SPINS

SECURITY PROTOCOL IN
SENSOR NETWORK
Introduction
 What is a Sensor Network?
A heterogeneous system combining tiny sensors
and actuators with general-purpose computing
elements. Most consisting of hundreds or thousands of
low-power, low-cost nodes deployed to monitor and
affect the environment.

 What are they used for?

– Monitoring of manufactured machinery.
– Real-time traffic monitoring.
– Earthquake monitoring.
– Variety of military applications.
– Medical monitoring and research.
– Ocean and wildlife monitoring.
 Sensor Network and Nodes
 Network Channels: User nodes or gateways and
onward transmission to other network.
Sensor channels: Communicates among sensor
nodes and targets.
Sensor Network has three types of Nodes
Sensor nodes: Monitor immediate environment
Target Nodes: Generates various stimuli for
sensor nodes.
User Nodes: Client and Administration of Sensor
Networks.
 Common Security Issues for SNs
Data Authentication
Node 1

Node 3

Node 4

Node 2
 Adversary

Data Confidentiality

Node2
Data Integrity

Data Base

Freshness Node1

- Weak Freshness
- partial message ordering, no delay information.
- Strong Freshness
- Total ordering on req- Adversary res pair,
delay estimation.
Node1

Base

Adversary
 Challenges
 Limited resources.
 Every node can be a target.
 No trusted peer.
 Decentralized and cooperative participation of
all nodes.
 Contributions
 SNEP
1. Sensor Network Encryption Protocol.
2. Secures point-to-point communication.
 µTESLA
1. Micro Timed Efficient Stream Loss-tolerant
Authentication.
2. Provides broadcast authentication.

 Notations Used
A, B Principals( nodes)

NA Nonce generated by A

CA Counter generated by A

χ AB Master secret key between A and

( no direction information)

KAB Secret encryption key between A and B

(depends on direction)
 K’AB Secret MAC key between A and
B (depends on
direction)

{M}KAB Encryption of message M with

KAB

MAC(K’AB,M) Message Authentication Code

(MAC) of M

SNEP
 Features
1. Data confidentiality, two-party data
authentication, integrity, replay protection,
weak message freshness (partial message
ordering).
2. Low communication overhead: only adds 8 bytes
per message.
3. Semantic Security: Prevents eavesdroppers from
interfering the message content from the
encrypted message.
4. Uses Counter: Avoids transmitting the counter
value by keeping the state at both end point.
 Mechanism
 1. Communicating parties share two counters for the
block cipher.
2. Counter is not sent with the message.
3. Counter incremented after each block.
4. Communicating parties use a counter exchange
protocol to synchronize their counter values.
5. Counter value is never repeated.
6. Counter value in MAC prevents replay attacks.
7 .Communicating parties share a master secret key XAB.
 Protocol Details

1. D: data, K: encryption key, C: counter

2. Semantic security: Since the counter value is
incremented after each message, the same
message is encrypted differently each time.
3. Data authentication: If the MAC verifies correctly,
a receiver knows that the message originated
from the claimed sender.
4. Weak freshness.
5. Low communication overhead: The counter state is
kept at each end point.
 Strong data freshness
 NA : Nonce
RA : Request Message
 Counter Exchange Protocol

 Entire Process
µTESLA
 Features
1. Broadcast authentication protocol with low
communication and computation overhead
2. Requires time synchronization between the sender and
the receiver.
3. Uses self authenticating key chain.
 4. Authentication is based on symmetric key
cryptography.
 One-Way Chains
1. We repeatedly use a one-way hash function to
generate a one-way chain.
2. The sender generates the chain by randomly selecting Sl
and repeatedly applying the one-way function F.
3. S0 is a commitment to the entire one-way chain.
4. We can verify any element of the chain through S0.

 Sender setup
1. Divide time into intervals of uniform duration.
2. Compute and commit to a one way key chain.
a. Kn = F(Kn+1)
b. F is a one way function
3. One-way chain is used in the reverse order of
generation.
 4. The sender assigns one key from the one-way chain to
each time interval in sequence
5. The sender defines a disclosure time intervals.
 Receiver setup
1. It needs to be loosely time synchronized with the sender
2. The sender sends the key disclosure schedule to the
receivers over an authenticated channel (interval
duration, start time, index of interval, length of
one-way key chain, Key disclosure delay d, A key
commitment to the key chain Ki .
 Authentication at Receiver
1. Receiver checks that the key used to compute the MAC
is still secret by determining that the sender could
not have yet reached the time interval for
disclosing it.
2. If the MAC key is still secret, then the receiver buffers
the packet.
3. Each receiver checks that the disclosed key is correct.
4. Checks the correctness of the MAC of buffered packets
that were sent in the time interval of the disclosed
key.
5. If the MAC is correct, the receiver accepts the packet.
  TESLA vs. µTESLA
1. TESLA authenticates the initial packet with a digital
signature, which is too expensive for sensor nodes
à µTESLA uses only symmetric mechanisms
2. Disclosing a key in each packet requires too much
energy for sending and receiving
à µTESLA discloses the key once per epoch.
3. It is expensive to store a one-way key chain in a sensor
node
à µTESLA restricts the number of authenticated senders.
Conclusion
• Security protocols for an extremely limited sensor network.
 • SNEP provides Data confidentiality, two-party data
authentication, integrity, replay protection, weak message
freshness
• µTESLA provides Authenticated broadcast for severely
resource-constrained environments
• Minimal security overheads
– Computation, memory, communication
– Uses only symmetric cryptography.
References
• Perrig, A., Stankovic, J., and Wagner, D. 2004. Security in
wireless sensor networks. Commun. ACM 47, 6 (Jun.
2004), 53-57.
• Perrig, A., Szewczyk, R., Tygar, J. D., Wen, V., and Culler,
D. E. 2002. SPINS: security protocols for sensor networks.
Wirel. Netw. 8, 5 (Sep. 2002), 521-534.
• Karlof, C. and Wagner, D. Secure routing in wireless
sensor networks: Attacks and countermeasures. In
Proceedings of the 1st IEEE International Workshop on
Sensor Network Protocols and Applications (Anchorage,
AK, May 11, 2003).
• Hu, Y.-C., Perrig, A., and Johnson, D. Packet leashes: A
defense against wormhole attacks in wireless ad hoc
networks. In Proceedings of IEEE Infocom 2003 (San
Francisco, Apr. 1--3, 2003).
• L. Zhou and Z. Haas, “Securing ad hoc networks,” IEEE
Network Magazine, vol. 13, no. 6, November/December
1999...

Rakesh Panda
0701106210
CSE (Group – 1)