Security Challenges in Next Generation Cyber Physical Systems

The advent of low-powered wireless networks of embedded sensors has spurred the development of new applications at the interface between the real world and its digital manifestation. Following this trend, the next generation Supervisory Control And Data Acquisition (SCADA) system is expected to replace traditional data gathering – a distributed network of Remote Terminal Units (RTU) or Programmable Logic Controllers (PLC), with devices such as the wireless sensing devices. Before these intelligent systems can be deployed in critical infrastructure such as emergency rooms and power plants, the security properties of sensors must be fully understood. Existing wisdom has been to apply the traditional security models and techniques to sensor networks: as in conventional computing environments, the goal has been to protect physical entities: devices, packets, links, and ultimately networks. Sensors have unique characteristics that warrant novel security considerations: the geographic distribution of the devices allows an attacker to physically capture nodes and learn secret key material, or to intercept or inject messages; the hierarchical nature of sensor networks and their route maintenance protocols permit the attacker to determine where the root node is placed. Perhaps most importantly, most sensor networks rely on redundancy (followed by aggregation) to accurately capture environmental information even with poorly calibrated and unreliable devices. This results in a fundamental distinction between a physical message in a sensor network and a logical unit of sensed information: a message with a single sensor reading may reveal very little information about the real environment, whereas a message containing an aggregate or collection of readings may reveal a great deal more. These characteristics open the door for an entirely new security paradigm: one that acknowledges that there is a fundamental distinction between physical messages and logical information, and that focuses on how to minimize the correlation between the two in order to limit opportunities for compromise. In this position paper, we enlist challenges for sensor networks – security obstacles that, when overcome, move us closer to deploying them in large numbers for monitoring and protecting critical infrastructures.