Network Security

Protocol for Sensor Nodes in a Hierarchical Network

Each device stores a secret key (K) before deployment, which is used for authentication purposes. This key is established in a secure environment near the base station before the devices are deployed. The protocol allows the sensor nodes to produce authenticated messages that can be verified by the base station.

Figure 6 on page 12 illustrates a small part of a sensor network consisting of eight low-power sensor nodes (A - H) and a powerful base station. The base station collects information from all sensor nodes (A - D). All sensor nodes are identical, but the leaves of the tree are the sensor nodes (E - G), while the intermediate nodes are represented by nodes (K, R). In a typical network, there would be hundreds or thousands of nodes with a branching factor greater than two. This hierarchical topology allows each node to have an immediate parent node, and each leaf node transmits its reading to its parent.

authentication code, MAC Ai Aincluded with the message. To transmit the data to the base station each node use key that isnot known to the other sensor nodes. The parent node will store the message and its MACK is revealed by the base station. Then, it will verify the MAC and raise anuntil the key Aialarm if it does not match. The aggregation is performed in each intermediate step.Each child can contribute at most one reading in each time step. Nodes aggregate the datathey receive from their grandchildren (via their children) and transmit the MAC of the aggre-gation value. Delayed aggregation ensures that an adversary who obtains key material froma compromised node cannot tamper with many sensor readings. After a stage of messagesarrives at the base station, the base station reveals the temporary node keys along with a MACµTESLAgenerated using base station’s current key. Once the key is revealed, nodes advanceto the next temporary node key. After this, the key is revealed

To enable authentication, the base station advances to the next key in the chain.

Fig. 6: Example Sensor Network. [5]

Protocol Details

The protocol used in SAW is characterized by separate steps while sending data from sensors to the base station. Besides, it's possible to authenticate the information sent retroactively. The benefits of the protocol come when there are a large number of nodes arranged in a deep tree, so that many readings can be aggregated in a single message.

This notation is used to describe the protocol:

B, C, ... → A, Sensor nodes

S → A, B, A, B.

Node sends a message to Since messages are wireless, this is a local broadcast and nearby nodes will also hear the message.

ID A.

Unique ID of node A.

|MM M M

Concatenation of messages and .

1 2 1 2)

E(K, M M K.

Encryption of using key.

M AC(K, M M K.

Authentication code of using key.

Aggr(x, y) x y.

Result of the aggregation function on and The aggregation function must be deterministic, distributive and not depend on.

The order readings are incorporated. A S.K Unique key shared between node and base stationAS A.R Data reading value of nodeA =thi A E(K , i)K The key for nodeAi AS = (K)”.th n−ii µTESLA FK The key in the base station hash chaini

Data Validation

The protocol is designed to avoid that a single compromised node can breakdown the network. It should not be able to produce aggregate values that improperly represent the state of the network. Since the base station has a shared temporary key with each sensor node, it can verify that the message it receives in the final step was transmitted by (see Fig.6pag.12). In fact, the base station can calculate the MAC of the aggregation, computed by H, K and comparing it to the MAC transmitted in the message. It's only possible using Hi H to validate that sent the final message, but does not validate that it correctly reflected reading from the other sensor nodes. The power of the algorithm is that the base station also receives the MACs.

The goal is to authenticate all the readings that contributed to the aggregation value, without requiring every reading to be sent to the base station. To validate data, the base station reveals temporary node keys to the network. Using wide-area broadcast, the base station sends out µTESLA K. Nodes will each temporary node key along with a MAC using its current key, iadvance to the next temporary node key for succeeding messages. Requiring that the base station reveal every node key for every aggregate reading it receives does not scale to large sensor networks or work well in situations where frequent readings are desired. Note that although all the node keys are sent out by the base station, each sensor node only needs a few of them.14 )., RE K to verify MAC(K If the key "For example, node needs Ai Ai Abroadcasts are synchronized, it will not be necessary to listen to all the key broadcasts to find the relevant ones.

Gcompromised both nodes and in Fig.6 pag.12 would be able to transmit a bogus aggre-R FR and , along with the legitimate reading for ’s subtree. In general, angation value for A Battacker who simultaneously compromises a child and parent can misrepresent the readingsfor every node in the child’s subtree.6 The SumThe sum is insecure. The sum is lower than average in term of safety, due to the impossibiltyto simpling all sensors and achieve a similar result.) = + +(x , ..., x x ... xf is not meaningful in the“Similarly, the sum 1 1n npresence of one or more compromised nodes. The attacker can freely increaseor decrease this value without limit.”We propose another approach to preserve the final result. If a sensor gain his value up tothe double or more of the value measure by the other sensors, we set his value equal to themean. Thus, this method let us to recover the correct value. Also the truncation technique(see Section 5 pag.8) is possible to applied to the sum,

observations, k < ρn, on the principle that they might be outliers. Assuming that all an adversary can do is affect which subset of legitimate sensor readings are used as inputs to however, the adversary cannot control in any other way the inputs to g. Interestingly, the median is a special case of the above construction, obtained by taking the limit as ρ approaches 0 from below. For these reasons, trimming looks intuitively promising.”

The Minimum

The minimum is insecure. Differently from the sum and average, minimum is not a meaningful aggregate to compute in the presence of a single compromised node. In fact, is not possible to find a solution to reduce this problem. (x , ..., xf =“Consider computing the minimum of the sensor readings, 1 < n, ..., x and suppose that sensor 1 is compromised. The attacker can only increase the minimum if 1 ∗ ), ..., x which cannot exceed even then, the minimum is raised to

min(x₂₁, ..., x_n)., ..., x Thus, the attacker has little capacity to increase the computed min(x² aggregate. However, the attacker can freely reduce the computed minimum∗x to be a very small (or even negative) value. So value, simply by choosing 1 long as the attacker’s desired outcome is smaller than the correct outcome, the attacker has complete control. Therefore, we consider that the minimum is not resilient against false sensor readings.”

The minimum is like an event, only a cross check verification between sensor neighbors can detect false reading. If we assume that the sensor nodes are deployed in a high density, so that each stimulus can be detected by multiple sensors. SEF elect one of the nodes as the Center-of-Stimulus (CoS). The CoS collects and summarizes the detection results by all detecting nodes, and produces a synthesized report on behalf of the group.”When a stimulus appears, multiple nodes that detect it collaborate to process CoS the signal and elect the

That summarizes the sensing results and generates a t, E, L, tL on behalf of the group, where is the location of the event, isreport E EE the time of detection and is the type of event. This collaborative report generation can be carried out by following the procedure proposed in [7]: Each node broadcasts its sensing signal strength within the detecting area. A node with a weaker signal is suppressed by neighbors.