A framework for the security configuration of wireless sensor networks.

The future of our society, the connected world of tomorrow, will be one of better integration with, and more awareness of our surroundings. Wireless sensor networks will breathe life into objects and allow us to extend our sensory perception to every square of land and water. Before large amounts of information regarding our private lives and surroundings start being sent around the world,privacy issues have to be addressed. At the moment there is no transparent or holistic security solution for wireless sensor networks. Because sensor networks have a wide range of applications with very di erent requirements, and because they have constrained hardware, security solutions can't be static but need to be con gured, tailored, for every single applications, to make effi cient use of the available resources while providing the required security level. Furthermore, the control over the security con guration needs to be placed in the hands of the sensor network's user, because only the user knows the details of the application and can control its parameters. This thesis presents a framework for the security con guration of wireless sensor networks (WSNs), which provides complete and transparent communication security to any data stream, at any network layer, of a sensor network application, without requiring changes to the application code. The design of the framework takes into account the WSN life cycle and its actors, developer and user, as well as their knowledge domains. It is assumed that neither actors have security expertise so all the security decisions are made within the framework. The main contributions of the framework are a security con guration methodology and a modular security architecture. The configuration methodology determines resource-e cient security services and protocols based on application parameters like data sampling rate, network lifetime or power supply, thereby putting the control of security con guration into the user's hands. The security architecture enables the decoupling of application and security code and allows security components to be installed on the application without changing its code. This is achieved through policy-based security of messages intercepted between the layers of the network stack. The security con guration methodology is validated against a scenario and the modular security architecture is tested and compared with hard-coded security. Considering the reduction in complexity and the increased exibility, the performance overhead of the framework is acceptable. The framework is independent of security services and protocols and can easily be extended to support new types. By encouraging reuse of services and protocols it can increase their strength and resilience, through repeated verification of the code. It is hoped that the transparency and ease of use of this framework will provide the necessary con dence in wireless sensor networks as a technology of the future.