Message corruption. Any modification of the content of a message by an attacker compromises its integrity.
Traffic analysis. Even when the messages transferred are encrypted, it still leaves a high possibility of analysis of the communication patterns. Sensor activities can potentially reveal enough information to enable an adversary to cause malicious harm to the sensor network.
Sybil attack. In a Sybil attack, a single node presents multiple identities to other nodes in the network. They pose a significant threat to geographic routing protocols, where location-aware routing requires nodes to exchange coordinate information with their neighbours to efficiently route geographically addressed packets. Authentication and encryption techniques can prevent an outsider to launch a Sybil attack on the sensor network. Using globally shared keys allows an insider to masquerade as any (possibly even non-existent) node.
Sinkhole attack. In a sinkhole attack, the adversary’s goal is to lure nearly all the traffic from a particular area through a compromised node, creating a metaphorical sinkhole with the adversary at the centre. Sinkhole attacks typically work by making a compromised node look especially attractive to surrounding nodes with respect to the routing algorithm.
Wormholes. In the wormhole at-tack, an adversary tunnels messages received in one part of the network over a low-latency link and replays them in a different part. The simplest instance of this attack is a single node situated between two other nodes forwarding messages between the two of them. However, wormhole attacks more commonly involve two distant malicious nodes colluding to understate their distance from each other by relaying packets along an out-of-bound channel available only to the attacker.
Key management is the process by which cryptographic keys are generated, stored, protected, transferred, loaded, used and destroyed. To achieve security in wireless sensor networks, it is important to be able to perform various cryptographic operations, including encryption, authentication and so on. Key management schemes are mechanisms used to establish and distribute various kinds of cryptographic keys in the network, such as individual keys, pairwise keys and group keys.
Key management is an essential cryptographic primitive upon which other security primitives are built. Most security requirements, such as privacy, authenticity and integrity, can be addressed by building a solid key management framework.
The challenge of designing key management protocols for sensor networks lies in establishing a secure communication infrastructure, before any routing fabric has been established with or without the presence of any trusted authority or fixed server, from a collection of sensor nodes that have no prior contact with each other. Some cryptographic information, e.g., a key, is normally preloaded in sensor nodes before deployment, and allows sensor nodes to perform secure communications with each other.
Trusted server schemes. Trusted server schemes depend on a trusted and secure server such as the base station for key agreement among nodes. The server can be treated as the key distribution centre (KDC). For example, assume that two sensor nodes intend to make a secure connection. In a typical case, a symmetric key is generated for each node in a sensor network before deployment and embedded in each sensor node’s memory. This embedded key is used for the two sensors to authenticate themselves to the base station. Then the base station generates a link key or session key and sends it securely to both sensor nodes via a single hop or multiple hops. In the trusted server scheme the base station is the most appropriate choice for the server, and each sensor node stores only an embedded key such that a compromising/captured node cannot reveal much security information of the sensor network.
Public-key-cryptography-based schemes. Public-key cryptography is considered very expensive for small sensor nodes, because typical public-key algorithms, e.g., RSA, require extensive computations and are not suitable for tiny sensors. However, the recent implementation of 160-bit elliptic curve cryptography (ECC) on Atmel ATmega128, a CPU of 8 MHz and 8 bits, demonstrates that ECC public-key cryptography is feasible for sensor nodes. Compared to symmetric key cryptography, public-key cryptography provides a more flexible and simpler interface, requiring no key predistribution, no pairwise key sharing and no complicated one-way keychain scheme.
Time synchronisation. Due to the collaborative nature of sensor nodes, time synchronisation is very important for many sensor network operations, such as coordinated sensing tasks, sensor scheduling (sleep and wake), mobile object tracking, time-division multiple-access (TDMA) medium access control, data aggregation and multicast source authentication protocol. For example, in the target tracking application shown in Fig. 1, sensor nodes need to know both the location where and time when the target is sensed in order to correctly determine the target’s moving direction and speed. The network time protocol (NTP) is used for synchronisation in the Internet. A sensor network is a re-source-constrained distributed system, and the NTP cannot be directly used by sensor networks.