Академический Документы
Профессиональный Документы
Культура Документы
SECURITY
S NIRELESS ENSOR ETWORKS
By ADRIAN PERRIG, JOHN STANKOVIC, and DAVID WAGNER
They are susceptible to a variety of attacks, including
node capture, physical tampering, and denial of service, while
prompting a range of fundamental research challenges.
W
ireless sensor network areas, presenting the added risk of physical attack.
applications include ocean And third, sensor networks interact closely with their
and wildlife monitoring, physical environments and with people, posing new
manufacturing machinery security problems. Consequently, existing security
performance monitoring, mechanisms are inadequate, and new ideas are
building safety and earth- needed. Fortunately, the new problems also inspire
quake monitoring, and new research and represent an opportunity to prop-
many military applications. erly address sensor network security from the start.
An even wider spectrum of future applications is Here, we outline security issues in these networks,
likely to follow, includ- discuss the state of the
ing the monitoring of art in sensor network
highway traffic, pollu- security, and suggest
tion, wildfires, building future directions for
security, water quality, research. We cover
and even people’s heart several important secu-
rates. A major benefit rity challenges, includ-
of these systems is that ing key establishment,
they perform in-net- secrecy, authentication,
work processing to privacy, robustness to
reduce large streams of denial-of-service attacks,
raw data into useful secure routing, and node
aggregated informa- capture. We also cover
tion. Protecting it all is several high-level secu-
critical. rity services required for
Because sensor networks pose unique challenges, wireless sensor networks and conclude with future
traditional security techniques used in traditional net- research challenges.
works cannot be applied directly. First, to make sen-
sor networks economically viable, sensor devices are A Secure System
limited in their energy, computation, and communi- Security is sometimes viewed as a standalone com-
CAREN ROSENBLATT
cation capabilities. Second, unlike traditional net- ponent of a system’s architecture, where a separate
works, sensor nodes are often deployed in accessible module provides security. This separation is, however,
A
nother risk is that sensor networks ini-
tially deployed for legitimate purposes
might subsequently be used in unan-
ticipated and even illegal ways. The
notion of function creep is universal
in the privacy literature. For instance,
U.S. Social Security numbers were
originally intended for use only by the
Social Security program but have gradually come to be
used as an all-purpose personal identification number.
The networked nature of sensor networks raises
new threats that are qualitatively different from what
private citizens worldwide faced before. Sensor net-
works allow data collection, coordinated analysis, and tence, form, and implications of surveillance are more
automated event correlation. For instance, networked likely to accept the technology. However, our current
systems of sensors enable routine tracking of people understanding of privacy in sensor networks is imma-
and vehicles over long periods of time, with troubling ture, and more research is needed.
implications. Robustness to communication denial of service.
Technology alone is unlikely to be able to solve the Adversaries can severely limit the value of a wireless
privacy problem; rather, a mix of societal norms, new sensor network through denial-of-service attacks [9].
laws, and technological responses are necessary. As a In its simplest form, an adversary attempts to disrupt
starting point, fair information practices might pro- the network’s operation by broadcasting a high-energy
vide a reasonable guideline for how to build systems signal. If the transmission is powerful enough, the
that better protect privacy. Providing awareness of the entire system’s communication could be jammed.
presence of sensor nodes and data acquisition is par- More sophisticated attacks are also possible; the adver-
ticularly important. Affected parties aware of the exis- sary might inhibit communication by violating the