1 / 13

Security and Privacy in Sensor Networks: Research Challenges

Security and Privacy in Sensor Networks: Research Challenges. Radha Poovendran University of Washington http://www.ee.washington.edu/people/faculty/radha. Outline. Panda-Hunter Game Sensor Network Security How is it different? Incomplete List of challenges Problem #1- Problem #5.

hagop
Download Presentation

Security and Privacy in Sensor Networks: Research Challenges

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security and Privacy in Sensor Networks: Research Challenges Radha Poovendran University of Washington http://www.ee.washington.edu/people/faculty/radha

  2. Outline • Panda-Hunter Game • Sensor Network Security • How is it different? • Incomplete List of challenges • Problem #1- Problem #5

  3. Panda-Hunter Game Model • A generic asset monitoring sensor network application • Panda-Hunter Game: • Sensor Network monitors Panda • Hunter observes Panda_Here messages and go after Panda • Panda’s Challenge • Want Location Privacy • Hunter’s Challenge • Want valid message • Want the network to work reliably • Detect any faulty or compromised sensor • Both need different services Data Sink Sensor Node

  4. Sensor Network Security • What do we mean by sensor network security? • Conventional view of security from cryptography community: cryptographically unbreakable design in practical sense • Network Reality: very few security breaches in practice are to exploit flaws in cryptographic algorithms; side channel attacks • Malicious versus selfish (DoS vs. resource gobbler) • Security v.s. robustness, fault tolerance, resiliency • Security is not a black/white world, it is progressive • We must secure entire networked system, not just an individual component • Solutions must be robust/adapt to new threats as much as possible

  5. How is it Different? • Wireless Sensor networks have NO clear line of defense • Each node is a host as well as a “router” • Security solutions in wired or cellular networks may leverage the networking infrastructure • Secure Network/service “infrastructure” has to be collaboratively established • Wireless channel is easily accessible by both good citizens and attackers • Resource constraints on portable devices • Energy, computation, memory, etc. • Some devices may be compromised • Heterogeneity prevents a single security solution

  6. Capability based Abstraction of a Heterogeneous Network Capability-based Abstraction Processing Capabilities Network Granularity BN-Backbone node RN-Regular Node BN BN RN BN RN RN RN RN RN A B

  7. Incomplete List of Challenges • Resource-Efficient Secure Network Services • Network Initialization, single/multihop neighbor discovery • Multihop path establishment & Routing • Supporting application services • Cryptographic services • Broadcast authentication • Key management • Security mechanisms for fundamental services • Clock synchronization • Secure location discovery and verification of claims • Location privacy • Secure aggregation and in-network processing • Cluster formation/cluster head election • Middleware (will not discuss further)

  8. Incomplete List of Challenges • Modeling vulnerabilities • VERY POOR state of understanding • Needed by services and applications • Cross-layer design techniques • Routing/location-aware protocols that are also robust! • Incorporating semantics such as geometry, radio model and range for context-based security • Functionality instead of optimality

  9. Problem #1: Robust Designs • Attacks and compromise of network are reality • Misconfiguration cannot be fully eliminated • Maybe we can never enumerate • Software bugs are #1 cause for all possible attacks • Not every device can implement maximum-strength solutions • Shift from prevention to tolerance • Building trustworthy system out of untrustworthy components • Ability to detect, and function, even in the presence of problems • Similar analogy to IP • building reliable system out of unreliable components • How? Can be application specific

  10. Problem #2: Adaptive Security • Adaptation to handle many dimensions of dynamics: • Adaptive to user requirements • Differential security services used in government and military • Adaptive to user devices • Adaptive to channel dynamics: • Partial connectivity, disconnectivity, full connectivity • Adaptive to mobility • Cross-domain service for roaming users • Adaptive to dynamic membership • Node join, leave, fail

  11. Problem #3: Joint Design of QoS and Security • Incorporating network metrics and security: scalability, communication overhead, computation complexity, energy efficiency, device capability, … • Different performance metrics may be in (partial) conflict • Probably the most secure system is of minimal usability • Example: energy efficiency/computation complexity versus cryptography strength • Many conventional security solutions take a centralized approach

  12. Problem #4: Evaluation of Design • Current designs have an explicit threat model in mind • NOT Realistic • Real trace analysis for practical attacks? • Benchmarking ? • Other areas in computer systems have well defined benchmarks: SPEC CPU, TPC-C • Analytical tools • Current effort: game theory, graph theory

  13. Problem #5: Securing the Chain • The system is only as secure as the weakest link • Many supporting components: DNS, ARP, DHCP,… • Other supporting protocols: bootstrapping, discovery, time synchronization • How to secure these supporting components • Often ignored • Secure the entire system chain • Build multiple fences • Each fence is built based on a component’s resource constraint

More Related