1 Securing Wireless Sensor Networks Wenliang (Kevin) Du Department of Electrical Engineering and Computer Science Syracuse University Excerpted from wedu/Research/slides/Purdue04.ppt.

1

Securing Wireless Sensor Networks

Wenliang (Kevin) DuDepartment of Electrical Engineering and

Computer Science

Syracuse UniversityExcerpted from

http://www.cis.syr.edu/~wedu/Research/slides/Purdue04.ppt

2

Overview

• Overview of Wireless Sensor Networks (WSN).

• Security in wireless sensor networks.– Why is it different?

• Our work on key pre-distribution in WSN– Deployment-based scheme (INFOCOM’04)– Pair-wise Scheme (ACM CCS’03)

• Summary.

3

Wireless Sensors

Berkeley Motes

4

Mica Motes

• Mica Mote: – Processor: 4Mhz– Memory: 128KB Flash and 4KB RAM– Radio: 916Mhz and 40Kbits/second.– Transmission range: 100 Feet

• TinyOS operating System: small, open source and energy efficient.

5

Spec Motes

6

Wireless Sensor Networks (WSN)

DeploySensors

7

Applications of WSN

• Battle ground surveillance– Enemy movement (tanks, soldiers, etc)

• Environmental monitoring– Habitat monitoring – Forrest fire monitoring

• Hospital tracking systems– Tracking patients, doctors, drug administrators.

8

Securing WSN

• Motivation: why security?

• Why not use existing security mechanisms?– WSN features that affect security.

• Our work: – Two key management schemes.

9

Why Security?

• Protecting confidentiality, integrity, and availability of the communications and computations

• Sensor networks are vulnerable to security attacks due to the broadcast nature of transmission

• Sensor nodes can be physically captured or destroyed

10

Why Security is Different?• Sensor Node Constraints

– Battery,– CPU power,– Memory.

• Networking Constraints and Features– Wireless, – Ad hoc,– Unattended.

11

Sensor Node Constraints

• Battery Power Constraints– Computational Energy Consumption

• Crypto algorithms• Public key vs. Symmetric key

– Communications Energy Consumption• Exchange of keys, certificates, etc.• Per-message additions (padding, signatures,

authentication tags)

12

• Slow– 1000 times slower than symmetric encryption

• Hardware is complicated

• Energy consumption is high

Constraints (Cont.)Public Key Encryption

Processor Energy Consumption (mJ/Kb)

RSA/E/V RSA/D/S AES

MIPS R4000 0.81 16.7 0.00115

MC68328 42 840 0.0130

13

Memory Constraints

• Program Storage and Working Memory– Embedded OS, security functions (Flash)– Working memory (RAM)

• Mica Motes:• 128KB Flash and 4KB RAM

14

Objectives of Our Research

• Long-term Goals– Study how WSN’s constraints/features affect the

design of security mechanisms.– Develop security mechanisms for WSN.

• Current Projects– Key Management Problems– Data Fusion Assurance

15

Key Management Problem

16

Key Management Problem

DeploySensors

17

Key Management Problem

Secure Channels

DeploySensors

18

Approaches

• Trusted-Server Schemes– Finding trusted servers is difficult.

• Public-Key Schemes– Expensive and infeasible for sensors.

• Key Pre-distribution Schemes

19

Loading Keys into sensor nodes prior to deployment

Two nodes find a common key between them after deployment

Challenges Memory/Energy efficiency Security: nodes can be compromised Scalability: new nodes might be added later

Key Pre-distribution

20

Naïve Solutions

Master-Key Approach Memory efficient, but low security. Needs Tamper-Resistant Hardware.

Pair-wise Key Approach N-1 keys for each node (e.g.

N=10,000). Security is perfect. Need a lot of memory and cannot add

new nodes.

21

Eschenauer-Gligor Scheme

Each noderandomly selects m keys

AB E

Key Pool S

DC

• When |S| = 10,000, m=75Pr (two nodes have a common key) = 0.50

43.057.0111000075

992575

C

C

22

Establishing Secure Channels

A

C

B

D

E

23

Exercise 7

• Write a program to calculate the probability:– Input:

• G=(V,E)• Pr (two nodes have a common key) =

– Output:• Let E’E denote the subset of secure channels,

calculate the probability that G=(V,E’) is a connected graph.

– Due: June 4th

24

Example 1

=1/2

25

2

1

881

81

81

81

81

26

27

20

)13

2

3

2

3

2()3

3

1

3

2

3

2(

=2/3

Example 2

27

Input Format

3

1 2

2 3

3 1

• |V|=3• Undirected edges (1,2)

(2,3) (3,1)• Note: the given graph

may not be complete.