Node Compromise in Sensor Networks: The Need

for Secure Systems

Carl Hartung, James Balasalle, Richard Han

Department of Computer Science

University of Colorado at Boulder

Technical Report CU-CS-990-05

January 2005
 Technical Report CU-CS-990-05, Dept of Comp Sci, Univ of Colorado at Boulder, Jan 2005

Node Compromise in Sensor Networks: The Need

for Secure Systems

Carl Hartung, James Balasalle, Richard Han

Department of Computer Science
University of Colorado, Boulder
{carl.hartung, james.balasalle, richard.han}@colorado.edu

ABSTRACT viability of such attacks. Thus, we have

While sensor network deployment is becoming designed and carried out a number of
more commonplace in environmental, business, experiments detailing the relative ease with
and military applications, security of these which commonly used current generation
networks emerges as a critical concern. Without sensor nodes can be compromised using regular
proper security, it is impossible to completely 'off the shelf' products and readily available,
trust the results reported from sensor networks free software. While we found it is very easy to
deployed outside of controlled environments. compromise a node and exploit it for various
Much of the current research in sensor purposes, we also found a number of
networks has focused on protocols and improvements that can be made in future
authentication schemes for protecting the generations of nodes in order to help alleviate
transport of information. However, all of those the possibility of sensor node compromise.
schemes are useless if an attacker can obtain a To understand the dangers of node
node from the network and extract the compromise, we must first define what we
appropriate information, such as security keys, mean by node compromise. Node compromise
from it. occurs when an attacker, though some subvert
We focus our research on the area of secure means, gains control of a node in the network
systems. In this paper we demonstrate the ease after deployment. Once in control of that node,
with which nodes can be compromised as well as the attacker can alter the node to listen to
show exactly what information can be obtained information in the network, input malicious
and how it can be used to disrupt, falsify data data, cause DOS, black hole, or any one of a
within, or eavesdrop on sensor networks. We myriad of attacks on the network. The attacker
then suggest mechanisms to detect intrusions into may also simply extract information vital to the
individual sensor nodes. Finally, we come up network’s security such as routing protocols,
with security measures that can be implemented data, and security keys. Generally compromise
in future generation nodes to improve security. occurs once an attacker has found a node, and
then directly connects the node to their
1. INTRODUCTION computer via a wired connection of some sort.
While node compromise is often discussed as a Once connected the attacker controls the node
potential vulnerability in sensor networks [5], by extracting the data and/or putting new data
almost no work has been done to prove the or controls on that node.
Generally, all sensors must have an interface

1
 Technical Report CU-CS-990-05, Dept of Comp Sci, Univ of Colorado at Boulder, Jan 2005

that enables them to be programmed by another to inject malicious messages into the network
machine. The exception to this would be and confuse it, or provide false data to the end
preprogrammed sensors for a specific task, but user application.
current sensor technology demands that sensors The remainder of this paper is organized as
are flexible and can be programmed and follows: Section 2 discusses the design of
reprogrammed for a number of different uses. current sensor hardware. Section 3 analyzes
Tamper proof hardware is also available, but different attack models and scenarios. We
significantly increases cost and reduces the discuss the problems presented by these
leeway for user/programmer error, as well as vulnerabilities in Section 4. In section 5 we
eliminates the reprogramability. Typically the discuss possible improvements for next
programming interface on a sensor node is either generation nodes, and in section 6 we discuss
a direct serial, parallel connection, or USB future work which needs to be done in this area.
connection (henceforth referred to as 'wired'), or Finally, we sum up the conclusions of our paper
an intermediate programming board which is in section 6.
connected to both the node and a wired
connection. These programming interfaces,
which provide so much flexibility in
programming sensor nodes, also provide would-
be attackers with the easiest means of
compromise.
For our experiments we programmed a sensor
node with various applications and various
operating systems, and attempted to extract that
information using freely available software,
standard computer exploits such as buffer
overflows, and various debugging mechanisms.
Debugging tools are usually the most popular
weapons for attackers to determine how to
Figure 1) A) Programming board with Mica2 plugged
exploit programs, and that generality is still true in. B) Other side of Mica2. C) AVR ICE JTAG
for sensor networks. We tried our exploits on programmer connected to programming board with
both TinyOS[3], an event based operating ribbon and connected to computer via serial cable.
system, and Mantis OS[4], a multi-threaded
operating system. Our results showed that both 2. SENSOR HARDWARE
operating systems were susceptible to the same The sensor hardware we chose for our
attacks. experiments was the Mica2 mote by XBow.
In our experiments were able to, in very little These motes are currently the most widely used
time (<1 minute), extract all of the information sensor node, having been used in several
located onboard the node's EEPROM, Flash, and wireless sensor network installations [2].
SRAM. Once the attacker has access to all of The Mica2 uses an Atmega128 chip for its
this data, they can analyze it to ascertain keys, processor. It is an 8-bit processor running at
routing protocols, and other security sensitive 4MHz. They come with 128KB of instruction
information. With this information an attacker flash, 4KB SRAM, and 4KB EEPROM. The
could adversely affect the network in a variety of chip is designed using a harvard architecture. It
ways. Attackers could simply use the keys to is important to note the harvard architecture as
decrypt messages and listen to all the traffic in it prevents a handful of standard computer
the network, or possibly modify the code in order attacks, such as buffer overflow, which we will

2
 Technical Report CU-CS-990-05, Dept of Comp Sci, Univ of Colorado at Boulder, Jan 2005

discuss later in the paper. Interestingly enough, type of intermediate programming board. Also,
the use of the harvard architecture in embedded not all processors use the JTAG interface for
systems, and specifically in sensor nodes, was OCD, but most which have been used in sensor
not intended to provide security features. Rather, node development do, and others provide
the design of the harvard architecture, using similar chip debugging mechanisms.
separate memories for data and instructions and
requiring different busses for each, allows 3. ATTACK MODELS
instructions and operands to be fetched 3.2 Types of Attack
simultaneously. This means the architecture can There are different attack models we must
run much faster as it is able to fetch the next consider, but many are outside the scope of this
instruction at the same time it completes the paper. An attacker may range from a prankster
current instruction. It is important to note the with a laptop and a serial cable with a few
improvement in speed as the nodes tend to be hours to kill to a military installation with
extremely resource constrained. Thus, though hundreds of scientists with unlimited money
only intended to provide a speed boost to the and time.
system, the harvard architecture actually We first consider the latter of the above
provides a good level of security against radio mentioned cases: a military installation or other
attacks, specifically against standard buffer science lab with many scientists. In this
overflow attacks. example you can assume that the scientists have
The Mica2 has a serial interface connected to a access to oscilloscopes, process analyzers, and
programming board. Typically the Mica2 is any number of other analytical machines to help
programmed using the intermediate them crack the system. These machines
programming board connected to the computer typically cost thousands of dollars and are
with either a serial or parallel connection. The rarely found outside of such installations.
programming board also has a JTAG interface Given the resources of such installations, it is
which also allows for programming, as well as reasonable to assume that given the correct
using GBD for On Chip Debugging (OCD). A amount of time all information could be
JTAG interface is an IEEE standardized interface extracted from a sensor node. The only real
to processors which allows for accessing and way to prevent this is tamper proof hardware
controlling signal levels on the chip. Figure 1 which triggers some type of self destruct
shows an AVR ICE JTAG programmer interface mechanism upon attempted compromise. One
as well as a programming board with a mica2 can also assume that if the enemy has such
attached. capabilities and desires to learn what the sensor
Though we only tested the Mica2 hardware, net is doing, that the implementers would, in
our results can be generalized over sensor fact, use some sort of tamper proof hardware.
networks as a whole. Code on current sensor Since it is almost impossible to stop unlimited
nodes needs to be installed and reinstalled. Thus, time and money, and tamper proof hardware is
today’s sensor technology requires direct access generally prohibitively expensive, the above
to the node via a wired interface or through some scenario is a bit beyond the scope of

3
 Technical Report CU-CS-990-05, Dept of Comp Sci, Univ of Colorado at Boulder, Jan 2005

Figure 2) Programming a node with Tiny OS’ TinySec feature. Key is highlighted.

Figure 3) Hex dump of output of SRAM gathered using the JTAG interface. Key is highlighted.

this paper. Therefore, we turn our focus to the 3.2 Physical Attacks
simpler and more likely case of someone with a First, we used only a programming board and
laptop or computer, a serial cord, and possibly a a serial cable to launch our attack. Using a
programming board. Assuming the user has a freely available tool called UISP we were able
computer, serial cords are on the order of dollars, to dump the program flash as well as the
and programming boards usually run in the tens information stored in the EEPROM. A simple
to hundreds of dollars, making this scenario execution of an avr tool, avr-objcopy, converted
much more plausible. We also assume that the the source flash into an assembly file as shown
attacker has good familiarity with standard in figure 4. Once in assembly format, an
debugging tools such as GDB. With these attacker could analyze the code to ascertain
assumptions, we now show how an attacker can routing protocols and/or any pre-coded keys.
compromise a node in less than 1 minute. Depending on the complexity of the program,

4
 Technical Report CU-CS-990-05, Dept of Comp Sci, Univ of Colorado at Boulder, Jan 2005

the analysis could take significant time, but that and 3 show the output from both TinySec's
is outside the scope of this paper. The danger programming the key into the node, and the
here is that it took <1 minute to obtain the source HEX dump of the SRAM from the node. One
image. As all of the above commands are simply thing to note is that TinySec does not specify
one command line execution with a handful of any key pre-distribution method, it merely
arguments, a majority of the time, about 45 assigns a global key to the system. Thus, an
seconds, was spent transmitting the binary image attacker seeking the TinySec key need only
over the relatively slow serial interface onto the target a well-known address or area of memory
computer's hard drive, or converting from one in advance, rather than downloading the
format to another. The rest of the time, about 15 complete binary image of the operating system
seconds, was human interface time typing the and applications, thereby reducing the
necessary commands for retrieving the flash, download further and enabling compromise in
which can also be automated for maximum mere seconds.
speed.
Next, we used an AVR JTAG interface to
attempt to acquire the same data from the sensor
node. With the JTAG programmer we found that
not only were we able to dump the program flash
and the EEPROM, but we were also able to
dump the chip's SRAM in a matter of seconds.
Generally the SRAM is considered the safest
place to store keys and other sensitive
information due to its volatile nature. However,
the ease with which the data was extracted from
SRAM proved that the notion of SRAM being
safer is false. This alone invalidates the security
claims of many of the global and shared key
schemes. Again, the extraction took mere
seconds and again a majority of the time was Figure 4) Assembly output after retrieving from flash
spent transferring the data from the node to the and altering using avr-objcopy.
computer. The longest task was dumping the
program flash (128K), and that only took ~30
seconds. 4. DISCUSSION
After having discovered the above simple Looking at most current security protocols in
methods to get the data, we ran an experiment to sensor networks reveals assumptions that keys
quickly analyze the ease at which we can or algorithms are hard to obtain. Our research
discover keys buried within that data. We loaded shows the opposite of this assumption. Given
TinyOS' TinySec[1] security protocol onto a that it takes less than 1 minute to dump all of
node and then used our JTAG attack to the EEPROM, program Flash, and a chip's
determine if we could decipher the keys. We SRAM, it is impossible to assume that any
dumped the SRAM and converted it into HEX stored keys are safe on a sensor node. Also,
format, again using freely available tools, and given enough time assembly code can be
saw the "secret" key right in front of us. A few analyzed and modified, or even decompiled into
iterations with other programs that have C code using various primitive decompilers.
implemented TinySec showed that the key was Since we cannot truly state that our keys on
always in the same location in SRAM. Figures 2 our nodes are secure, we cannot then state that

5
 Technical Report CU-CS-990-05, Dept of Comp Sci, Univ of Colorado at Boulder, Jan 2005

our data is secure an accurate. This could lead to that attacker can access all the SRAM it may
huge issues in any sensor node deployment from not completely prevent an attacker from still
agriculture to military. Even our supposedly participating in the network.
secure protocols cannot be considered safe since LEAP [13] assumes that a global key is
one would never know if an attacker had erased after an initial setup period Test. The
obtained the protocol's keys or not. assumption is that Test is much less than the
These discoveries demonstrate the need to time to compromise a node Tmin. However, as
develop secure systems in sensor networks. we have shown, this assumption can be violated
Simply securing the data transmitted from node if it only takes on the order of seconds to
to node is not enough. If a single node in the compromise a node. Also, in this scheme, we
network can be compromised, the security would expect that there will be cases when Test
encapsulating the transmitted data is also would in reality be on the order of tens of
compromised. Though tamper proof hardware is minutes in certain deployment schemes, e.g.
available, it is too expensive to use in most dropped and scattered from airplanes. In these
deployments. Therefore, securing the entire scenarios, the scattered nodes, even if dropped
system is essential to guarantee accurate and simultaneously, may arrive in different parts of
secure data. the network at different times and will need
As is, sensor nodes cannot determine whether a some slack time to set up the network and
user is simply using debugging tools or bootstrap pairwise links using the transitory
attempting to hack in. There need to be global key. During this time, if an adversary
mechanisms to turn off debugging tools at a level observes a node and quickly obtains the key
other than hardware. These problems are not using any of the techniques shown here, i.e. Test
paramount in standard computer systems as it is > Tmin, then the global key will be
rare that someone will open a computer up and compromised, allowing the adversary unlimited
directly interface with its processor or access to any portion of the network. LEAP
motherboard. However, since direct also assumes that moving the global key from
communication is such a common way of non-volatile memory into volatile memory
interfacing with sensor nodes, the ability to provides added security. As we have shown,
disable debugging tools is important to ensure that assumption is false, because both RAM and
security. flash are accessible to an adversary.
Current literature[6,13] suggests schemes where
pre-distributed keys are erased after new keys 5. IMPROVEMENTS
have been established using the pre-distributed As stated above the Atmel processor has an on
ones. We agree that these approaches mitigate chip debugging feature. This feature is what
node compromise. These schemes usually enables us to easily obtain the contents of main
involve encrypting a challenge with the key memory. On chip debugging greatly facilitates
before destroying it. This challenge enables the the development of new applications and
node to communicate with other nodes that also devices. However, it exposes a new set of
have the challenge. Since the challenge is stored security vulnerabilities to an attacker.
in memory, compromising the node still gains Currently it is possible to turn the on-chip
access to the challenge. The literature[9] debugging feature off. However, it is a very
suggests ways to find keys in memory, but since simple to turn it back on using publicly
a challenge could be vastly different from a key, available debugging tools. A version of the
it might take significantly longer to find. Atmel processor with the on-chip debugging
Therefore erasing a node’s keys could feature on/off switch in software rather than
significantly slow down an attacker, but since hardware would eliminate a category of

6
 Technical Report CU-CS-990-05, Dept of Comp Sci, Univ of Colorado at Boulder, Jan 2005

possible attacks. Furthermore, if the OCD the "new" node still contains all the required
request generated an interrupt which could be security information. When an attacker
caught by software then the node could erase any physically finds a node without tamper resistant
important information. Toggling the OCD in hardware, he has fewer constraints and many
software would mean that an attacker would have attack options are available to him. However,
to replace the code image on the node, destroying this means he has to find the nodes first.
all of the data they are trying to extract. Sensor Finally, one more area that needs additional
networks deployed in especially hostile research is that of public key infrastructure on
environments such as a battlefield, or in sensor nodes. In [7] elliptic curve cryptography
particularly sensitive areas such as a hospital or is presented to address some of the
financial applications, it would be desirable to shortcomings of most key pre-distribution
have a sensor node which would not respond to solutions. Developing this idea could also
the standard on-chip debugging. better secure the operating systems of sensor
Another possible solution would be to use nodes.
location aware applications[8] that could detect
movement on a fine scale, GPS, or group 7. CONCLUSIONS
communication techniques. The network could There is a great need to design secure systems
then mark 'moved' nodes as possibly for sensor networks. The flexibility of the
compromised and flag their data at the end-user current generation of sensor nodes leaves too
application. Furthermore, if a node can detect its many holes open which allow attackers access
own movement by either accelerometers or GPS to vital system information. Until such systems
then it can preemptively delete important exist, it is impossible to confidently trust the
information stored in SRAM, flash, or anywhere data from any sensor network deployed outside
else on the system. of a controlled environment. We have shown
that it is trivially easy to retrieve program code,
6. FUTURE WORK static data, and even dynamic program memory
Future research in this area needs to be done so from sensor nodes. Current sensor nodes are
that we can understand better ways of preventing easily tampered with, code can be easily
and detecting system level attacks. Possible altered, and system critical information is easily
areas of prevention include location aware nodes obtained using freely available software and
that can detect when they are moved. Another cheaply available hardware. With this
means of prevention is the hardware support to information, attackers have virtually free reign
disable the on-chip debugging, which would to spy on, participate in, or subvert sensor
prevent an attacker from using a JTAG or similar networks. There exist several research
device. While research on intrusion detection of opportunities to pursue in the directions of
a network is underway, intrusion detection of an detecting attempted compromise, or outright
individual node is an area of research that prevention of node compromise. Only when
especially needs to be addressed. Intrusion we have a secure system design can we be
detection is extremely difficult because of the confident that our secure transmission protocols
resource constraints imposed by sensor node will once again be safe.
hardware. In SWATT [12], nodes apply a MAC
to the operating system to detect whether the 8. BIBLIOGRAPHY
binary image of the operating system has been [1] C. Karlof, N. Sastry, D. Wagner, "TinySec: A
changed and new code loaded. Since an attacker Link Layer Security Architecture for Wireless
can completely erase and reprogram a node, it is Sensor Networks", to appear in ACM SenSys 2004
difficult to detect this behavior, especially when [2] A. Mainwaring, J. Polastre, R. Szewczyk D.
Culler, J. Anderson,"Wireless Sensor Networks for

7
 Technical Report CU-CS-990-05, Dept of Comp Sci, Univ of Colorado at Boulder, Jan 2005

Habitat Monitoring", First ACM Workshop on [8] Andreas Savvides, Chih-Chieh Han and Mani B.
Wireless Sensor Networks and Applications (WSNA) Strivastava. "Dynamic fine-grained localization in
2002, pp. 88-97. ad-hoc networks of sensors." 7-th annual
[3] J. Hill, R. Szewczyk, A. Woo, S. Hollar, D. international conference on Mobile computing and
Culler, K. Pister . "System Architecture Directions networking (MobiCom) 2001, July 16 - 21, 2001,
For Network Sensors", ASPLOS 2000. Rome Italy. Pages 166-179.
[4] H. Abrach, S. Bhatti, J. Carlson, H. Dai, J. Rose, [9]Tal Garfinkel, Ben Pfaff, Jim Chow, Mendel
A. Sheth, B. Shucker, R. Han, "MANTIS: System Rosenblum, "Data Lifetim is a Systems Problem",
Support for MultimodAl NeTworks of In-situ To appear in the 2004 SIGOPS European
Sensors", 2nd ACM International Workshop on Workshop.
Wireless Sensor Networks and Applications (WSNA) [10] Jonathan Hui, David Culler, "The Dynamic
2003, pp. 50-59. Behavior of a Data Dissemination Protocol for
[5] L. Eschenauer and V. Gligor. "A key management Network Programming at Scale", Sensys '04
scheme for distributed sensor networks." In [11] B. Przydatek, D. Song, A. Perrig, "SIA: Secure
Proceedings of the 9th ACM Conference on Information Aggregation in Sensor Networks",
Computer and Communication Security, pages 41– ACM SenSys 2003
47, November 2002. [12] A. Seshadri, A. Perrig, L. van Doorn, and P.
[6]D. Liu, P. Ning, "Establishing Pairwise Keys in Khosla. Swatt: Software-based attestation for
Distributed Sensor Networks," in Proceedings of the embedded devices. In Proceedings of the IEEE
10th ACM Conference on Computer and Symposium on Security and Privacy, May 2004.
Communications Security (CCS '03), pages 52--61, [13] S. Zhu, S. Setia, and S. Jajodia. Leap: Efficient
Washington D.C., October, 2003. security mechanisms for large-scale distributed
[7] D. Malan, M. Welsh, M. Smith, "A Public-Key sensor networks. In 10th ACM Conference on
Infrastructure for Key Distribution in TinyOS Based Computer and Communications Security,
on Elliptic Curve Cryptography", IEEE SECON Washington D.C, USA, October 2003.
2004.