2010 International Conference on Computational Intelligence and Security                               Research On Wireles...
In order to design a completely secure wireless sensor                Multi-hop (Multi-hop) is usually assumed that thenet...
•     Freshness, which implies that the data is recent and              •    Attacks on network availability: attacks on  ...
[4]    Perrig, A., Stankovic, J., Wagner, D. (2004), “Security in Wireless       VII. CONCLUSION AND FUTURE SCOPE         ...
Upcoming SlideShare
Loading in...5
×

wireless sensor network security

2,638
-1

Published on

research paper on wireless sensor network security

Published in: Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
2,638
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
204
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

wireless sensor network security

  1. 1. 2010 International Conference on Computational Intelligence and Security Research On Wireless Sensor Network Security Yan-Xiao Li Lian-Qin Qian-Liang Telecommunication Engineering Telecommunication Engineering Telecommunication Engineering Institute Institute Institute Air Force Engineering University Air Force Engineering University Air Force Engineering University Xi’an, Shaanxi, China Xi’an, Shaanxi, China Xi’an, Shaanxi, China e-mail: lily.autumn@hotmail.com e-mail: mbillow@pub.xaonline.com e-mail: liangqian0808@163.com Abstract—Wireless sensor networks are a new type of the privacy of the sensor networks. Though hardware and networked systems, characterized by severely constrained software improvements may address many of such security computational and energy resources, and an ad hoc issues, but development of new supporting technologies and operational environment. When wireless sensor networks are security principles are challenging research issues in WSNs. deployed in a hostile terrain, security becomes extremely important, as they are prone to different types of malicious attacks. Due to the inherent resource limitations of sensor nodes, existing network security methods, including those developed for Mobile Ad-Hoc Networks, are not well suitable for wireless sensor networks. As a crucial issue security in wireless sensor networks has attracted a lot of attention in the recent year. This paper made a thorough analysis of the major security issue and presented the ongoing aspect of further development to designers in their struggle to implement the most cost effective and appropriate method of securing their network. Keywords- wireless sensor network; security; threat; attack; benchmark Figure 1. Scenario of wireless sensor nodes deployment I. INTRODUCTION II. SENSOR NETWORK SECURITY ISSUE Wireless Sensor Network (WSN) consists of hundreds Two of the most security-oriented applications of or thousands of self organizing, low-power, low cost wireless sensor networks are military and medical solutions. wireless nodes and is used in a variety of applications such Due to the nature of the military, it is obvious that the data as military sensing and tracking, environmental monitoring, (sensed or disseminated) is of a private nature and is disaster management, etc. But when WSN is deployed in required to remain this way to ensure the success of the open, un-monitored, hostile environment [1], or operated on application. Enemy tracking and targeting are among the an unattended mode, sensor nodes will be exposed to the most useful applications of wireless sensor networks in risk of being captured by an active adversary. So with the military terms. The most up to date work can be found on demanding constraints of nodes’ limited capability, the key the Defense Advanced Research Projects Agency (DARPA) issue for WSN is designing viable security mechanisms for website [2, 3]. the protection of confidentiality, integrity and The choice of which security services to implement on a authentication to prevent malicious attacks, involved. given sensor mainly depends on the type of application and Besides the inherent limitations in communication and its security requirements. Amongst these we examined: computing, the deployment nature of sensor networks • Authenticity - it makes possible that the message makes them more vulnerable to various attacks. receiver is capable of verifying the identity the Largely deployed sensor nodes may cover a huge area message sender, hence preventing that likely further exposing them to attackers who may capture and intruder nodes inject malicious data into the reprogram the individual nodes,as shown in Fig.1. The network. adversary may use its own formula of attacking and induce • Confidentiality - it ensures that the content of the the network to accept them as legitimate nodes. message is accessed only by authorized nodes. Falsification of original data, extraction of private sensed • Integrity - it guarantees that should a message have data, hacking of collected network readings and denial of its content modified during the transmission, the service are also certain possible threats to the security and receiver is able to identify these alterations.978-0-7695-4297-3/10 $26.00 © 2010 IEEE 493 494DOI 10.1109/CIS.2010.113
  2. 2. In order to design a completely secure wireless sensor Multi-hop (Multi-hop) is usually assumed that thenetwork, security must be integrated into every node of the network involved in the transfer node will be transparentsystem. This is due to the possibility that a component to transmit it to the receiver. In the selective forwardingimplemented without any security could easily become a attacks, malicious node may refuse to forward certainpoint of attack. This dictates that security must pervade messages and discarding them. The attack is a simpleevery aspect of the design of a wireless sensor network form of malicious nodes as a black hole (Black Hole)application that will require a high level of security [4]. refused to forward the same as it received the packet. • Sinkhole attackA. Link Layer Security Movivation Sinkhole in the attack, the attackers goal is to "mutiny" In conventional networks, message authenticity, to lure specific nodes in the region of allintegrity, and confidentiality are usually achieved by an communications traffic in the center of the region causedend-to-end security mechanism such as SSH [5], SSL [6] or by similar "collapse" of the same attack. In fact, theIPSec [7] because the dominant traffic pattern is end-to-end attackers set up a large "hole" in order to attract node tocommunication; intermediate routers only need to view all the communications sent to the base station.message headers and it is neither necessary nor desirable for • Hello flooding attackthem to have access to message bodies. This is not the case HELLO flooding attacks is a new type of sensor networkin sensor networks. The dominant traffic pattern in sensor for the attack. Many agreements require HELLO packetnetworks is many-to-one, with many sensor nodes radio node to node adjacent to its own broadcasting.communicating sensor readings or network events over a Attacker with enough power to launch route broadcastsmultihop topology to a central base station. To prune these or other information, so that the network each node isredundant messages to reduce traffic and save energy, sensor believed to attack its neighbors. In order to use HELLOnetworks use in- network processing such as aggregation flooding attack the attacker does not need to build aand duplicate elimination [8,9]. Since in-network processing legitimate communications. An attacker can simply use arequires inter- mediate nodes to access, modify, and large enough power tapping replay (Overheard) to thesuppress the contents of messages, it is unlikely we can use package, so that each node in the network can beend-to-end security mechanisms between each sensor node received.and the base station to guarantee the authenticity, integrity, • Response to deceiveand confidentiality of these messages. Link-layer security As the number of routing protocol relies on a fixed linkarchitecture can detect unauthorized packets when they are layer response, so an attacker can deceive the link layerfirst injected into the network. For the above reasons, response to the "bugging" of the adjacent node packet.Link-layer security mechanisms guarantee the authenticity, Response to deceive the goals, including the sender tointegrity, and confidentiality of messages between make sure the actual efficiency of low-efficient link, orneighboring nodes, while permitting in-network processing. that have been suspended or banned node is alsoThe security goals of a link layer protocol are listed here as effective.following: • Access Control and Message Integrity III. SECURITY REQURIEMENT • Message Confidentiality The goal of security services in WSNs is to protect the • Data Authenticity information and resources from attacks and misbehavior. • Data Freshness The security requirements in WSNs include: • Availability, which ensures that the desired networkB. Routing Security Motivation services are available even in the presence of In the design of a new security routing protocol, first denial-of-service attacks require configuring theunderstand the analysis of the WSN routing attacks. The initial duty cycle carefully.problems are summarized as follows: eavesdropping, fraud, • Authorization, which ensures that only authorizedtampering or replay (Relay) routing information; selective sensors can be involved in providing information toforwarding attack; "collapse" (Sink-hole) attacks; Hello network services.flooding attacks; response to deceive, and so on. • Authentication, which ensures that the • Eavesdropping, fraud, tampering or replay communication from one node to another node is information genuine, that is, a malicious node cannot The most direct route to the agreement of the target node masquerade as a trusted network node. is the exchange between the routing information. The • Confidentiality, which ensures that a given message attacker through eavesdropping, fraud, tampering or cannot be understood by anyone other than the replay routing information, routing loop can be desired recipients. generated, or refuse to lure traffic, to extend or shorten • Integrity, which ensures that a message sent from the source route, a false error messages, separated by the one node to another is not modified by malicious network to increase the end-to-end delay (Latency ) , and intermediate nodes. so on. • Nonrepudiation, which denotes that a node cannot • Selective forwarding attack deny sending a message it has previously sent. 494 495
  3. 3. • Freshness, which implies that the data is recent and • Attacks on network availability: attacks on ensures that no adversary can replay old messages. availability are often referred to as denial-of-service Moreover, as new sensors are deployed and old sensors (DoS) attacks. DoS attacks may target any layer of afail, we suggest that forward and backward secrecy should sensor network.also be considered: • Stealthy attacks against service integrity: in a • Forward secrecy: a sensor should not be able to read stealthy attack, the goal of the attacker is to make any future messages after it leaves the network. the network accept a false data value. For example, • Backward secrecy: a joining sensor should not be an attacker compromises. able to read any previously transmitted message. The security services in WSNs are usually centered V. SECURITY BENCHMARKS around cryptography. However, due to the We suggest using the following metrics to evaluate constraints in WSNs, many already existing secure whether a security scheme is appropriate in WSNs: algorithms are not practical for use. • Security: a security scheme has to meet the requirements discussed above. IV. THREAT MODEL AND ATTACKS • Resiliency: in case a few nodes are compromised, a In WSNs, it is usually assumed that an attacker may security scheme should still protect against theknow the security mechanisms that are deployed in a sensor attacks.network; they may be able to compromise a node or even • Energy efficiency: a security scheme must be energyphysically capture a node. Due to the high cost of deploying efficient so as to maximize node and networktamper resistant sensor nodes, most WSN nodes are viewed lifetime.as non tamper- resistant. Further, once a node is • Flexibility: key management needs to be flexible socompromised, the attacker is capable of stealing the key as to allow for different network deploymentmaterials contained within that node. methods, such as random node scattering and Base stations in WSNs are usually regarded as predetermined node placement.trustworthy. Most research studies focus on secure routing • Scalability: a security scheme should be able tobetween sensors and the base station. Deng et al. considered scale without compromising the securitystrategies against threats which can lead to the failure of the requirements.base station [10]. • Fault-tolerance: a security scheme should continue Attacks in sensor networks can be classified into the to provide security services in the presence of faultsfollowing categories: such as failed nodes. • Outsider versus insider attacks: outside attacks are • Self-healing: sensors may fail or run out of energy. defined as attacks from nodes which do not belong The remaining sensors may need to be reorganized to a WSN; insider attacks occur when legitimate to maintain a set level of security. nodes of a WSN behave in unintended or • Assurance: assurance is the ability to disseminate unauthorized ways. different information at different levels to end-users • Passive versus active attacks: passive attacks include [12]. A security scheme should offer choices with eavesdropping on or monitoring packets exchanged regard to desired reliability, latency, and so on. within a WSN; active attacks involve some modifications of the data steam or the creation of a VI. SECURITY RESEARCH FORMS false stream. • New, more efficient cryptographic algorithms and • Mote-class versus laptop-class attacks: in mote-class security protocols. Efficient versions of public key attacks, an adversary attacks a WSN by using a few cryptography (such as the NTRU algorithms [13]) nodes with similar capabilities to the network nodes; and broadcast authentication protocols (such as in laptop-class attacks, an adversary can use more μTESLA [14]) have been devised. powerful devices (e.g., a laptop) to attack a WSN. • Asymmetric algorithms and protocols. Security These devices have greater transmission range, services have been designed to place the primary processing power, and energy reserves than the computational and communication burden on network nodes. external entities and/or relay devices rather than on WSNs are vulnerable to various types of attacks. sensor nodes.According to the security requirements in WSNs, these • Integration of security into applications. Theattacks can be categorized as [11]: computing infrastructure of miniaturized devices is • Attacks on secrecy and authentication: standard often much flatter than conventional devices, cryptographic techniques can protect the secrecy avoiding layers of networking protocols and and authenticity of communication channels from application functionality for performance reasons. outsider attacks such as eavesdropping, packet This approach requires security to be deployed at replay attacks, and modification or spoofing of higher abstraction levels, since a generic security packets. service is too costly. 495 496
  4. 4. [4] Perrig, A., Stankovic, J., Wagner, D. (2004), “Security in Wireless VII. CONCLUSION AND FUTURE SCOPE Sensor Networks”, Communications of the ACM, 47(6), 53-57. Security in wireless sensor networks has attracted a lot [5] OpenSSL. http://www.openssl.org.of attention in the recent years. The severe energy [6] Security architecture for the Internet Protocol. RFC 2401, November 1998.constraints and demanding deployment environments of [7] http://www.ssh.comwireless sensor networks make computer security for [8] Samuel R. Madden, Michael J. Franklin, Joseph M. Hellerstein,these systems more challenging than for conventional and Wei Hong. TAG: A tiny aggregation service for ad-hoc sensornetworks. Components designed without security can networks. In The Fifth Symposium on Operating Systems Designeasily become a point of attack. So it is critical to and Implementation (OSDI 2002),2002.integrate security into every component to pervade [9] Samuel R. Madden, Robert Szewczyk, Michael J. Franklin, andsecurity and privacy into every aspect of the design. David Culler. Supporting aggregate queries over ad-hoc wireless sensor networks. In Workshop on Mobile Computing and Systems While each of the security solutions could be used go Applications, 2002.part of the way to effectively securing a WSN, there is [10] J. Deng, R. Han, and S. Mishra, “Enhancing Base Station Securitycurrently no one solution that can be “plugged-in” to an in Wireless Sensor Networks,” Department of Computer Science,application to provide all the necessary security University of Colorado, Tech. Report CU-CS-951-03, 2003.primitives. [11] B. Deb, S. Bhatnagar, and B. Nath, “Information Assurance in Sensor Networks,” Proc. 2nd ACM Intl. Conf. Wireless Sensor Networks and Applications (WSNA 03), New York: ACM Press, 2003, pp. 160–68. [12] E. Shi and A. Perrig, “Designing Secure Sensor Networks,” REFERENCES Wireless Commun. Mag., vol. 11, no. 6, Dec. 2004 pp. 38 43.[1] I. F. Akyildiz,W. Su, Y. Sankasubramaniam, and E. Cayirci. [13] J. Hoffstein, J. Pipher, J. H. Silverman, “NTRU: A Ring-Based “Wireless Sensor Networks: A Survey”, Computer Networks, Public Key Cryptosystem,” in Algorithmic Number Theory (ANTS 38:393–422, 2002. III), J.P. Buhler (ed.), Lecture Notes in Computer Science 1423,[2] Defence Advanced Research Projects Agency (13 Oct 2006) Springer-Verlag, Berlin, 1998. Defence Advanced Research Projects Agency Home [online], [14] A. Perrig, R. Szewczyk, V. Wen, D. Cullar, and J. D. Tygar, available: “SPINS: Security protocols for sensor networks,” in Proceedings[3] http://www.darpa.mil/index.html [accessed 13 Dec 06] of MOBICOM, 2001. 496 497

×