* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download Security and Privacy in Sensor Networks: Research Challenges
Survey
Document related concepts
Deep packet inspection wikipedia , lookup
Next-Generation Secure Computing Base wikipedia , lookup
Unix security wikipedia , lookup
Airport security wikipedia , lookup
Cyber-security regulation wikipedia , lookup
Network tap wikipedia , lookup
Post-quantum cryptography wikipedia , lookup
Wireless security wikipedia , lookup
Secure multi-party computation wikipedia , lookup
Cracking of wireless networks wikipedia , lookup
Distributed firewall wikipedia , lookup
Mobile security wikipedia , lookup
Computer security wikipedia , lookup
Transcript
Security and Privacy in Sensor Networks: Research Challenges Radha Poovendran University of Washington http://www.ee.washington.edu/people/faculty/radha 1 Outline Panda-Hunter Game Sensor Network Security How is it different? Incomplete List of challenges Problem #1- Problem #5 2 Panda-Hunter Game Model A generic asset monitoring sensor network application Panda-Hunter Game: Sensor Network monitors Panda Hunter observes Panda_Here messages and go after Panda Panda’s Challenge Hunter’s Challenge Want Location Privacy Want valid message Want the network to work reliably Detect any faulty or compromised sensor Both need different services Data Sink Sensor Node 3 Sensor Network Security What do we mean by sensor network security? Conventional view of security from cryptography community: cryptographically unbreakable design in practical sense Network Reality: very few security breaches in practice are to exploit flaws in cryptographic algorithms; side channel attacks Malicious versus selfish (DoS vs. resource gobbler) Security v.s. robustness, fault tolerance, resiliency Security is not a black/white world, it is progressive We must secure entire networked system, not just an individual component Solutions must be robust/adapt to new threats as much as possible 4 How is it Different? Wireless Sensor networks have NO clear line of defense Each node is a host as well as a “router” Security solutions in wired or cellular networks may leverage the networking infrastructure Secure Network/service “infrastructure” has to be collaboratively established Wireless channel is easily accessible by both good citizens and attackers Resource constraints on portable devices Energy, computation, memory, etc. Some devices may be compromised Heterogeneity prevents a single security solution 5 Capability based Abstraction of a Heterogeneous Network Capability-based Abstraction Processing Capabilities BN-Backbone node RN-Regular Node Network Granularity BN BN RN BN RN RN RN RN RN A B 6 Incomplete List of Challenges Resource-Efficient Secure Network Services Cryptographic services Network Initialization, single/multihop neighbor discovery Multihop path establishment & Routing Supporting application services Broadcast authentication Key management Security mechanisms for fundamental services Clock synchronization Secure location discovery and verification of claims Location privacy Secure aggregation and in-network processing Cluster formation/cluster head election Middleware (will not discuss further) 7 Incomplete List of Challenges Modeling vulnerabilities VERY POOR state of understanding Needed by services and applications Cross-layer design techniques Routing/location-aware protocols that are also robust! Incorporating semantics such as geometry, radio model and range for context-based security Functionality instead of optimality 8 Problem #1: Robust Designs Attacks and compromise of network are reality Misconfiguration cannot be fully eliminated Maybe we can never enumerate Software bugs are #1 cause for all possible attacks Not every device can implement maximum-strength solutions Shift from prevention to tolerance Building trustworthy system out of untrustworthy components Ability to detect, and function, even in the presence of problems Similar analogy to IP building reliable system out of unreliable components How? Can be application specific 9 Problem #2: Adaptive Security Adaptation to handle many dimensions of dynamics: Adaptive to user requirements Differential security services used in government and military Adaptive to user devices Adaptive to channel dynamics: Partial connectivity, disconnectivity, full connectivity Adaptive Cross-domain service for roaming users Adaptive to mobility to dynamic membership Node join, leave, fail 10 Problem #3: Joint Design of QoS and Security Incorporating network metrics and security: scalability, communication overhead, computation complexity, energy efficiency, device capability, … Different performance metrics may be in (partial) conflict Probably the most secure system is of minimal usability Example: energy efficiency/computation complexity versus cryptography strength Many conventional security solutions take a centralized approach 11 Problem #4: Evaluation of Design • Current designs have an explicit threat model in mind • NOT Realistic – Real trace analysis for practical attacks? • Benchmarking ? – Other areas in computer systems have well defined benchmarks: SPEC CPU, TPC-C • Analytical tools • Current effort: game theory, graph theory 12 Problem #5: Securing the Chain The system is only as secure as the weakest link Many supporting components: DNS, ARP, DHCP,… Other supporting protocols: bootstrapping, discovery, time synchronization How to secure these supporting components Often ignored Secure the entire system chain Build multiple fences Each fence is built based on a component’s resource constraint 13