Security in Wireless Sensor Networks Adrian Perrig John

Security in Wireless Sensor Networks Adrian Perrig, John Stankovic, and David Wagner

Overview • WSN security: Too many problems. . . A number of solutions. . . Enough? • Survey Paper: outlines security issues, discusses some existing solutions, and suggests possible research directions • Issues include: – key establishment – secrecy – authentication – privacy – denial-of-service attacks More info in a later set of slides – secure routing More info in a later set of slides – node capture • Also discuses some sample security services for wireless sensor networks

Problems Applying Traditional Network Security Techniques • Sensor devices are limited in their energy, computation, and communication capabilities • Sensor nodes are often deployed in open areas, thus allowing physical attack • Sensor networks closely interact with their physical environments and with people, posing new security problems

Key Establishment and Trust • Sensor devices have limited computational power, making public-key cryptographic primitives too expensive in terms of system overhead. • Simplest solution is a network-wide shared key – problem: if even a single node were compromised, the secret key would be revealed, and decryption of all network traffic would be possible • Slightly better solution: – use a single shared key to establish a set of link keys, one per pair of communicating nodes, then erase the network-wide key – problem: does not allow addition of new nodes after initial deployment

Key Establishment (continued) • Bootstrapping keys using a trusted base station – Each node needs to share only a single key with the base station and set up keys with other nodes through the base station – The base station becomes a single point of failure • Utilize tamper-resistant packaging for the base station, reducing the threat of physical attack • Most existing work assumes base station is safe – Good assumption? ? ?

Random-key pre-distribution protocols • Large pool of symmetric keys is chosen • Random subset of the pool is distributed to each sensor node • To communicate, two nodes search their pools for a common key – If they find one, they use it to establish a session key – Not every pair of nodes shares a common key, but if the keyestablishment probability is sufficiently high, nodes can securely communicate with sufficiently many nodes to obtain a connected network • No need to include a central trusted base station • Disadvantage: Attackers who compromised sufficiently many nodes could also reconstruct the complete key pool and break the scheme

Secrecy and Authentication • We need cryptography as protection against eavesdropping, injection, and modification of packets • Trade-offs when incorporating cryptography into sensor networks: – end-to-end cryptography achieves a high level of security but requires that keys be set up among all end points and be incompatible with passive participation and local broadcast – link-layer cryptography with a network-wide shared key simplifies key setup and supports passive participation and local broadcast, but intermediate nodes might eavesdrop or alter messages

Hardware vs. Software Cryptography • Hardware solutions are generally more efficient, but also more costly ($) • University of California, Berkeley, implementation of Tiny. Sec incurs only an additional 5%– 10% performance overhead using software-only methods – Most of the overhead is due to increases in packet size – Cryptographic calculations have little effect on latency or throughput, since they can overlap with data transfer – Hardware reduces only the computational costs, not packet size • Thus, software-only techniques are sufficient (or reasonable to be more careful)

Privacy • Issues – – Employers might spy on their employees Shop owners might spy on customers Neighbours might spy on each other Law enforcement agencies might spy on public places • Technological improvements will only worsen the problem – Devices will get smaller and easier to conceal – Devices will get cheaper, thus surveillance will be more affordable

Privacy (continued) • Sensor networks raise new threats that are qualitatively different from what private citizens worldwide faced before – Sensor networks allow data collection, coordinated analysis, and automated event correlation – Networked systems of sensors can enable routine tracking of people and vehicles over long periods of time – EZ Pass + On. Star == Big Brother? • Suggested ways of approaching solution include a mix of: – Societal norms – New laws – Technological responses

Robustness to Denial of Service • Simple form: Radio jamming • Sophisticated form: Transmit while a neighbor is also transmitting or continuously generating a request-to-send signal • Possible solution (when the jamming affects only a portion of the network): – Detect the jamming – Map the affected region – Route around the jammed area

Secure Routing • Proper routing and forwarding are essential for communication in sensor networks • Injection attacks – Transmit malicious routing information into the network resulting in routing inconsistencies – Authentication might guard against injection attacks, but some routing protocols are vulnerable to replay by the attacker of legitimate routing messages • Sensor network routing protocols are particularly susceptible to node-capture attacks – Compromise of a single node could be enough to take over the entire network or prevent any communication within it

Resilience to Node Capture • In traditional computing, physical security is often taken for granted • Sensor nodes, by contrast, are likely to be placed in open locations – Attacker might capture sensor nodes – Extract cryptographic secrets – Modify programs/Replace them with malicious nodes • Tamper-resistant packaging may be one defense, but it’s expensive

Algorithmic Solutions to Node Capture • Attempt to build networks that operate correctly even in the presence of nodes that might behave in an arbitrarily malicious way – Replicate state across the network and use majority voting to detect inconsistencies – Gather redundant views of the environment and crosscheck them for consistency • Most challenging problems in sensor network security – We are far from a complete solution

Network Security Services • So far, we’ve explored low-level security primitives for securing sensor networks. • Now, we consider high-level security mechanisms. – Secure group management – Intrusion detection – Secure data aggregation

Secure Group Management • Protocols for group management are required to – securely admit new group members – support secure group communication • Outcome of group computation must be authenticated to ensure it comes from a valid group • Any solution must also be efficient in terms of time and energy

Intrusion detection • In wired networks, traffic and computation are typically monitored analyzed for anomalies at various concentration points – expensive in terms of the network’s memory and energy consumption – hurts bandwidth constraints • Wireless sensor networks require a solution that is fully distributed and inexpensive in terms of communication, energy, and memory requirements • In order to look for anomalies, applications and typical threat models must be understood • It is particularly important for researchers and practitioners to understand how cooperating adversaries might attack the system • The use of secure groups may be a promising approach for decentralized intrusion detection

Secure Data Aggregation • One benefit of a wireless sensor network is the fine-grain sensing that large and dense sets of nodes can provide • The sensed values must be aggregated to avoid overwhelming amounts of traffic back to the base station • Depending on the architecture of the network, aggregation may take place in many places – All aggregation locations must be secured • If the application tolerates approximate answers, powerful techniques are available – Randomly sampling a small fraction of nodes and checking that they have behaved properly supports detection of many different types of attacks

Conclusions • Constraints and open environments of wireless sensor networks make security for these systems challenging. • Several properties of sensor networks may provide solutions. – architect security into these systems from the outset (they are still in their early design stages) – exploit redundancy, scale, and the physical characteristics of the environment in the solutions – build sensor networks so that they can detect and work around some fraction of their nodes which are compromised

Future Research Areas • Securing wireless communication links against – Eavesdropping – Tampering – Traffic analysis – Denial of service • Resource constraints • Asymmetric protocols – Most of the computation done at base station • Public-key cryptographic systems – How to make efficient on low-end devices? • Working around the lack of physical security – redundancy – knowledge about the physical environment

Denial of Service in Sensor Networks Anthony D. Wood and John A. Stankovic

Why Security? • Battlefield • Disasters – Protect the location and status of casualties from unauthorized disclosure, particularly if the disaster relates to ongoing terrorist activities • Public safety – False alarms about chemical, biological, or environmental threats could cause panic or disregard for warning systems. An attack on the system’s availability could precede a real attack on the protected resource • Home healthcare – Because protecting privacy is paramount, only authorized users can query or monitor the network. These networks can also form critical pieces of an accident-notification chain, thus they must be protected from failure

DENIAL OF SERVICE THREAT • A Do. S attack is any event that diminishes or eliminates a network’s capacity to perform its expected function • Hardware failures, software bugs, resource exhaustion, environmental conditions, or their combination • Intentional Attack

Adversary Capability • Physically damaged or manipulated node – May be less powerful than a normally functioning node • Subverted nodes (or added ones) – Interact with the network only through software – As powerful as other nodes • Immensely more powerful adversaries – Existing wired network with virtually unlimited computational and energy resources possible

Attacks on Physical Layer • Jamming – Defenses • Spread-spectrum • Region mapping: Less expensive • Tampering – Defenses: Tamper-proofing, hiding

Link Layer Attacks • Collision – Use error-correcting codes • Exhaustion – Rate limitation • Unfairness – Small frames

Network and Routing Attacks • Neglect and greed – Redundancy, probing • Traffic analysis – Encryption: enough? Maybe not • Misdirection – Egress filtering, authorization, monitoring • Black holes – Authorization, monitoring, probing, redundancy

Neglect and Greed • Neglect – Drops packets arbitrarily • Greed – Gives undue priority to it’s own messages • Use multiple paths and/or redundant messages to mitigate these effects.

Traffic Analysis • Geographic forwarding allows attacker to figure out where important nodes are • Encrypting headers as well as content might alleviate this issue • Cryptographic means may not help when the communication pattern is many-to-one – Just watch traffic intensity – INSENS [ICDCS ‘ 03]

Misdirection • Diverting traffic away from intended destination – Targets the sender • Misdirecting many flows in one direction – Targets an arbitrary victim (receiver) • Defense – Egress Filtering • Verification of source addresses • Legitimately generated from below?

Black Holes • Distance-vector-based protocol weakness • Nodes advertise zero-cost routes to every other node. • Fixes: – Authorization – Monitoring • Watchdog the next hop transmission of your packets by neighbors [Mobicom ’ 00] – Probing • Send periodic messages across topology to test for blackout regions – Redundancy

Transport Layer Do. S • Flooding – Client puzzles • Make the adversary commit resources • Only useful if the adversary has limited resources • Desynchronization – Authentication

PROTOCOL VULNERABILITIES to Do. S Analyzing these vulnerabilities helps show why developers should consider Do. S susceptibility at design time.

Adaptive Rate Control – MAC Protocol by Woo & Cull • Give preference to route-through traffic – This preserves the network’s investment in packets that may have already traversed many hops • Makes flooding attacks more effective – High bandwidth packet streams that an adversary generates will receive preference – Thus, the network gives preference to malicious traffic

RAP • Real-time communication architecture – Geographic forwarding – Velocity monotonic scheduling (VMS) policy • Originator of message sets deadline and destination – VMS layer computes velocity based on time to deadline and distance remaining

RAP Vulnerability • Flood with high velocity packets – Set destination at long distance • Possibly outside the network • Intermediate node adversary could lower the velocity of route through traffic – Causes deadline misses • If relying on a synchronized clock, attacking that mechanism could cause another node to always drop – Protecting clock synchronization is a challenging yet important problem by itself

Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures Chris Karlof and David Wagner

Key Contributions • Secure routing issues in WSNs – Show they are different from ad hoc networks – Introduce two new classes of attacks • Sinkhole attack • Hello flood attack • Analyze security aspects of major routing protocols • Discuss countermeasures & design considerations for secure routing in WSNs

WSNs vs. Ad Hoc Networks • Multi-hop wireless communications • Ad hoc nets: communication between two arbitrary nodes • WSNs – Specialized communication patterns • Many-to-one • One-to-many • Local communication – More resource constrained – More trust needed for in-network processing, aggregation, duplicate elimination

Assumptions • Insecure radio links • Malicious nodes can collude to attack the WSN • Sensors are not tamper-resistant • Adversary can access all key material, data & code • Aggregation points may not be trustworthy • Base station is trustworthy

Threat Models • Device capability – Mote class attacker – Laptop class attacker: more energy, more powerful CPU, sensitive antenna, more radio power • Attacker type – Outside attacker: External to the network – Inside attacker: Authorized node in the WSN is compromised or malicious

Security Goals • Secure routing – Support integrity, authenticity, availability of messages in presence of attack – Data confidentiality

Potential Attacks • Attacks on general WSN routing • Attacks on specific WSN protocols

Attacks on General WSN Routing Protocols • Spoof, alter, or replay routing info. – Create loops, attack or repel network traffic, partition the network, attract or repel network traffic, etc. – Message authentication can partly handle these issues • Selective forwarding – Malicious node selectively drops incoming packets

Sinkhole attack • Specific to WSNs – All packets are directed to base station – A malicious node advertises a high quality link to the base station to attract a lot of packets – Enable other attacks, e. g. , selective forwarding or wormhole attack

Sybil attack • A single node presents multiple ID’s to other nodes • Affect geographic routing, distributed storage, multi-path routing, topology maintenance

Wormhole attack • Two colluding nodes • A node at one end of the wormhole advertises high quality link to the base station • Another node at the other end receives the attracted packets

Hello flood attack • Specific to WSNs – In some protocols, nodes have to periodically broadcast “hello” to advertise themselves • Not authenticated! – Laptop-class attacker can convince it’s a neighbor of distant nodes by sending high power hello messages

Acknowledge spoofing • Adversary spoofs ACKs to convince the sender a weak/dead link support good link quality

Attacks on Specific Routing Protocols • Tiny. OS beaconing – Construct a BFS rooted at the base station – Beacons are not authenticated – Adversary can take over the whole WSN by broadcasting beacons

Directed diffusion • Replay interest • Selective forwarding & data tampering • Inject false data

Geographic routing • Adversary can provide false, possibly multiple, location info. – Create routing loop – GEAR considers energy in addition to location • Laptop-class attacker can exploit it

Countermeasures • Shared key & link layer encryption – Prevent outsider attacks, e. g. , Sybil attacks, selective forwarding, ACK spoofing – Cannot handle insider attacks • Wormhole, Hello flood, Tiny. OS beaconing • Sybil attack – Every node shares a unique secret key with the base station – Create pairwise shared key for msg authentication – Limit the number of neighbors for a node • Hello flood attack – Verify link bidirectionality – Doesn’t work if adversary has very sensitive radio

Countermeasures • Wormhole, sinkhole attack – Cryptography may not help directly – Good routing protocol design – Geographic routing • Geographic routing – Location verification – Use fixed topology, e. g. , grid structure • Selective forwarding – – Multi-path routing Route messages over disjoint or Braided paths Dynamically pick next hop from a set of candidates Measure the trustworthiness of neighbors

Countermeasures • Authenticated broadcast – u. TESLA • Base station floods blacklist – Should be authenticated – Adversaries must not be able to spoof

Conclusions • WSN security is challenging, new area of research • #Problems >> #Solutions • Any ideas to address a problem?