230 likes | 280 Views
Security of Wireless Sensor Network. Speaker : Kai- Jia Chang Date : 2010/12/28. Outline. Security requirements Security threats Reference. Security requirements. Data confidentiality Data authenticity Data integrity Data freshness. Security requirements. Data confidentiality
E N D
Security of Wireless Sensor Network Speaker:Kai-Jia Chang Date : 2010/12/28
Outline • Security requirements • Security threats • Reference
Security requirements • Data confidentiality • Data authenticity • Data integrity • Data freshness
Security requirements • Data confidentiality • Data authenticity • Data integrity • Data freshness
Security requirements • Data confidentiality: • Data confidentiality is usually achieved by encrypting the information before transmission so that only authorized people can decrypt the transmitted information. • Encryption is classified into two categories: • symmetric encryption and asymmetric encryption. • In symmetric encryption, a secret key is shared between the authorized parties. • In asymmetric encryption, the sender encrypts the data with a public key and the receiver decrypts it using a private key.
Security requirements • Data confidentiality • Data authenticity • Data integrity • Data freshness
Security requirements • Data confidentiality: • Data authenticity provides a means to detect messages from unauthorized nodes thereby preventing unauthorized nodes to participate in the network. • The receiver would calculate theMessage Authentication Code(MAC) for the received data using the shared key, and thencompare this computed MAC value to the one sent by thesender along with the data.
Security requirements • Data confidentiality • Data authenticity • Data integrity • Data freshness
Security requirements • Data integrity: • Data integrity provides a way for thereceiver of the message to know if the data has been tampered while in transit by an attacker. • The receiver of the data calculates theMAC and compares it to the one transmitted by the sender. • If the two MAC’s match then it ensures that the data was not tampered with.
Security requirements • Data confidentiality • Data authenticity • Data integrity • Data freshness
Security requirements • Data freshness: • Data freshness can be divided into two categories: weak freshness and strong freshness • provide data freshness is to use a monotonically increasing counter with every message and reject any messages with old counter values. However, every recipient would need to maintain a table of the last counter value from every sender.
Security threats • Some of the diffrent types of attacks on wireless sensor networks : • Eavesdropping • Denial of service • Message tampering • Selective forwarding • Sinkhole attacks • Wormhole attacks • Sybil attacks
Security threats • Eavesdropping • Due to the broadcast nature of the transport medium in wireless sensor networks, any adversary with a good receiver could easily eavesdrop and intercept transmitted messages. • Strong encryption techniques should be used to counter eavesdropping.
Security threats • Denial of service • A Denial-of-Service (DoS) attack refers to the attempt where an adversary disrupts, subverts or destroys a network . A DoS attack diminishes or eliminates a network’s capacity to perform its expected function.
Security threats • Message tampering • Malicious nodes can tamper with the received messages thereby altering the information to be forwarded to the destination. When the destination receives this tampered message, it would compute the Cyclic Redundancy Code (CRC). And failing the redundancy check would result in dropping the packet. In case the CRC check was successful then the destination node would receive incorrect information.
Security threats • Selective forwarding • Like any multi-hop network, wireless sensor networks are based on a neighbor trust model where each node would trust a neighboring node to faithfully forward the messages it receives. • a malicious node may refuse to forward certain messages and simply drop them, ensuring that they are not propagated toward their destination.
Security threats • Selective forwarding
Security threats • Sinkhole attacks • In a sinkhole attack, the adversary manipulates the neighboring nodes to lure nearly all the traffic from a particular area through a compromised node. • This malicious sink can now not only tamper with the transmitted data but can also drop some important messages thereby leading to other attacks like eavesdropping and selective forwarding.
Security threats • Wormhole attacks • In the wormhole attack an adversary tunnels messages received in one part of the network over a low-latency link and replays them in a diffrent part. • This would not only confuse in the routing mechanisms but would also lead to creation of a sinkhole since the adversary on the other side of the wormhole can pretend to have a high quality route to the sink.
Security threats • Wormhole attacks
Security threats • Sybil attacks • The Sybil attacks can take advantage of different layers to cause service disruption. • Sybil attack at the MAC layer would help the malicious node to claim a large fraction of the shared radio resource leaving limited resources for legitimate nodes to transmit.
Reference • On the Intruder Detection for Sinkhole Attack in Wireless Sensor Networks • Meshed multipath routing with selective forwarding-an efficient strategy in wireless sensor networks • 無線感測網路之安全資料傳輸技術 • Wireless sensor networks:A survey on the state of the art and the 802.15.4 and ZigBee standards • 常見無線感知網路攻擊