.SenseA Secure Framework for Sensor Network Data Acquisition, Monitoring and Command

Screenshots

We present .Sense, an end-to-end security framework for sensor network data acquisition, monitoring and command. In order to provide security service inside the sensor network two security protocols are implemented. The first protocol is a key establishment algorithm in which sensor nodes agree on common keys to use for securing communications among them. The second is a scheme in which the base station is able to issue commands in authenticated manner to the network. We are also using typical security schemes such as SSL to connect the end-users to the system.

• First sensor network deployment with emphasis on fault-tolerance and end-to-end security.

• Our generic library for security inside the sensor network can be used by other TinyOS programmers. It provides key establishment, encryption and decryption commands.

• Two interfaces: A web-based interface for users, showing real-time and history graphs and administrator interface showing network connectivity and allow issuing of commands and user management.

• Database Resolution: Apart from the sensor network sample rate, there are two more virtual sample rates. It increases the end user GUI performance.

Architecture Overview

Sensor Network

Client

IP NETWORK

Back-up Database

Primary Database

Authentication

Primary Web server

Back-up Web server

Base Station

Data Acquisition

CommandAdministrator

M. Salajegheh, H. Soroush, A. Thomos, T. Dimitriou, I. Krontiris

Algorithms and Security Lab

{msal, hsor, ntom, tdim, ikro}@ait.edu.gr

Security Features.Sense provides end-to-end security for the user. For the security inside the

sensor network we have designed and implemented a security library that can be wired and used by any other application.

Key Establishment Each Sensor node establishes three kinds of keys: a Node-Base key that can be used for communication with the base station, pair-wise keys for immediate communication with neighbors and a group key that allows secure one to many communications. These keys provide flexibility in the application level security.

Encryption/Decryption For encryption and decryption, we use Skipjack security algorithm using CBC mode. In the base station of the WSN, received encrypted messages are decrypted before being sent to the UART port. This leads to easier and more efficient implementation. A new secure TOS Base had to be implemented in order to achieve this goal.

Command Authentication We use hash chains to authenticate commands. Sensors will be preloaded with the first key of the hash chain. When the base station needs to issue the next command, it releases the next key of the hash chain which sensors can check for authenticity.

.Sense is a distributed system which acts as a tool for sensor network data acquisition and command providing a transparent end-to-end security service. .Sense was designed with the following characteristics in mind:Security: The system provides data integrity, confidentiality and authentication. Fault-tolerance: The system handles potential faults of its various components. Distributed access to sensed information: The system allows concurrent access to sensed data according to user privileges.

Friendly GUI: The system can be easily used by non-advanced users.

Scalability: It scales to thousands of sensor nodes. Supports addition/revocation.

End User GUI Administrator GUI

Abstract

Advantages