ppt includes various operational paradigms,their vulnerabilities & solutions of WSN

1. Security In Wireless Sensor Network By 09bce053 AditPathak 09bce057 Mihir Shah

2. Presentation flow What is WSN? Threats to WSN WSN operational paradigms Key distribution techniques for WSN Various key distribution schemes

3. INTRODUCTION What is a WSN? A wireless sensor network (WSN) consists of spatially distributed autonomous sensor nodes to monitor physical or environmental conditions, such as temprature,sound,vibration,pressure, motion or pollutants and to cooperatively pass their data through the network to a main location. What are they used for? Ocean and wildlife monitoring. Monitoring of manufactured machinery. Building safety. Earthquake monitoring. Variety of military applications. Medical monitoring and research

4. Threats to a WSN Passive Information Gathering : The powerful receiver can passively pick off data. Subversion of a node: Capturing of sensor node & compromised sensor node False node: Robust device which impersonates a sensor node Node Malfunction: Generate inaccurate data,drop the data.Detecion of these nodes is an issue. Node outage: Node stops functioning DoS (Jamming,BlackHole,Resource Exhaustion)

5. WSN OPERATIONAL PARADIGMS Simple Collection and Transmittal Forwarding Receive and Process Commands Self Organization Data Aggregation

6. SIMple collection & transmittal Sensor takes periodic measurements & transmit the associated data directly to the collection point. Immediate or scheduled transmission Each node is only concerned with its transmission to base station , which is assumed to be within the range. No routing & co-operation among nodes

7. Vulnerabilities Jamming Spoofing (Counterfeit data source broadcasts spurious information) Loss of confidentiality due to passive monitoring Physical attacks(capturing of a node & subversion)

8. Solutions Data encryption(symmetric key) Predeployed keys are shared between & unique to the collection point & individual node. Each node uses its key to encrypt data before transmission & the collection point decrypts the data using the shared key corresponding to that node. Spread spectrum communications may be used to offset efforts to jam the frequency band. Use of temper assistant technologies which may transmit an alert and/or self destruct when tempering is detected.

9. forwarding Allows sensor nodes far away from collection point to transmit data to neighboring nodes , which in turn forward the data toward the collection point. Forwarding process may span multiple sensor nodes on the path between the source & collection point. Solves the radio range problem presented in the Simple Collection and Transmittal paradigm.

10. Vulnerabilities Single shared key won’t do Black Hole : Sensor node drops packets Data Corruption: Node modifies the data Resource Exhaustion: Attacker maliciously transmits an inordinate amount of data to be forwarded ,causing the intermediate node(s) to exhaust their power supply.

11. Solutions System utilizes pre-built headers encrypted under intermediate node’s key. The entire frame is encrypted under senders key and inserted into another frame that is prepended with the pre-built headers and forwards. When intermediate node receives the frame,it strips-off the prepended header and forwards it. At the end it is decrypted by collection point. The algorithm is used to deal with other attacks. The algorithm tracks the absence of expected data from each sensor,quantifies the amount of corrupted data received at the controller from each sensor,and compares those values to acceptable statistical noms. If controller determines a sensor node to be aberrant,it is culled.

12. Receive and process commands Previous paradigms described many-to-one communication for unsolicited data & may reduce lifetime of WSN due to unnecessary data transmission RPC is one-to-many communication model in which the controller transmits commands to sensor nodes Initially sensor nodes are in idle mode(low power)-controller broadcasts(or unicast) wakeup command- getdatacommand-instruct sensor nodes to idle

13. Vulnerabilities Authentication of command from controller Integrity of the message received from its neighbors

14. Solutions Use of shared secrets between the controller and the individual sensor node Distributing encrypted identities of sensor nodes within radio range of controller among the nodes that are beyond the radio range of controller by using pre-built headers as was in Forwarding.

16. It consists of three tasks:

17. Node discovery

18. Route establishment

19. Topology maintenance.

20. Node discovery is made by HELLO-REPLY message.

21. To ensure continuous connectivity, multiple routes between two nodes are discovered.

23. Flooding

26. For controlling data streams, we aggregate data within the WSN and transmitting aggregate to the controller.

27. This results in a substantial energy savings in the WSN.

29. Here the nodes trust each other. Hence a malicious node can get itself elected as an aggregation point.

32. This combined problem of key distribution and secure communication is called the bootstrapping problem.

34. Deployed nodes must be able to establish secure node to node communication.

35. Additional legitimate nodes deployed at a later time can form secure connections with already deployed nodes.

36. Unauthorized nodes should not be able to gain entry into the network, either through packet injection or masquerading as a legitimate node.

37. The scheme must work through prior knowledge of which nodes will come into communication range of each other.

39. Resilience against node capture:Protection against the capture of node by an adversary.

40. Resistance against node replication:Whether the node can insert hostile nodes into the network after obtaining some secret information.

41. Revocation: Whether a misbehaving node can be dynamically removed from the system.

43. USING ASYMMETRIC CRYPTOGRAPHY.

46. No additional protocol steps are necessary.

48. Nodes are tamper resistant.

50. Prior to deployment, a master public/private keypair is generated. Then for every node keypair is generated. Both keys stored in respective node along with master’s signature on nodes keypair.

51. Nodes can communicate by key exchanges and verification through master’s signature on them.

53. Possible to revoke known compromised keypairs.

55. Vulnerability to Denial-of-Service.

57. Hence in a network of n nodes, there are a total nC2 unique keys.

58. Every node stores n-1 keys, one for each other node.

60. Compromised keys can be revoked.

62. Number of keys to be stored in each node is proportional to number of nodes.