Wireless sensor networks consist of a large amount of sensor nodes, small low-cost wireless computing devices equipped with different sensors. Sensor networks collect and process environmental data and can be used for habitat monitoring, precision agriculture, wildfire detection, structural health monitoring and many other applications. Securing sensor networks calls for novel solutions, especially because of their unattended deployment and strong resource limitations. Moreover, developing security solutions without knowing precisely against what threats the system should be protected is impossible. Thus, the first task in securing sensor networks is to define a realistic adversary model. We systematically investigate vulnerabilities in sensor networks, specifically focusing on physical attacks on sensor node hardware. These are all attacks that require direct physical access to the sensor nodes. Most severe attacks of this kind are also known as node capture, or node compromise. Based on the vulnerability analysis, we present a novel general adversary model for sensor networks. If the data collected within a sensor network is valuable or should be kept confidential then the data should be protected from unauthorized access. We determine security issues in the context of access control in sensor networks in presence of node capture attacks and develop protocols for broadcast authentication that constitute the core of our solutions for access control. We develop broadcast authentication protocols for the case where the adversary can capture up to some threshold t sensor nodes. The developed protocols offer absolute protection while not more than t nodes are captured, but their security breaks completely otherwise. Moreover, security in this case comes at a high cost, as the resource requirements for the protocols grow rapidly with t. One of the most popular ways to overcome impossibility or inefficiency of solutions in distributed systems is to make the protocol goals probabilistic. We therefore develop efficient probabilistic protocols for broadcast authentication. Security of these protocols degrades gracefully with the increasing number of captured nodes. We conclude that the perfect threshold security is less appropriate for sensor networks than the probabilistic approach. Gracefully degrading security offers better scalability and saves resources, and should be considered as a promising security paradigm for sensor networks
