Security in Wireless Sensor Networks

slurpslapoutΔίκτυα και Επικοινωνίες

20 Νοε 2013 (πριν από 4 χρόνια και 1 μήνα)

91 εμφανίσεις

Security in Wireless Sensor
Networks


This covers the security threats, review
proposed security mechanisms for
wireless sensor networks and also at the
same time discusses about the holistic
view of security for ensuring layered and
robust security in wireless sensor
networks.

What are Wireless Sensor Networks?


A wireless network

consisting of spatially
distributed

autonomous

devices.


Basic idea is to wide spread the tiny sensing
devices which are capable of sensing some.


Can monitor temperature, pressure, humidity,
soil makeup, vehicular movement, noise levels,
lighting conditions, the presence or absence of
certain kinds of objects or substances,
mechanical stress levels on attached objects,
and other properties .


Issues to concentrate on


The routing strategies get more preference, the
security issues are yet to receive extensive
focus.


Explore the security issues and challenges,
discuss crucial parameters that require
extensive investigations.


Talk about cryptography, steganography and
other basics of network security


Discuss various types of threats and attacks
against wireless sensor network .


Discuss related work and proposed schemes
concerning security in WSN and introduce the
view of holistic security in WSN.

Security Schemes in Wireless Sensor
Networks


Authentication, integrity, privacy, no repudiation,
and anti
-
playback.


For secure transmission of various types of
information over networks, several
cryptographic, steganographic and other
techniques are used.


Network security fundamentals and how all
these techniques are meant for wireless sensor
network.


Cryptography


Encryption
-
decryption techniques meant for the
traditional wired networks are not capable in
WSN.


Wireless sensor networks consist of tiny sensors
which really suffer from the lack of processing,
memory and battery power.


Applying any encryption scheme requires
transmission of extra bits.

Steganography


Cryptography aims at hiding the main content of
a message, steganography aims at hiding the
present existence of the message.


Steganography is the art of covert
communication by embedding a message into
the multimedia data (image, sound, video, etc.).


Objective of steganography is to modify the
carrier in a way that is not perceptible and
hence, it looks just like ordinary message.


Securing wireless sensor networks is not directly related to
steganography and processing multimedia data (like audio,
video) with the inadequate resources of the sensors is
difficult.


Security Threats and Issues in Wireless
Sensor Networks


Most are similar to their wired counterparts while
some are severe with the inclusion of wireless
connectivity.


Wireless networks are usually more open to
various security threats as unguided
transmission medium is more open to security
attacks than those of the guided transmission
medium.

Attacks in Wireless Sensor Networks



Attacks against wireless sensor networks
could be broadly considered from two different
levels of views
.

1.
The
attack against the security
mechanisms

2.
Against
the basic mechanisms (like routing
mechanisms).

Denial of Service


A standard attack on wireless sensor networks is
to jam a node or set of nodes.


Jamming, the transmission of a radio signal that
interferes with the radio frequencies being used
by the sensor network.


Two forms: constant jamming, and intermittent
jamming.



Constant jamming involves the complete
jamming of the entire network. No messages are
able to be sent or received.


If the jamming is only intermittent, then nodes
are able to exchange messages periodically, but
not consistently.


Can have a detrimental impact as the messages
may be time sensitive.


Simplest DoS tries to exhaust the resources
available to the victim node, by sending extra
unnecessary packets preventing legitimate
network users from accessing.


Not only for the adversary’s attempt to subvert,
disrupt, or destroy a network, but also for any
event that diminishes a network’s capability to
provide a service.

Denial of service attacks in different
layers




Denial
of service attacks could be jamming and
tampering, at link layer, collision, exhaustion,
unfairness, at network layer, neglect and greed,
homing, misdirection, black holes and at transport
layer this attack could be performed by malicious
flooding and
desynchronization
.


Prevention:
The mechanisms to prevent Denial of
service attacks include payment for network
resources,
strong
authentication and identification
of traffic.


Transport Layer:


Attacks :


Transport layer susceptible to flooding.


Flooding can be as simple as sending many
connection requests to a susceptible node.


Prevention :


Resources must be allocated to handle the
connection request.


Eventually a node’s resources will be exhausted,
thus rendering the node useless.


Attacks on Information in transit


In a sensor network, sensors monitor the changes of specific
parameters or values and report to the sink according to the
requirement.


While sending the report, the information in transit may be
altered, spoofed, replayed again or vanished.


Eaves dropper can monitor the traffic flow and get into action
to interrupt, intercept, modify or fabricate packets thus,
provide wrong information to the base.


Attacker with high processing power and larger
communication range could attack several sensors at the
same time.


Sybil Attack


Sensors
in a
WSN might
need to work together to
accomplish a task, hence they can use distribution
of subtasks and redundancy of information.


In such a situation, a node
can pretend to be more
than one node using the identities of other
legitimate nodes .


This
type of attack where a node forges the
identities of more than one node is the Sybil
attack.


Degrades
integrity of data, security and resource
utilization that the distributed algorithm attempts to
achieve.

Black hole/Sinkhole Attack


Malicious node acts as a black hole to attract all
the traffic in the sensor network.


Attacker listens to requests for routes then
replies to the target nodes that it contains the
high quality or shortest path to the base station.


Inserts itself between the communicating nodes,
it is able to do anything with the packets passing
between them.

Hello Flood Attack


Uses HELLO packets as a weapon to convince
the sensors in WSN.


Attacker with a high radio transmission range
and processing power sends HELLO packets to
a number of sensor nodes.


Sensors are thus persuaded that the adversary
is their neighbor.


Victim nodes try to go through the attacker.


Wormhole Attack


Attacker records the packets (or bits) at one
location in the network and tunnels those to
another location.


The tunneling or retransmitting of bits could be
done selectively.


Attack does not require compromising a sensor
in the network rather, it could be performed even
at the initial.





The figure shows
a situation where a wormhole attack takes
place.


When
a node B (for example, the base station or any other
sensor) broadcasts the routing request packet, the attacker
receives this packet and replays it in its neighborhood.


Each
neighboring node receiving this replayed packet will
consider itself to be in the range of Node B, and will mark this
node as its parent. Hence, even if the victim nodes are
multihop

apart from B, attacker in this case convinces them
that B is only a single hop away from them, thus creates a
wormhole.


Traffic Analysis Attack & Rate
Monitoring Attack


For an adversary to effectively render the
network useless, the attacker can simply disable
the base station.


Rate monitoring attack makes use of the idea
that nodes closest to the base station tend to
forward more.


An attacker need only monitor which nodes are
sending packets and follow those nodes that are
sending the most packets.



Time correlation attack


Adversary generates events and monitors to
whom a node sends its packets.


To generate an event, the adversary could
simply generate a physical event that would be
monitored by the sensor(s) in the area (turning
on a light, for instance).


Node Replication Attacks


Attacker seeks to add a node to an existing
sensor network by copying (replicating) the node
ID of an existing sensor node .



Packets can be corrupted or even misrouted.

Physical Attacks


Sensor networks typically operate in hostile
outdoor environments.


The small form factor of the sensors, both of
these together with the unattended and
distributed nature of their deployment make
them highly susceptible to physical attacks, i.e.,
threats due to physical node destructions.




Proposed Security Schemes and
Related Work



In this section we review and map various
security schemes proposed or
implemented so far for wireless sensor
networks.


Security Schemes for Wireless Sensor
Networks


Gives an analysis of secure routing in wireless
sensor networks and studies how to design
secure distributed sensor networks


It studies Denial of service attacks against
different layers of sensor protocol stack.



JAM presents a mapping protocol which detects
a jammed region in the sensor network and
helps to avoid the faulty region to continue
routing within the network.


Wormholes which are
considered harmful for
wireless sensor network could effectively be used
as a reactive defense mechanism for preventing
jamming Denial of service
attacks.


Statistical
en
-
route filtering (SEF) mechanism to
detect injected false data in sensor network and
focus mainly on how to filter false data using
collective
secret.


SNEP
&
μ
TESLA

are two secure building blocks
for providing data confidentiality, data freshness
and broadcast authentication.



Sec proposes a link layer security mechanism
for sensor networks which uses an efficient
symmetric key encryption protocol.


The scheme uses a bidirectional verification
technique and also introduces multi
-
path multi
-
base station routing if bidirectional verification is
not sufficient to defend the attack.

Data Confidentiality


A
sensor network should not leak sensor readings to
its neighbors.


In many applications nodes communicate highly
sensitive data, e.g., key distribution,
is
extremely
important to build a secure channel in a wireless
sensor network.


Public sensor information, such as sensor identities
and public keys, should also be encrypted to some
extent to protect against traffic analysis attacks.


The
standard approach for keeping sensitive data
secret is to encrypt the data with a secret key that only
intended receivers possess, thus achieving
confidentiality.


Data Integrity


With the implementation of confidentiality, an
adversary may be unable to steal information.


This doesn’t mean the data is safe. The
adversary can change the data, so as to send
the sensor network into disarray.


Thus, data integrity ensures that any received
data has not been altered in transit.


Data Freshness


Need to ensure the freshness of each message.


Informally, data freshness suggests that the data
is very much recent, and it ensures that no old
messages have been replayed.


This requirement is especially important when
there are shared
-
key strategies.

Holistic Security in Wireless Sensor
Networks


A holistic approach aims at improving the
performance of wireless sensor networks with
respect to security, longevity and connectivity
under changing environmental conditions.


The holistic approach of security concerns about
involving all the layers for ensuring overall
security in a network.


A single security solution for a single layer might
not be an efficient solution rather employing a
holistic approach could be the best option.


Conclusion


Most of the attacks against security in wireless
sensor networks are caused by the insertion of
wrong information by the nodes which are agreed
or compromised within the network.


For
defending the inclusion of these false reports
by compromised nodes, a mean is required for
detecting these false reports.


However
, developing such a detection mechanism
and making it efficient represents a great research
challenge.


Again
, ensuring the holistic security in wireless
sensor network is one of the major research issue.

References


http://en.wikipedia.org/wiki/Wireless_sensor_network#Environmenta
l_monitoring



http://arxiv.org/abs/0712.4169


http://www.cs.wayne.edu/~weisong/papers/walters05
-
wsn
-
security
-
survey.pdf


http://arri.uta.edu/acs/networks/WirelessSensorNetChap04.pdf


http://www.cs.utk.edu/~saraogi/594paper.pdf