SECURITY CHALLENGES FOR ENERGY-HARVESTING

WIRELESS SENSOR NETWORKS

Alessio Di Mauro, Davide Papini and Nicola Dragoni

DTU Informatics, Technical University of Denmark, Copenhagen, Denmark

Keywords:

Security, Energy-harvesting, Wireless Sensor Network.

Abstract:

With the recent introduction of Energy-Harvesting nodes, security is gaining more and more importance in

sensor networks. By exploiting the ability of scavenging energy from the surrounding environment, the lifes-

pan of a node has drastically increased. This is one of the reason why security needs a new take in this topic.

Traditional solutions may not work in this new ﬁeld. Brand new challenges and threats may arise and new

solutions have to be designed. In this paper we present a taxonomy of attacks, focusing on how they change in

the energy harvesting scenario compared to regular sensor networks. Finally, we present and discuss existing

security solutions for EH-WSNs.

1 INTRODUCTION

A recent trend in the sensor networks ﬁeld is to equip

nodes with energy scavenging units. Energy Harvest-

ing Wireless Sensor Networks (EH-WSNs) are regular

wireless sensor networks, where nodes have the spe-

cial capability of recovering some of the energy sur-

rounding them. This energy is then used to power a

node. Harvestable sources can vary according to their

provenience, their predictability and whether they are

controllable or not. Typical sources of scavenged en-

ergy are light sources, thermal gradients, radio waves,

wind sources, shocks and vibrations. As described in

(Sudevalayam and Kulkarni, 2011) the possible archi-

tectures are Harvest-Use where the harvested energy

is instantly used to energize the node, or Harvest-

Store-Use where the energy obtained from the envi-

ronment is accumulated in one or more storage units

such as super-capacitors. In the second case the ex-

cess energy is not wasted (unless also the storing unit

is full) and the harvested energy source does not have

to be constantly present for the node to run. On the

other hand additional components have an impact on

the ﬁnal cost of the nodes.

The introduction of energy harvesting radically

changes the way to design WSNs. The energy avail-

able in a node battery is not bound to monotonically

decrease, but it can also increase or maintain its level

over time, depending on the availability of the scav-

enged source. This means that a sensor node can “die”

and “come back to life” multiple times. Furthermore,

different operations require different amount of en-

ergy, with the transmission through the on-board ra-

dio generally being the most expensive one (Wander

et al., 2005). This requires the node having to choose

how to spend its energy, depending on what parame-

ter is considered most important and should therefore

be prioritized (e.g. throughput vs availability).

In this paper we provide a taxonomy of attacks for

energy harvesting WSNs, we see how scavenging ca-

pabilities affect them and if new and speciﬁc attacks

can be depicted. Moreover, we present a discussion

of the current state of the art for security contribu-

tions speciﬁc to EH-WSNs. Lastly we present some

considerations and ideas about such solutions.

The remainder of this paper is organized as fol-

low. In Section 2 we present a classiﬁcation of secu-

rity threats for EH-WSNs focusing on the differences

with regular WSNs. Section 3 contains an overview

of related work for the topic and Section 4 presents

some comments and thoughts on it. Section 5 con-

cludes the paper.

2 SECURITY CHALLENGES

Security in WSNs is a well known topic and has been

studied for many years. Lots of different attacks have

been discovered, implemented and addressed (Lupu,

2009), (Sen, 2010), (Martins and Guyennet, 2010).

Speciﬁc protocols have been designed to secure diff-

422

Di Mauro A., Papini D. and Dragoni N..

SECURITY CHALLENGES FOR ENERGY-HARVESTING WIRELESS SENSOR NETWORKS.

DOI: 10.5220/0003907104220425

In Proceedings of the 2nd International Conference on Pervasive Embedded Computing and Communication Systems (PECCS-2012), pages 422-425

ISBN: 978-989-8565-00-6

 2012 SCITEPRESS (Science and Technology Publications, Lda.)

erent aspects. Despite that, introduction of energy

harvesting capabilities is a game changer, a fresh ap-

proach is required in order to address the speciﬁc

challenges that this technology introduces. Imagine

a simple scenario where an attacker takes control of

one or more than one node. In a regular WSN envi-

ronment a node would eventually run out of available

energy, and the attacker should then take actions in

order to keep the attack going, for example by phys-

ically replacing the battery of the depleted node or

re-deploying the attack on a new target, with all the

connected problems and risks. On the other hand in

energy harvesting enabled networks, the same iden-

tical attack would have a much greater effect due to

the extended lifespan of a node. At the same time,

an energy depletion attack would completely disrupt

a node in a battery powered WSN whereas it should

constantly be repeated in an EH-WSN scenario.

The introduction of energy scavenging capabili-

ties completely redeﬁnes the typical life cycle of a

WSN and so speciﬁcally designed approaches are re-

quired. While is obvious that the attacks possible on

EH-WSNs are a superset of those possible for regular

WSNs, it is not clear if and how they behave differ-

ently, or if new speciﬁc attacks can be deployed.

Taxonomy of Attacks. We provide a classiﬁcation

of attacks in WSNs by deﬁning and exploring three

dimensions which the attacker can exploit to perform

an attack. These are: (i) Intervention, (ii) Presence

and (iii) Time. Time dimension relates to the time

span the attacker has or needs to perform the attack,

it can go from few seconds (e.g. jamming), to sev-

eral minutes (e.g. hijacking, MITM) to a longer time

(if we take into consideration key recovery through

mere brute force or direct retrieval from stolen nodes).

Presence relates to the space domain the attack ex-

tends on, it can be local, distributed or global as de-

ﬁned in (Benenson et al., 2008). Finally Intervention

takes into consideration the actions that the attacker

can do. This is the most interesting dimension since it

can directly give an idea of possible attacks. We iden-

tiﬁed eight forms of intervention:

Destruction: the attacker can destroy one or multiple

nodes.

Eavesdropping: the attacker can intercept and store

messages sent between nodes.

Data Knowledge: the attacker can acquire the data

stored on one or multiple sensors (e.g. by dumping

the whole memory of a sensor).

Disturb/Partial Data Modiﬁcation: the attacker can

partially modify data on a sensor (e.g. change secu-

rity parameters).

Full Data Modiﬁcation: the attacker can fully modify

data stored on a sensor (e.g. by direct access to the

node or simply by feeding it with data).

Reprogramming: the attacker can reprogram a sensor.

Energy Reduction/Control: the attacker can force the

reduction of a node’s energy, or control its depletion

rate.

Energy Exploit: the attacker can exploit the energy

level of a node in a malicious way.

By looking at the list it is clear that in the en-

ergy harvesting scenario the last two elements bring to

slightly different attack patterns with respect to ordi-

nary WSNs. For space limitation, a complete analysis

of the combinations between the three dimension is

not within the scope of this paper. The reader can re-

fer to (Lupu, 2009) and (Martins and Guyennet, 2010)

for short surveys on attacks on WSNs.

Energy Harvesting. In order to better understand

attacks and relate them to energy harvesting, we iden-

tiﬁed what we call atomic actions. These can be com-

posed to build an attack. Most of the atomic actions

are not restricted to EH-WSNs only, but can be related

to any security threat in every system. We identiﬁed

three main subset of atomic actions:

Medium/Channel: listen, inject, intercept, destroy,

modify, localize, selective block of destination/source

commlinks.

Physical: tamper, switch on/off, reduce energy.

Cryptography: break encryption (e.g. key attacks) ex-

ploit speciﬁc crypto mechanisms (weak random num-

ber generator or rekeying methods, wrong implemen-

tation, side-channel attacks).

WSNs devices are typically resource constrained

in terms of energy and computation. Consider-

ing that performing cryptographic operations has an

heavy impact in terms of computations and resources

needed, and that additional work is required to han-

dle the data overhead (e.g. signatures, keys, padding),

it is clear why security has always been a challenge.

With EH-WSN energy potentially is not an issue any-

more, and computation could also be improved (more

energy translates into less need for reduced power

computation). This brings a whole new perspective

in view and new possible scenarios for security, such

as adaptable security levels, waiting queue for highly

conﬁdential data (the device transmits data when it

has the energy to encrypt it according to its content),

more reliable network topology due to the fact that

nodes last more time, possibility of multiple dupli-

cated and separated routes.

Obviously this impacts also on the attacker per-

spective, making it more difﬁcult to break stronger

encryption but also giving him other ways of attack-

ing the system. Looking at the Intervention dimen-

sion it is clear that the element that changes most with

respect to ordinary WSNs is Energy Exploit. The

SECURITY CHALLENGES FOR ENERGY-HARVESTING WIRELESS SENSOR NETWORKS

423

atomic actions which are directly connected to this

are physical (on/off switching and reduce energy) and

cryptography related. By hampering the amount of

energy that a device harvests from the environment,

an attacker can force the device to lower its security

level or to delay the transmission of high sensitive

data . Moreover, in an EH-WSN is very likely for a

node to go off for long periods and then back on, thus

hiding possible attacks that tamper with the device.

EH-WSNs also rely on energy level prediction to

perform activities at the best. An attacker could in-

tervene and alter the expected energy level thus forc-

ing the network to behave in an unpredicted or incor-

rect way. Multiple combinations are indeed possible:

an attacker could weaken the energy of a node which

is supposed to decrypt a high security level message,

thus preventing it to do so. It is very much like a DoS

attack, but softer: the node is not completely disabled

yet it cannot perform its duties to the expected level.

3 RELATED WORK

Only two interesting results can be found in litera-

ture. In both cases an adaptive security mechanism

is presented, even though the actual approach used is

somehow complementary.

Strength Oriented Approach. The ﬁrst energy

harvesting speciﬁc approach for security that we are

going to describe is the one presented in (Taddeo

et al., 2010). Here the authors consider a sensor net-

work where the trafﬁc is sent from the nodes to the

sink. Moreover, they assume the existence of differ-

ent types of package, where every type has a different

priority level and security requirements.

The starting points are the amount of energy avail-

able at a given time on a node (considering also the

energy harvester contribution), and the amount of en-

ergy required in order to send a single packet, speci-

ﬁed as the sum of discrete items (such as the energy

needed for sending the payload and the energy over-

head introduced by cryptography).

The main idea is to provide a list of possible pri-

ority levels and supported security suites with differ-

ent characteristics. The higher the priority level of a

packet, the more likely it will be delivered to its ﬁnal

destination. Different security suites instead provide

different combinations of security properties (e.g. au-

thentication, conﬁdentiality) with increasing strength

(i.e. longer key), at the cost of an higher overhead

for the transmission, which translates into an higher

amount of energy required to convey the package. By

introducing an optimization process, a node is able to

choose an adequate security suite depending on the

amount of energy available, and to delay packets ac-

cording to their priority levels.

Time Oriented Approach. The second solution

worth mentioning is (Pelissier et al., 2011). It takes

a completely different approach: the authors question

the adaptability of using block ciphers and propose a

scheme that applies to stream ciphers. They point out

that in a stream cipher the keystream is independent

of the input message, therefore it can be computed

separately in advance. So the authors suggest to pre-

compute and store keystream bytes in a buffer, and

use them when the energy within the system is scarce.

Under the circumstances of the case study pro-

posed, the authors claim a 14% increase of messages

sent from a node that uses a key buffering mechanism

compared to one that does not.

As an addition the approach introduces the pos-

sibility of having authentication capabilities. To do

so the authors implement a Wegman-Carter MAC

scheme (Carter and Wegman, 1977) based on the

Poly32 universal hash function family (Won, 2001).

4 DISCUSSION

The ﬁrst proposed approach directly takes advantage

of the inherent properties of EH-WSNs. It imple-

ments a security system that, based on the available

energy and on external constraints, can adapt two op-

posing factors such as security performance and the

node’s lifespan. Within these setting the proposed

model successfully applies the strongest available se-

curity suite and guarantee an high delivery rate for

high priority packages.

Here the network topology used could be a major

problem for real world applications. Very commonly

multihop networks are used in order to cover bigger

areas without having to use multiple or mobile sinks.

In the discussed approach, by using a star shaped net-

work, two facts always hold true: ﬁrstly, the receiver

of a packet (i.e. the sink) always has enough energy

to unpack the message, and secondly it never has to

forward the message to another node. By switching

to a multihop network these facts are not true any-

more. First of all routing protocols are needed to de-

liver messages from one end to the other. This could

cause a node to form a choke point either because it

is the routing choice of reference for a large number

of other nodes and so it has to process a lot of mes-

sages, or also because its scavenging capabilities are

hindered by physical world circumstances (e.g. a so-

lar panel equipped node is deployed close to a tree

and doesn’t receive too much sunlight). It is not clear

PECCS 2012 - International Conference on Pervasive and Embedded Computing and Communication Systems

424

what would happen in one of these scenarios, but it is

probably a problem worth further investigating.

Moreover, a system like the one presented could

greatly take advantage of harvesting prediction mod-

els like (Lu et al., 2010), so that the best choice is

not computed locally as the one that instantly maxi-

mizes the cipher’s strength or the length of the out-

going queue in a greedy manner, but a more proactive

approach could be used to provide better performance

over a longer period of time. For example by know-

ing that soon a very good situation for the energy har-

vester will manifest (e.g. sun is rising, lots of sunlight

will be available for a long period) then the current

security suite could be kept unchanged even if that

wouldn’t be the optimal choice in the short run.

The idea proposed in the second work aims at pre-

computing data when the harvested energy is abun-

dant, and using it when the available amount is re-

duced to prolong the life of a node. Anyway, the

authors of the paper do not discuss matters like the

topology of the network and the shape and direction-

ality of the trafﬁc. As discussed before, if the traf-

ﬁc generated by one node is intended to another node

rather than the sink, it could be possible that the re-

cipient does not have enough energy to process it (i.e.

decrypt it, analyze its content and react). Again, in a

multihop network nodes are burdened with the addi-

tional task of forwarding packages. This could greatly

reduce the time available for a node to compute future

keystreams. Furthermore, for node to node communi-

cation the keystreams have to be aligned for decryp-

tion to happen, and for the veriﬁcation of MACs keys

have to be shared in advance and agreed upon.

An interesting idea could be to rely on other

nodes to perform computationally demanding opera-

tions when the energy is scarce. A way to do so could

be by piggybacking data, such as the keystream bytes

for future messages, on regular messages.

5 CONCLUSIONS

Applications for EH-WSNs are constantly increasing,

and so are their security requirements. How to im-

prove these aspects is an interesting open question. In

this paper we have provided a taxonomy of attacks for

EH-WSNs, we have discussed how scavenging capa-

bilities affect them and if new and speciﬁc attacks can

be depicted. Afterwards, we have described recent

approaches that present two complementary take on

the same topic. On one hand we have an adaptation

of the strength of the algorithms used according to the

available energy, in this way communications can be

carried on, at the cost of less secure messages. On the

other hand there is a time oriented approach that takes

advantage of the decoupling between plain text and

keystreams in speciﬁc scenarios, so that the latter can

be computed in advance when the energy is abundant,

and used when it is scarce. Both ideas explain how

to exploit characteristics speciﬁc of power harvesting

systems where the amount of available energy will

ﬂuctuate over time both up and down.

Clearly being able to deﬁne solutions that can dy-

namically adapt some of their parameters according

to the current available energy, allowing the system to

run within acceptable limits in any circumstance is a

very critical feature of future EH-WSNs.

REFERENCES

Benenson, Z., Cholewinski, P., and Freiling, F. (2008). Vul-

nerabilities and attacks in wireless sensor networks.

Wireless Sensors Networks Security, pages 22–43.

Carter, J. L. and Wegman, M. N. (1977). Universal Classes

of Hash Functions (Extended Abstract). In Proc. of

STOC’07, pages 106–112. ACM.

Lu, J., Liu, S., Wu, Q., and Qiu, Q. (2010). Accurate mod-

eling and prediction of energy availability in energy

harvesting real-time embedded systems. In Proc. of

IGCC’10, pages 469–476.

Lupu, T.-G. (2009). Main types of attacks in wireless

sensor networks. In Proc. of the 9th WSEAS SSIP

’09/MIV’09, pages 180–185. WSEAS.

Martins, D. and Guyennet, H. (2010). Wireless Sensor Net-

work Attacks and Security Mechanisms: A Short Sur-

vey. In Proc. of NBiS’10, pages 313–320.

Pelissier, S., Prabhakar, T., Jamadagni, H., Venkate-

shaPrasad, R., and Niemegeers, I. (2011). Providing

Security in Energy Harvesting Sensor Networks. In

Proc. of CCNC’11 IEEE, pages 452–456.

Sen, J. (2010). A survey on wireless sensor network secu-

rity. CoRR, abs/1011.1529.

Sudevalayam, S. and Kulkarni, P. (2011). Energy harvesting

sensor nodes: Survey and implications. Communica-

tions Surveys Tutorials, IEEE, 13(3):443–461.

Taddeo, A. V., Mura, M., and Ferrante, A. (2010). QoS and

Security in Energy-Harvesting Wireless Sensor Net-

works. In Proc. of SECRYPT’10, pages 1–10.

Wander, A., Gura, N., Eberle, H., Gupta, V., and Shantz, S.

(2005). Energy Analysis of Public-Key Cryptography

for Wireless Sensor Networks. In Proc. of PerCom’05,

pages 324–328.

Won, D., editor (2001). Information Security and Cryp-

tology - ICISC 2000, Third International Conference,

Seoul, Korea, December 8-9, 2000, Proc., volume

2015 of Lecture Notes in Computer Science. Springer.

SECURITY CHALLENGES FOR ENERGY-HARVESTING WIRELESS SENSOR NETWORKS

425