Ajshm

4.27
Sensor Network Security
is known, the attacker may try to
the malicious nodes. Once the netwvork topology
study the traffic pattern in the network.
attacker may
be more active compared to others, the
º If some of the nodes are found to
mount (e.g.. DoS) attacks on such bottlencck nodes. This may ultimately affect
tr÷ to
the on-going routing process.
an important requirement to be
Hence, the confidentiality of the network topology is
met by the secure routing protocols.
Stability against attacks
sense that it must be able to revert to its
The routing protocol must be self-stable in the
operating state within a finite amount of time after a passive or an active
normal
these attacks do not permanently
attack. The routing protocol should take care that
disrupt the routing process.
robustness, that is, the protocol should work
> The protocol must also ensure Byzantine
earlier participating in the routing
properly even if some of the nodes, which were point of time or are intentionally
process, turn out to become malicious at a later
damaged.
4.12 Sekurity Protocols for Sensor Networks (SPINS)
of asuite of security protocols
> Secuity protocols for sensor networks (SPINS) consists
sensor networks. SPINS Consists
resource-constrained
that are optimized for highly
of two main modules: hrcs
Sensor Network Encryption Protocol (SNEP)
protocol
Micro-version ofTimed Efficient Stream Loss-Tolerant Authentication
(TESLA)
4.12.1 Sensor Network Encryption Protocol (SNEP)
via negotiation. This protocol
> SPIN is abbreviation of sensor protocol for information
occus in
is defincd to use to remove the deficiency like flooding and gossiping that
other protocols.
by the node, might take
> The main idea is that the sharing of data, which is sensed
a descriptor about the data
more resources as compare to the meta-data, which is just
sensed, by the node.
hma

4.28 Ad Hoc and Wireless Sensor Networks

The resource manager in each node imonitors its resources and adapts their functionality
i emh a

accordingly.
SNEP is sensor network encryption protocol. The SNEP protocol offers the following
nice properties:
" Semantic security: Since the countervalue is incremented after egth message,
is
the sáme message is encrypted differently each time. The counter value
the node.
long enough that it never repeats within the lifetime of
Data authentication: Ifthe MAC verifies correctly, areceiver can be assured
that the message originated from the claimed sender.
. Replay protection: The counter yalue in the MAC prevents replaying old
messages. Note that if the counter were not present in the MAC, an adversary
could easily replay messages.
Weak freshness: If the message verified correctly, a receiver knows that the
messagemust have been sent after the previous message it receiyed correctly
(that hada lower counter value). This enforces a message ordering and yields
weak freshness.
Low communication overhead: SNEP has low communication overhead since
it only adds 8 bytes per message. The counter state is kept at each end point
and does not need to be sent in cach message
4.12.1.1 Key Generation /Setup
> Nodes and base station share a master key pre-deployiment
> Other keys are bootstrapped from the master key:
" Encryption key
Message Authentication code key
Random number generator key

Counter

JKeyencyption
RC5 Blok
Key Masier Keywac
Gptier
eyando
Figure 4.6 SNEP Key Generation
 Freshness
4.12.1.3
Strong Authentication,
Confidentiality
4.12.1.2Network
Security
Sensor
>
SNEP
8-A: A the node NA
Node complete Thecombiqation
encryption The F,() derive The
E,
2)
-8: response wo
(RalkCal- Node A
B. encrypted independentkevs
and and
The achicves Node A message K,O)
KF(4) communicating
key
generates A
simplest
Na. message Figure4.7
AB: isdata
Ra. strong that K,has of
these
MAC(KA Rway N,
and
A the for 1or usine
data
SNEPAuthentication,
in to Confidentiality HACOC (M) sends the mechanisms parties
randomly
an
achieve following
Eoomnunication,
counter cach cac
authenticated freshness MACIK M.
M K,, to the
Na CIl B pseudorandom and A
direction
| strong and C i
Ca (M)n MAC format:
is form
B
i sends for C
our of share
freshness response a The
|Relkesc) protocol. ) (K,C,I communication.
ESensor
along it MAC (M) functionmaster a
is is Encryption
Network
for with from (M)(KC) M- secret
Ba E
where and
tonodeB
request (Node B MAC encryption
retun MAC ey
M
througha (K', is
thenonce
messageR, the keys keys KAXa
C|E). data, Protocol and
nonce The thc they
with
to

4.12.1.4 4.30

A8 To
added know Counter Node A
reply.request partyif achicve
Node A toeach
the A cach exchange
realizes Ca). || Ca.
MAC(Kg.Ca other's small
current cncryptcd
MAC(KCa SNEP
counter protocol Figure MAC(K'B NA
I
counter that Figure
the message.mnessages,
counter 4.9 values 4.8
ofB MAC(Kea
CAl|C)Ca,
MAC(KA,
GalC) l| SNEP Ra
Na
SNEP Ca) C, we
using CB assume
and Surong
aCounter
of C,
nonce party and that Freshnes Ad
Hoc
NA Bis
Exchange sothe
the and
tonot
communicating
ensure
counter Wireless
synchranized
does Sensor
strong
Node B Node B
not
parties
freslness any Netwarks
nced
more, A
toand
of be
B
the cat A
 Micra
4.122
Timed Network
Security
Sensor
4.12.2.2
SetupKey Authentication
4.12.2.1 Problems
TESLAwith
data authenticationMicro
ndomlpenerat
y, e Each ow kes, stores
broadcasts aliered only When
nodeThedsclosedyt
node packet
a To
use it by send
Tirned
MAC bit cl an e the the with an .One.Overhead .
the to the packetan base Digital Ca
and keathenticate
y casily authenticated a N
one-way isa key TESLA Effcent
The Efficient
atodly verification
vernify the station, apacket,can itthat
TESLA uTESLA Way MACkaNaCal
key packet transit. Signature pure
is key of
key the Since discloses 24uses
restricts chuin TESLAisSreamStream
applieschain, of the key in
te secrct
packet, bytes
key a corectness
packet a receiving a only for
to at is
buffer. Authentication
Loss-tolerant
initial Loss-tolerant (TESLA)
Fio thchain, all verityhatthe that the nunbcr too per
e key symnetric not
big
computesender stored receiven of At point base once acket packet practical
generated t he the node of
in
time assunod is is timstation inauthcnticated per
chooses
all its key
When corresponding
assured
e. cpoch mechanism
authentication Authentication fora
other by buffer If simply
publ ic
a the akey of that node
keys th e node that
kedisclasure,
y to
lat is nothe computes senders broadcast
KF(K) one-way key comectroceives, MACadversary MAC delivers
K the key a
function
of the the base could
key wau MAC authenticated
the discloscd
nodc is broadcast
not
chain F. station have known on
431
To can yen the

4.12.2.3
>
uTESLA the fromlostcad
TESLA packets the authenticates
node by
can it
authenticate Po
commitmcnt
rocciver
interval is
authenticated
coresponds
Foreunple, ofEach
.Sending "Sender sendcr anc Assume 2 the
cinne
time
the sender applsng lchain). ast authenticate
of al key ode
mensageinterval
has
broadcasts adding
Detailed lost,cannotcontain I that intervats
ley multinle P1. chain cat
aociates tothe Kn
a Ksetup: To broadcat, u authenticate P2,wellaxas wit toFigure
a
authenticatedon-way generate tahe fcastly
or
tication the t, randomly, Deseription
disclosedkeypackets
the or MAC receiver key in tie tie
this sane te
The phases verifying P3, 4I0 perfarn
scnder caci the curent and Pi, In
the witchain) h exanple interval commitment
key
function scnder intervalpacket a ny node Figure key hows
an
one-wayd is P2 key
packets: key ticdKFEKO) to henceand packets in The and an time
code uses le of
gencrales
F fin t each with th at K an is 4.10
timc exanple
the to
periodically data K. the authenticated 4 Ioosely K synchrozation
all in
MAC)of one-waykey Timne
key
generates time discloses Packet yet Key
packets socHe a
util
and base
o
is the chain intervatepacket, LetPlhas time setup KKA Acys of Ad
he key P3station aTESLA
packetscut divided remaining sequence a in the key us sent and Hoc
lengthn, of with assunesynchronized way of
ment chain
aspecial
pscketWithin k, MAC a aauthenticaled and and
key broadort
K patscularinlervalwithi retnve
in witl into
interval, dnchosure kncws so Packets
that Eh Wirele
that time values the of thc e Lume one
interval iniervals one sctder secet cuntest packets ing
alo keecerver an
tim e y y key Pland tinc y
K, authcnticalof
maner
of Seasar
to scceavelychooses keys independent
of
is K,whichK Kaknows
nd
are the
intervalle iTESLA FKso can P4, So
P2 intirsal
copte ( didned key Netwerka
and still P5,farthe set
K,
the the key the not and is a aedain key
 4.33
Sensor Network Security
one-way key
Bootstrapping new receivers: The important property of the
of the chain, subsequent
chain is that once the receiver has an authenticated key
of the chain are self-authenticating, which means that the receiver can
keys one-way key chain
casily and efficiently authenticate subsequent keys of thehas an authenticated
using the one authenticated key Forexample, ifa receiver by verifyingKF
value Kof the key chain, it can easily authenticate K,,
(K). Therefore to bootstrap uTESLA, each receiver needs to have one
to the entire chain
authentic key of the onc-way key chain as a commitment
Authenticating packets: When a receiver receives the packets with the MAC,
by an adversary.
it needs to ensure that the packet could not have been spoofed time
The threat is that the adversary already knows the disclosed key of a
interval and so it could forge the packet since it knows the key used to compute
the MAC Hence the receiver needs to be sure that the sender did not disclose
the key yet which corresponds to an incoming packet, which implies that no
adversary could have forged the contents. This is called the security condition,
which receivers check for all incoming packets,

4.13 Reliability Requirements in Sensor Networks

> The sensor networks are not designed with the goal oftransporting multiple independent
data streams. Sensor networks are data-centric and rely on in-nctwork processing.
The reliability requirements are prety nmuch application specific and the protocols
Can take advantage of this;
delivery
4.13.1 Single packet versus block versus stream
The cases of delivering only a singie packet on the onc hand and of delivering a
number. or even an infinte stream of packets on the other hand differ substantially in
In the single packet delivery problem, assingle packet must be reliably transported
between two nodes.

delivery problem, a finite data block comprising multiple

In the block sensors. packets must
delivered to a sensor or a set of
be
stream delivery problem, atheoretically unbounded number of packets has
> In the between two nodes.
to

be transported