6. security in wireless sensor netwoks

April 11, 2023]Rushin $hah1


Security in Wireless Sensor Network

Unit : 6


Threats to a wireless sensor Networks

There are many vulnerability and threats to WSN which

includes:

Threats due to Equipment Breakdown

Due to Power Failure

Due to Environmental Factors

Due to Physical Tempering

Due to Information Gathering

5


List of threats to WSN

Passive information gathering

Subversion of node

False Node

Node Malfunction

Node Outage

Message corruption

Denial of Service

SuFaMa Pass IG DoS Outage Msg Corr


List of threats to WSN Passive Information Gathering:

- If communication between sensors / between sensors and

Intermediate nodes are in the clear then

An intruder: with an appropriate powerful receiver and

well designed antenna

can passively pick off the data stream.

Subversion of a node:

- If sensor node is captured, it may be tampered with

electronically interrogated and perhaps compromised.

- Once compromised, the sensor node may disclose its

cryptographic keying material.


List of threats to WSN

False Node:

- An Intruder might add a node to a system and

feed false data or block the passage of True data.

- Typically a false node is computationally robust device

which impersonates a sensor node.

Node Malfunction:

- A node in a wireless sensor network may mal function and

generate inaccurate or false data.

- More over if the node is work as intermediate node may

drop or garble data during transmission.


List of threats to WSN Node Outage:

If a node serves as an intermediate node or collection and

aggregation point, Which stops working.

Message Corruption:

Attacks against the integrity of message occur when:

An intruder insert themselves between the source and

destination And modify the contents of a message.

Denial of Service:

A denial of service attack on WSN may take several forms,

such an attack may consist of jamming the radio link or could

exhaust resources or misroute the data.


List of task to be achieve during designing of Generic WSN Security Model

Communication Security:

- This Mechanism involve to provide security for node to node

communication.

- In the case: when more powerful nodes exist & clusters can

be formed, end to end communication security between the

designated cluster head and each individual sensor node in the

cluster should be used.

- In the absence of powerful nodes , it is appropriate to employ

pair wise security , but only for fixed number of pairs.

- This is because pair wise security is not scalable as the number

of nodes in WSN increases.



Key Management:

- Due to the fact that most sensor nodes in WSN have

limited amount of energy, public key cryptography

mechanism are expensive in terms of Energy

Consumption.

- Private key cryptography, on the hand is quite

applicable to WSN due to its low energy requirements.

- However in hybrid WSN consist of nodes with different

capabilities and resources , so it is feasible to employ both

public key & private key cryptography.



Data Aggregation:

- In the ideal security model data aggregation can be

performed to confirm security options.

Self-Healing:

- Self organization and maintenance properties are built

into the network.


Security Architecture

SPIN

Micro-

TESLA

SNEP

SPIN:

Security Protocol

in Sensor Network

SNEP:

Secure Network

Encryption Protocol

Micro-TESLA:

Micro Timed Efficient

Streaming Loss

tolerant Authentication

April 11, 202312


In SPINS, each sensor node shares a unique master key

with base station.

Other key required by SNEP and micro-TESLA protocols

are derived from this master key.

SNEP is based on Cipher block Chaining implemented in

counter mode (CBC-CTR).

In this method initial value of the counter in the sender

and receiver is the same , thus:

The sender increments the counter after sending each

encrypted message and the receiver after receiving,

decrypting it. ]Rushin $hah



To achieve authenticated broadcasts, micro-TESLA uses

time –released key chain.(TRKC)

There are two requirements for correct functioning of

this protocol

i. The owner of the key release schedule has to have

enough storage for all the keys in the key chain.

ii. Every node in the network has to at least be loosely

time synchronized.


Key distribution techniques for sensor Network The general key distribution refers to the task of distributing

secret keys between communicating parties in order to facilitate

security properties such as Communication Secrecy and

Authentication.

In sensor network , key distribution is usually combined with initial

communication establishment to bootstrap a secure

communication infrastructure from collection of deployed

sensor nodes.

These nodes may have been pre initialized with some secret

information but do not have direct contact to each other.

“ This Combined problem of key distribution & secure communication

establishment is known as Bootstrapping Problem”

April 11, 202315

Complication in Designing of Secure Protocol Characteristics of the Sensor Network which can generate

complication in designing of Secure protocol

Vulnerability of nodes to physical capture: Sensor nodes may be

deploy in public or hostile locations in many applications. Because of

large number of nodes requirement, each sensor node must not be

expensive, which makes manufacturers to make them temper

resistant.

Lack of priory knowledge of post deployment configuration:

The large number of nodes involve makes it costly to pre-determine

the location of every individual node. Hence security protocol should

not assume prior knowledge of which nodes will be neighbor in

network.

Limited bandwidth and Transmission Power:

April 11, 202316

Problems of Bootstrapping in Sensor N/W

]Rushin $hah

Boot strapping schemes for sensor networks needs to satisfy

the following requirements:

Deploy nodes must be able to establish secure node to node

communication.

Additional Legitimate nodes deploy at later time can form

secure connection with already deployed nodes.

Unauthorized node should not be able to gain entry into the

network, either through packet injection.

The scheme must work without prior knowledge of which

nodes will come into communication range of each other

after deployment.


method of key distribution

Single Network Wide Key

Asymmetric Cryptography

Pair wise keys

Trusted base station based key

distribution

Random Key pre distribution scheme


Single Network Wide Key

The simplest method of key distribution is to pre-load a

Single Network Wide Key onto all nodes before

deployment.

After deployment nodes can start communication with the

nodes which are using the same network key.

This can be achieve by encrypting a message using

Network Key.


Single Network Wide Key : Properties

Minimal memory storage required

No additional protocol steps are required.

Resistant against packet injection


Single Network Wide Key : Drawback & Solution

The drawback of this scheme is:

if single node is compromised then entire security of the

network would be broken.

Methods to overcome this drawback

- Nodes must be temper resistant

- New nodes must not be allowed to enter into the network.


Asymmetric Cryptography If a sensor node hardware is able to support asymmetric key

cryptography operation then this is a potentially viable method of key

distribution.

In this technique before deployment, a master public/private key

pair (KM , KMi) is first generated.

Then for every node A, its public/private key pair (KA , KAi ) is

generated.

This key pair is stored in node A’s memory along with the master

public key KM and master key’s signature on A’s public key.

Once all nodes are initialized in this fashion, they are ready for

deployment.



Once nodes have been deployed, they perform key

exchanges.

‘Nodes exchange their respective public keys and master

key signatures.’

Each node’s public key which is known to every node in the

network.

Once the public key of node has been received, a

symmetric link key can be generated and sent message,

which encrypted by its public key.

April 11, 202323


]Rushin $hah

Properties :-

Perfectly resilient against node capture

Possible to revoke known compromised key-pairs

Fully scalable

Disadvantages:-

Dependence on asymmetric key cryptography hardware

Vulnerability to denial of service

No resistance against node replication


Pair wise keys

In this approach , every node in the sensor network shares

a unique symmetric key with every other node in the

network.

In a network of n nodes ,

Total number of unique keys = nC2

Every node stores n-1 number of keys.


Pair wise keys

Property:-

Perfect resilience to node capture

Compromised keys can be revoked

Only uses symmetric cryptography

Disadvantage:-

The main problem with the pair wise keys scheme is poor

scalability.

April 11, 202326

Trusted base station based key distribution

]Rushin $hah

This method of key distribution uses trusted, secure base

station as an arbiter to provide link keys to sensor nodes.

The sensor nodes authenticate themselves to the base

station, after which the base station generates a link key &

sends it securely to both parties.

Before deployment of sensor nodes, unique symmetric

key is generated for each node in the network.

This node key is stored in the memory of each sensor node

will serve as the authentication key between base station

and sensor node.

April 11, 202327


]Rushin $hah

Now assume that after deployment , the node A wants to

establish a shared secret session key SKAB with node B.

Since A and B do not share any secrets, they need to use a

trusted third party S, base station.

April 11, 202328


]Rushin $hah

Properties:

Small memory requirements

Perfect resilience to node capture

Revocation of node is simple

Node replication is easily controlled

Disadvantages:

Not scalable

Base station becomes target for compromise.


Random Key pre distribution scheme Let m –denote the number of distinct cryptographic keys that can be

stores on a sensor node.

Before deployed the sensor nodes, an initialization phase is

performed.

In this initialization phase a basic scheme picks a random pool of

keys S out of the total possible key space.

For each node, m keys are randomly selected from the key pool S and

stored into the node’s memory.

This set of m keys is called as the node’s key ring.

After deployed the sensor nodes , a key-setup phase is performed.

The nodes first perform key discovery to find out with which of their

neighbors they share a key.


Random Key pre distribution scheme

Such key discovery can be performed by assigning a short

identifier to each key prior to deployment and having each

node broadcasts its set of identifiers.

Nodes which discover that they contain shared key in their

key rings, can then verify that their neighbor actually holds

the key, through a challenge – response protocol.


Water Marking One of the major security issue in the Internet is:

Digital Right Management (DRM).

It is easy to see that DRM will also play a major role in

wireless sensor network.

To address these problems Feng et al have developed the

first water marking technique for crypto logically embedding

an authorship signature into data and information which

acquired by a WSN.

The notion of intellectual property protection and specifically

watermarking has been widely studied for items such as text,

video/audio, and circuit designs.


Water Marking Watermarking techniques have been proposed for two domains:

Static artifacts & Functional artifacts

Static artifacts are artifacts that consist of only syntactic

components which are not altered during their use.

Fo r e x a m p l e : images, audio.

The essential property of all watermarking for static artifacts is

that they leverage the imperfection of human perception.

The main objective of watermarking technique for static artifacts

- Requirements for global placement of the watermark in the

artifact,

- Resiliency against removal and suitability for rapid detection.


Water Marking

Watermarking is also applicable to functional artifacts,

such as software & integrated circuits designs.

Functional artifacts can be specified and therefore

watermarked at several levels of abstraction such as:

- System level designs, - FPGA designs,

- The logic synthesis level, - Physical design level.

Additionally other techniques for intellectual property

protection such as finger printing, obfuscation, reverse

engineering, and forensic engineering can be apply.


Real – Time Watermarking AIM: To authenticate data which is collected by a sensor

network.

Key Idea: To impose additional constraints to the system

during the sensing data acquisition or data processing phases.

The first set of techniques embeds the signature into the

process of sensing data.

The crucial idea is to modulate by imposing additional

constraints on of parameters that define sensor relationship

with the physical world.

The options include the location and orientation on sensor,

time management (e.g. frequency and phase of intervals

between consecutive data capturing), resolution.

April 11, 202335

Real – Time Watermarking

]Rushin $hah

In particular, an attractive alternative is to impose

constraints on intrinsic properties (e.g. sensitivity,

compression laws) of a particular sensor, therefore the

measured data have certain unique characteristics that are

strongly correlated with the signature of the author/owner.

The second technique is to embed signature during data

processing, either in sensor data or control data.

6. security in wireless sensor netwoks

Education

Transcript of 6. security in wireless sensor netwoks