wireless sensor network security problems and solutions ...wireless sensor network security has...
TRANSCRIPT
Wireless Sensor Network Security Problems and Solutions in Sport Stadium
LI Zhanping1, WANG Long2, LIU Bin3
1. Dept. of P.E., North China University of Science & Technology, Beijing, China
2. Department of Physical, Hebei University, Baoding, China
3. College of Electronics and Informational Engineering, HeBei University, Baoding, China
e-mail: [email protected]
Abstract: In this paper, firstly, the characteristics analysis of wireless sensor network (WSN) has been car-ried out through analysis. Secondly, the overall assessment involved in the key issues of wireless sensor net-work security has been achieved, and security defense on the wireless sensor network security issues has been implemented. Finally, the pair-wise keying algorithm has been described and analyzed. From above all, the ultimate security solution of wireless sensor network has been proposed.
Keywords: wireless sensor network; security; key algorithm; security defense
1. Introduction
General network of wireless sensor networks nurtured a
new information acquisition and processing techniques. A
typical sensor network has hundreds to millions of sensor
nodes [1]. Each sensor node is typically low-cost, limited
in computation and information storage resources, highly
power constrained, and communicates over a short- range
wireless network interface [2]. These described features
ensure a wide range of applications for sensor networks.
However, it seems that the security issue of sensor net-
works has not been considered as sufficiently as it should
be. Sensor networks compared with the traditional net-
works have the following characteristics [3]: the node dis-
tributions are dense, the node resources are very limited,
and most of the nodes are static. From above, the high
security of the sensor networks is very difficult.
2. Wireless Sensor Network Characteristics and Security Analyses
2.1 Wireless Sensor Network Characteristics and Composition
WSN is a large-scale distributed network, often deployed
in the no maintenance, poor conditions of the environ-
ment, and in most cases, sensor nodes are one-time use.
It is characterized mainly reflected in the following as-
pects: 1) energy is limited; 2) computing power is limited;
3) the storage capacity is limited; 4) the communication
range is limited. In addition, most sensor network topol-
ogy can not be predicted, while the entire network to-
pology, sensor nodes in the network are constantly
changing and a lot of network parameters and keys are
after deployment formed after consultations. Based on
the above analyses, we can see wireless sensor networks
are vulnerable to variety of threats and attacks.
The infrastructure of a WSN can be described as a
combination of two parts: data acquisition network and
data dissemination network [4].
1) Data acquisition network: It is a collection of sensor
nodes and the base station. The base station collects the
information from the motes and forwards control data to
the network environment.
2) Data dissemination network: It is a collection of
wired and wireless networks that provides an interface of
the data acquisition network to a user.
The security model we expect to encounter in current
WSN applications need to consider two kinds of security
namely Inside Security and Outside Security, respec-
tively, in two different network parts (in Data acquisition
network and Data dissemination network).
1) Inside Security: Since data acquisition network part
of WSN use a shared wireless communication medium,
authentication is necessary to enable both the sensor
nodes and BS (Base Station), for detecting the message
that was injected with a malicious intent. This authenti-
cation prevents the attacker from injecting/spoofing
packets. We call these security schemes as Inside Secu-
rity, since it secures the mote–mote, mote–BS and BS–
mote communication.
322978-1-935068-06-8 © 2009 SciRes.
Proceedings of 2009 Conference on Communication Faculty
2) Outside Security: This security concentrates on the
data dissemination network part of the WSN. In this
place, threats may arise from either side i.e., illegitimate
users retrieve information from the network, or a mali-
cious node forces the legitimate user to accept the false
information. The security solution to countermeasure
these threats is referred as Outside Security as it involves
the (outside) user and WSN.
2.2 Security Requirements and Analyses
Various security requirements on wireless sensor net-
works are presented in almost all the related papers. As a
summary, we classify those requirements into three se-
curity levels [5]:
1) Message-Based level. Similar with that in conven-
tional networks, this level deals with data confidentiality,
authentication, integrity and freshness. Symmetric key
cryptography and message authentication codes are nec-
essary security primitives to support information flow
security. Also data freshness is necessarily required as
lots of content-correlative information is transmitted on a
sensor network during a specific time.
2) Node-Based level. Situations such as node com-
promise or capture are investigated on this level. In case
that a node is compromised, loaded secret information
may be improperly used by adversaries.
3) Network-Based level. On this level, more net-
work-related issues are addressed, as well as security
itself. A major benefit of sensor networks is that they
perform in-network processing to reduce large streams of
raw data into useful aggregated information. Protecting it
is critical. The security issue becomes more challenging
when discussed seriously in specific network environ-
ments. Firstly, securing a single sensor is completely
different from securing the entire network, thus the net-
work-based anti-intrusion abilities have to be estimated.
Secondly, such network parameters as routing, node’s
energy consumption, signal range, network density and
etc., should be discussed correlatively. Moreover, the
scalability issue is also important with respect to the re-
deployment of node addition and revocation.
3. Security Components of Wireless Sensor Network
Security components include the following four phases [6].
3.1 Pre-Deployment Phase
Before the deployment the BS chooses a secret . Then
it distributes an identity ( ) and a distinguished se-
cret key
xS
kIDS
)xS( kk IDSHSK to each ( k th) sensor node,
where H is a strong one way hash function.
3.2 Registration Phase
Each user needs to register under BS to access for the
services in future. User sends its identity and regis-
tration request for this purpose. BS computes a secret
token ( ) using its secret as
iID
(IDHiS xS )xii SS .
Then, it returns the computed to the corresponding user
via a secure channel. iS
3.3 Authentication and Group Key Establishment Phase
A user stands some where in the network, and broadcasts
its identity ( ) as a request for service. The motes in
the proximity provide the confidential information in
their hand after authenticating the user.
iID
Step 1: Let m nodes in the user’s periphery. Each sen-
sor node (with identity ) generates a random nonce
, and sendsk
(kIDS
IkN SKEkiikN IDSID ), to BS.
Where, is the symmetric key encryption with
key . Each individual node keeps corre-
sponding to for a valid time period in its buffer.
kIDS
ikN
(.)k
iID
SkE
kSK kIDS
Step 2: BS selects first arrived message
and decrypts (
)( mpp )))(( kiikSKsk IDSIDNED
kK
k HSK
to obtain ,
, using the secret key (IkN
)xSiID kIDS ( kIDS ).
If computed after decryption does not match with
that received (in non-encrypted form), BS rejects that
nonce. If those two matches, BS computes
using.
kIDS
,....,1n ),( '1 pp nn
),....,(),....,( 11 ipiqpp NNRCAnn (1)
ipp Snn ' (2) Finally, BS sends along with the cor-
responding sensor node identities < > to the
user .
'11 ,,...., pp nnn
pIDSIDS ,....,1
iID
Step 3: The user reverse computes the nonce values
using its assigned secret token as in ),....,( 1 ipi NN
ipp Snn ' (3) ),....,(),....,( 11 nnRCANN p
qpiip (4)
The user uses these nonce values as session key with
323 978-1-935068-06-8 © 2009 SciRes.
Proceedings of 2009 Conference on Communication Faculty
the corresponding sensor nodes. To proof its identity, the
user sends ( ) (the encrypted identity with the
nonce ( ) as key) to the corresponding sensor with
identity IDS .
ikNE
k
iID
ikN
Step 4: Each sensor node ( ) accesses the nonce
value ( ) corresponding to from its buffer. It de-
crypts the received information using . If is ob-
tained as result, sensor node ( ) authenticates the
user ( ).
kIDS
iID
IDS
ikN
iID
ikN iID
k
The next phase (secured response phase) needs to be
executed only for legitimate users. Node discards
the information and closes the communication. kIDS
3.4 Secured Response Phase
This phase maintains confidentiality of responses re-
sisting node capturing attack. For this reason, it has been
assumed that each mote has partial information that to be
provided to the user. The correct answer can be deter-
mined using at least s partial correct answers.
4. Key Algorithm Scheme
Key algorithm plays a very key role in deploying secu-
rity strategies of wireless sensor networks [7-9]. In this
section, two different kinds of key algorithms are pre-
sented: probabilistic key distribution and polynomial
pool-based key distribution.
4.1 Probabilistic Key Distribution
Probabilistic key distribution scheme is designed to make
sure that at least a key-shared path exists in “almost cer-
tain” situation. This algorithm scheme picks a random
pool (set) of keys out of the total possible key space.
For each node, keys are randomly selected from the
key pool and stored into the node’s memory. This set
of keys is called the node’s key ring. The number of
keys in the key pool
Sm
Sm
S is chosen such that two random
subsets of size in will share at least one key with
some probability .
m Sp
We abstract a sensor network as a random graph
, with the wireless communication rang limit 'n ,
where denotes the number of sensor nodes, the
probability that a link exists between any two nodes.
Given a desired global probability for graph connec-
tivity,
),( pnGn p
cP
n
Pnp
4.2 Polynomial Pool-Based Pair-Wise Key Pre-Distribution
As addressed above [10,11], a bivariate tdegree polyno-
mial is used to generate keys. However, this polyno-
mial-based key pre-distribution scheme can only tolerate
no more than t compromised nodes, and the value of t is
limited due to the memory constraints of sensor nodes.
The idea of a pool of multiple random bivariate polyno-
mials is desirable. The basic idea of the polynomial
pool-based scheme can be considered as the expansion
on the meaning of “key”. That is, this scheme is also
based on the concept of “key pool”, whereas keys are
expressed as different polynomials.
5. Conclusions
Wireless sensor network security has become a hotspot
of current research. Although research on wireless sensor
networks security has achieved many notable results as
addressed above, more challenges arise due to the con-
tinuous change of requirements. The next step is to im-
prove the existing limitations in order to better meet the
communication security of wireless sensor networks.
6. Acknowledgments
This paper is supported by Natural Science Foundation of Hebei Prov-
ince and project of science and technology of Hebei Province.
References [1] Perrig A, Szewczyk R, Wen V, Culler D, Tygar J.D. SPINS:
Security protocols for sensor networks. In: Proc. of the 7th Annual Int’l Conf. on Mobile Computing and Networks. Rome: ACM Press, 2001. 189−199.
[2] Akyildiz IF, Su W, Sankarasubramaniam Y, Cayirci E. Wire-less sensor networks: A survey. Computer Networks, 2002, 38(4): 393−422.
[3] Zhu S, Setia S, Jajodia S. LEAP: Efficient security mecha-nisms for large-scale distributed sensor networks. In: Proc. of the 10th ACM Conf. on Computer and Communications Secu-rity (CCS 2003). Washington D.C., 2003. 62−72.
[4] J. Deng, R. Han, S. Mishra, Defending against path-based DoS attacks in wireless sensor networks, in: Proc. ACM Workshop on Security of Ad Hoc and Sensor Networks SASN-2005, 2005, 89–96.
[5] M. Manzo, T. Roosta, Time synchronization attacks in sensor networks, in: Proc. ACM Workshop on Security of Ad Hoc and Sensor Networks (SASN 2005), 2005, pp. 107–116.
[6] Zhang W, Cao G. Group rekeying for filtering false data in sensor networks: A predistribution and local collaboration-ba- sedapproach. http://www.cse.psu.Edu/~wezhang/papers/paper- infocom05.pdf
[7] Malan D.J., Welsh M, Smith M.D. A public-key infrastructure for key distribution in Ting OS based on elliptic curve cryp-tography.
c))ln(ln()ln( is held. [8] http://airclic.eecs.harvard.edu/publications/secon04.pdf
324978-1-935068-06-8 © 2009 SciRes.
Proceedings of 2009 Conference on Communication Faculty
[9] Chan H, Perrig A, Song D. Random key predistribution schemes for sensor networks. In: Proc. of the IEEE Symp. on Research in Security and Privacy. Oakland: IEEE Computer Society, 2003. 197−213.
[10] Du WL, Wang RH, Ning P. An efficient scheme for auth- en-ticating public keys in sensor networks. In: Proc. of the 6th ACM Int’l Symp. On Mobile Ad Hoc Networking and Com-puting (MobiHoc 2005). Urbana-Champaign: ACM Press, 2005. 58−67.
[11] Eschenauer L, Gligor VD. A key-management scheme for dis-tributed sensor networks. In: Proc. of the 9th ACM Conf. on Computer and Communications Security. Washington DC: ACM Press, 2002. 41−47.
[12] A.Chadha, Y. Liu, S.K. v, Group key distribution via local collaboration in wireless sensor networks, in: Proc. IEEE SECON 05, 2005, 46–54.
325 978-1-935068-06-8 © 2009 SciRes.
Proceedings of 2009 Conference on Communication Faculty