1

Security in Wireless Sensor Networks

Group MeetingFall 2004

Presented by Edith Ngai

2

Outline

Wireless Sensor Networks (WSN)Security in WSNKey Management Approaches

Straight Forward Approach Basic Probabilistic Approach Deployment-based Approach

ConclusionReferences

3

Wireless Sensor Networks

A sensor network is composed of a large number of sensor nodes

Sensor nodes are small, low-cost, low-power devices that have following functionality: communicate on short

distances sense environmental data perform limited data processing

The network usually also contains “sink” node which connects it to the outside world

Berkeley Motes

4

Applications

WSN can be used to monitor the conditions of various objects / processes Military: battlefield surveillance, biological attack

detection, targeting Ecological: fire detection, flood detection, agricultural

uses Health related: human physiological data monitoring Miscellaneous: car theft detection, inventory control,

home applications Sensors are densely deployed either inside or very

close to the monitored object / process

5

Security in WSN

Main security threats in WSN are: Radio links are insecure – eavesdropping / injecting

faulty information is possible Sensor nodes are not temper resistant – if it is

compromised the attacker obtains all security information

Protecting confidentiality, integrity, and availability of the communications and computations

6

Why Security is Different?

• Sensor Node Constraints– Battery– CPU power– Memory

• Networking Constraints and Features– Wireless– Ad hoc– Unattended

7

Key Management: Goals

The protocol must establish a key between all sensor nodes that must exchange data securely

Node addition / deletion should be supported It should work in undefined deployment environment Unauthorized nodes should not be allowed to establish

communication with network nodes

8

Key Management Problem

Secure Channels

DeploySensors

9

Approaches

Trusted-server schemes Finding trusted servers is difficult

Public-key schemes Expensive and infeasible for sensors

Key pre-distribution schemes

10

Loading Keys into sensor nodes prior to deployment

Two nodes find a common key between them after deployment

Challenges Memory/Energy efficiency Security: nodes can be compromised Scalability: new nodes might be added later

Key Pre-distribution

11

Straight Forward Approach

Single mission key is obviously unacceptable Pairwise private key sharing between every two

nodes is impractical because of the following reasons: it requires pre-distribution and storage of n-1 keys in each

node which is n(n-1)/2 per WSN most of the keys would be unusable since direct

communication is possible only in the nodes neighborhood addition / deletion of the node and re-keying are complex

12

Basic Probabilistic Approach

Proposed by Eschenauer and Gligor Relies on probabilistic key sharing among nodes of

WSN Uses simple shared-key discovery protocol for key

distribution, revocation and node re-keying Three phases are involved: key pre-distribution,

shared-key discovery, path-key establishment

13

Eschenauer-Gligor Scheme

Each noderandomly selects m keys

AB E

Key Pool S

DC

• When |S| = 10,000, m=75Pr (two nodes have a common key) = 0.50

14

Establishing Secure Channels

A

C

B

15

Observations and Objectives

A

B

F

Problem: How to pick a large key pool while maintaining high connectivity? (i.e. maintain resilience while ensuring connectivity)

16

Deployment-based Scheme

Proposed by Du, et. al (IEEE Infocom 2004) Improves Random Key Predistribution (Eschenauer

and Gligor) by exploiting Location Information Studies a Gaussian distribution for deployment of

Sensor nodes to improve security and memory usage

17

Deployment-based Scheme

Groups select from key group S (i,j)

Probability node is in a certain group is (1 / tn).

njtiSS ji ..1,,...1,,

18

Step 1 : Key Pre-distribution - Key Sharing Among Key Pools -

A B C

F

H I

D

G

Horizontal

Vertical Diagonal

19

Step 1 : Key Pre-distribution - Key Sharing Among Key Pools -

Determining |Sc|

When |S| = 100,000, t = n = 10, a = 0.167, b = 0.083 |Sc| = 1770

20

Step 2: Shared-key Discovery

Takes place during initialization phase after WSN deployment. Each node discovers its neighbor in communication range with which it shares at least one key

Nodes can exchange IDs of keys that they poses and in this way discover a common key

A more secure approach would involve broadcasting a challenge for each key in the key ring such that each challenge is encrypted with some particular key. The decryption of a challenge is possible only if a shared key exists

21

Step 3: Path-key Establishment

During the path-key establishment phase path-keys are assigned to selected pairs of sensor nodes that are within communication range of each other, but do not share a key

Find secure path by using flooding method Limit the lifetime of the flooding message to three hops to reduce

flooding overhead Share random key K by using secure path

22

Local Connectivity

With 100 keys, location management improves local connectivity from 0.095 to 0.687

23

Network Resilience

What is the damage when x nodes are compromised? These x nodes contain

keys that are used by the good nodes

What percentage of communications can be affected?

24

Conclusion

Robust security mechanisms are vital to the wide acceptance and use of senor networks for many applications

Security in WSN is quite different from traditional (wired) network security

Various peculiarities of WSN make the development of good key scheme a challenging task

We have discussed several approaches to key management in WSN

25

References

I. F. Akyildiz, W. Su, Y. Sankarasubramaniam, and E. Cyirci. Wireless Sensor Networks: A Survey. Computer Networks, 38(4):393-422, 2002.

L. Eschenauer and V. Gligor. A Key-Management Scheme for Distributed Sensor Networks. In Proc. of ACM CCS’02, November 2002.

H. Chan, A. Perrig, and D. Song. Random Key Predistribution Schemes for Sensor Networks. In 2003 IEEE Symposium on Research in Security and Privacy.

W. Du, J. Deng, Y. Han, S. Chen, and P. Varshney. A Key Management Scheme for Wireless Sensor Networks Using Deployment Knowledge. IEEE Infocom 2004.