Security and Privacy in Sensor Networks: Research Challenges

1
Security and Privacy in Sensor Networks Research
Challenges

• Radha Poovendran
• University of Washington
• http//www.ee.washington.edu/people/faculty/radha

2
Outline

• Panda-Hunter Game
• Sensor Network Security
• How is it different?
• Incomplete List of challenges
• Problem 1- Problem 5

3
Panda-Hunter Game Model

• A generic asset monitoring sensor network
  application
• Panda-Hunter Game
• Sensor Network monitors Panda
• Hunter observes Panda_Here messages and go after
  Panda
• Pandas Challenge
• Want Location Privacy
• Hunters Challenge
• Want valid message
• Want the network to work reliably
• Detect any faulty or compromised sensor
• Both need different services

Data Sink Sensor Node
4
Sensor Network Security

• What do we mean by sensor network security?
• Conventional view of security from cryptography
  community cryptographically unbreakable design
  in practical sense
• Network Reality very few security breaches in
  practice are to exploit flaws in cryptographic
  algorithms side channel attacks
• Malicious versus selfish (DoS vs. resource
  gobbler)
• Security v.s. robustness, fault tolerance,
  resiliency
• Security is not a black/white world, it is
  progressive
• We must secure entire networked system, not just
  an individual component
• Solutions must be robust/adapt to new threats as
  much as possible

5
How is it Different?

• Wireless Sensor networks have NO clear line of
  defense
• Each node is a host as well as a router
• Security solutions in wired or cellular networks
  may leverage the networking infrastructure
• Secure Network/service infrastructure has to be
  collaboratively established
• Wireless channel is easily accessible by both
  good citizens and attackers
• Resource constraints on portable devices
• Energy, computation, memory, etc.
• Some devices may be compromised
• Heterogeneity prevents a single security
  solution

6
Capability based Abstraction of a Heterogeneous
Network
Capability-based Abstraction
Processing Capabilities
Network Granularity
BN-Backbone node RN-Regular Node
BN
BN
RN
BN
RN
RN
RN
RN
RN
A
B
7
Incomplete List of Challenges

• Resource-Efficient Secure Network Services
• Network Initialization, single/multihop neighbor
  discovery
• Multihop path establishment Routing
• Supporting application services
• Cryptographic services
• Broadcast authentication
• Key management
• Security mechanisms for fundamental services
• Clock synchronization
• Secure location discovery and verification of
  claims
• Location privacy
• Secure aggregation and in-network processing
• Cluster formation/cluster head election
• Middleware (will not discuss further)

8
Incomplete List of Challenges

• Modeling vulnerabilities
• VERY POOR state of understanding
• Needed by services and applications
• Cross-layer design techniques
• Routing/location-aware protocols that are also
  robust!
• Incorporating semantics such as geometry, radio
  model and range for context-based security
• Functionality instead of optimality

9
Problem 1 Robust Designs

• Attacks and compromise of network are reality
• Misconfiguration cannot be fully eliminated
• Maybe we can never enumerate
• Software bugs are 1 cause for all possible
  attacks
• Not every device can implement maximum-strength
  solutions
• Shift from prevention to tolerance
• Building trustworthy system out of untrustworthy
  components
• Ability to detect, and function, even in the
  presence of problems
• Similar analogy to IP
• building reliable system out of unreliable
  components
• How? Can be application specific

10
Problem 2 Adaptive Security

• Adaptation to handle many dimensions of dynamics
• Adaptive to user requirements
• Differential security services used in government
  and military
• Adaptive to user devices
• Adaptive to channel dynamics
• Partial connectivity, disconnectivity, full
  connectivity
• Adaptive to mobility
• Cross-domain service for roaming users
• Adaptive to dynamic membership
• Node join, leave, fail

11
Problem 3 Joint Design of QoS and Security

• Incorporating network metrics and security
  scalability, communication overhead, computation
  complexity, energy efficiency, device capability,
  
• Different performance metrics may be in (partial)
  conflict
• Probably the most secure system is of minimal
  usability
• Example energy efficiency/computation complexity
  versus cryptography strength
• Many conventional security solutions take a
  centralized approach

12
Problem 4 Evaluation of Design

• Current designs have an explicit threat model in
  mind
• NOT Realistic
• Real trace analysis for practical attacks?
• Benchmarking ?
• Other areas in computer systems have well defined
  benchmarks SPEC CPU, TPC-C
• Analytical tools
• Current effort game theory, graph theory

13
Problem 5 Securing the Chain

• The system is only as secure as the weakest link
• Many supporting components DNS, ARP, DHCP,
• Other supporting protocols bootstrapping,
  discovery, time synchronization
• How to secure these supporting components
• Often ignored
• Secure the entire system chain
• Build multiple fences
• Each fence is built based on a components
  resource constraint