6. security in wireless sensor netwoks
TRANSCRIPT
April 11, 2023]Rushin $hah1
April 11, 2023]Rushin $hah2
Security in Wireless Sensor Network
Unit : 6
April 11, 2023]Rushin $hah3
Threats to a wireless sensor Networks
There are many vulnerability and threats to WSN which
includes:
Threats due to Equipment Breakdown
Due to Power Failure
Due to Environmental Factors
Due to Physical Tempering
Due to Information Gathering
5
April 11, 2023]Rushin $hah4
List of threats to WSN
Passive information gathering
Subversion of node
False Node
Node Malfunction
Node Outage
Message corruption
Denial of Service
SuFaMa Pass IG DoS Outage Msg Corr
April 11, 2023]Rushin $hah5
List of threats to WSN Passive Information Gathering:
- If communication between sensors / between sensors and
Intermediate nodes are in the clear then
An intruder: with an appropriate powerful receiver and
well designed antenna
can passively pick off the data stream.
Subversion of a node:
- If sensor node is captured, it may be tampered with
electronically interrogated and perhaps compromised.
- Once compromised, the sensor node may disclose its
cryptographic keying material.
April 11, 2023]Rushin $hah6
List of threats to WSN
False Node:
- An Intruder might add a node to a system and
feed false data or block the passage of True data.
- Typically a false node is computationally robust device
which impersonates a sensor node.
Node Malfunction:
- A node in a wireless sensor network may mal function and
generate inaccurate or false data.
- More over if the node is work as intermediate node may
drop or garble data during transmission.
April 11, 2023]Rushin $hah7
List of threats to WSN Node Outage:
If a node serves as an intermediate node or collection and
aggregation point, Which stops working.
Message Corruption:
Attacks against the integrity of message occur when:
An intruder insert themselves between the source and
destination And modify the contents of a message.
Denial of Service:
A denial of service attack on WSN may take several forms,
such an attack may consist of jamming the radio link or could
exhaust resources or misroute the data.
April 11, 2023]Rushin $hah8
List of task to be achieve during designing of Generic WSN Security Model
Communication Security:
- This Mechanism involve to provide security for node to node
communication.
- In the case: when more powerful nodes exist & clusters can
be formed, end to end communication security between the
designated cluster head and each individual sensor node in the
cluster should be used.
- In the absence of powerful nodes , it is appropriate to employ
pair wise security , but only for fixed number of pairs.
- This is because pair wise security is not scalable as the number
of nodes in WSN increases.
April 11, 2023]Rushin $hah9
List of task to be achieve during designing of Generic WSN Security Model
Key Management:
- Due to the fact that most sensor nodes in WSN have
limited amount of energy, public key cryptography
mechanism are expensive in terms of Energy
Consumption.
- Private key cryptography, on the hand is quite
applicable to WSN due to its low energy requirements.
- However in hybrid WSN consist of nodes with different
capabilities and resources , so it is feasible to employ both
public key & private key cryptography.
April 11, 2023]Rushin $hah10
List of task to be achieve during designing of Generic WSN Security Model
Data Aggregation:
- In the ideal security model data aggregation can be
performed to confirm security options.
Self-Healing:
- Self organization and maintenance properties are built
into the network.
April 11, 2023]Rushin $hah11
Security Architecture
SPIN
Micro-
TESLA
SNEP
SPIN:
Security Protocol
in Sensor Network
SNEP:
Secure Network
Encryption Protocol
Micro-TESLA:
Micro Timed Efficient
Streaming Loss
tolerant Authentication
April 11, 202312
Security Architecture
In SPINS, each sensor node shares a unique master key
with base station.
Other key required by SNEP and micro-TESLA protocols
are derived from this master key.
SNEP is based on Cipher block Chaining implemented in
counter mode (CBC-CTR).
In this method initial value of the counter in the sender
and receiver is the same , thus:
The sender increments the counter after sending each
encrypted message and the receiver after receiving,
decrypting it. ]Rushin $hah
April 11, 2023]Rushin $hah13
Security Architecture
To achieve authenticated broadcasts, micro-TESLA uses
time –released key chain.(TRKC)
There are two requirements for correct functioning of
this protocol
i. The owner of the key release schedule has to have
enough storage for all the keys in the key chain.
ii. Every node in the network has to at least be loosely
time synchronized.
April 11, 2023]Rushin $hah14
Key distribution techniques for sensor Network The general key distribution refers to the task of distributing
secret keys between communicating parties in order to facilitate
security properties such as Communication Secrecy and
Authentication.
In sensor network , key distribution is usually combined with initial
communication establishment to bootstrap a secure
communication infrastructure from collection of deployed
sensor nodes.
These nodes may have been pre initialized with some secret
information but do not have direct contact to each other.
“ This Combined problem of key distribution & secure communication
establishment is known as Bootstrapping Problem”
April 11, 202315
Complication in Designing of Secure Protocol Characteristics of the Sensor Network which can generate
complication in designing of Secure protocol
Vulnerability of nodes to physical capture: Sensor nodes may be
deploy in public or hostile locations in many applications. Because of
large number of nodes requirement, each sensor node must not be
expensive, which makes manufacturers to make them temper
resistant.
Lack of priory knowledge of post deployment configuration:
The large number of nodes involve makes it costly to pre-determine
the location of every individual node. Hence security protocol should
not assume prior knowledge of which nodes will be neighbor in
network.
Limited bandwidth and Transmission Power:
April 11, 202316
Problems of Bootstrapping in Sensor N/W
]Rushin $hah
Boot strapping schemes for sensor networks needs to satisfy
the following requirements:
Deploy nodes must be able to establish secure node to node
communication.
Additional Legitimate nodes deploy at later time can form
secure connection with already deployed nodes.
Unauthorized node should not be able to gain entry into the
network, either through packet injection.
The scheme must work without prior knowledge of which
nodes will come into communication range of each other
after deployment.
April 11, 2023]Rushin $hah17
method of key distribution
Single Network Wide Key
Asymmetric Cryptography
Pair wise keys
Trusted base station based key
distribution
Random Key pre distribution scheme
April 11, 2023]Rushin $hah18
Single Network Wide Key
The simplest method of key distribution is to pre-load a
Single Network Wide Key onto all nodes before
deployment.
After deployment nodes can start communication with the
nodes which are using the same network key.
This can be achieve by encrypting a message using
Network Key.
April 11, 2023]Rushin $hah19
Single Network Wide Key : Properties
Minimal memory storage required
No additional protocol steps are required.
Resistant against packet injection
April 11, 2023]Rushin $hah20
Single Network Wide Key : Drawback & Solution
The drawback of this scheme is:
if single node is compromised then entire security of the
network would be broken.
Methods to overcome this drawback
- Nodes must be temper resistant
- New nodes must not be allowed to enter into the network.
April 11, 2023]Rushin $hah21
Asymmetric Cryptography If a sensor node hardware is able to support asymmetric key
cryptography operation then this is a potentially viable method of key
distribution.
In this technique before deployment, a master public/private key
pair (KM , KMi) is first generated.
Then for every node A, its public/private key pair (KA , KAi ) is
generated.
This key pair is stored in node A’s memory along with the master
public key KM and master key’s signature on A’s public key.
Once all nodes are initialized in this fashion, they are ready for
deployment.
April 11, 2023]Rushin $hah22
Asymmetric Cryptography
Once nodes have been deployed, they perform key
exchanges.
‘Nodes exchange their respective public keys and master
key signatures.’
Each node’s public key which is known to every node in the
network.
Once the public key of node has been received, a
symmetric link key can be generated and sent message,
which encrypted by its public key.
April 11, 202323
Asymmetric Cryptography
]Rushin $hah
Properties :-
Perfectly resilient against node capture
Possible to revoke known compromised key-pairs
Fully scalable
Disadvantages:-
Dependence on asymmetric key cryptography hardware
Vulnerability to denial of service
No resistance against node replication
April 11, 2023]Rushin $hah24
Pair wise keys
In this approach , every node in the sensor network shares
a unique symmetric key with every other node in the
network.
In a network of n nodes ,
Total number of unique keys = nC2
Every node stores n-1 number of keys.
April 11, 2023]Rushin $hah25
Pair wise keys
Property:-
Perfect resilience to node capture
Compromised keys can be revoked
Only uses symmetric cryptography
Disadvantage:-
The main problem with the pair wise keys scheme is poor
scalability.
April 11, 202326
Trusted base station based key distribution
]Rushin $hah
This method of key distribution uses trusted, secure base
station as an arbiter to provide link keys to sensor nodes.
The sensor nodes authenticate themselves to the base
station, after which the base station generates a link key &
sends it securely to both parties.
Before deployment of sensor nodes, unique symmetric
key is generated for each node in the network.
This node key is stored in the memory of each sensor node
will serve as the authentication key between base station
and sensor node.
April 11, 202327
Trusted base station based key distribution
]Rushin $hah
Now assume that after deployment , the node A wants to
establish a shared secret session key SKAB with node B.
Since A and B do not share any secrets, they need to use a
trusted third party S, base station.
April 11, 202328
Trusted base station based key distribution
]Rushin $hah
Properties:
Small memory requirements
Perfect resilience to node capture
Revocation of node is simple
Node replication is easily controlled
Disadvantages:
Not scalable
Base station becomes target for compromise.
April 11, 2023]Rushin $hah29
Random Key pre distribution scheme Let m –denote the number of distinct cryptographic keys that can be
stores on a sensor node.
Before deployed the sensor nodes, an initialization phase is
performed.
In this initialization phase a basic scheme picks a random pool of
keys S out of the total possible key space.
For each node, m keys are randomly selected from the key pool S and
stored into the node’s memory.
This set of m keys is called as the node’s key ring.
After deployed the sensor nodes , a key-setup phase is performed.
The nodes first perform key discovery to find out with which of their
neighbors they share a key.
April 11, 2023]Rushin $hah30
Random Key pre distribution scheme
Such key discovery can be performed by assigning a short
identifier to each key prior to deployment and having each
node broadcasts its set of identifiers.
Nodes which discover that they contain shared key in their
key rings, can then verify that their neighbor actually holds
the key, through a challenge – response protocol.
April 11, 2023]Rushin $hah31
Water Marking One of the major security issue in the Internet is:
Digital Right Management (DRM).
It is easy to see that DRM will also play a major role in
wireless sensor network.
To address these problems Feng et al have developed the
first water marking technique for crypto logically embedding
an authorship signature into data and information which
acquired by a WSN.
The notion of intellectual property protection and specifically
watermarking has been widely studied for items such as text,
video/audio, and circuit designs.
April 11, 2023]Rushin $hah32
Water Marking Watermarking techniques have been proposed for two domains:
Static artifacts & Functional artifacts
Static artifacts are artifacts that consist of only syntactic
components which are not altered during their use.
Fo r e x a m p l e : images, audio.
The essential property of all watermarking for static artifacts is
that they leverage the imperfection of human perception.
The main objective of watermarking technique for static artifacts
- Requirements for global placement of the watermark in the
artifact,
- Resiliency against removal and suitability for rapid detection.
April 11, 2023]Rushin $hah33
Water Marking
Watermarking is also applicable to functional artifacts,
such as software & integrated circuits designs.
Functional artifacts can be specified and therefore
watermarked at several levels of abstraction such as:
- System level designs, - FPGA designs,
- The logic synthesis level, - Physical design level.
Additionally other techniques for intellectual property
protection such as finger printing, obfuscation, reverse
engineering, and forensic engineering can be apply.
April 11, 2023]Rushin $hah34
Real – Time Watermarking AIM: To authenticate data which is collected by a sensor
network.
Key Idea: To impose additional constraints to the system
during the sensing data acquisition or data processing phases.
The first set of techniques embeds the signature into the
process of sensing data.
The crucial idea is to modulate by imposing additional
constraints on of parameters that define sensor relationship
with the physical world.
The options include the location and orientation on sensor,
time management (e.g. frequency and phase of intervals
between consecutive data capturing), resolution.
April 11, 202335
Real – Time Watermarking
]Rushin $hah
In particular, an attractive alternative is to impose
constraints on intrinsic properties (e.g. sensitivity,
compression laws) of a particular sensor, therefore the
measured data have certain unique characteristics that are
strongly correlated with the signature of the author/owner.
The second technique is to embed signature during data
processing, either in sensor data or control data.
April 11, 2023]Rushin $hah36