The general objective of this deliverable is to define how lightweight security services, including trust and privacy management, will be provided within the overall e-SENSE architecture, in a way that effectively covers the various security needs of the defined e-SENSE scenarios.
The first step was to understand the security needs of the e-SENSE scenarios, which are grouped into industrial, community and personal application spaces. This was achieved through a comprehensive security requirements analysis. Potential threats to Wireless Sensor Networks (WSNs) were classified, and then a risk level for each threat was obtained through an analysis of the likelihood and impact of the threat. A set of high-level security requirements that could be used to mitigate these threats were then mapped to the scenarios, together with an indication of the strength of security requirement required where appropriate. More accurately, these requirements were mapped to the "context building blocks" for each of the three groups of application scenarios (i.e. industrial, community and personal) rather than to the individual scenarios themselves. These context building blocks were previously identified within e-SENSE, and capture common functionality across multiple scenarios.
The next step was to investigate the state-of-the-art for implementing the identified high-level security requirements, and to identify where potential gaps exist. From the particularly important gaps for the e-SENSE scenarios, the ones related to:
? Certificate and behaviour based trust management frameworks specifically targeted at the needs and constraints of WSNs
? A standardised and extensible framework for user profiles, context profiles and application/service profiles in WSNs were further investigated. State-of-the-art progression in adaptable lightweight security services, trust management and context-aware privacy protection for WSNs is being undertaken as part of the adaptive security framework.
An adaptive security framework for the security needs of the e-SENSE scenarios is proposed. The motivation behind the framework is that the scenarios have widely diverging security requirements and in some of them these requirements may change rapidly according to changes in context, such as type of information generated by nodes, location, current service, user preferences, etc. The framework aims to dynamically manage security, privacy and trust to always be able to apply the correct mechanisms for the current situation.
This could significantly save on resources, such as battery power.
The basic component of the security framework is a cross-layer Security Manager, positioned in the Management Subsystem of the e-SENSE protocol stack. Security, privacy and trust functionalities are provided by Agents that have been defined as components of the Security Manager. The Security Agent selects the ‘Security Level’, which determine the mechanisms and protocols that are used to provide authentication, encryption, message freshness and integrity. The Privacy Agent applies the appropriate controlled information disclosure mechanisms by evaluating the current relevant context attributes against the Privacy Policies. Decisions on the cooperation between network nodes are based on their trust status, determined by the Trust Agent according to the network pre-configuration, and the outcome of the trust establishment procedure that is defined as part of the framework.
Extended and scaled-down versions of the framework can be deployed on different nodes, providing varying levels of security functionality according to their capabilities and roles. This ensures the scalability of the framework. It was also shown how the framework could be applied in practice by explaining the configuration of the components for three selected eSENSE scenarios - a BSN of the community application space; ESN with localisation of the community application space and ESN without localisation of the industrial application space.
The proposed framework has also been integrated into the overall e-SENSE architecture by defining interfaces for the security manager module, and providing sequence diagrams for the interactions between the security manager and other components in the overall e-SENSE architecture when setting up and managing security for a WSN node.
More specifically, options for flexible lightweight security mechanisms have been analysed based on criticality of a scenario and mapped to the different security levels.
To enable the Trust Agent to manage trust in a WSN, a novel trust establishment framework has been defined. With this framework, trust can be established through one of four methods based on hierarchical trust relationships, cooperative procedure or behaviour-based trust evaluation, according to the policy and context, as well as the roles and capabilities of the nodes.
For the Privacy Agent, each item of sensitive data has a privacy flag associated with it, which defines at a high-level how it should be controlled. More specific details are managed within Application/Service, Context and User Profiles. To find the rule which is applicable for the current context, a proactive approach is chosen in order to reduce the delay from the context reasoning.
Finally, an initial evaluation of the proposed framework has been undertaken against the security requirements identified in this document and the overall system requirements and constraints. Further, performance evaluation of the adaptive security, trust establishment and the influence of the context complexity on the controlled information disclosure have been performed.
To compare the power savings with adaptive security levels with respect to a standard highest security mode, a prototype has been implemented on a TRT (UK) testbed. The security levels were simulated by switching on and off encryption and/or integrity protection using the appropriate TinySec transmit modes.
To estimate the performance of the trust establishment mechanisms, the elements of the hierarchical and cooperative trust establishment processes, which consume most resources, have been identified. The performance estimations have been analytically drawn.
The assessment of the scalable context-aware privacy protection was focused on two main aspects - the influence of the complexity and granularity of the context information on the performance of the Rule Agent and the implication of the Privacy Safeguard mechanism in terms of response delay. For this purpose a prototype of the Privacy and Profile and Rule Agent for the wireless hospital scenario has been implemented with 50, 100, 150 and 200 applicable rules and 3, 6 and 10 number of context attributes.
Finally, overall implications of the security framework on the general e-SENSE architecture
have been assessed.