2 Security Concern

Security in WSN is quite different from traditional (wired)+ network security. Due to the hardware obstacle, the WSN is difficult to directly employ the existing security approaches to the area of wireless sensor networks. Most of the security concerns can be addressed by the services of confidentiality , availability and integrity. When we review a real system in practice, however, authenticity and privacy are also within our consideration.

2.1 Confidentiality

¹ A sensor network should not leak sensor readings to any unauthorized parties (this illegal act is sometimes called skimming), therefore it is extremely important to build a secure channel in a wireless sensor network. Especially in a military application, the data stored in the WSN node is highly sensitive. The standard solution for keeping sensitive data secret is to encrypt the data with a secret key, known only to the sender and receiver. The receiver would then decrypt the data, and thus achieve confidentiality.

2.2 Integrity

² In the wireless world, the information exchanged between two parties needs to be confidential when sensitive data, such as secret keys, must not be collected by an eavesdropper ³. Forteunately, with the implementation of confidentiality, the attacker may be unable to steal information. However, the adversary may modify the message in transit without knowing the message content. For instance, the lack of authentication in the pure Diffie-Hellman Key Exchange Protocol makes it vulnerable to man in the middle attack. Message authentication codes, hash functions and digital signatures can guarantee message integrity and as well as authenticity.

2.3 Availability

⁴ Availability is an important aspect of reliability, especially when a reader needs to be ready to authenticate every incoming user that may enters its communication range at certain time intervals. Even without the threat of a malicious node, a single point failure with no presence of centralized management would cause data loss or damage. For example, the functionality of the sensor network must be ensured to resist denial-of-service attacks (DoS). The typical countermeasures include Quality of Service (Qos), but is our focus in this project.

2.4 Authenticity

In any network communication, authentication proves the claimed identity of of the other parties, and it is an important security measure for preventing counterfeiting behaviors. Both the sender and receiver need to confirm the identity of other party involved in the communication The use of authentication may also be required in applications, this project focus on, such as security entry systems. In addition, a system equipped with strong Authentication indicates a system of proving knowledge of a secret of the other party without revealing it.

2.5 Privacy

Privacy, in general, refers to the ability of an entity to stop information about themselves from becoming known to people other than those whom they choose to give the information. In the world of wireless sensor network, while this technology promises to produce a massive amount of data collection, an adversaries can use seemly irrelevant fragment of data, assemble them, and derive much more sensitive information. Therefore, the data aggregation in sensor network enlarge the problem of privacy, because they make large amount of information easily available through remote access [11]. Hence, adversaries does not have not be physically present to maintain surveillance,but they can gather information in a low-risk, anonymous manner.

• Eavesdropping: By listening to the data, the adversary could easily discover the communication contents. When the traffic conveys the control information about the sensor network configuration, which contains potentially more detailed information about the communication protocol, the eavesdropping can act effectively against the privacy protection.
• Traffic Analysis: This is an advanced version of combination with monitoring and eavesdropping. An attacker could potentially monitor the increase in the number of transmitted packets between certain nodes, and could signal that a specific sensor has registered activity. Through the analysis on the traffic, some sensors with previous activities can be effectively identified. Thus, this act violate the identity privacy.
• Camouflage: After an adversaries insert a rogue node or compromise a legitimate node in the sensor network, the attackers make those nodes to impersonate as a normal node to attract the packets, and miss-route the packets. e.g. another variation of man-in-the-middle-attack that forward the packets to the nodes conducting the privacy analysis.

In order to achieve strong privacy, the following properties needs to be satisfied:

• Untracability: any information that relates to the identity of an entity must be protected from others at all time.
• Access Control: An entity cannot be granted access or revokes the right to access some data or perform some operation, if it is not authorized to.
• Non-repudiation: An entity is prevented from denying its previous commitments or actions.

2.6 Physical Attack

Sensor motes in real world are typically exposed in outdoor environments, and their deployment makes them highly compromisable by attackers. Instead of finding the weakness in algorithm via cryptanalysis approach or brute-forcely hacking, a well-trained adversary could launch an attack based on cryptographic information gained from physical implementation of the mote. Some attack include measurement on how much time that various cryptog system takes to perform (Timing Attack), make use of varying power consumption by the hardware during cerographic computation (Power Consumption Attack), or even attack on leaked electromagnetic radiation that could directly provide un-encrypted plaintext message. Recent work has shown that a sensor nodes that lacks tamper resistant hardware protection, such as the MICA2 motes, can be compromised in less than one minute[12] by a well-trained attacker. If an adversary compromises a sensor node, then the code inside the physical node may be modified.