406
Chapter 17 A Survey on Sensor Network Security
Tampering
A large-scale sensor network may consist of thousands of sensor nodes and
may be dispersed over a large area. It is impractical to assume that we can
monitor and protect each individual sensor from attacks. An adversary can
capture a sensor node and tamper with nodes physically. If the adversary
compromises a node, she can extract all key material, data, and code stored
on that node. The adversary can also re-program the captured node, or clone
several illegal nodes from the captured node. A variety of attacks can be
launched after obtaining cryptographic keys and code, such as eavesdropping,
selective forwarding, etc.
One defense technique is to use tamper-resistant hardware in sensor nodes.
With tamper-resistant hardware, a tampering can be detected and cryptographic
keys and sensitive data can be erased from the sensor node. However,
the cost of current tamper-resistant hardware is too high to be installed in
each sensor node.
Thus, in most sensor security papers, a general assumption is that sensor
nodes are not equipped with tamper-resistant hardware due to cost constraints.
If a globally shared key is used in the network for encryption, then
tampering with one sensor node will render the whole network unsecured. Effective
key management schemes can reduce the damage of node tampering.
For example, each node can use a unique key to communicate with the base
station, and each pair of nodes can share a unique pairwise key with each
other for communication.
Pages:
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638