Calculating trust in sensor networks
Calculating trust in sensor networks
Calculating trust in sensor networks
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
[PSW04]. A shared network-wide key would create a s<strong>in</strong>gle po<strong>in</strong>t of failure, where a<br />
compromised node may leak the key. Public-key cryptography (such as Diffie-Hellman<br />
key establishment) can prove to be computationally beyond the capabilities of <strong>sensor</strong><br />
nodes. Other approaches, such as us<strong>in</strong>g the s<strong>in</strong>k-node or a distributed pool of random<br />
keys to authenticate other nodes, have been proposed but they still are vulnerable to one<br />
or several captured nodes.<br />
Another aspect to consider is the ease of access an attacker may have to a node. A <strong>sensor</strong><br />
network will most likely consist of many unattended nodes scattered across a large area<br />
so ga<strong>in</strong><strong>in</strong>g access to a node will most likely be easy. Because of f<strong>in</strong>ancial considerations,<br />
a node may not have a very tamper-proof exterior. Thus, one possible attack on a <strong>sensor</strong><br />
network is node capture, where an attacker can capture and reprogram a node [BBD06]. If<br />
this attack goes unnoticed it may result <strong>in</strong> a node that behaves <strong>in</strong> an arbitrarily malicious<br />
way.<br />
If an attacker captures a node, he may extract code and keys from the node and use this<br />
<strong>in</strong>formation to launch an attack from more powerful computers. An off-the-shelf laptop<br />
will have hugely more powerful processors, more sensitive antennas and higher-powered<br />
radio transmitters than any node. A laptop computer can more efficiently eavesdrop or<br />
disrupt the <strong>sensor</strong> network. Several laptops may also be connected by a faster low-latency<br />
network that allows an attacker to mount coord<strong>in</strong>ated assaults from different parts of the<br />
network.<br />
There are several ways an attacker may take advantage of a node upon ga<strong>in</strong><strong>in</strong>g physical<br />
access [BBD06]. An attacker may change the sens<strong>in</strong>g unit of a node and thus <strong>in</strong>ject<br />
erroneous data to the network. Some nodes are designed as modular units and chang<strong>in</strong>g<br />
the sens<strong>in</strong>g component could be as easy as unplugg<strong>in</strong>g the old one and replac<strong>in</strong>g it with a<br />
new one. This operation could only take a couple of seconds. If the sens<strong>in</strong>g component is<br />
soldered <strong>in</strong>to the node it may be harder to change, but a skilled attacker could still do it<br />
<strong>in</strong> a matter of m<strong>in</strong>utes.<br />
An attacker may also be <strong>in</strong>terested <strong>in</strong> read<strong>in</strong>g or writ<strong>in</strong>g the external memory of the node<br />
if it is possible that sensitive <strong>in</strong>formation is stored <strong>in</strong> it. The simplest way to do this<br />
14