosure and one way function key chains • Data Integrity • Data Freshness • Recent data • No replay of data
Communication Pattern Of The Sensor Network • 1) Node to base station communication, e.g. sensor readings. • 2) Base station to node communication, e.g. specific requests. • 3) Base station to all nodes, e.g. routing beacons, queries or reprogramming of the entire network.
SPINS: Security Protocols for Sensor Networks security building blocks optimized for source constrained environments and wireless communication. SPINS _TESLA SNEP Timed, Efficient, Streaming, Loss-tolerant Authentication Protocol), Secure Network Encryption Protocol
Important Baseline Security Primitives • SNEP Data confidentiality, two-party data authentication, and data freshness • µTESLA new protocol which provides authenticated broadcast for severely resource-constrained environments.
SNEP: Data Confidentiality, Authentication, Integrity, and Freshness • Low communication overhead • Adds only 8 bytes per message • Uses counter • Counter value is kept at both end points • Provides semantic security • Prevents eavesdroppers from interfering the message content from the encrypted message • Data authentication, replay protection, and weak/strong message freshness
SNEP-mechanism • Communicating parties share a counter, which is used as an Initialization Vector (IV) • Counter is not sent with the message • Block ciphers are in Counter Mode (CTR) • Counter incremented after each block • MAC used to achieve 2 party data authentication and data integrity • Counter value is never repeated • Counter value in MAC prevents replay attacks
TESLA vs. µTESLA • TESLA • Authenticates initial packet with a digital signature • Too expensive for sensor nodes • Disclosing a key in each packet requires too much energy(24bytes/packet) • Expensive to store one-way key chain • µTESLA • Uses symmetric mechanism • Discloses key once every epoch • Restricts number of authenticated senders
µTESLA Overview • Base station (BS) broadcasts authenticated information to nodes • BS and nodes are loosely time synchronized • Each node knows the upper bound on max. synchronization error • BS computes a MAC on the packet • The key is secret at this point • Sensor receives the packet & stores it in buffer • BS broadcasts the verification key to all receivers • Node verifies the authenticity of the key • Node uses key to authenticate the packet in the buffer