Wireless Sensor Networks

Security mechanisms

A Wireless Sensor Network (WSN) must implement various underlying protocols, such as routing, aggregation, and time synchronization, to enable the provisioning of its services. These protocols will allow network data to be queried and to be offered to any user that needs them. In order for WSNs to be robust and fault tolerant against internal errors or malicious attacks, all protocols must be specially designed to cope with extraordinary situations. However, this is not enough to adequately protect WSNs. It is necessary to implement various security mechanisms that will provide support for the different protocols of the network, allowing these protocols to comply with various security properties such as confidentiality, integrity, authentication and availability. Moreover, such security mechanisms must be adapted to the specific requirements of the WSNs applications and environments, so as to optimally make use of the limited network resources. At NICS, we have studied and designed many of these security mechanisms. In particular, not only we have studied the different security primitives that can be used in a WSN [1], but also we have analyzed how key management systems can be optimally selected to manage the cryptographic keys used by those primitives [2]. Beyond the creation of secure channels, we have also investigated how other supporting protocols, such as intrusion detection systems [3] and trust management systems [4], can benefit all the protocols of the network by giving a quasi-real-time map on the state of the network and the behavior of its elements. Finally, we also have investigated how all these mechanisms could be efficiently integrated into a software architecture, devising a transversal layer that retains the benefits of layered architectures while limiting the disadvantages of cross-layer architectures [5]. Precisely, some of the ideas of this transversal layer were applied to a EP2P context in the SMEPP project.


Location Privacy

As aforementioned, the information produced by a WSN is in many application scenarios highly sensitive, thus it must be properly secured. The security mechanisms that have been previously mentioned clearly help to reduce the risks of unauthorized parties obtaining or manipulating the network information. However, an adversary can still be able to obtain sensitive information about the network itself or the area/phenomenon being monitored. In particular, the location of the nodes reporting data, and consequently the location of events, is part of the information that could be leaked because of the nature of WSNs, more precisely due to the communications pattern. NICS considers that this contextual data must be carefully protected since the events can be directly related either to individuals or to important assets [6]. The criticality of the location privacy problem is evident in many current WSNs scenarios, such as Critical Infrastructure monitoring, endangered animal species surveillance, and cargo tracking, but also in the scenarios which are to appear with the advent of the Internet of Things (IoT).



  1. R. Roman, C. Alcaraz, and N. Sklavos, "On the Hardware Implementation Efficiency of Cryptographic Primitives", Wireless Sensor Network Security, J. Lopez, and J. Zhou Eds., IOS Press, 2008. More..


    Security has been proven a crucial factor in the provision of data services and especially in the computer-related environments. While wired and wireless networks come to all sectors of everyday life, security tries to satisfy the growing needs for confidentiality, integrity and non-repudiation. There are many instances of security primitives and each one of them has different requirements in terms of processing power, word size, etc. Therefore, it is important to review the functionality of the less resource-demanding encryption algorithms in order to analyze their theoretical suitability to the existent sensor node hardware. Still, the constraints inherent to the sensor nodes advise against the total dependence on software-based implementations, even more in the case of expensive primitives.

  2. D. Galindo, R. Roman, and J. Lopez, "On the Energy Cost of Authenticated Key Agreement in Wireless Sensor Networks", Wireless Communications and Mobile Computing, vol. 12, Wiley, pp. 133-143, Jan 2012. DOI (I.F.: 0.863)More..


    Wireless sensors are battery-powered devices which are highly constrained in terms of computational capabilities, memory and communication bandwidth. While battery life is their main limitation, they require considerable energy to communicate data. Due to this, it turns out that the energy saving of computationally inexpensive primitives (like symmetric key cryptography (SKC)) can be nullified by the bigger amount of data they require to be sent. In this work, we study the energy cost of key agreement protocols between peers in a network using asymmetric key cryptography. Our main concern is to reduce the amount of data to be exchanged, which can be done by using special cryptographic paradigms like identity-based and self-certified cryptography. The main news is that an intensive computational primitive for resource-constrained devices, such as non-interactive identity-based authenticated key exchange, performs comparably or even better than traditional authenticated key exchange (AKE) in a variety of scenarios. Moreover, protocols based in this primitive can provide better security properties in real deployments than other simple protocols based on symmetric cryptography. Our findings illustrate to what extent the latest implementation advancements push the efficiency boundaries of public key cryptography (PKC) in wireless sensor networks (WSNs).

    Impact Factor: 0.863
    Journal Citation Reports® Science Edition (Thomson Reuters, 2012)

  3. R. Roman, J. Lopez, and S. Gritzalis, "Situation Awareness Mechanisms for Wireless Sensor Networks", IEEE Communications Magazine, vol. 46, no. 4, IEEE, pp. 102-107, April, 2008. DOI (I.F.: 2.799)More..


    A wireless sensor network should be able to operate for long periods of time with little or no external management. There is a requirement for this autonomy: the sensor nodes must be able to configure themselves in the presence of adverse situations. Therefore, the nodes should make use of situation awareness mechanisms to determine the existence of abnormal events in their surroundings. This work approaches the problem by considering the possible abnormal events as diseases, thus making it possible to diagnose them through their symptoms, namely, their side effects. Considering these awareness mechanisms as a foundation for high-level monitoring services, this article also shows how these mechanisms are included in the blueprint of an intrusion detection system.

    Impact Factor: 2.799
    Journal Citation Reports® Science Edition (Thomson Reuters, 2008)

  4. R. Roman, C. Fernandez-Gago, J. Lopez, and H. Hwa Chen, "Trust and Reputation Systems for Wireless Sensor Networks", Security and Privacy in Mobile and Wireless Networking, S. Gritzalis, T. Karygiannis, and C. Skianis Eds., Troubador Publishing Ltd, pp. 105-128, 2009. More..


    The concept of trust has become very relevant in the late years as a consequence of the growth of fields such as internet transactions or electronic commerce. In general, trust has become of paramount importance for any kind of distributed networks, such as wireless sensor networks (WSN in the following). In this chapter of the book, we try to give a general overview of the state of the art on trust management systems for WSN and also try to identify the main features of the architectures of these trust management systems.

  5. R. Roman, J. Lopez, and P. Najera, "A Cross-layer Approach for Integrating Security Mechanisms in Sensor Networks Architectures", Wireless Communications and Mobile Computing, vol. 11, Wiley, pp. 267-276, 2011. DOI (I.F.: 0.884)More..


    The wireless sensor networks (WSN) paradigm is especially vulnerable against external and internal attacks. Therefore, it is necessary to develop security mechanisms and protocols to protect them. These mechanisms must become an integral part of the software architecture and network stack of a sensor node. A question that remains is how to achieve this integration. In this paper we check how both academic and industrial solutions tackle this issue, and we present the concept of a transversal layer, where all the different security mechanisms could be contained. This way, all the elements of the architecture can interact with the security mechanisms, and the security mechanisms can have a holistic point of view of the whole architecture. We discuss the advantages of this approach, and also present how the transversal layer concept was applied to a real middleware architecture.

    Impact Factor: 0.884
    Journal Citation Reports® Science Edition (Thomson Reuters, 2011)

  6. R. Rios, and J. Lopez, "Source Location Privacy Considerations in Wireless Sensor Networks", 4th International Symposium of Ubiquitous Computing and Ambient Intelligence (UCAmI’10), L. Fuentes, N. Gámez, and J. Bravo Eds., IBERGARCETA PUBLICACIONES, S.L., pp. 29 - 38, Sept., 2010. More..


    Wireless Sensor Networks are considered to be one of the cornerstones of Ambient Intelligence since they can be used in countless applications, where sensors are unobtrusively embedded into the environment to perform operations like monitoring, tracking and reporting. In such scenarios, privacy issues must be carefully considered since the mere observation of the network operation might reveal great amounts of private information to unauthorised parties. One of the problems that is gaining more attention in the realm of privacy, is the location privacy problem, which aims to prevent an attacker from obtaining the location of specific nodes of interest to him. In this paper we provide a general overview of the proposed solutions to counter this threat. Finally, we will also discuss some open challenges and future directions of research for a convenient management of privacy issues in smart environments.

  7. C. Alcaraz, P. Najera, J. Lopez, and R. Roman, "Wireless Sensor Networks and the Internet of Things: Do We Need a Complete Integration?", 1st International Workshop on the Security of the Internet of Things (SecIoT’10), IEEE, pp. xxxx, December, 2010. More..


    Wireless sensor networks (WSN) behave as a digital skin, providing a virtual layer where the information about the physical world can be accessed by any computational system. As a result, they are an invaluable resource for realizing the vision of the Internet of Things (IoT). However, it is necessary to consider whether the devices of a WSN should be completely integrated into the Internet or not. In this paper, we tackle this question from the perspective of security. While we will mention the different security challenges that may arise in such integration process, we will focus on the issues that take place at the network level.

  8. R. Roman, C. Alcaraz, J. Lopez, and N. Sklavos, "Key management systems for sensor networks in the context of the Internet of Things", Computers & Electrical Engineering, vol. 37, Elsevier, pp. 147-159, Mar 2011. DOI (I.F.: 0.837)More..


    If a wireless sensor network (WSN) is to be completely integrated into the Internet as part of the Internet of Things (IoT), it is necessary to consider various security challenges, such as the creation of a secure channel between an Internet host and a sensor node. In order to create such a channel, it is necessary to provide key management mechanisms that allow two remote devices to negotiate certain security credentials (e.g. secret keys) that will be used to protect the information flow. In this paper we will analyse not only the applicability of existing mechanisms such as public key cryptography and pre-shared keys for sensor nodes in the IoT context, but also the applicability of those link-layer oriented key management systems (KMS) whose original purpose is to provide shared keys for sensor nodes belonging to the same WSN.

    Impact Factor: 0.837
    Journal Citation Reports® Science Edition (Thomson Reuters, 2011)