Nowadays, IoT sensors are almost everywhere and they can sense information that may affect privacy or reveal information that wasn’t intended if it leaks.
Particularly, Wireless Sensor Networks(later called WSN) are used extensively in many applications related with health monitoring, environmental monitoring, military purposes and home automation. Security of the privacy rights and the system from malicious attacks is vital when talking about this kind of applications because of the information they sense, plus the combined computational power. Unfortunately, since individually they are not wealthy regarding computational power and battery life, WSNs are not able to deal with traditionals cryptography algorithms to secure data transmission. That’s why other methods and algorithms must be designed and used for IoT systems.
As I already said the application of traditional encryption-decryption algorithms used in other kinds of networks is not possible on WSN. WSNs consist on tiny sensor with low computational power, low amount of memory and low battery power. Applying an encryption mechanism requires adding extra bits therefore extra processing, extra memory and extra energy (which is a important resource for the sensors’ longevity) to transmit those bits. Applying it also will increase delays and packet loss. Other question arise when applying this type of algorithms, such as how the key are generated, disseminated, managed, revoked or assigned.
Physical layer secure access
There is another alternative without using cryptography to secure the connection and transmission of data between the nodes of a WSN. Physical layer secure access could be provided by using frequency hoppings. The idea is to dynamically change a series of parameters, like hopping set (available frequencies for hopping), dwell time (time interval per hope) and hopping pattern (the sequence in which the frequencies of the available hopping set are used), to avoid other receptors to listen the transmitted data. The expense of energy, memory and computer process can be smaller than using cryptography but the implementation of such mechanism is complex, not flexible and less secure.
Security threads in a WSN
Security threads in a wireless network are similar to those in an wire network, but wireless networks are more vulnerable because of the unguided transmission medium. And when we are talking about WSN is even more complex than a normal wireless network because of the disparity on the architecture. WSNs have usually a command node or base station (centralised entity). This can make the security a little bit easier, but the main problem is on the nodes and the really limited resources on these tiny sensors.
Possible attacks in WSN
These can be divided in two different major categories, one against the security mechanisms and the other against the basic mechanisms.
The goal of this attack is to make a node unable, exhausting the node’s resources availables. In a WSN several types of DoS attacks can be performed at different layers. The mechanisms to prevent it include payment for network resource, pushback, strong authentication and identification of traffic.
Attack on information in transit
The information sent by the sensors can be altered, spoofed, replayed again or vanish. Because wireless communication is vulnerable to eavesdropping, any attacker can modify the traffic flow and interrupt, intercept, modify or fabricate the information. Because sensors have low rage of transmission it is possible to affect several sensors at the same time with a more powerful transmissor.
Normally in a WSN nodes work together to accomplish a task, hence they can use redundancy of task and distribution of tasks. In this kind of scenario a node can take the the identity of a legitimate node in the network and pretend to be it. Because a WSN has a central node this attack can be prevented using efficient protocols.
This attack consist of attract all the traffic of the sensor network to one node. The attacker tries to attract all the traffic of the network and simulate being the closest node to the Base State, based on the routing metric used in the routing protocol. Once it inserts itself between the nodes and the station it can do whatever it want with the information.
In this attack the attacker records and retransmits the packages or bits sent by one node to another directly, making the first node believe that the other node is at 1 hop of distance from it and marking it as a parent.
For example in the image the attacker makes node Z believe that B is the only one hope away, creating a wormhole for node Y.
Transmission security using cryptography
As we saw, there are a lot of factors and types of attacks to consider when selecting the best framework or set of frameworks for securing a WSN. In this blogpost I will explain the different solutions that can be applied for data encryption in the network. This solution can protect the network from potential Sybil attacks, wormhole attacks, information or data spoofing and message reply attacks.
In order to make the network cryptographically complete and secure, security should be implemented in every node in the network, and as I mentioned before the WSN is not wealthy in any resource, so the cryptography algorithms should be designed in a robust way that doesn’t consume too much of those resources in order to increase the lifetime of the network, but still be secure enough to deal with much more powerful possible attackers. The design and selection of the algorithm used for encryption usually will depend on the nature of the application.
As always the three security requirements for any encryption algorithms are three:
Confidentiality, Authentication and Integrity (CIA).
To this three is added one more: Availability, that ensures that the service of resources provided by the network or a single node is available when it is required.
Types of security techniques
It is important to select the appropriate security technique according to the security requirements of the network. Because of the sensors’ limitations, the existing techniques have to be adapted or novel techniques should be design. They can be classified in three groups based on the already existing techniques:
Symmetric: where there is a single shared key between two communicating nodes used for encryption and decryption. This is the most popular type of encryption used in WSN because it is not as computational complex as other type, but there are other challenges involved.
Asymmetric: where there is one private key use to decrypt and one public used to encrypt. Normally this type of algorithms are more computational complex and therefore undesirable in a WSN, but many efficient asymmetric algorithms were presented with this kind of networks in mind.
Hybrid: Combining the advantages of the other two. Symmetric algorithms are used to ciphering and authentication, and asymmetric algorithms are used for key generation.
Cryptography Frameworks for WSN
The specific frameworks design for WSN can be divided according to the nature of their key material, if the share key is public or private. Furthermore the asymmetric frameworks can be classified into three classes as RSA based cryptography framework, ECC based, and pairing based.
Let’s start with the Symmetric cryptography networks:
Symmetric Cryptography Frameworks
- SPINS - Proposed by Perrig et al. in 2001. Consists of a security building block which is optimised for this kind of networks. It’s based on two security SNEP (Security Network Encryption Protocol) blocks and 𝛍TESLA (micro version of Time, Efficient, Streaming, Loss-tolerant, Authentication protocol). SNEP provides data confidentiality, two party data authentication, and data freshness while 𝛍TESLA provides authentication broadcast for severely resource-constrained environments. It’s not scalable if the central node becomes the center of attack and doesn’t provide solution to DoS attacks.
- LEAP - (Localized Encryption and Authentication Protocol), proposed by Zhu et al. in 2003, based in the premise that different messages have different security requirements and a single keying mechanism is not suitable for meeting all the requirements. This framework turns out to be very efficient and effective defending against complex attacks such as HELLO Flood attack, Sybil attack and Wormhole attack. The master key is pre-distributed during the initial times of the network operation when it will not be disclosed.
- TinySec - This lightweight, generic, security package was introduced by Karlof et al. in 2004. It’s the first fully implemented protocol for link-layer cryptography in sensor networks. It’s incorporated in the TinyOS release. TinySec is easily extensible and it has been incorporated in several higher level protocols.
Asymmetric Cryptography Frameworks
- TinyPK - is an implementation of the public-key-based protocols by Watro et al. from 2004, that allows authentication and key agreement between a sensor network and a partner. Uses TinySec to communicate security with a third partner outside the network. It’s based on the RSA cryptosystem using e=3 for the public exponent.
ECC has two advantages against RSA: (1) The public keys are smaller for the same level of security (2) ECC public key operations require fewer computation. This brings less storage and bandwidth, therefore less energy.
- TinyECC - presented by Liu and Ning in 2008. Is a configurable library for ECC operations. It provides a ready-to-use publicly available software package for ECC based PKC operations that can be configured and integrated to the sensors.
Is an emerging field related to ECC. Enables the design of original cryptographic schemes and makes well-known cryptographic protocols more efficient.
- TinyPBC - based on Multi-precision Integer and Rational Arithmetic C/C++ Library (MIRACL), proposed by Oliveira et al. in 2008. Is an open source library written in C. The authors present the fastest pairing computation on a 8 bit platform.
- NanoPBC - proposed by Aranha et al., 2009. They implemented all big number, finite field, and elliptic curve arithmetic from scratch therefore it would allow to extract the most from the platform. All the critical routines were implemented in Assembly and some key routines were optimized for minimizing the access to the memory, which is very expensive in this kind of platforms.
- TinyPairing - is a lightweight and efficient pairing based cryptography library proposed by Xiong et al. in 2010. Is an open library that provides a better way to compute quicky and consume less RAM and ROM
Hybrid Cryptographic Frameworks
- SCUR - Lightweight Encryption Mechanism based on the Rabbit stream cipher proposed by Tahir et al. in 2008. Is energy efficient and secure, that’s done by minimizing cost-effect while maintaining the required security levels of (1) communication overhead, (2) computation overhead and (3) utilized key space.
- MASA - (Mixture of Symmetric and Asymmetric approaches) proposed by Alzaid et al. in 2008. The entire terrain is broken down into smaller regions and each sensor carries two types of keys, asymmetric and symmetric. It uses the private key to sing a hashed event notification to provide confidentiality, authenticity and data integrity; and the symmetric to authenticate the event notification within the cell.
- SecFleck - It’s based in a commodity Trusted Platform Module (TPM) chip that extends a standard node and it was proposed by Hu et al. in 2009. It uses the XTEA symmetric key cryptography because of its small RAM footprint.
The Wireless Sensor Networks are becoming more and more popular and useful for a wide range of applications such as military, health monitoring, environmental monitoring, smart cities, home automatization, etc. Because of their nodes limitations, security transmission mechanisms used in other kind of networks can not be applied, that’s why the necessity of redesign and rethink used algorithms to adapt them to the WSN, and a comparison between them to determine which one fulfill your requirements.
- Internet of Things: Wireless Sensor Networks - White paper
- Security Frameworks for Wireless Sensor Networks-Review - Gaurav Sharmaa, Suman Balaa , Anil K. Vermaa
- Security in Wireless Sensor Networks: Issues and Challenges - Al-Sakib Khan Pathan, Hyung-Woo Lee, Choong Seon Hong
- Complete Security Framework for Wireless Sensor Networks - Kalpana Sharma, M.K. Ghose, Kuldeep