Security allows wireless sensor networks (WSNs) to be used with confidence. Without security, the use of WSN in any application domain would result in undesirable consequences.
The basic idea of a WSN is to disperse tiny sensing devices that are capable of sensing some changes of incidents/parameters and communicating with other devices, over a specific geographic area for some specific purposes like target tracking, surveillance and environmental monitoring.
Basically, the major challenge for employing any efficient security scheme in wireless sensor networks is created by the size of sensors, followed by the processing power, memory and type of tasks expected from the sensors.
Challenges in providing security to a WSN
First, there is a conflicting interest between minimisation of resource consumption and maximisation of security level. During the design of any security solution, one needs to take care of limited energy, limited memory, limited computing power, limited communication bandwidth and limited communication range.
Second, the type of security mechanism that can be hosted on a sensor node platform is dependent on the capabilities and constraints of sensor node hardware.
Third, the ad-hoc networking topology of WSN facilitates attackers for different types of link attacks ranging from passive eavesdropping to active interference. Attacks on a WSN can come from all directions and target any node leading to leakage of secret information, interfering message, impersonating nodes, etc.
Fourth, the communication in WSN is through wireless media, mainly radio. This characteristic of WSN makes wire-based security scheme impractical for a WSN.
Fifth, the topology of WSN is al-ways dynamic. The sensor nodes can come and go in an arbitrary fashion. Node failures may be permanent or intermittent, and this gives a higher level of system dynamics. Besides, very often large numbers of nodes are expected in sensor network deployments and the nature of this deployment is unpredictable.
Finally, the overall cost of the WSN should be as low as possible.
Basic security schemes in WSNs
Security is a broadly used term encompassing the characteristics of authentication, integrity, privacy, non-repudiation and anti-playback. Every eligible receiver should receive all messages intended for it and be able to verify the integrity of every message as well as the identity of the sender. Adversaries should not be able to infer the contents of any message.
In conventional computer networks, the primary security goal is reliable delivery of messages (protection against denial-of-service (DoS) attack). Message authenticity, integrity and confidentiality are usually achieved by an end-to-end security mechanism such as secure socket layer. This is because the dominating traffic pattern is end-to-end communication, where it is neither necessary nor desirable for the contents of the message (beyond the necessary headers) to be available to the intermediate routers. The more the dependency on the information provided by the networks, the higher the risk to secure transmission of information over the networks. For secure transmission of various types of information over networks, several cryptographic, steganographic and other techniques are needed.
Since sensor nodes use wireless communications, eavesdropping, injection, replay and other attacks can be placed on the network. The adversary is able to deploy malicious nodes in the network or compromise some legitimate nodes.
Cryptography. The encryption-decryption techniques devised for the traditional wired networks are not feasible to be applied directly to wireless networks, in particular wireless sensor networks. The tiny sensors of WSNs suffer from the lack of processing, memory and battery power. Applying any encryption scheme requires transmission of extra bits, hence extra processing, memory and battery power, which are very important resources for the sensors’ longevity. Applying the security mechanisms such as encryption could also increase delay, jitter and packet loss in wireless sensor networks.
Steganography. While cryptography aims at hiding the content of a message, steganography hides the existence of the message. Steganography is the art of covert communication by embedding a message into the multimedia data (image, sound, video, etc). Its main objective is to modify the carrier in a way that is not perceptible and hence it looks just like ordinary. It is very useful when you want to send a secret data without sender information or you want to distribute secret data publicly.
Attacks in wireless sensor networks
A large-scale sensor network consists of thousands of sensor nodes and may be dispersed over a wide area. Typically, sensor nodes are susceptible to many kinds of attacks:
Passive information gathering. An adversary with powerful resources can collect information from the sensor networks if it is not encrypted.
Node subversion. Capture of a node may reveal its information including cryptographic keys and thus compromise the whole sensor network.
False node. Addition of a node by an adversary to inject malicious data, whereby the false node is computationally robust enough to lure other nodes to send data to it.
Node malfunction. A malfunctioning node generates inaccurate data which could jeopardise the integrity of the sensor network, especially if it is a data aggregating node such as a cluster leader.
Node outage. A node stops its function. In case a cluster leader stops functioning, the sensor network protocols should be robust enough to mitigate the effects of node outages by providing an alternative route.
Message corruption. Any modification of the content of a message by an attacker compromises its integrity.
Traffic analysis. Even when the messages transferred are encrypted, it still leaves a high possibility of analysis of the communication patterns. Sensor activities can potentially reveal enough information to enable an adversary to cause malicious harm to the sensor network.
Sybil attack. In a Sybil attack, a single node presents multiple identities to other nodes in the network. They pose a significant threat to geographic routing protocols, where location-aware routing requires nodes to exchange coordinate information with their neighbours to efficiently route geographically addressed packets. Authentication and encryption techniques can prevent an outsider to launch a Sybil attack on the sensor network. Using globally shared keys allows an insider to masquerade as any (possibly even non-existent) node.
Sinkhole attack. In a sinkhole attack, the adversary’s goal is to lure nearly all the traffic from a particular area through a compromised node, creating a metaphorical sinkhole with the adversary at the centre. Sinkhole attacks typically work by making a compromised node look especially attractive to surrounding nodes with respect to the routing algorithm.
Wormholes. In the wormhole at-tack, an adversary tunnels messages received in one part of the network over a low-latency link and replays them in a different part. The simplest instance of this attack is a single node situated between two other nodes forwarding messages between the two of them. However, wormhole attacks more commonly involve two distant malicious nodes colluding to understate their distance from each other by relaying packets along an out-of-bound channel available only to the attacker.
Key management is the process by which cryptographic keys are generated, stored, protected, transferred, loaded, used and destroyed. To achieve security in wireless sensor networks, it is important to be able to perform various cryptographic operations, including encryption, authentication and so on. Key management schemes are mechanisms used to establish and distribute various kinds of cryptographic keys in the network, such as individual keys, pairwise keys and group keys.
Key management is an essential cryptographic primitive upon which other security primitives are built. Most security requirements, such as privacy, authenticity and integrity, can be addressed by building a solid key management framework.
The challenge of designing key management protocols for sensor networks lies in establishing a secure communication infrastructure, before any routing fabric has been established with or without the presence of any trusted authority or fixed server, from a collection of sensor nodes that have no prior contact with each other. Some cryptographic information, e.g., a key, is normally preloaded in sensor nodes before deployment, and allows sensor nodes to perform secure communications with each other.
Trusted server schemes. Trusted server schemes depend on a trusted and secure server such as the base station for key agreement among nodes. The server can be treated as the key distribution centre (KDC). For example, assume that two sensor nodes intend to make a secure connection. In a typical case, a symmetric key is generated for each node in a sensor network before deployment and embedded in each sensor node’s memory. This embedded key is used for the two sensors to authenticate themselves to the base station. Then the base station generates a link key or session key and sends it securely to both sensor nodes via a single hop or multiple hops. In the trusted server scheme the base station is the most appropriate choice for the server, and each sensor node stores only an embedded key such that a compromising/captured node cannot reveal much security information of the sensor network.
Public-key-cryptography-based schemes. Public-key cryptography is considered very expensive for small sensor nodes, because typical public-key algorithms, e.g., RSA, require extensive computations and are not suitable for tiny sensors. However, the recent implementation of 160-bit elliptic curve cryptography (ECC) on Atmel ATmega128, a CPU of 8 MHz and 8 bits, demonstrates that ECC public-key cryptography is feasible for sensor nodes. Compared to symmetric key cryptography, public-key cryptography provides a more flexible and simpler interface, requiring no key predistribution, no pairwise key sharing and no complicated one-way keychain scheme.
Time synchronisation. Due to the collaborative nature of sensor nodes, time synchronisation is very important for many sensor network operations, such as coordinated sensing tasks, sensor scheduling (sleep and wake), mobile object tracking, time-division multiple-access (TDMA) medium access control, data aggregation and multicast source authentication protocol. For example, in the target tracking application shown in Fig. 1, sensor nodes need to know both the location where and time when the target is sensed in order to correctly determine the target’s moving direction and speed. The network time protocol (NTP) is used for synchronisation in the Internet. A sensor network is a re-source-constrained distributed system, and the NTP cannot be directly used by sensor networks.
Key management schemes
Some key management schemes for establishing and distributing cryptographic keys in the network are:
Distributed key scheme. A group of users of a network, referred to as a ‘conference,’ in order to securely communicate over public channels, could decide to use symmetric encryption algorithms, e.g., RC6 or AES. These algorithms are fast and presumed to be secure. However, to apply this strategy, they need a common key to encrypt and decrypt the messages they wish to send to each other.
Using a KDC is a common solution to the key establishment problem. A KDC is a server of the network which generates and distributes on-demand the conference keys. The idea is: each user shares a secure point-to-point channel with the centre. When one user wants to communicate with other users securely, he sends a request message for a session key. The centre checks for membership of the user in the group, and distributes the conference key to each member of the group in encrypted form.
A distributed key distribution centre (DKDC) is a set of ‘n’ servers of a network that jointly realise the function of a KDC, as shown in Fig. 2. In this setting, a user who needs to participate to a conference sends a key-request message to a fixed-size subset at his choice of the ‘n’ servers. The contacted servers answer with some information enabling the user to compute the conference key.
Assume every message between sensor nodes is encrypted and authenticated by the pairwise keys between them. The aim of distributed key establishment scheme is just to establish pairwise keys between sensor nodes.
Single network-wide key scheme. Using a single network-wide key is by far the simplest key establishment technique. In the initialisation phase of this technique, a single key is preloaded into all the nodes of the network. After deployment, every node in the network can use this key to encrypt and decrypt messages. Only a single key is to be stored in the nodes’ memory, and once deployed in the network, there is no need for a node to perform key discovery or key exchange since all the nodes in communication range can transfer messages using the key which they al-ready share. This scheme counters several constraints with less computation and reduced memory use, but it fails in providing the basic requirements of a sensor network by making it easy for an adversary trying to attack.
Pairwise key establishment scheme. The pairwise key establishment scheme includes node-to-node authentication and resilience to node replication. For a network of ‘n’ nodes in the pairwise scheme, the key predistribution is done by assigning each node a unique pair-wise key with all the other nodes in the network. With each node sharing a unique key with every other node in the network, this scheme offers node-to-node authentication. Each node can verify the identity of the node it is communicating with. This scheme also offers increased resilience to network capture as a compromised node does not reveal information about other nodes that are not directly communicating with the captured node.
One drawback with the pairwise scheme is the additional overhead needed for each node to establish n-1 unique keys with all the other nodes in the network and maintain those keys in its memory.
Public-key schemes RSA and ECC. Both RSA and ECC have been in re-search for many years. RSA stands for ‘Rivest Shamir Adleman’ algorithm. It was developed in 1977 and is still one of the most popular public-key encryption technologies currently available. RSA derives its strength from the complication of factoring very large numbers.
ECC was developed in 1985 independently by Koblitz and Miller. Its approach to public-key cryptography is based on the mathematics of elliptic curves. ECC can obtain the same security level as RSA while using a smaller key. A 160-bit ECC key has the same security as a 1024-bit RSA key. A 224-bit ECC key compares to the 2048-bit RSA key. This is because it takes exponential algorithms to solve the elliptic curve discrete logarithm problem as opposed to small runtime algorithms to solve the large number factorisation in RSA.
The RSA scheme generally introduces keys of 512–2048 bits. Its takes a message ‘M’ and composes a cipher text ‘C’ using the key ‘K.’ A method called the Chinese Remainder Theorem (CRT) can be used to accelerate RSA. Two prime numbers ‘q’ and ‘p’ are multiplied together to get the modulus ‘n.’ Computing these modular multiplications, CRT can lower computation time by almost three-fourth. Other factors like the Montgomery multiplication and optimised squaring can reduce RSA complexity by 25 per cent.
ECC is computed by point multiplication on elliptic curves over prime integer fields or binary polynomial fields. The implementation of ECC on WSNs is primarily interested in prime integer fields since binary polynomial field mathematics is poorly supported by the slow processors. Operations of ECC scale linearly. This gives ECC an advantage over RSA on processors with small word sizes. Also, ECC grows in advantage as the key size grows.
Random key predistribution scheme. Basically, the scheme consists of three phases: key pre-distribution, shared-key discovery and path-key establishment.
In the key pre-distribution phase, each sensor node randomly selects ‘m’ distinct cryptographic keys from a large key pool ‘S,’ and stores them in its memory. This set of ‘m’ keys is called the node’s key ring. The number of keys in the key pool, ‘S,’ is chosen such that two random subsets of size ‘m’ in ‘S’ share at least one key with some probability ‘p.’
After the nodes are deployed, a key setup phase is performed. During this phase, each pair of neighbouring nodes attempts to find a common key that the nodes share. If such a key exists, the key is used to secure the communication link between these two nodes.
After key-setup is complete, a connected graph of secure links is formed. Nodes can then set up path keys with their neighbours with whom they do not share keys. If the graph is connected, a path can always be found from a source node to any of its neighbours. The source node can then generate a path key and send it securely via the path to the target node.
The size of key pool ‘S’ is critical to both the connectivity and the resilience of the scheme. Connectivity is defined as the probability that any two neighbouring nodes share one key. Resilience is defined as the fraction of the secure links that are compromised after a certain number of nodes are captured by the adversaries.
Key management system’s purpose is to secure communication in wireless sensor networks without producing much overhead. More schemes should be developed to make efficient use of sensor nodes’ limited resources. Greater emphasis should be given to the security in key management schemes, particularly as a majority of sensor node deployment is in hostile environments.
The authors are from Department of Computer Science & Engineering, National Institute of Tech-nology, Hamirpur (HP)