B.2. Security Issues in a Sensor Network
Several issues make secure communication in sensor networks different from that in usual networks:
Limited resources in sensor nodes
Each sensor node contains a primitive processor featuring very low computing speed and only small amount of programmable memory. The popular Atmel ATmega 128L processor, as an example, has an 8-bit 4 MHz RISC processor and only 128 kbytes of RAM. The processor does not support instructions for multiplying or dividing integers. One requires tens of minutes to several hours for performing a single RSA or Diffie–Hellman exponentiation for cryptographic key sizes.
Limited lifetime of sensor nodes
Each sensor node is battery-powered and is expected to operate for only a few days. Once deployed sensor nodes die, it becomes necessary to add fresh nodes to the network for continuing the data collection operation. This calls for dynamic management of security objects (like keys).
Limited communication ability of sensor nodes
Sensor nodes communicate with each other and the base stations by wireless radio transmission at low bandwidth and over small communication ranges. For the Atmel ATmega 128L processor, the maximum bandwidth is 40 kbps, and the communication range is at most 100 feet (30 m).
Moreover, the deployment area may have irregularities (like physical obstacles) that further limit the communication abilities of the nodes. One, therefore, expects that a deployed sensor node can directly communicate with only few other nodes in the network.
Possibility of node capture
A sensor network is vulnerable to capture of nodes by the enemy. The captured nodes may be physically destroyed or utilized to send misleading signals and/or disrupt the normal activity of the network. As a result, no node should have full trust on the nodes with which it communicates. The relevant security goal in this context is that the captured nodes should not divulge to the enemy enough secrets to jeopardize the communication among the uncaptured nodes.
Lack of knowledge about deployment configuration
In many situations (like scattering of nodes from airplanes or trucks), the post-deployment configuration of the sensor network is not known a priori. It is unreasonable to use security algorithms that have strong dependence on locations of nodes in the network. For example, each sensor node u is expected to have only a few neighbours with which it can directly communicate. This is precisely the set of nodes with which u needs to share keys. However, the list cannot be determined before the actual deployment. An approximate knowledge of the locations of the nodes may strengthen the protocols, but robustness for handling run-time variations must be built in the protocols.
Mobility of sensor nodes
Sensor nodes may be static or mobile. Mobile nodes change the network configurations (like the lists of neighbours) as functions of time and call for time-varying security tools.
Still, sensor nodes need to communicate secretly. The clear impracticality of using public-key routines forces one to use symmetric ciphers. But setting up symmetric keys among communicating nodes is a difficult task. The number n of nodes in a sensor network can range up to several hundred thousands. Storing a symmetric key for each pair of nodes is impossible, since that requires each sensor to have a memory large enough to store n – 1 keys. On the other extreme, every communication may use a single network-wide symmetric key. In that case the capture of a single node makes communication over the entire network completely insecure.
The plot thickens. There are graceful ways out. A host of algorithms has been recently proposed to address key establishment issues in sensor networks. In the rest of this appendix, we provide a quick survey of these tools. For the sake of simplicity, we assume here that our sensor network is static, that is, the nodes have no (or negligibly small) mobility. Though the schemes described below may be adapted to mobile networks, the required modifications are not necessarily easy and the current literature does not seem to be ready to take mobility into account.
We continue to deal with sensor processors of the capability of Atmel ATmega 128L. In practice, better processors (with speed, storage and cost roughly one order of magnitude higher) are available. We assume that the size (number of nodes) n of a sensor network is (usually) not bigger than a million, and also that a sensor node has of the order of 100 neighbours in its communication range.