tamper resistant sensor nodes

Concept and Objectives

With the advent of the Future Internet or the Internet of things wireless sensor networks (WSN) are becoming an essential part of the Internet. This development can be seen in several application domains. Google Maps already provides information stemming from sensors. The Microsoft project SensorMap aims at an easy integration of wireless sensor networks into the Internet. Other application domains such as factory automation are more and more considering wireless sensor network as part of their networks. Even in the area of Homeland security wireless sensor networks are regarded as a potential means to facilitate monitoring of wide area systems such as country borders, electricity lines etc ...

Due to the increasing complexity of these systems and especially the fact that production facilities and even critical infrastructure will rely on the Future Internet, this future Internet needs to become trustworthy. By trustworthy, we mean secure, reliable and resilient to attacks and operational failures thus guaranteeing quality of service. In order to achieve this challenging goal, all parts of the Future Internet need to provide an equivalent security level. This demand is essential since potential attackers will always select the part/device of the Future Internet which can be compromised the most easily. Currently wireless sensor nodes can be considered to be the weakest devices in the Future Internet. Wireless sensor nodes have scarce resources i.e. very limited processing power, limited memory and energy. The ╬╝Controllers normally used for wireless sensor nodes do not provide an MMU. In addition the wireless communication leads to the fact that sensor nodes cannot be protected by a centralized firewall since a potential attacker can contact the nodes directly. In many situations the attacker can even gain physical access to the sensor nodes.

Recent projects on European scope have tackled with the issue of security in WSNs at the level of software and network protocols. The results are promising but, in order to fully ensure security of wireless sensor node, they must be complemented by an approach considering physical attacks and providing appropriate countermeasures. Sensor nodes deployed in the open field can be taken away and be analysed. By that stored information and cryptographic keys can be extracted, program code can be modified and the node itself could be reprogrammed. If such an attack is executed successfully the integrity of the whole network is compromised or at least at high risk. The problem is that the compromised node is considered by all other nodes and parts of the Future network as a legitimate node.

Preventing successful physical attacks against sensor nodes requires developing means which improve the tamper resistance of these low cost devices without significantly increasing their cost. TAMPRES aims at providing a toolbox comprising the required mechanisms. TAMPRES will consider already existing approaches, but also evaluate and develop novel mechanisms to increase the resistance against physical tampering attacks focussing on low cost embedded systems and sensor networks. The centre of evaluation will be the cost-efficiency relation of promising protection means, including cryptographic implementations, design-flows to increase resistance against side-channel-attacks and fault injection, and protection of program code and memory. As a result the TAMPRES toolbox will provide not only suitable protection means but also a cost relation and by that a basic methodology which helps designers to decide on the inclusion of protection means. In order to ensure that the developed protection means are technology independent and can be considered as fundamental research results selected mechanisms will be manufactured in two technologies offered by NXP and IHP.

TAMPRES will evaluate the ability of the resulting design flows, by implementing a prototype of a secure microprocessor for WSN applications, allowing us to explore practical implications on timing, behaviour and power consumption and to validate the resistance against potential attacks.