Work package 2: Network Security

This workpackage deals with the overall network security concepts. It is subdivided into the following areas:

  • Novel re-recognition and lightweight authentication schemes
    WSNs face huge security lacks. In the most general case nodes need to build up a well-defined security association without any pre-established secret or common security infrastructure. In this case pairs of entities will establish pair wise relationships.
    It is also conceivable that once enough pair wise relationships are established groups of entities are able to establish new relationships. If a pre-established secret is available, or a secret channel is available, it would be possible to use a single secret key for all devices. However, one has to face the possibility that a subset of nodes is corrupted and that all their secrets are revealed to an attacker. Hence, a pair wise security association between these nodes is advantageous. Within UbiSec&Sens we want to take the effort to design efficient authentication protocols to ensure secure applications in sensor networks. We will start by designing specific protocols for different applications, and then we will work on combining the different authentication schemes to a universal solution.

  • Concealed data aggregation
    Given the fact that in-network processing and flexible routing schemes are obligatory pre-requisites in WSNs, end-to-end encryption is a challenging task under such circumstances. The worldwide first results in this direction have already been provided by partners of the UbiSec&Sens consortium. Their solutions for a concealed data aggregation indicate that in principle data aggregation with respect to the support of some specific aggregation functions like “average”, “movement” or even “min/max” is possible. Current solutions are either based on the additive feature of privacy homomorphisms, encrypted ordering systems from data bases (OPES), or they bitwise add up random bit-streams to the monitored data to finally be decomposed at some powerful node performing the decryption. All these candidates are most valuable contributions since they are preparing the ground for a real break through in this area. Unfortunately, they either lack with respect to the execution overhead or data overhead, or they simply provide only a very poor level of security. It is one major objective of this project to provide for WSN application with different security and reliability requirements enhanced mechanisms for concealed end-to-end encryption of reverse multicast traffic. The mechanisms should provide a good balance between energy-efficiency and an appropriate level of security. In UbiSec&Sens we are considering approaches based on symmetric schemes as well as on asymmetric schemes. Both approaches have their strength and weaknesses with respect to the envisioned applications. However, when considering the appliance of privacy homomorphic schemes we will only focus on additively homomorphic schemes, since schemes that at the same time are additively homomorphic and multiplicatively homomorphic provide almost no security.

  • Enhanced Key pre-distribution schemes
    It is not possible that the manufacturer configures all the sensitive information e.g. keys before the WSN is rolled-out. Some sensitive information can only be distributed and stored with respect to the final position of the nodes within the network topology. Also the traffic flow pattern of the network is a parameter that needs to be considered when distributing keys for different security issues. Whereas for the authentication of nodes a pair-wise or group-wise key distribution is required, for the concealment of data, particularly when aiming at in-network processing, a group-wise authentication is compelling. This is true for symmetric key based encryption schemes and is most relevant for WSN architectures with non-tamper resistant devices. Preliminary work on topology aware group keying has been done in [GiWeAc05]. UbiSec&Sens will address key-distribution schemes for sensors equipped with and without tamper-resistant units.

  • Provable secure routing
    Routing is one of the most basic networking functions in multi-hop sensor networks. Routing has two main functions: finding routes to the base stations and forwarding data packets on these routes. We are concerned with the security of the first function: how to find routes to the base station in the presence of an adversary. The goal of the adversary is to modify the perceived network topology by injecting false routing information the network (or by other means specific to the routing algorithm). By modifying the perceived network topology, the adversary can a) divert communications via corrupted sensors that are controlled by the adversary, b) enforce the use of suboptimal routes (in terms of energy), which at the end may decrease the lifetime of the network considerably, or c) simply disrupt communications (Denial of Service). None of the above is desirable in a robust sensor network, and therefore routing security is of primary importance.

    <<  back  

    		•
    Final audit with a live outdoor demo for roadside WSN to vehicular communication: 17/18 December at NEC, Heidelberg, Germany.
    Selected software modules of the UbiSec&Sens security and reliability toolbox are available for download.
    UbiSec&Sens security and reliability toolbox has been presented at the ZigBee Alliance member meeting in Vancouver, BC, Canada, October 6-9, 2008 (Slides).
    The Agriculture WSN prototype has been reported in the German Viniculture Magazine "Der Deutsche Weinbau".
       © 2006 UbiSec&Sens (This page is maintained by Osman Ugus) Impressum