Transcript Security and Privacy in Sensor Networks: Research Challenges

Security and Privacy
in Sensor Networks:
Research Challenges
Radha Poovendran
University of Washington
http://www.ee.washington.edu/people/faculty/radha
1
Outline
Panda-Hunter Game
 Sensor Network Security
 How is it different?
 Incomplete List of challenges
 Problem #1- Problem #5

2
Panda-Hunter Game Model



A generic asset monitoring
sensor network application
Panda-Hunter Game:
 Sensor Network monitors
Panda
 Hunter observes Panda_Here
messages and go after Panda
Panda’s Challenge


Hunter’s Challenge




Want Location Privacy
Want valid message
Want the network to work
reliably
Detect any faulty or
compromised sensor
Both need different services
Data Sink
Sensor Node
3
Sensor Network Security

What do we mean by sensor network security?







Conventional view of security from cryptography community:
cryptographically unbreakable design in practical sense
Network Reality: very few security breaches in practice are to
exploit flaws in cryptographic algorithms; side channel attacks
Malicious versus selfish (DoS vs. resource gobbler)
Security v.s. robustness, fault tolerance, resiliency
Security is not a black/white world, it is progressive
We must secure entire networked system, not just an
individual component
Solutions must be robust/adapt to new threats as much
as possible
4
How is it Different?

Wireless Sensor networks have NO clear
line of defense





Each node is a host as well as a “router”
Security solutions in wired or cellular networks may leverage
the networking infrastructure
Secure Network/service “infrastructure” has to be
collaboratively established
Wireless channel is easily accessible by
both good citizens and attackers
Resource constraints on portable devices



Energy, computation, memory, etc.
Some devices may be compromised
Heterogeneity prevents a single security solution
5
Capability based Abstraction of a
Heterogeneous Network
Capability-based Abstraction
Processing
Capabilities
BN-Backbone node
RN-Regular Node
Network
Granularity
BN
BN
RN
BN
RN
RN
RN
RN
RN
A
B
6
Incomplete List of Challenges

Resource-Efficient Secure Network Services




Cryptographic services



Network Initialization, single/multihop neighbor discovery
Multihop path establishment & Routing
Supporting application services
Broadcast authentication
Key management
Security mechanisms for fundamental services






Clock synchronization
Secure location discovery and verification of claims
Location privacy
Secure aggregation and in-network processing
Cluster formation/cluster head election
Middleware (will not discuss further)
7
Incomplete List of Challenges

Modeling vulnerabilities
 VERY
POOR state of understanding
 Needed by services and applications

Cross-layer design techniques
 Routing/location-aware
protocols that are
also robust!
 Incorporating semantics such as geometry,
radio model and range for context-based
security
 Functionality instead of optimality
8
Problem #1: Robust Designs

Attacks and compromise of network are reality

Misconfiguration cannot be fully eliminated
 Maybe we can never enumerate
 Software bugs are #1 cause for all possible attacks
 Not every device can implement maximum-strength solutions

Shift from prevention to tolerance

Building trustworthy system out of untrustworthy components

Ability to detect, and function, even in the presence of problems

Similar analogy to IP


building reliable system out of unreliable components
How? Can be application specific
9
Problem #2: Adaptive Security

Adaptation to handle many dimensions of
dynamics:
 Adaptive

to user requirements
Differential security services used in government and military
 Adaptive
to user devices
 Adaptive to channel dynamics:

Partial connectivity, disconnectivity, full connectivity
 Adaptive

Cross-domain service for roaming users
 Adaptive

to mobility
to dynamic membership
Node join, leave, fail
10
Problem #3: Joint Design of QoS
and Security


Incorporating network metrics and security:
scalability, communication overhead,
computation complexity, energy efficiency,
device capability, …
Different performance metrics may be in (partial)
conflict
 Probably
the most secure system is of minimal
usability
 Example: energy efficiency/computation complexity
versus cryptography strength

Many conventional security solutions take a
centralized approach
11
Problem #4: Evaluation of Design
• Current designs have an explicit threat
model in mind
• NOT Realistic
– Real trace analysis for practical attacks?
• Benchmarking ?
– Other areas in computer systems have well
defined benchmarks: SPEC CPU, TPC-C
• Analytical tools
• Current effort: game theory, graph theory
12
Problem #5: Securing the Chain

The system is only as secure as the weakest
link
 Many
supporting components: DNS, ARP, DHCP,…
 Other supporting protocols: bootstrapping, discovery,
time synchronization

How to secure these supporting components
 Often
ignored
 Secure the entire system chain

Build multiple fences
 Each
fence is built based on a component’s resource
constraint
13