Nowadays, IoT sensors are almost everywhere and they can sense information that may affect privacy or reveal information that wasn’t intended if it leaks. Particularly, Wireless Sensor Networks(later called WSN) are used extensively in many applications related with health monitoring, environmental monitoring, military purposes and home automation. Security of the privacy rights and the system from malicious attacks is vital when talking about this kind of applications because of the information they sense, plus the combined computational power. Unfortunately, since individually they are not wealthy regarding computational power and battery life, WSNs are not able to deal with traditionals cryptography algorithms to secure data transmission. That’s why other methods and algorithms must be designed and used for IoT systems.
As I already said the application of traditional encryption-decryption algorithms used in other kinds of networks is not possible on WSN. WSNs consist on tiny sensor with low computational power, low amount of memory and low battery power. Applying an encryption mechanism requires adding extra bits therefore extra processing, extra memory and extra energy (which is a important resource for the sensors’ longevity) to transmit those bits. Applying it also will increase delays and packet loss. Other question arise when applying this type of algorithms, such as how the key are generated, disseminated, managed, revoked or assigned.
There is another alternative without using cryptography to secure the connection and transmission of data between the nodes of a WSN. Physical layer secure access could be provided by using frequency hoppings. The idea is to dynamically change a series of parameters, like hopping set (available frequencies for hopping), dwell time (time interval per hope) and hopping pattern (the sequence in which the frequencies of the available hopping set are used), to avoid other receptors to listen the transmitted data. The expense of energy, memory and computer process can be smaller than using cryptography but the implementation of such mechanism is complex, not flexible and less secure.
Security threads in a wireless network are similar to those in an wire network, but wireless networks are more vulnerable because of the unguided transmission medium. And when we are talking about WSN is even more complex than a normal wireless network because of the disparity on the architecture. WSNs have usually a command node or base station (centralised entity). This can make the security a little bit easier, but the main problem is on the nodes and the really limited resources on these tiny sensors.
These can be divided in two different major categories, one against the security mechanisms and the other against the basic mechanisms.
The goal of this attack is to make a node unable, exhausting the node’s resources availables. In a WSN several types of DoS attacks can be performed at different layers. The mechanisms to prevent it include payment for network resource, pushback, strong authentication and identification of traffic.
The information sent by the sensors can be altered, spoofed, replayed again or vanish. Because wireless communication is vulnerable to eavesdropping, any attacker can modify the traffic flow and interrupt, intercept, modify or fabricate the information. Because sensors have low rage of transmission it is possible to affect several sensors at the same time with a more powerful transmissor.
Normally in a WSN nodes work together to accomplish a task, hence they can use redundancy of task and distribution of tasks. In this kind of scenario a node can take the the identity of a legitimate node in the network and pretend to be it. Because a WSN has a central node this attack can be prevented using efficient protocols.
This attack consist of attract all the traffic of the sensor network to one node. The attacker tries to attract all the traffic of the network and simulate being the closest node to the Base State, based on the routing metric used in the routing protocol. Once it inserts itself between the nodes and the station it can do whatever it want with the information.
In this attack the attacker records and retransmits the packages or bits sent by one node to another directly, making the first node believe that the other node is at 1 hop of distance from it and marking it as a parent.
For example in the image the attacker makes node Z believe that B is the only one hope away, creating a wormhole for node Y.
As we saw, there are a lot of factors and types of attacks to consider when selecting the best framework or set of frameworks for securing a WSN. In this blogpost I will explain the different solutions that can be applied for data encryption in the network. This solution can protect the network from potential Sybil attacks, wormhole attacks, information or data spoofing and message reply attacks.
In order to make the network cryptographically complete and secure, security should be implemented in every node in the network, and as I mentioned before the WSN is not wealthy in any resource, so the cryptography algorithms should be designed in a robust way that doesn’t consume too much of those resources in order to increase the lifetime of the network, but still be secure enough to deal with much more powerful possible attackers. The design and selection of the algorithm used for encryption usually will depend on the nature of the application.
As always the three security requirements for any encryption algorithms are three:
Confidentiality, Authentication and Integrity (CIA).
To this three is added one more: Availability, that ensures that the service of resources provided by the network or a single node is available when it is required.
It is important to select the appropriate security technique according to the security requirements of the network. Because of the sensors’ limitations, the existing techniques have to be adapted or novel techniques should be design. They can be classified in three groups based on the already existing techniques:
Symmetric: where there is a single shared key between two communicating nodes used for encryption and decryption. This is the most popular type of encryption used in WSN because it is not as computational complex as other type, but there are other challenges involved.
Asymmetric: where there is one private key use to decrypt and one public used to encrypt. Normally this type of algorithms are more computational complex and therefore undesirable in a WSN, but many efficient asymmetric algorithms were presented with this kind of networks in mind.
Hybrid: Combining the advantages of the other two. Symmetric algorithms are used to ciphering and authentication, and asymmetric algorithms are used for key generation.
The specific frameworks design for WSN can be divided according to the nature of their key material, if the share key is public or private. Furthermore the asymmetric frameworks can be classified into three classes as RSA based cryptography framework, ECC based, and pairing based.
Let’s start with the Symmetric cryptography networks:
ECC has two advantages against RSA: (1) The public keys are smaller for the same level of security (2) ECC public key operations require fewer computation. This brings less storage and bandwidth, therefore less energy.
Is an emerging field related to ECC. Enables the design of original cryptographic schemes and makes well-known cryptographic protocols more efficient.
The Wireless Sensor Networks are becoming more and more popular and useful for a wide range of applications such as military, health monitoring, environmental monitoring, smart cities, home automatization, etc. Because of their nodes limitations, security transmission mechanisms used in other kind of networks can not be applied, that’s why the necessity of redesign and rethink used algorithms to adapt them to the WSN, and a comparison between them to determine which one fulfill your requirements.
Photo by James Wainscoat on Unsplash