Security in Wireless Sensor Networks Introduction A Wireless Sensor Network is a network made of many small devices consisting of a battery, radio communications, microcontroller, and sensors. Sensor nodes Task manager Gateway node 2
Introduction The sensor nodes cooperate to monitor enviromental phenomena. detect phenomenon Sensor nodes Task manager Gateway node routing 3 Applications – Military applications – Enviromental applications – Home applications – Health applications – Automotive applications – … 4
Military applications • Monitoring friendly forces, equipment and ammunition • Reconnaissance of opposing forces and terrain • Battlefield surveillance • Nuclear, biological and chemical attack detection and reconnaissance 5 Enviromental applications Ecosystems Flood / Forest fire detection Habitat Monitoring Precision agriculture NY Times, May 10, 2005 6
Home applications Home automation Structural Monitoring Kajima-Shizuoka Building – Japan 7 Health applications • Telemonitoring of human physiological data • Tracking and monitoring patients and doctors BASUMA (BMWA)-Germany Health Care Monitoring of Mobile Patients. (Source: ISTI & IFC--CNR, Pisa, Italy). 8
Automotive applications • Vehicle tracking and detection • Detecting and monitoring car thefts • Disaster recovery RUNES 9 Design space – Distributed and large-scale networks • Hundreds of nodes • Network size and density determined by coverage, connectivity, task – Hostile Environment • Nodes may be compromised – Limited Resources • Energy restrictions • Limited computational power • Storage restrictions • No physical security feasible 10
Design space – The network topology may change very frequently • Uncontrolled mobility caused by environment factors or controlled robotic mobility • Nodes may be randomly deployed • Nodes are prone to failures – The network must be reconfigurable • Wireless connections • Self-reconfiguration 11 Sensor node Capabilities PC Notebook Smartphone Mote Size, Power Consumption, Cost 12
Hardware platform: Motes Evolution WeC 99 Dot 9/01 Mica2 Mote Telos Mote “Smart Rock” ATmega163 ATmega128 TI MSP430 Small µ-controller –16kB code –128kB code –48kB code –8kB code –1k B data –4kB data –10KB data –512 B data Low-power radio: Low-power radio: Low-power radio: Low-power radio: 10kbps 40kbps 250 kbps 10kbps Simple sensors Simple sensors Integrated sensor Simple sensor 13 Mobile platforms –Autonomous –Mobile –Flying iBadge –Wearable Heliomote (UCLA) Helicopter Imager (UCLA) (UCLA) MOTE Data Storage Medusa MK-2 ( UCLA) Path STARGATE Planning PACKBOT Data Mule RagoBot RAiN ( Pisa ) (UCLA) (UCLA) 14
Communication architecture Application Layer Application Layer Network Layer Network Layer Data Link Layer Data Link Layer Physical Layer Physical Layer 15 Physical layer The physical layer is responsible for: Application Layer • Frequency selection • Frequency generation Network Layer • Signal detection • Modulation Data Link Layer Open research issues: Physical Layer • Modulation schemes • Strategies to overcome signal propagation effects • Hardware design 16
Data link layer The data link layer is responsible Application Layer for: • Medium access Network Layer • Error control Data Link Layer Open research issues: • MAC for mobile sensor networks Physical Layer • Error control coding schemes • Power saving modes 17 Network layer The network layer is responsible for: Application Layer • Routing • Network reconfiguration in Network Layer presence of node failure • Data aggregation Data Link Layer • Accessing to other external networks (i.e. Internet). Physical Layer Open issues: • Power efficiency • Addressing • New routing protocols 18
Application layer The application layer is responsible for: Application Layer • Data management • Synchronization Network Layer Open issues: Data Link Layer • Task assignment and data advertisement protocol Physical Layer • Sensor query and data dissemination • Localization • Time Synchronization 19 Cross-layer issue: Security Security Requirements: Application Layer • Confidentiality • Authentication Network Layer • Integrity Data Link Layer • Freshness • Secure Group Management • Availability Physical Layer 20
Security issues – Secure Network Communication • Cryptographic mechanisms • Key establishment & management – Group-key management • Authenticated broadcast • Routing attacks – Secure Localization – Secure Time Synchronization – Secure Data Processing 21 Cryptographic Mechanisms 22
Cryptographic Mechanisms – Asymmetric cryptography: • Tiny-PK • Tiny-ECC – Symmetric cryptography: • RC5 & SkypJack block-ciphers • HMAC SHA-1 message authentication code – Commercial standards for Motes • TinySec • ZigBee (802.15.4) 23 Asymmetric cryptographic The amount of computational energy consumed by a security function is determined by: • the processor power consumption • the processor clock frequency • the number of clocks needed to compute the security function Public key cryptographic algorithms such as RSA are computationally intensive: • thousands or even millions of multiplication instructions to perform a single security operation 24
Public key cryptography: RSA Execution times for 2 x (mod p) with p prime number (modulus) and x which ranges from 112 to 768 bit on MICA2 mote [Malan04] As we can see, a single exponentiation could take 5 minutes ! 25 TinyPK [TinyPK04] Tiny Public-Key: Verification operation by using RSA with exponent e =3 and module n Verification time Module size n (Hardware Platform: Mica ) 512-bit 3.7 s 768-bit 8.0 s 1024-bit 14.5 s • Verification algorithm: slow but feasible (trick: e =3 ) • Sensor nodes can verify but cannot generate a signature. 26
Public key cryptography: ECC Elliptic curve cryptography (ECC) • Based on the elliptic curve discrete logarithm problem: – given the equation Q=kG , known G and Q (points), then find the integer k • No subexponential algorithm to solve it are known • ECC keys are smaller than RSA ones EQUIVALENT RSA ECC SECURITY Secure until.. (Key length (Key length in in bit) bit) (bit) 80 1024 160 before 2010 112 2048 224 before 2030 128 3072 256 after 2030 192 7680 384 ? 256 15360 512 ? 27 ECC on sensor networks – EccM 2.0 [Malan04] : • implemented for MICA2, written in nesC – 34 seconds to generate ECC key pairs (Diffie-Hellmann) – 70 seconds to run the entire Diffie-Hellman protocol – TinyECC [LiuNing05]: • implemented for MICAz (ATmega128) – 7 seconds for digital signature of ECDSA – 14.2 seconds for signature verification of ECDSA • Different algorithms than EccM and some functions are written in µcontroller’s language • It uses curve parameters standardized by SEC2 standard [SEC2] 28
Improving ECC performances Parallelization • N nodes who helps the verifier – T trusted, U untrusted – N = 2U + 1: if this condition is met the verifier always picks the correct value Public key Digital Signature Mode generation Signature verification EccM 2.0 50.77 s 50.74 s 101.01 s EccM 2.0 with 50.77 s 50.74 s 63.71 s parallelization 29 Improving ECC performances Re-implementation • Assembly implementation of some other functions originally written in nesC • Re-implementation of multiplication algorithm, especially for ECDSA verification (multiple multiplication) • Partial improvement of TinyOs random number generator Time (sec) Time (sec) Function Tmote Sky MICAz Key pair generation 8.5 - SHA-1 0.015 (200 bytes) - ECDSA Signature 8.8 7.074 ECDSA Verification 10.7 14.293 30
Improvement ECC performances Hardware suppport – Hasegawa, Nakajima and Matsui [Hasegawa99] – 0.15 seconds for digital signature of ECDSA – 0.63 seconds for verification of ECDSA • Non standard curve parameters but customized • Modified algorithms according to own parameters • Hardware support: microcontroller M16C M16C TMote Sky 10 MHz 8 Mhz 91 instructions 27 istructions Multiplication/division as No multiplication/division hardware operation 31 Symmetric cryptography – RC5 & SkypJack block-ciphers • CBC-mode: break a m bit message into 64 bit chunks (m1,m2,..) • Transmit ( c1, c2, … ) and IV – IV is needed to achieve semantic security – Same message looks different every time m 1 m 2 IV E k E k E k c 1 c 2 CBC-Mode 32
Symmetric cryptography Mode CBC-CTS (Ciphertext Stealing) • it allows ciphered text to have the same length as the plain text even though plain text is not a multiple of block size • Encryption/Decryption performances (32 bytes) on TelosB with TinyOs-1.1.11 – 6.37 ms (RC5) – 2.40 ms (SkipJack) 33 HMAC: SHA-1 SHA-1 is an hash function required Dimension Time by: (bytes) (ms) • symmetric protocol 4 4.63867 • public key cryptography (e.g. digital 8 4.66918 signature schemes) 16 4.69970 It produces a hash value on 160 bit 32 4.69970 64 8.911 128 13.24 Performance on Tmote Sky 34
Recommend
More recommend
