Beruflich Dokumente
Kultur Dokumente
INTODUCTION
Wireless Sensor Networks are networks that consists of sensors which are distributed in an ad hoc manner. These sensors work with each other to sense some physical phenomenon and then the information gathered is processed to get relevant results. Wireless sensor networks consists of protocols and algorithms with self-organizing capabilities.
Ref:http://esd.sci.univr.it/images/wsn-example.png
WSN ARCHITECHTURE
Sensor motes (Field devices) capable of routing packets on behalf of other devices. Gateway or Access points A Gateway enables communication between Host application and field devices. Network manager A Network Manager is responsible for configuration of the network, scheduling communication between devices (i.e., configuring super frames), management of the routing tables and monitoring and reporting the health of the network. Security manager The Security Manager is responsible for the generation, storage, and Management of keys.
WSN ARCHITECTURE
WSN Topologies
Wireless Links Numerous paths to Connect to the same destination Topology - Star - Mesh - Hybrid
Star Topology
Single Hop to Gateway Gateway serves to communicate between nodes Nodes cannot send data to each other directly
Mesh Topology
Hybrid Topology
Sensors are arranged in a star topology around the routers The routers arrange themselves in a mesh form
Pros - Reliable as no single point of failure - Many alternate communication paths - Lower power consumption as compared to mesh topology Cons - Scalability becomes an issue when range is extended
WSN CHARACTERISTICS
Power consumption constrains for nodes using batteries or energy harvesting Ability to cope with node failures Mobility of nodes Dynamic network topology Communication failures Heterogeneity of nodes Scalability to large scale of deployment Ability to withstand harsh environmental conditions Ease of use Unattended operation Power consumption
HARDWARE
Sensors P O W E R
Low-power processor.
Limited processing.
Memory.
Limited storage.
Storage
Processor
Radio.
Low-power. Low data rate. Limited range.
Radio
Sensors.
WSN device schematics
Power.
TinyOS
OS/Runtime model designed to manage the high levels of concurrency required Gives up IP, sockets, threads Uses state-machine based programming concepts to allow for fine grained concurrency Provides the primitive of low-level message delivery and dispatching as building block for all distributed algorithms
DoS/Physical Layer/Tampering. Physical Tampering. Nodes are vulnerable to physical harm, or tampering (i.e. reverse engineering). DoS/Network Layer/Spoofing. Misdirection. Adversaries may be able to create routing loops, attract or repel network traffic, extend or shorten source routes, generate false error messages, partition the network, increase end-to-end latency, etc.
Sybil attack "malicious device illegitimately taking on multiple identities". Adversary can "be in more than one place at once" as a single node presents multiple identities to other nodes in the network which can significantly reduce the effectiveness of fault tolerant schemes such as distributed storage , dispersity and multipath.
Sybil attacks also pose a significant threat to geographic routing protocols.
In the wormhole attack, an adversary tunnels messages received in one part of the network over a low latency link and replays them in a different part. An adversary situated close to a base station may be able to completely disrupt routing by creating a well-placed wormhole. An adversary could convince nodes who would normally be multiple hops from a base station that they are only one or two hops away via the wormhole.
inserting a new node into a network which has been cloned from an existing node, such cloning being a relatively simple task with current sensor node hardware. This new node can act exactly like the old node or it can have some extra behavior, such as transmitting information of interest directly to the attacker. A node replication attack is serious when the base station is cloned.
Data authentication
Network reprogramming or controlling sensor node duty cycle Data authentication allows a receiver to verify that the data really was sent by the claimed sender. Informally, data authentication allows a receiver to verify that the data really was sent by the claimed sender.
Data Integrity
Data integrity ensures the receiver that the received data is not altered in transit by an adversary.
Data Freshness
Informally, data freshness implies that the data is recent, and it ensures that no adversary replayed old messages.
Two types of freshness: weak freshness, which provides partial message ordering, but carries no delay information, and strong freshness, which provides a total order on a request-response pair, and allows for delay estimation. Weak freshness is required by sensor measurements, while strong freshness is useful for time synchronization within the network.
Replay protection: The counter value in the MAC prevents replaying old messages. Weak freshness: If the message verified correctly, the receiver knows that the message must have been sent after the previous message it received correctly (that had a lower counter value Low communication overhead: The counter state is kept at each end point and does not need to be sent in each message.
TESLA A sender will broadcast a message generated with a secret key. After a certain period of time, the sender will disclose the secret key. The receiver is responsible for buffering the packet until the secret key has been disclosed. After disclosure the receiver can authenticate the packet, provided that the packet was received before the key was disclosed. Limitation of Tesla is that some initial information must be unicast to each sensor node before authentication of broadcast messages can begin.
TINYSEC
It is designed as the replacement for the unfinished SNEP, known as TinySec. A major difference between TinySec and SNEP is that there are no counters used in TinySec. Single shared global cryptographic key. For encryption, it uses CBC mode with cipher text stealing , and for authentication, CBC-MAC is used. TinySec XORs the encryption of the message length with the first plaintext block in order to make the CBC-MAC secure for variably sized messages Link layer encryption and integrity protection transparent to applications
MINISEC
It is a secure network layer protocol that claims to have lower energy consumption than TinySec while achieving a level of security which matches that of Zigbee. A major feature of MiniSec is that it uses offset codebook (OCB) mode as its block cipher mode of operation, which offers authenticated encryption with only one pass over the message data. Normally two passes are required for both secrecy and authentication.
ZIGBEE
Zigbee Coordinator acts as Trust Manager, which allows other devices to join the network and also distributes the keys. It plays the three roles as follows : - Trust manager, whereby authentication of devices requesting to join the network is done. - Network manager, maintaining and distributing network keys. - Configuration manager, enabling end-to-end security between devices.
802.15.4
Provides link layer security services, and has three modes of operation, unsecured, an Access Control List (ACL) mode and secured mode. In unsecured mode, as the name implies, no security services are provided. In ACL mode the device maintains a list of devices with which it can communicate. Communication from devices not on the list is ignored. No cryptographic security.
Secured mode offers seven security suites and depending on which is used any of four security services are offered, access control data encryption frame integrity sequential freshness.
References
[1] Y. Zou, K. Chakrabarty, "Sensor deployment and target localization based on virtual forces",INFOCOM 2003. Twenty- Second Annual Joint Conference of the IEEE Computer and Communications Societies. IEEE, Volume: 2, Pages: 1293 - 1303, April 2003. [2] J. P. Kaps, G. Gaubatz, and B. Sunar. Cryptography on a Speck of Dust. IEEE Computer. [3] J. Hill, R. Szewczyk, A. Woo, S. Hollar, D. Culler, and K. Pister. System architecture directions for networked sensors. In Proceedings of the 9th International Conference on Architectural Support for Programming Languages and Operating Systems, November 2000. [4] Adrian Perrig, Robert Szewczyk, Victor Wen, David Culler, and J. D. Tygar. SPINS: Security protocols for sensor networks. In Seventh Annual ACM International Conference on Mobile Computing and Networks (MobiCom 2001), July 2001. [5] C. Karlof, N. Sastry, and D. Wagner, "TinySec: a link layer security architecture for wireless sensor networks," in 2nd international conference on Embedded networked sensor systems, Baltimore, MD, USA, 2004, 162 175. [6] D. Liu and P. Ning, Establishing pairwise keys in distributed sensor networks, in Proceedings of 10th ACM Conference on Computer and Communications Security (CCS03), October 2003, pp. 5261. [7] ZigBee Specification v1.0: ZigBee Specification (2005), San Ramon, CA, USA: ZigBee Alliance. http://www.zigbee.org/en/spec_download/download_request. Asp http://en.wikipedia.org/wiki/Wireless_sensor_network
THANK YOU