RTC Magazine

Devices and “smart objects” like industrial sensors are rapidly outnumbering workstations on networks worldwide, with some experts projecting that within 5 years there will be over 100 non-PC devices for every workstation on a network. Some devices, like sophisticated printers or routers, are relatively “intelligent” and have comparatively ample memory, processing and bandwidth resources at their disposal. As such, we can usually apply some of the security techniques originally developed for networks of PCs directly to the new “citizens” on the network. But at the very low end, devices like environmental sensors often present a unique challenge because of the extreme resource constraints they impose on security architects.

Industrial control systems have relied on smart objects like sensors and actuators for years to interact with and oversee factory processes. A typical system consists of battery-powered sensors that send information to a smarter, wired control device. Today’s sensors are tiny, inexpensive to manufacture, and don’t need a lot of power—an essential characteristic, since many sensors are expected to operate long-term without access to line power. Most wireless objects get their power from batteries, but interesting new classes of devices are emerging that scavenge electricity directly from the environment.

Computational and communication resources in sensors can be quite limited; just a few megahertz of CPU power paired with several hundred Kbytes of RAM and EEPROM are typical. Most modern sensors utilize radio frequencies to communicate, though optical and infrared communications are also sometimes used, but are less common because of the line-of-sight requirement. Bluetooth might seem like a natural for these networks, but is rarely used because of its relatively greedy power requirements.

Wireless Networks of Sensors

Some smart objects, like sensors, are typically scattered to cover a specific area of interest. While the range of each object, or node, is limited by its radio transmitter, we generally assume that each node can contact any other, though they may have to rely on nearby nodes to relay their communications to the target. The nodes send data to a “sink” or base station. These centralized stations are systems comparatively rich in CPU and storage resources, and are often used to stage and transmit information to larger IP-based networks, including the Internet.

There are a few important factors we always need to keep in mind when working with these networks. First, global addressing systems usually aren’t possible—so we need to be data-centric. Second, power is very scarce, and we often can’t get more if we need it. Transmitting data can consume 1000x more power than processing it, on a per-bit basis. Furthermore, we can’t assume that we know exactly where any given node is at any given time, and sensor networks are often “infrastructureless” which means they need to work in a distributed manner, or not at all. Finally, we certainly can’t depend on any of our objects to be tamper-proof or use any kind of “trusted” computing platform since these characteristics often make the individual nodes prohibitively expensive.

Sensor Network Security

Security requirements often vary with application and context, but in general, security for wireless sensor networks should focus on the protection of the data itself and the network connections between the nodes. Confidentiality, integrity and authentication are the most important data security concerns. When considering the network itself, we need to protect fair access to communications channels (or media access control) and we often need to conceal the physical location of our nodes. We must defend against malicious resource consumption, denial of service, node capturing and node injection. Sometimes our applications require secure routing to guard the network from the effects of nodes “gone bad.” Finally, we need some mechanism for protecting the mobile code itself.

Because distributed control networks like these tend to be extremely vulnerable to simple node attacks, weaknesses in a subsystem can easily be exploited to mount attacks on the whole network, even beyond the “sink.” So it is crucial to design sensor networks with security in mind from the very beginning, not as an add-on feature of the system. That’s largely because security will almost always add some overhead, which means increased power requirements—something that’s difficult to shoehorn in to an already-designed system. Tight integration of security techniques in processing and communications simply allows for more efficient use of scarce resources.