SENSOR NETWORKS SECURITY ISSUES IN ... - IEEE Xplore

SENSOR NETWORKS SECURITY ISSUES IN AUGMENTED HOME ENVIRONMENT Kostas Papadopoulos, Theodore Zahariadis, Nelly Leligou, Stamatis Voliotis [cpap, zahariad, leligou, svoliotis]@teihal.gr ABSTRACT

agreed with the statement “I am really interested in having the sort of functions a Smart Home could offer”. Home automation is a very important application, while safety and security features emerged as the most popular aspect of living in a Smart Home - 70% of respondents agreed with the statement “I would really value the safety and security features a Smart Home could offer”, having the benefits of remote access also wide appeal (59%).

Wireless Sensor Networks (WSN) are expected to form an integral part of the foreseen ubiquity intelligent, future mobile network and are envisaged to play a key role in the vision of offering mobile, personalised services, in-home and out-doors, whenever and wherever needed. However, security and resilience across WSN, especially across insecure, heterogeneous and multi-administration domains like the augmented home environment, face essential limitations. In this paper, we aim to identify the major WSN open issues, challenges and functional holes, focusing on the networking characteristics in an augmented home environment.

Being able to control appliances w hen I am out w ould be useful to me

Index Terms— Wireless Sensor networks, security, augmented home environment.

I w ould really value the safety and security features a Smart Home could offer

I like the idea of one remote control that could control everything in home

18%

After a few years of UMTS/3G cellular communication systems’ deployment, the research community and the telecommunications industry have already perceived their limitations in terms of user throughput and operation/usage costs, and are focussing on research towards systems Beyond Third Generation (B3G), which outside Europe have been called Forth Generation (4G) systems. The ITUrecommendation M.1645, which has been approved as the basis of future activities for systems beyond 3G, aims at integration and cooperation of existing and evolving access networks on the one hand and advanced air interfaces with significantly improved performance as compared to 3G systems on the other hand. In this evolving environment, Wireless Sensor Networks (WSN) are expected to form an integral part of the foreseen ubiquity intelligent, future mobile network and are envisaged to play a key role in the vision of offering mobile, personalised services, in-home and out-doors, whenever and wherever needed, while supporting applications with broadband, wireless connectivity anytime and anywhere. Smart home is an area, where it is expected a market boom in the next years. Various market studies have shown that although consumer views about Smart Homes are not mature yet, there is a significant level of underlying interest in the concept. In a recent market study [1], from a survey of 1,000 households, almost half of those surveyed (45%)

13%

19%

25%

40%

16%

13%

20%

8%

4% 23%

0%

1. INTRODUCTION

28%

Strongle Agree

47%

20% Agree

40% Neither

Disagree

13%

60%

13%

80%

100%

Strongly Disagree

Fig. 1 Views about Smart Home features

Healthcare, eHealth and homecare of elderly people is another important market area, in the augmented home environment. According to [2], healthcare costs have been increasing at double-digit rates over the past ten years and will account for almost 16% of U.S. GDP in 2006. As 76 million baby boomers enter retirement age in the next 15-20 years, the demand for healthcare products and services will rise significantly.

Fig. 2 Perceived Value of Digital Home Health Services

Systems implementing digital video surveillance solutions are often coupled with IP-based streaming, storage

with video compression and intelligent ambient sensors. This capability of providing an integrated solution with storage, streaming and event analysis/detection has been the major driving force behind the accelerating force of analogto-digital migration. The above figures clearly demonstrate the need for an intelligent home. However, installation costs have hindered the wide deployment of augmented home. The utilisation of sensor nodes based on wireless technologies (e.g. ZigBee, Bluetooth, Konnex) would greatly bust the smart home deployment. The RFID technology is also becoming popular to realize the augmented home environment and sensor networks, in the case of elderly and healthcare systems. For example, sentient artefacts have been introduced, which represent sensor-augmented objects used everyday, such as toothbrushes, mirrors, and chairs [3], microphone sensors have been attached to water pipes to recognize the daily activities based on the patterns of water usage [4], while systems have been presented for the retrieval and summarization of activities in a ubiquitous home environment by using footstep sensors [5]. However, WSN face essential security and resilience limitations, especially across insecure, heterogeneous and multi-administration domains like the augmented home environment. Characteristics like auto-configuration and self-organization, which are fundamental for the expected flexibility of a WSN, introduce specific security concerns that are unknown or less severe in legacy wired and wireless/mobile networks. In this paper, we aim to identify the major WSN open issues, challenges and functional holes, focusing on the networking characteristics. In the section 2, we focus on the networking coverage and routing challenges, while in section 3, we highlight the coverage holes problem. In section 4 we concentrate on the privacy and security issues. Some conclusions and steps ahead are recapitulated in section 5. 2. SENSOR NODE AUTO-CONFIGURATION One the major barriers for the wide deployment of sensor networks in an augmented home environment is the initial system installation [6]. In any autonomous network’s initial deployment, the first steps before exchanging information are nodes’ auto-configuration and network selforganization. In a wired network, each node or router connects to a specific set of other routers, forming a more or less stable routing graph. In mesh topologies, the routing graph is quite dynamic and may change rapidly. By exchanging information, nodes can discover their neighbors and perform a distributed algorithm to determine how to route data according to the application’s needs. However, nodes may be added or removed arbitrary, radically changing the routing topology.

Although many protocols and algorithms have been proposed for traditional wireless ad hoc and self-organized networks, most of them are not well suited to the unique features and multimedia requirements of WSN. The reason is the significant differences between WSN and ad hoc networks. A few of them related to auto-configuration are: • The number of nodes in a WSN, which may be quite higher than the nodes in normal mesh networks • Sensor nodes are densely deployed and their topology may change quite frequently, much faster than normal mesh networks • Sensor nodes have quite limited power, computational capacities, and memory and they are prone to failures. • Sensor nodes may not have a network-wide unique ID, as the large number of sensors would increase the protocol messages’ overhead. Many researchers are currently engaged in developing schemes that fulfil these requirements. However, variables such as obstructions, interference, environmental factors, antenna orientation, and mobility make WSN autoconfiguration a priori quite complex. While near-term solutions focus on auto-configuration and mobile adaptation of existing protocols, it is foreseen that longer-term solutions should consider new protocols and information handling mechanisms, natively designed for wireless sensor networks. Research should not be limited to initial protocol configuration performance, but should investigate adaptive protocol operation and robustness as the infrastructure behavior changes over time. 3. COVERAGE HOLES The coverage problem has been interpreted in a variety of ways in the existing literature. In most cases, the sensing coverage of a sensor node is assumed uniform in all directions and is represented by a hexagonal cell or a unit disk model. However, this model is quite unrealistic especially in an augmented home environment, as it is based on the assumption that all sensors achieve perfect and equal coverage in a circular disc. This is not always accurate, as the environmental and terrain conditions may significantly differentiate the node coverage area. Moreover, the coverage not only depends on the sensing capability of the sensor, but also on the application requirements, e.g. tracking of larger and/or slower moving objects or smaller and/or faster objects. Another important parameter is the requirement for single or multi connectivity, which guards network connectivity against single link or node failure.

Fig. 3. (i) Coverage hole with disk unit sensing model, (ii) an additional sensor is required to handle the coverage hole

Aiming to overcome the coverage holes, the WSN deployment may include three phases: a) Pre-deployment, where the nodes are placed (all together or one by one), b) Re-deployment, where additional sensors may be inserted at any time to overcome coverage holes and c) post-deployment, where sensors may change location or orientation due to moving obstacles, available energy, malfunctioning, and task details. In current literature and based on the sensor moving capabilities, it is up to the specific application to decide the deployment method and phase to overcome the coverage holes. 4. PRIVACY AND SECURITY Security mechanisms in WSN are devised based on a set of principles either as common security strategies, or as consequences of the hardware restrictions of sensor nodes [7] including: • Energy efficiency, as communication is three orders of magnitude more expensive than computation, in most cases computation is preferred • No public-key cryptography, as public-key algorithms remain too expensive on sensor nodes both in terms of storage and energy. • No tamper-resistance. Most sensor nodes are low-cost hardware that are not built with tamper-resistance. • Multiple layers of defence, as attacks can occur on different layers of a networking stack. In general Wireless Sensor Networks may encounter a number of known attacks [8]. Especially in the case of home environment we may categorize them as follows:

of denial-of-service (DoS) attacks. The main categories of these attacks are: • Flooding. Typically a large number of packets is sent to the access point or a node under attack to prevent the node or the whole network from establishing or continuing communications. • Jamming (radio interference). In this attack, wireless nodes are isolated at physical layer by transmitting continuous radio signals such that the authorized users are denied from accessing a particular frequency channel. The attacker may also transmit jamming radio signals to intentionally collide with legitimate signals originated by target nodes [7]. • Replay: A packet is tapped and then transmitted repeatedly and continuously to the node under attack in order to exhaust its buffers or power supplies, or to the access points in order to degrade network performance. Alternatively, the tapped packets may crash poorly designed applications or exploit vulnerable holes in poor system designs. • Selective forwarding: Packets may be selectively dropped or other irrelevant packets may be forwarded instead, confusing the network architecture. 4.2 Network Routing This type of attacks attempt to change routing information, and to benefit from such a change in various ways. • Unauthorized routing update: Routing information maintained by access points or aggregation nodesis falsely updated. The results of this attack may lead to nodes’ isolation, network partition, routing loops that cause messages to be dropped after the time to live (TTL) expires, black-holes, etc. • Wormhole: In this attack initially a wormhole tunnel is created between two nodes. Then, one or more packets are tapped and then transferred to the destination via the tunnel. In this way, the copied packets arrive at the destination earlier than the original packet traversed through normal routes complicating the network architecture. • Sinkhole: In this attack, the malicious node is usually presented as a very attractive node (e.g. having the highest trust level, the shortest distance or short delay path to the aggregating node). In this way it tracts all packets through one or several of its colluding nodes, called sinkhole node(s), so that the attacker (and its colluding group) has access to all traversing packets.

4.1 Services availability 4.3 Nodes Identification/Authentication This type of attacks attempts to harm the communication capability of the nodes or consume sparsely available bandwidth. If these attacks result in a denial of service to legitimate members, they can also be referred to as a variant

These attacks obtain vulnerable MAC and network addresses and then pretend being a trusted node, targeting the authentication related activities.

• Eavesdropping. The major attack in this category related to home environment is the eavesdropping attack. In this attack, the attacker secretly eavesdrops on communications between nodes to collect information on connection (e.g., MAC address) and cryptography (e.g., session key materials). • Impersonate: An attacker impersonates a trusted node’s identity (either MAC or IP address) to establish a connection with or launch other attacks; the attacker may also use the victim’s identity to establish a connection with other nodes or launch other attacks on behalf of the victim. • Sybil: A single node presents itself to other nodes with multiple spoofed identifications (either MAC or network addresses). The attacker may pose to have existing nodes’ identities or simply create multiple arbitrary identities in the MAC and/or network layer. Then the attack poses threats to other protocol layers. 5. CONCLUSIONS AND STEP AHEAD AWISSENET (Ad-hoc & WIreless Sensor SEcure NETwork) [10] is a FP7 project partially funded by the EU that aims to face most of the above security issues. Focused on security and resilience across ad-hoc PAN and wireless sensor networks, AWISSENET aims to implement a scalable, secure and context-aware networking protocol stack, able to offer self-configuration and secure roaming of data and services over multiple administrative domains and across insecure infrastructures of heterogeneous ad-hoc & wireless tiny sensory networks. AWISSENET optimisations will be extended, where applicable, from network up to the applications layer, focusing on three key research topics: • Discovery, evaluation and selection of trusted routes based on multiple security metrics and key pre-distribution methods. • Secure Service Discovery will protect service discovery messages, when crossing unknown domains or when interacting with public service providers. • Intrusion detection, intruder identification and recovery based on distributed trust to provide security against malicious attacks.

• Highly Secure sensor nodes against attacks from users having actual access to those nodes. The AWISSENET results will be packed in a security toolbox and the proposed architecture and protocol toolbox will be prototyped and validated in a large trial of more than 100 nodes, consisting of sensor/MOTEs, wireless cameras and RFID tags. Over this trial, a number of PAN and wireless sensor application scenarios will be validated e.g. ambient intelligence in environments like industry, home, roads and disaster recovery. ACKNOWLEDGE This publication is based on work performed in the framework of the Project AWISSENET IST-211998, which is partially funded by the European Commission. 6. REFERENCES [1] M. Pragnell, L. Spence, R. Moore, “The market potential for Smart Homes,” JRF, 2005 [2] PARKS ASSOCIATES, “Delivering Quality Healthcare to the Digital Home”, (Feb/2006) [3] F. Kawsar, K. Fujinami, T. Nakajima, “Augmenting Everyday Life with Sentient Artefacts” sOc-EUSAI Conference (Smart Objects & Ambient Intelligence), October 2005, pp. 141–146, [4] J. Fogarty, C. Au, S. Hudson, “Sensing from the Basement: A Feasibility Study of Unobtrusive and Low-Cost Home Activity Recognition” UIST ’06, October 2006, pp. 91–100, [5] G. de Silva, B. Oh, T.Yamasaki, K. Aizawa, ”Experience Retrieval in a Ubiquitous Home,” ACM Multimedia Workshop on Continuous Archival of Personal Experience 2005 (CARPE2005), November, 2005, pp. 35-44. [6] N. Katevas, A. Pantelouka, K. Petrakou, S. Voliotis, Th. Zahariadis, “Test environment for VSN routing algorithms using mobile robot”, ELMAR 2007, pp. 219-222 [7] Yee Wei Law Paul J.M. Havinga, “How to Secure a Wireless Sensor Network,” ISSNIP 2005, pp. 89-96 [8] P. Sakarindr, N. Ansari, “Security services in group communications over wireless infrastructure, mobile ad hoc, and wireless sensor networks,” IEEE Wireless Communications, October 2007, pp. 8-20 [9] M. Miuray S. Itoz, S. Kunifuji, “Development of RFID Mat Sensor System for Person-Centered Care in Group Homes,” 2nd KICSS2007, November 5-7, 2007 [10] AWISSENET “Ad-hoc personal area network & WIreless Sensor SEcure NETwork” project (www.awissenet.eu)

Fig. 4. AWISSENET Testbed