As mentioned in the previous articles (Introduction and Limitations), sensor networks are used in a number of domains that handle sensitive information. Due to this, there are many considerations that should be investigated and are related with protecting sensitive information traveling between nodes (which are either sensor nodes or the base station) from been disclosure to unauthorized third parties.
The scope of this article is to analyze basic security concepts before moving into a detail discussion of the various security issues. It is essential to first understand the security requirements that are raised in a sensor environment; by doing so, we could apply appropriate security techniques to ensure the protection and safety of data and systems involved in a more spherical approach. By knowing what we are trying to protect, we could develop a comprehensive and strong security approach to overcome possible security breaches; after all, in order to protect something you must first know that is in danger. Since sensor networks are still a developing technology. Researchers and developers agree that their efforts should be concentrated in developing and integrating security from the initial phases of sensor applications development; by doing so, they hope to provide a stronger and complete protection against illegal activities maintaining at the same time the stability of the system, rather than adding on security functionality after the application is finished.
Moving on, next section analyzes the security requirements that constitute fundamental objectives based on which every sensor application should adhere in order to guarantee an appropriate level of security.
1.1 Confidentiality
Confidentiality requirement is needed to ensure that sensitive information is well protected and not revealed to unauthorized third parties.
The confidentiality objective is required in sensors’ environment to protect information traveling between the sensor nodes of the network or between the sensors and the base station from disclosure, since an adversary having the appropriate equipment may eavesdrop on the communication. By eavesdropping, the adversary could overhear critical information such as sensing data and routing information. Based on the sensitivity of the data stolen, an adversary may cause severe damage since he can use the sensing data for many illegal purposes i.e. sabotage, blackmail. For example, competitors may use the data to produce a better product i.e. safety monitoring sensor application. Furthermore, by stealing routing information the adversary could introduce his own malicious nodes into the network in an attempt to overhear the entire communication.
If we consider eavesdropping to be a network level threat, then a local level threat could be a compromised node that an adversary has in his possession. Compromised nodes are a big threat to confidentiality objective since the adversary could steal critical data stored on nodes such as cryptographic keys that are used to encrypt the communication.