Securing Wireless Sensor Networks Wenliang (Kevin) Du Department of Electrical Engineering and Computer Science Syracuse University.

Securing Wireless Sensor Networks

Wenliang (Kevin) DuDepartment of Electrical Engineering and

Computer Science

Syracuse University

Overview

• Overview of Wireless Sensor Networks (WSN).

• Security in wireless sensor networks.– Why is it different?

• Our work on key pre-distribution in WSN– Deployment-based scheme (INFOCOM’04)– Pair-wise Scheme (ACM CCS’03)

• Summary.

Wireless Sensors

Berkeley Motes

Mica Motes

• Mica Mote: – Processor: 4Mhz– Memory: 128KB Flash and 4KB RAM– Radio: 916Mhz and 40Kbits/second.– Transmission range: 100 Feet

• TinyOS operating System: small, open source and energy efficient.

Spec Motes

Wireless Sensor Networks (WSN)

DeploySensors

Applications of WSN

• Battle ground surveillance– Enemy movement (tanks, soldiers, etc)

• Environmental monitoring– Habitat monitoring – Forrest fire monitoring

• Hospital tracking systems– Tracking patients, doctors, drug administrators.

Securing WSN

• Motivation: why security?

• Why not use existing security mechanisms?– WSN features that affect security.

• Our work: – Two key management schemes.

Why Security?

• Protecting confidentiality, integrity, and availability of the communications and computations

• Sensor networks are vulnerable to security attacks due to the broadcast nature of transmission

• Sensor nodes can be physically captured or destroyed

Why Security is Different?• Sensor Node Constraints

– Battery,– CPU power,– Memory.

• Networking Constraints and Features– Wireless, – Ad hoc,– Unattended.

Sensor Node Constraints

• Battery Power Constraints– Computational Energy Consumption

• Crypto algorithms• Public key vs. Symmetric key

– Communications Energy Consumption• Exchange of keys, certificates, etc.• Per-message additions (padding, signatures,

authentication tags)

• Slow– 1000 times slower than symmetric encryption

• Hardware is complicated

• Energy consumption is high

Constraints (Cont.)Public Key Encryption

Processor Energy Consumption (mJ/Kb)

RSA/E/V RSA/D/S AES

MIPS R4000 0.81 16.7 0.00115

MC68328 42 840 0.0130

Memory Constraints

• Program Storage and Working Memory– Embedded OS, security functions (Flash)– Working memory (RAM)

• Mica Motes:• 128KB Flash and 4KB RAM

Objectives of Our Research

• Long-term Goals– Study how WSN’s constraints/features affect the

design of security mechanisms.– Develop security mechanisms for WSN.

• Current Projects– Key Management Problems– Data Fusion Assurance

Key Management Problem

Key Management Problem

DeploySensors

Key Management Problem

Secure Channels

DeploySensors

Approaches

• Trusted-Server Schemes– Finding trusted servers is difficult.

• Public-Key Schemes– Expensive and infeasible for sensors.

• Key Pre-distribution Schemes

Loading Keys into sensor nodes prior to deployment

Two nodes find a common key between them after deployment

Challenges Memory/Energy efficiency Security: nodes can be compromised Scalability: new nodes might be added later

Key Pre-distribution

Naïve Solutions

Master-Key Approach Memory efficient, but low security. Needs Tamper-Resistant Hardware.

Pair-wise Key Approach N-1 keys for each node (e.g.

N=10,000). Security is perfect. Need a lot of memory and cannot add

new nodes.

Eschenauer-Gligor Scheme

Each noderandomly selects m keys

AB E

Key Pool S

DC

• When |S| = 10,000, m=75Pr (two nodes have a common key) = 0.50

Establishing Secure Channels

A

C

B

Our Improvement Over Eschenauer-Gligor Scheme

Appeared in IEEE INFOCOM 2004

Observations and Objectives

A

B

F

Property: Pr(A, B) = Pr(A, F)

Using deployment knowledge

Our objective: Pr(A, B) >> Pr(A, F)

Modeling Deployment Knowledge

Deployment points for a group of sensors

A

F

I

J

Probability Distribution Function of Each Deployment Group

Key Pre-distribution Scheme

Key Pools

Key Sharing Among Key Pools

A B C

F

H I

D

G

Horizontal

Vertical Diagonal

Local Connectivity

Network Resilience

• What is the damage when x nodes are compromised?– These x nodes contain keys that are used by the

good nodes.– What percentage of communications can be

affected?

Network Resilience

A Pairwise Key Pre-distribution Scheme

Appeared inCCS’03: ACM Conference on

Computer and Communications Security

Objectives

• Pairwise key pre-distribution scheme.– Each pair of sensor share a unique secret key– Can be used for Authentication

• Our Approach:– We use Blom Scheme to achieve Pairwise– We use Random Key Selection scheme to

improve performance and resilience

Blom Scheme

• Public matrix G

• Private matrix D (symmetric).

D G

+1 N

+1

+1

A G = (D G)T G = GT DT G = GT D G = (A G)T

Let A = (D G)T

Blom Scheme

X=

A = (D G)T G (D G)T G

i

j

i j

Kji

Kij

N

+1 NN

Node i carries:

Node j carries:

-secure Property

Undesirable Situation:

if

u*G(i) + v*G(j) = G(k)

thenu*A(i) + v*A(j) = A(k)

AT =D G

+1

i j

N

G

k

i jk

-secure Property

• ANY +1 columns in G are linear independent.– Different from saying that G has rank +1– Rank: there exist +1 linear independent columns

• Can tolerate compromise up to nodes.– Once +1 nodes are compromised, the rest can be

calculated if these +1 columns are linear independent.

• How to find such a matrix G?

Vandermonde Matrix

1 1 1 1

s s2 s3 sN

s2 (s2)2 (s3)2 (sN)2

s (s2) (s3) (sN)

G =

Properties of Blom Scheme

• Blom’s Scheme– Network size is N– Any pair of nodes can directly find a secret key– Tolerate compromise up to nodes– Need to store +2 keys

• Challenge: Can we increase without increasing the storage usage.

Multiple Space Scheme

(D2, G)

(D1, G)

(D, G)

Key-Space Pool

spaces

spaces

spaces

Two nodes can find a pairwise key if they carry a common key space!

How to select and ?• If the memory usage is m, the security

threshold (probablistic) m is

• To improve the security, we need to increase /2.

• However, such an increase affects the connectivity.

2 mm

Measure Local Connectivity

plocal = the probability that two neighboring nodescan find a common key.

!)!2())!((

)(

))(( 2

21

localp

Plocal for different and

Security Analysis

• Network Resilience:– When x nodes are compromised, how many

other secure links are affected?

jxjx

j

xj

xc

)1())((

d)compromise are nodes |broken is Pr(

1

Resilience (p = 0.33, m=200)

Blom

Resilience (p = 0.50, m =200)

Blom

Improvement:Using Two-hop Neighbors

= 7 = 2

= 31 = 2

Summary

• Security in WSN is quite different from traditional (Wired) network security.

• We have proposed two key pre-distribution schemes for WSN.

• Our schemes substantially improves the performance and network resilience.