TItle: Reputation-based Algorithms in Sensor Networks
Description: Networks of wirelessly interconnected embedded sensors and actuators promise an unprecedented ability to observe and manipulate our physical world. Indeed, recent years have seen much research on understanding the fundamental properties of such networks, and on developing algorithms and hardware-software building blocks for cheap and energy-efficient implementation. However, as with almost every disruptive technology that has impacted human society, the benefits of Embedded Networked Sensing are accompanied by a significant risk factors and potential for abuse. If wireless sensor networks are really going to be the eyes and ears of our society, as envisioned by many, then one needs to answer the following question: How can a user trust the information provided by the sensor network?
Building sensor networks poses challenges of secure routing, node authentication, data integrity, data confidentiality and access control that are faced in conventional wireless and wired networks as well. In the realm of sensor networks these problems are even more challenging due to the resource constraint nature and the scale of these networks. Only recently, researchers have started developing customized cryptographic solutions for sensor networks. However, current security mechanisms for sensor networks focus on external attacks. They fail to protect against internal attacks where a subset of sensor nodes are compromised. Due to lack of physical security and tamper resistance, adversaries can recover the embedded cryptographic material from these nodes and subsequently pose as authorized nodes in the network. A wide variety of sensor network applications such as forest fire monitoring, anti terrorism, bio/chemical agent monitoring etc. falls into the broad class of sense-response applications, where the system objective is to collaboratively detect the events and report the event detection back to the base station. The detection of an event is followed by some physical response such as sending special personnel, vehicles etc. to the location of the event. Compromised nodes can inject false data about non-existent events and authenticate them correctly to the user using their keys (false positive attacks), or stall the reporting of real events (false negative attacks). Thus, there is a need for developing a secure event reporting protocol.
Cryptographic keys form the backbone of any security protocol; the scale and ad-hoc deployment of nodes coupled with the ability of adversaries to easily recover the cryptographic materials make it a challenging problem to solve. In general the efficacy of any key establishment strategy needs to be gauged on the basis of both security metrics such as resiliency against node capture, node replication, access control measures and also on the complexity aspect such as scalability, storage etc. Existing key establishment techniques rely on a deterministic or probabilistic pre-distribution of keys in the network, trading off its performance on one metric with the other. We believe that a more apt approach in the realm of sensor networks is to derive them deterministically at runtime based on a single master key and unique physical attributes of the nodes.
Although cryptography and authentication help, they alone are not sufficient for the unique characteristics and novel misbehaviors encountered in sensor networks. We believe that in general tools from different domains such as economics theory, statistics and data analysis will have to be combined with cryptography for the development of trustworthy sensor networks. Fundamental to this is the observation that sensor network applications are based on collective interaction between a large numbers of nodes, which do collaborative data gathering, collective data/information processing, and multi-hop data delivery. This decentralized in-network decision-making, which relies on the inherent trust among the sensor nodes, can be abused by internal adversaries to carry out security breaches while generating information. An adversary can potentially insert bogus data to mislead the whole network! Clearly, cryptographic mechanisms alone cannot be used to solve this problem as adversarial nodes can use valid cryptographic keys to authenticate bogus data. Besides malicious attacks, the two other system characteristics that hinder the development of high integrity sensor networks are system faults and sensing channel inconsistencies. Sensor nodes are currently made of cheap hardware components, highly vulnerable to system malfunctioning. Non-malicious behavior such as radios/sensors going bust can also result in the generation of bogus data, bringing equally detrimental effects to the functioning of the whole network. Another distinguishing trait of sensor networks is there strong coupling with the physical world. This gives rise to a unique opportunity for adversaries, whereby instead of abusing the network, they can insert bogus data into the network by abusing the physical world. The very nature of these attacks is completely outside the realm of cryptography.
Status: Inactive Project
Main Research Area: Privacy, Security, and Integrity