Security protocols in sensor networks: Difference between revisions
No edit summary |
No edit summary |
||
Line 1: | Line 1: | ||
==Work in progress!== |
|||
==Under construction! Text will follow soon.== |
|||
==Applications for sensor networks== |
==Applications for sensor networks== |
||
Sensor networks can become useful in a variety of applications: |
|||
*Emergency response information: Sensors can collect information about status of buildings, people and transportation pathways. |
|||
*Energy management: We can achieve a better management through optmizied distribution depending on the ambient and immediate temperature of the wire (see California 2001). |
|||
*Medical monitoring: Sensors can monitor health conditions and be used to apply remedies (instant release of medication to the bloodstream). |
|||
*Logistics and inventory management: Sensors can help to manage the worldwide distribution of goods or even the inventory management in a single store. |
|||
==Limits of sensor networks== |
==Limits of sensor networks== |
||
Characteristics of a sensor node: |
|||
<table border=1> |
|||
<tr> |
|||
<td width=200>CPU</td><td>8-bit, 4MHz</td> |
|||
</tr> |
|||
<tr> |
|||
<td>Storage</td><td>8 kbytes instruction flash<br>512 bytes ram<br>512 bytes EEPROM</td> |
|||
</tr> |
|||
<tr> |
|||
<td>Communication</td><td>916MHz radio</td> |
|||
</tr> |
|||
<tr> |
|||
<td>Bandwith</td><td>10kbps</td> |
|||
</tr> |
|||
<tr> |
|||
<td>Operating System</td><td>TinyOS</td> |
|||
</tr> |
|||
<tr> |
|||
<td>OS Code space</td><td>3500 bytes</td> |
|||
</tr> |
|||
<tr> |
|||
<td>Available code space</td><td>4500 bytes</td> |
|||
</tr> |
|||
</table> |
|||
Sensors form a self-organizing wireless network with a multihop routing topology. A prototype network consists of a couple of nodes and a more powerful base station. |
|||
The base station is connected to an outside network. Small batteries work as the energy source for the nodes. |
|||
Since wireless communication is the most energy consuming function we need to minimize communication overhead, while the security has to be limited in the consumption of processing power. |
|||
Most current secure algorithms are impractical to use since the working memory of a node cannot even hold variables for asymmetric algorithms like RSA with 1024 bits. |
|||
Furthermore authenticated broadcast with existing protocols generates high communication overhead of 50-1000 bytes per packet. Usual packets in sensor networks are just about 30 bytes long. |
|||
==System assumptions== |
==System assumptions== |
||
*Communication architecture:<br> |
|||
Broadcast is the fundamental primitive. Sensor nodes establish a routing forest with a base station as root of each tree. |
|||
Routing beacons are used to form a routing topology. Nodes are able to forward messages towards the base station, they can handle |
|||
the broadcasting of messages, and recognize packets that are adressed to itself. |
|||
The base station accesses the nodes frequently and has capabilities similar to nodes, but sufficient battery power to surpass the lifetime |
|||
of all sensor nodes, sufficient memory to store cryptographic keys, and means for communicating with outside networks. |
|||
There are three communication pattern: node to base station, base station to node, base station to all nodes (beacons, reprogramming etc.). |
|||
*Trust requirements: |
|||
We assume that individual sensors are untrusted. Basic wlan communication is not secure (eavesdropping, messageinjection, messagereplaying), |
|||
so that we do not trust the communication infrastructure. All nodes initially trust the base station and each node trusts itself. |
|||
Which means it trusts the local clock to be accurate with small drift. The goal is a key setup so that the compromise of a node does not spread in the network. |
|||
==Design guidelines== |
==Design guidelines== |
||
Due to the limited program store all cryptographic primitives (encryption, mac, hash, random number generator) will be constructed out of a single block cipher for code reuse. |
|||
*Requirements for sensor network security: |
|||
1. Data confidentiality:The message content is not readable for an adversary. The standard approach to keep sensitive data secret is data encryption with a secret key.<br> |
|||
2. Data authentication:This allows the receiver to verify that the data was really sent by the claimed sender. Therefore sender and receiver share a secret key |
|||
to compute a mac (message authentication code). The needed asymmetric mechanism will be introduced by a delayed key disclosure and a one-way-function key chain.<br> |
|||
3. Data integrity:This ensures the receiver that the received data was not altered in transit. Data integrity is achieved through data authentication.<br> |
|||
4. Data freshness:Freshness implies that data is recent and ensures no replaying of old messages (strong vs. weak freshness). |
|||
==SPINS== |
==SPINS== |
||
SPINS (security protocols for sensor networks) consist of two building blocks: |
|||
*SNEP: The sensor network encryption protocol, which provides secure point-to-point communication. |
|||
*µTESLA: The micro timed efficient stream loss-tolerant authentication, which provides broadcast authentication. |
|||
===SNEP=== |
===SNEP=== |
Revision as of 17:38, 20 February 2005
Work in progress!
Applications for sensor networks
Sensor networks can become useful in a variety of applications:
- Emergency response information: Sensors can collect information about status of buildings, people and transportation pathways.
- Energy management: We can achieve a better management through optmizied distribution depending on the ambient and immediate temperature of the wire (see California 2001).
- Medical monitoring: Sensors can monitor health conditions and be used to apply remedies (instant release of medication to the bloodstream).
- Logistics and inventory management: Sensors can help to manage the worldwide distribution of goods or even the inventory management in a single store.
Limits of sensor networks
Characteristics of a sensor node:
CPU | 8-bit, 4MHz |
Storage | 8 kbytes instruction flash 512 bytes ram 512 bytes EEPROM |
Communication | 916MHz radio |
Bandwith | 10kbps |
Operating System | TinyOS |
OS Code space | 3500 bytes |
Available code space | 4500 bytes |
Sensors form a self-organizing wireless network with a multihop routing topology. A prototype network consists of a couple of nodes and a more powerful base station. The base station is connected to an outside network. Small batteries work as the energy source for the nodes. Since wireless communication is the most energy consuming function we need to minimize communication overhead, while the security has to be limited in the consumption of processing power. Most current secure algorithms are impractical to use since the working memory of a node cannot even hold variables for asymmetric algorithms like RSA with 1024 bits. Furthermore authenticated broadcast with existing protocols generates high communication overhead of 50-1000 bytes per packet. Usual packets in sensor networks are just about 30 bytes long.
System assumptions
- Communication architecture:
Broadcast is the fundamental primitive. Sensor nodes establish a routing forest with a base station as root of each tree. Routing beacons are used to form a routing topology. Nodes are able to forward messages towards the base station, they can handle the broadcasting of messages, and recognize packets that are adressed to itself. The base station accesses the nodes frequently and has capabilities similar to nodes, but sufficient battery power to surpass the lifetime of all sensor nodes, sufficient memory to store cryptographic keys, and means for communicating with outside networks. There are three communication pattern: node to base station, base station to node, base station to all nodes (beacons, reprogramming etc.).
- Trust requirements:
We assume that individual sensors are untrusted. Basic wlan communication is not secure (eavesdropping, messageinjection, messagereplaying), so that we do not trust the communication infrastructure. All nodes initially trust the base station and each node trusts itself. Which means it trusts the local clock to be accurate with small drift. The goal is a key setup so that the compromise of a node does not spread in the network.
Design guidelines
Due to the limited program store all cryptographic primitives (encryption, mac, hash, random number generator) will be constructed out of a single block cipher for code reuse.
- Requirements for sensor network security:
1. Data confidentiality:The message content is not readable for an adversary. The standard approach to keep sensitive data secret is data encryption with a secret key.
2. Data authentication:This allows the receiver to verify that the data was really sent by the claimed sender. Therefore sender and receiver share a secret key
to compute a mac (message authentication code). The needed asymmetric mechanism will be introduced by a delayed key disclosure and a one-way-function key chain.
3. Data integrity:This ensures the receiver that the received data was not altered in transit. Data integrity is achieved through data authentication.
4. Data freshness:Freshness implies that data is recent and ensures no replaying of old messages (strong vs. weak freshness).
SPINS
SPINS (security protocols for sensor networks) consist of two building blocks:
- SNEP: The sensor network encryption protocol, which provides secure point-to-point communication.
- µTESLA: The micro timed efficient stream loss-tolerant authentication, which provides broadcast authentication.