Attacks and Defenses of Ubiquitous Sensor Networks

Tanya Gazelle Roosta

EECS Department
University of California, Berkeley
Technical Report No. UCB/EECS-2008-58
May 20, 2008

http://www2.eecs.berkeley.edu/Pubs/TechRpts/2008/EECS-2008-58.pdf

Based on recent technological advances, the manufacturing of a large number of low cost wireless sensors became technically and economically feasible. Thousands of these sensors can potentially be networked as a wireless sensor network for many applications that require unattended, long-term operations. One of the critical challenges to making sensor networks more pervasive and secure is the severe resource constraints, in terms of energy and memory, on the sensor nodes.

This dissertation explores specific security issues associated with sensor networks. In particular, we explore four related themes: 1) we begin by developing a taxonomy of security attacks and existing countermeasures for sensor networks. Although this taxonomy serves as a reference for security attacks, it points out a lack of a holistic view of the overall security requirements and threat models in sensor networks. Without these notions we cannot evaluate the tradeoffs between resource constraints and security. Then, we explore the development of methodologies for evaluation and design of secure sensor network security by defining: (a) security properties and security metrics to help us understand the value of each security solution, (b) a realistic threat model to understand the practical nature of the adversary model in sensor networks, (c) a security design space to identify best practices for the design and configuration of secure sensor networks. This framework can be used to formally define and analyze security attacks and the effectiveness of solutions for each attack and to identify the path of least resistance for an attacker. 2) Our second theme explores the issue of insider attacks on fundamental services and applications in sensor networks. This type of attack has a more serious impact on the network since the attacker is in possession of the cryptographic keys and can participate in communication. We specifically look at the time synchronization service and the object tracking algorithm. Time synchronization protocols provide a mechanism for synchronizing the local clocks of the nodes in a sensor network. Many applications, such as networking protocols, rely heavily on accurate timing to perform their tasks. We analyze attacks on different categories of time synchronization protocols, show how these attacks affect different classes of protocols, and propose solutions for each attack. We also implement our attacks and countermeasure for one class of time synchronization protocols. Next, we analyze the effect of insider attack on multiple object tracking by focusing on a hierarchical target tracking algorithm specifically designed for sensor networks. We develop a hierarchical reputation system framework that helps detect node misbehavior and isolate malicious entities. We evaluate our reputation system experimentally and demonstrate how it improves object tracking in the presence of malicious nodes. 3) The third theme in this dissertation deals with the security issues facing the applications that use sensor networks. We look at two important applications that use sensor networks: health care systems, and the process control systems. We develop an integrity monitoring system for the health care application. We develop two security solutions for process control systems: 1) a model-based intrusion detection system, and 2) secure key management and software update. 4) In the last part of the dissertation, we use a game theoretic framework to analyze and build a distributed reputation mechanism for sensor networks. Game theory provides a way of mathematically formalizing the decision-making process. However, there has been very limited research in the area of sensor network security. Therefore, the object of our research is to analyze the available game theoretic approaches for reputation systems and apply those to field of sensor networks.

Advisor: S. Shankar Sastry


BibTeX citation:

@phdthesis{Roosta:EECS-2008-58,
    Author = {Roosta, Tanya Gazelle},
    Title = {Attacks and Defenses of Ubiquitous Sensor Networks},
    School = {EECS Department, University of California, Berkeley},
    Year = {2008},
    Month = {May},
    URL = {http://www2.eecs.berkeley.edu/Pubs/TechRpts/2008/EECS-2008-58.html},
    Number = {UCB/EECS-2008-58},
    Abstract = {Based on recent technological advances, the manufacturing of a large number of low cost wireless sensors became technically and economically feasible. Thousands of these sensors can potentially be networked as a wireless sensor network for many applications that require unattended, long-term operations. One of the critical challenges to making sensor networks more pervasive and secure is
the severe resource constraints, in terms of energy and memory, on the sensor nodes.

This dissertation explores specific security issues associated with sensor networks. In particular, we explore four related themes: 1) we begin by developing a taxonomy of security attacks and existing countermeasures for sensor networks. Although this taxonomy serves as a reference for security attacks, it points out a lack of a holistic view of the overall security requirements and threat models in sensor networks. Without these notions we cannot evaluate the tradeoffs between resource constraints and security. Then, we explore the development of methodologies for evaluation and design of secure sensor network security by defining: (a) security properties and security metrics
to help us understand the value of each security solution, (b) a realistic threat model to understand the practical nature of the adversary model in sensor networks, (c) a security design space to identify best practices for the design and configuration of secure sensor networks.  This framework can be used to formally define and analyze security attacks and the effectiveness of solutions for each
attack and to identify the path of least resistance for an
attacker. 2) Our second theme explores the issue of insider attacks on fundamental services and applications in sensor networks. This type of attack has a more serious impact on the network since the attacker is in possession of the cryptographic keys and can participate in communication. We specifically look at the time synchronization service and the object tracking algorithm. Time synchronization protocols provide a mechanism for synchronizing the local clocks of the nodes in a sensor network.  Many applications, such as networking protocols, rely heavily on accurate timing to perform their tasks. We analyze attacks on
different categories of time synchronization protocols, show how these attacks affect different classes of protocols, and propose solutions for each attack. We also implement our attacks and countermeasure for one class of time synchronization protocols. Next, we analyze the effect of insider attack on multiple object tracking by focusing on a hierarchical target tracking algorithm specifically designed for sensor networks. We develop a hierarchical reputation system framework that helps detect node misbehavior and isolate malicious entities.  We evaluate our reputation system experimentally and demonstrate how it improves
object tracking in the presence of malicious nodes.  3) The third theme in this dissertation deals with the security issues facing the applications that use sensor networks. We look at two important applications that use sensor networks: health care systems, and the process control systems. We develop an integrity monitoring system for the health care application. We develop two security solutions for process control systems: 1) a model-based intrusion detection system, and 2) secure key management and software update. 4) In the last part of the dissertation, we use a game theoretic framework to analyze and build a distributed reputation mechanism for sensor networks. Game theory
provides a way of mathematically formalizing the decision-making process.  However, there has been very limited research in the area of sensor network security. Therefore, the object of our research is to analyze the available game theoretic approaches for reputation systems and apply those to field of
sensor networks.}
}

EndNote citation:

%0 Thesis
%A Roosta, Tanya Gazelle
%T Attacks and Defenses of Ubiquitous Sensor Networks
%I EECS Department, University of California, Berkeley
%D 2008
%8 May 20
%@ UCB/EECS-2008-58
%U http://www2.eecs.berkeley.edu/Pubs/TechRpts/2008/EECS-2008-58.html
%F Roosta:EECS-2008-58