On the Feasibility and Meaning of Security in Sensor Networks - - PowerPoint PPT Presentation

Chair of Computer Science 4 Communication and Distributed Systems

On the Feasibility and Meaning

• f Security in Sensor Networks

Zinaida Benenson and Felix C. Freiling

RWTH Aachen University Chair of Computer Science 4 Communication and Distributed Systems

Zinaida Benenson 2

Chair of Computer Science 4 Communication and Distributed Systems

Security in Sensor Networks

2/17 March 24, 2005

Security in Sensor Networks? Who cares?

We just want to get the system running!

Security is expensive:

• energy consuming
• increasing code size
• slowing things down

Zinaida Benenson 3

Chair of Computer Science 4 Communication and Distributed Systems

Security in Sensor Networks

3/17 March 24, 2005

Why and How to Secure Sensor Networks protect right things in a right way

• Need appropriate security measures
• Killer applications will inevitably be attacked

Are there any killer applications in sight?

Zinaida Benenson 4

Chair of Computer Science 4 Communication and Distributed Systems

Security in Sensor Networks

4/17 March 24, 2005

Example: Securing Killer Applications

WLAN and GSM (in)security

protect right things in a right way

• WEP over-the-air interception
• bogus access points
• access point theft
• end device theft
• SIM cloning
• (bogus base stations)
• (infrastructure attacks)

attackers: researches, criminals, law enforcement gain: research reputation, service, equipment, money, valuable information

Zinaida Benenson 5

Chair of Computer Science 4 Communication and Distributed Systems

Security in Sensor Networks

5/17 March 24, 2005

• 1. Security goals: what to protect
• 2. Adversaries: against whom to protect
• 3. Solutions: how to protect
• 4. Open problems and discussion

Protect Right Things in a Right Way

Zinaida Benenson 6

Chair of Computer Science 4 Communication and Distributed Systems

Security in Sensor Networks

6/17 March 24, 2005

Security Goals in Sensor Networks sensor network ≈ distributed database

• Confidentiality: get data only if authorized
• Integrity: get the genuine data
• Availability: get data whenever needed

Outside security goals: Solutions:

• secure data aggregation

(Przydatek et al. 2003, Wagner 2004)

• anti-jamming services

(Wood et al. 2003)

• access control

(Benenson et al. 2005)

Zinaida Benenson 7

Chair of Computer Science 4 Communication and Distributed Systems

Security in Sensor Networks

7/17 March 24, 2005

Security Goals in Sensor Networks sensor network ≈ distributed system

Inside security goal: realize outside security interactions between system components Solutions:

• key management

(Eschenauer & Gligor 2002, Zhu et al. 2003, Anderson et al. 2004)

• link layer encryption

(Karlof et al. 2004)

• secure routing

(Karlof & Wagner 2003, Deng et al. 2003)

• secure in-network processing

(Deng et al. 2003, Dimitriou & Foteinakis 2004)

• data replication

(Ghose et al. 2003)

Zinaida Benenson 8

Chair of Computer Science 4 Communication and Distributed Systems

Security in Sensor Networks

8/17 March 24, 2005

Adversary Models in Sensor Networks

• Malignity
• Goals
• Interference
• Presence
• Available resources

Parameters:

Zinaida Benenson 9

Chair of Computer Science 4 Communication and Distributed Systems

Security in Sensor Networks

9/17 March 24, 2005

Adversary Parameters for Sensor Networks

Malignity random failures malicious failures (worst case) dependability security

• Malignity
• Goals
• Interference
• Presence
• Available resources

Zinaida Benenson 10

Chair of Computer Science 4 Communication and Distributed Systems

Security in Sensor Networks

10/17 March 24, 2005

Adversary Parameters for Sensor Networks

Goals

• Malignity
• Goals
• Interference
• Presence
• Available resources

Confidentiality Integrity Availability Data:

• valuable
• sensitive
• critical

(gain access) (modify) (destroy)

Zinaida Benenson 11

Chair of Computer Science 4 Communication and Distributed Systems

Security in Sensor Networks

11/17 March 24, 2005

Adversary Parameters for Sensor Networks

Interference

• Malignity
• Goals
• Interference
• Presence
• Available resources

passive active fail-stop disturbing malicious node capture

Zinaida Benenson 12

Chair of Computer Science 4 Communication and Distributed Systems

Security in Sensor Networks

12/17 March 24, 2005

Adversary Parameters for Sensor Networks

Presence

• Malignity
• Goals
• Interference
• Presence
• Available resources

local partially present global

Zinaida Benenson 13

Chair of Computer Science 4 Communication and Distributed Systems

Security in Sensor Networks

13/17 March 24, 2005

Adversary Parameters for Sensor Networks

Available Resources

• Malignity
• Goals
• Interference
• Presence
• Available resources

funding equipment expert knowledge time

• clever outsiders
• knowledgeable insiders
• funded organizations

Zinaida Benenson 14

Chair of Computer Science 4 Communication and Distributed Systems

Security in Sensor Networks

14/17 March 24, 2005

Adversary Parameters for Sensor Networks

Interplay of Parameters eavesdrop key hacker malicious active global adversary single sensor node capture node cloning

• Malignity
• Goals
• Interference
• Presence
• Available resources

Zinaida Benenson 15

Chair of Computer Science 4 Communication and Distributed Systems

Security in Sensor Networks

15/17 March 24, 2005

passive active Protecting Sensor Networks

• symmetric encryption
• key management
• hierarchical architectures
• hybrid cryptography
• tamper resistance
• replication
• witnesses
• anti-traffic analysis
• evasiveness
• virtual minefield
• redundancy => probabilistic security
• broadcast communication => witnesses

Zinaida Benenson 16

Chair of Computer Science 4 Communication and Distributed Systems

Security in Sensor Networks

16/17 March 24, 2005

Example: Structural health? Home networks?

top-down bottom-up Threat Analysis

undesired

• utcome 1

undesired

• utcome 2

immediate cause 1 immediate cause 2 failure of component 1 failure of component 2 system behavior

...

(Ross Anderson „Security Engineering“)

Zinaida Benenson 17

Chair of Computer Science 4 Communication and Distributed Systems

Security in Sensor Networks

17/17 March 24, 2005

Open Problems

• Realistic adversary models

➔ consider particular applications and systems ➔ base stations ↔ sensor node

• Security primitives

➔ symmetric encryption ↔ in-network processing, witnesses ➔ hybrid cryptography?

• Securing all protocol layers

➔ jamming ➔ freshness

• „Fully“ secure sensor networks

➔ combining existing solutions feasible?

2nd Workshop on Sensor Networks

Important Dates:

• Submission deadline

April 29, 2005

• Acceptance notification

May 27, 2005

• Camera ready

June 24, 2005

• Preliminary date
• Sept. 21, 2005

Organization:

• GRK „Software for mobile communication systems“ RWTH Aachen
• Fachgespräch Sensornetze

Associated Workshop: Multisensordatenfusion: Aktuelle Trends, innovative Lösungen, neue Anwendungsfelder

Zinaida Benenson 19

Chair of Computer Science 4 Communication and Distributed Systems

Security in Sensor Networks

19/17 March 24, 2005

Summary

security goals adversary models solutions

• CIA
• inside / outside
• probabilistic
• witnesses
• redundancy
• malignity
• goals
• interference
• presence
• available resources