A toolbox for enhancing security in wireless sensor networks
Implementing adequate security is a difficult task but crucial for wireless sensor networks (WSN) before they can be rolled out on the mass market. In this article we provide an overview on security and reliability challenges for WSNs. Furthermore, we give a short introduction to the European project UbiSec&Sens, “Ubiquitous Security and Sensing in the European Homeland”, and presents the areas in WSN security the project is working on. We conclude with an outlook on the real-life scenarios that UbiSec&Sens will implement in a prototype.
Wireless sensor networks (WSNs) use tiny, inexpensive sensor nodes with several distinguishing characteristics: they have very low processing power and radio ranges, permit very low energy consumption and perform limited and specific monitoring and sensing functions. Several wireless sensors in a region self-organise and form a WSN. Information based on sensed data can be used, for example, in agriculture and livestock, assisted driving or even in providing security at home and at public places. A key requirement from both the technological and commercial point of view is to provide adequate security capabilities. Realising privacy and security requirements in an appropriate architecture for WSNs offering pervasive services is essential for user acceptance.
Key research areas
UbiSec&Sens identified three key research areas for developing secure and reliable WSNs: “Security & Reliability”, “Routing & Transport” and “In-network Processing” (figure 1).
Some major research topics from the areas illustrated in the figure are:
1) Flexible routing and aggregator election – The WSN must be flexible enough to cope with disappearing nodes. The overall scheme must support routing and multiple levels of in-network processing. Figure 2 illustrates the dominant traffic pattern for a WSN with a single aggregator node, which e.g. performs the aggregation function “average”. In large WSNs multiple aggregator nodes and multiple levels of aggregation are used.
2) Concealed data aggregation – Enhanced mechanisms for end-to-end encryption from the sensors to the sink, also termed convergecast traffic, address the concern of reducing both the energy consumption at the sensor nodes and the effect of physical attacks on the nodes. Concealed Data Aggregation provides a good balance between energy-efficiency and security while still allowing data to be processed at the nodes.
3) Secure distributed data storage – In some applications, monitored data must be stored in a distributed way. Whenever it is undesirable or impossible to transmit volatile information to an authorised querying party in real-time, the WSN itself needs to store the monitored data. Since the WSN environment is volatile with nodes that disappear over time, security must be combined with replication.
4) Enhanced key pre-distribution - It is not possible for the manufacturer to configure all the sensitive information, such as keys, before the WSN is rolled out. Some sensitive information can only be determined and stored with knowledge of the final position of the nodes. Key pre-distribution schemes for different keying models, e.g. pair-wise, group-wise, and even region-wise need to be in place.
5) Pairwise / groupwise authentication - In general, nodes need to build up security association without any pre-established secret or common security infrastructure. In this case, pairs of entities will establish pair-wise relationships. It is also conceivable that groups of entities are able to establish new relationships.
6) WSN access control – It is essential to provide an access control for end-users of WSN applications, which ensures access to the monitored data for authorized parties only, supports user-friendly data queries and is DoS resilient to save the sensors’ battery capacity.
The UbiSec&Sens project
The European Specific Targeted Research Project (STREP) UbiSec&Sens aims at providing an architecture for medium and large scale WSNs with an adaptable level of security that will make them trusted and secure for the requirements of various applications. The project started in January 2006 and has a duration of 3 years. UbiSec&Sens aims at solving the research topics indicated above. UbiSec&Sens will design and implement a toolbox of security-aware components depicted in figure 3. This toolbox will be easy to configure to create security support for various WSN applications. The proposed architecture will be prototyped and validated in the representative wireless sensor application scenarios of agriculture, road services, and homeland security.
To give detailed examples, the project aims at obtaining results in the following security areas:
Authentication and re-recognition
One of the major threats in WSNs is the presence of an adversary that injects forged data in the network or pretends to be an aggregator. Current mechanisms for authentication are based on complex computations, which are not applicable in WSNs. In most scenarios an authority issuing shared secrets is not available as the sensors tend to communicate in a decentralized manner. With the zero common-knowledge (ZCK) protocol we provide an authentication protocol that establishes well-defined pair-wise security associations between entities in the absence of a common security infrastructure or pre-shared secrets.
Concealed data aggregation
The concealed data aggregation (CDA) approach uses symmetric additively homomorphic encryption transformations for end-to-end encryption of sensed data for convergecast traffic between the monitoring (sensor) nodes and the sink node. CDA enables intermediate aggregator nodes to aggregate ciphers without the cost of decrypting and re-encrypting these messages. We have implemented this scheme on sensor nodes.
Key pre-distribution and its adaptation to convergecast traffic is addressed by introducing topology-aware group keying (TAGK). During the WSN’s roll-out, all available nodes discover in a fully self-organised and topology-aware manner their neighbours and specific roles. TAGK establishes mutually disjoint regions with randomly chosen group keys per epoch and region for convergecast traffic. It provides probabilistic security and the ability to use CDA, which is essential. We have simulated very large WSNs which confirm the feasibility and scalability of the approach. We have also implemented this scheme and will continue in this direction.
Secure distributed data storage
Sensor network applications might have only temporary connections to the sink node (i.e. not always-on). In these cases, nodes need to aggregate and store the monitored data of their surroundings over a certain period to be able to respond to query requests later. An adversary should not be able to obtain any sensitive data stored on the nodes. The Persistent Encrypted Data Storage (tinyPEDS) approach proposes an architecture for reliable and secure in-network storage of the monitored data by applying asymmetric additively homomorphic encryption transformation. TinyPEDS has been subjected to validation by simulation, and we are now in the process of implementing it in the sensor platform.
In co-operation with FP6 project Daidalos II, a WSN vehicular prototype shall be developed, using CDA and TAGK. The WSN monitors road information via a service architecture and transmits the information to the on-board unit of a vehicle. For the agriculture use case a WSN of 50-100 nodes will be rolled out for one month within a vineyard. This roll-out shall validate the robustness and self-healing characteristics of a WSN developed by UbiSec&Sens under real-world conditions. Finally a WSN prototype shall be developed to evaluate the suitability of this technology and the developed algorithms for Homeland Security applications. It shall use the components of the UbiSec&Sens security toolbox. Sensorial equipment in the deployed WSN nodes shall consist of biochemical and temperature sensors. The WSN itself will be in the range of 15-25 nodes performing in-network processing. Security features range from CDA and tinyPEDS to the integration of authentication and re-recognition schemes to plausibility checks and secure routing approaches.
Further information is available at http://www.ist-ubisecsens.org
Please send us your comments on this article.