SECURITY PROTOCOLS FOR WIRELESS SENSOR NETWORK

Presented by Chetan Rana U08CO213

INTODUCTION
• Wireless Sensor Networks are networks that consists of sensors which are distributed in an ad hoc manner. • These sensors work with each other to sense some physical phenomenon and then the information gathered is processed to get relevant results. • Wireless sensor networks consists of protocols and algorithms with self-organizing capabilities.

Ref:http://esd.sci.univr.it/images/wsn-example.png

WSN ARCHITECHTURE • Sensor motes (Field devices) – capable of routing packets on behalf of other devices. . scheduling communication between devices (i. configuring super frames). • Security manager – The Security Manager is responsible for the generation.e. storage. management of the routing tables and monitoring and reporting the health of the network. and Management of keys. • Network manager – A Network Manager is responsible for configuration of the network. • Gateway or Access points – A Gateway enables communication between Host application and field devices..

WSN ARCHITECTURE .

WSN Topologies • Wireless Links – Numerous paths to Connect to the same destination • Topology .Hybrid .Mesh .Star .

Star Topology • Single Hop to Gateway • Gateway serves to communicate between nodes • Nodes cannot send data to each other directly .

Star Topology ( Contd…) • Pros -Lowest Power consumption -Easily Scalable • Cons -Not very reliable as one point of failure • No alternate communication paths .

Mesh Topology • Multi-Hopping Systems • Nodes can communicate with each other directly .

Mesh Topology ( Contd…) • Pros – Reliable as no single point of failure – Many alternate communication paths –Easily Scalable • Cons – Significantly higher power consumption – Increased Latency .

Hybrid Topology • Sensors are arranged in a star topology around the routers • The routers arrange themselves in a mesh form .

Scalability becomes an issue when range is extended .Lower power consumption as compared to mesh topology • Cons .Reliable as no single point of failure .Hybrid Topology ( Contd…) • Pros .Many alternate communication paths .

WSN CHARACTERISTICS • Power consumption constrains for nodes using batteries or energy harvesting • Ability to cope with node failures • Mobility of nodes • Dynamic network topology • Communication failures • Heterogeneity of nodes • Scalability to large scale of deployment • Ability to withstand harsh environmental conditions • Ease of use • Unattended operation • Power consumption .

• Power.HARDWARE Sensors P O W E R • Low-power processor. microphones. etc. – Cameras. • Memory. . – Low data rate. Storage Processor • Radio. – Limited processing. – Limited storage. Radio • Sensors. – Low-power. – Limited range. WSN device schematics – Scalar sensors: temperature. light.

TinyOS • OS/Runtime model designed to manage the high levels of concurrency required • Gives up IP. threads • Uses state-machine based programming concepts to allow for fine grained concurrency • Provides the primitive of low-level message delivery and dispatching as building block for all distributed algorithms . sockets.

Key Software Requirements • • • • • Capable of fine grained concurrency Small physical size Efficient Resource Utilization Highly Modular Self Configuring .

• DoS/Network Layer/Flooding. . Jamming the channel with an interrupting signal. • DoS/Data Link Layer/Collision.SECURITY ATTACKS IN WSN • DoS/Physical Layer/Jamming Transmission of a radio signal that interferes with the radio frequencies being used by the sensor network.

partition the network. or tampering (i. generate false error messages. Misdirection.• DoS/Physical Layer/Tampering. reverse engineering).e. . • DoS/Network Layer/Spoofing. increase end-to-end latency. etc. Physical Tampering. extend or shorten source routes. Adversaries may be able to create routing loops. Nodes are vulnerable to physical harm. attract or repel network traffic.

dispersity and multipath. • Sybil attacks also pose a significant threat to geographic routing protocols.• Sybil attack "malicious device illegitimately taking on multiple identities". • Adversary can "be in more than one place at once" as a single node presents multiple identities to other nodes in the network which can significantly reduce the effectiveness of fault tolerant schemes such as distributed storage . .

. an adversary tunnels messages received in one part of the network over a low latency link and replays them in a different part.• In the wormhole attack. • An adversary situated close to a base station may be able to completely disrupt routing by creating a well-placed wormhole. • An adversary could convince nodes who would normally be multiple hops from a base station that they are only one or two hops away via the wormhole.

• This new node can act exactly like the old node or it can have some extra behavior. • A node replication attack is serious when the base station is cloned. such cloning being a relatively simple task with current sensor node hardware. such as transmitting information of interest directly to the attacker.• A node replication attack involves an attacker inserting a new node into a network which has been cloned from an existing node. .

hence achieving confidentiality . • Encrypt the data with a secret key that only intended receivers possess.REQUIREMENTS FOR SENSOR NETWORK SECURITY Data Confidentiality • A sensor network should not leak sensor readings to neighboring networks.

. • Informally. data authentication allows a receiver to verify that the data really was sent by the claimed sender.Data authentication • Network reprogramming or controlling sensor node duty cycle • Data authentication allows a receiver to verify that the data really was sent by the claimed sender.

data freshness implies that the data is recent. and it ensures that no adversary replayed old messages. .Data Integrity Data integrity ensures the receiver that the received data is not altered in transit by an adversary. Data Freshness • Informally.

and allows for delay estimation. while strong freshness is useful for time synchronization within the network. • Weak freshness is required by sensor measurements.• Two types of freshness: weak freshness. which provides partial message ordering. and strong freshness. but carries no delay information. . which provides a total order on a request-response pair.

SECURITY PROTOCOLS FOR WSN SPINS: Security Protocols For Sensor Networks • SPINS has two secure building blocks: SNEP and µTESLA. . • SNEP includes: data confidentiality. two-party data authentication. and evidence of data freshness. • µTESLA provides authenticated broadcast for severely resource-constrained environments.

• It uses a counter. . and weak message freshness. • It has low communication overhead as it only adds 8 bytes per message. replay protection. SNEP protocol offers data authentication. which prevents eavesdroppers from inferring the message content from the encrypted message. but avoids transmitting the counter value by keeping state at both end points. • Finally. • SNEP achieves semantic security.SNEP: Sensor Network Encryption Protocol • SNEP provides a number of following advantages.

the same message is encrypted differently each time. the receiver can be assured that the message originated from the claimed sender. • Data authentication: If the MAC verifies correctly.SNEP offers the following properties: • Semantic security: Since the counter value is incremented after each message. .

• Replay protection: The counter value in the MAC prevents replaying old messages. the receiver knows that the message must have been sent after the previous message it received correctly (that had a lower counter value • Low communication overhead: The counter state is kept at each end point and does not need to be sent in each message. • Weak freshness: If the message verified correctly. .

• After disclosure the receiver can authenticate the packet. • The receiver is responsible for buffering the packet until the secret key has been disclosed. the sender will disclose the secret key. • After a certain period of time.µTESLA • A sender will broadcast a message generated with a secret key. . provided that the packet was received before the key was disclosed. • Limitation of µTesla is that some initial information must be unicast to each sensor node before authentication of broadcast messages can begin.

TINYSEC • It is designed as the replacement for the unfinished SNEP. TinySec XORs the encryption of the message length with the first plaintext block in order to make the CBC-MAC secure for variably sized messages • Link layer encryption and integrity protection  transparent to applications . and for authentication. • For encryption. CBC-MAC is used. • A major difference between TinySec and SNEP is that there are no counters used in TinySec. known as TinySec. it uses CBC mode with cipher text stealing . • Single shared global cryptographic key.

• A major feature of MiniSec is that it uses offset codebook (OCB) mode as its block cipher mode of operation. which offers authenticated encryption with only one pass over the message data. .MINISEC • It is a secure network layer protocol that claims to have lower energy consumption than TinySec while achieving a level of security which matches that of Zigbee. • Normally two passes are required for both secrecy and authentication.

a cluster key shared with multiple neighboring nodes. . a pairwise key shared with another sensor node. therefore. it provides the basic security services such as confidentiality and authentication. and a group key that is shared by all the nodes in the network. • LEAP supports the establishment of four types of keys for each sensor node – an individual key shared with the base station.LEAP: Localized Encryption And Authentication Protocol • LEAP is designed to support secure communications in sensor networks.

• It plays the three roles as follows : . . which allows other devices to join the network and also distributes the keys.Network manager.Trust manager. whereby authentication of devices requesting to join the network is done. maintaining and distributing network keys.Configuration manager. . . enabling end-to-end security between devices.ZIGBEE • Zigbee Coordinator acts as “Trust Manager”.

and has three modes of operation. unsecured. an Access Control List (ACL) mode and secured mode. Communication from devices not on the list is ignored. • In unsecured mode.4 • Provides link layer security services. No cryptographic security. .15. as the name implies. no security services are provided. • In ACL mode the device maintains a list of devices with which it can communicate.802.

• Secured mode offers seven security suites and depending on which is used any of four security services are offered. access control data encryption frame integrity sequential freshness. .

.

Tygar. Wagner. Hollar. “Establishing pairwise keys in distributed sensor networks. San Ramon. Twenty. S. Hill. [2] J. and D. SPINS: Security protocols for sensor networks. [3] J. Asp http://en. http://www. 2004. System architecture directions for networked sensors. In Proceedings of the 9th International Conference on Architectural Support for Programming Languages and Operating Systems. Gaubatz. USA. A. 162 – 175.1303. Cryptography on a Speck of Dust. Woo. October 2003. IEEE Computer.Second Annual Joint Conference of the IEEE Computer and Communications Societies. Szewczyk. and K. Volume: 2. Karlof. Kaps. April 2003. pp. November 2000." in 2nd international conference on Embedded networked sensor systems. D.” in Proceedings of 10th ACM Conference on Computer and Communications Security (CCS’03). Victor Wen. "Sensor deployment and target localization based on virtual forces". and J. 52–61. Zou. R. [7] ZigBee Specification v1. Sunar. [4] Adrian Perrig. [5] C. Robert Szewczyk.zigbee. CA. G. July 2001. Chakrabarty.wikipedia. "TinySec: a link layer security architecture for wireless sensor networks.org/en/spec_download/download_request. Ning.INFOCOM 2003. and B.0: ZigBee Specification (2005). N. Culler. Pages: 1293 .org/wiki/Wireless_sensor_network . [6] D. In Seventh Annual ACM International Conference on Mobile Computing and Networks (MobiCom 2001). Liu and P. IEEE.References [1] Y. D. USA: ZigBee Alliance. David Culler. K. MD. Sastry. Baltimore. P. Pister.

THANK YOU .

Sign up to vote on this title
UsefulNot useful