2. Introduction
High level of security is needed in WSN.
This leads to need of extra resources.
BUT
WSN resources are very limited.
Current researches haven’t treat this conflict yet.
SO
Special security requirements are needed.
WSN security faces a lot of challenges.
A lot of research points in this area is open.
2 Sensor network
3. Agenda
3
Why high security level is needed?
Security AND survivability
requirements.
Taxonomy of attacks.
WSN security challenges.
Conclusion.
Sensor network
4. Why high security level is
needed?
Have many applications in military and homeland.
Could be deployed in hostile environments.
Could be deployed in uncontrolled environment.
Wireless communication facilitates eavesdropping.
Often monitor their surroundings, so it is easy to deduce
extra unwanted information results in privacy violation.
4 Sensor network
5. WSN security AND survivability
requirements.
Security in a WSN is extremely important. Moreover, it should be
run reliably without interruption.
Security requirements:
Confidentiality.
Authentication.
Non-repudiation .
Integrity.
Freshness
Forward and Backward secrecy
Survivability requirements:
Reliability
Availability.
Energy efficiency.
5 Sensor network
6. Taxonomy of attacks.
6
BASED ON
Capability of the
attacker
Attacks on
information in
transit
Protocol stack
Sensor network
7. 1. Based on capability of the
attacker
Outsider versus insider attacks.
Passive versus active attacks.
Mote-class versus laptop-class attacks.
7 Sensor network
8. 2. Based on attacks on information
in transit.
Interruption.
Interception.
Modification.
Fabrication.
8 Sensor network
9. 3. Based on protocol stack.
9 Sensor network
WSN protocol stack
This protocol stack combines power and routing awareness.
13. 3.3. Transport layer attacks.
13 Sensor network
Attacks:
Flooding.
De-synchronization Attacks.
Solutions:
Limit number of connections from a particular node.
Header or full packet authentication.
14. 3.3. Application layer attacks.
14 Sensor network
Attacks:
Selective Message Forwarding.
Data Aggregation Distortion
Solutions:
Data Integrity Protection.
Data Confidentiality Protection.
15. WSN security challenges (1/3).
Conflicting between minimization of resource
consumption and maximization of security level.
Advanced anti-jamming techniques are impossible due
to its complex design and high energy consumption. .
Ad-hoc topology facilitates attackers of different types
and from different directions.
Most current standard security protocols do not scale to
a large number of participants.
15 Sensor network
16. WSN security challenges (2/3).
Encryption requires extra processing, memory and
battery power.
Secure asymmetric key needs more computations.
Although sensors location information are important
most of current proposal are suitable for static WSNs.
16 Sensor network
17. WSN security challenges (3/3).
Most existing time synchronization schemes are
vulnerable to several attacks.
Their low costs impedes use of expensive tamper-
resistant hardware.
Little research has been done in code attestation.
17 Sensor network
18. Conclusion.
WSN needs high level of security due to its harsh environment.
This leads to intense security and survival requirements.
WSN face attacks of different types.
Limited resources of sensors make WSN faces a huge security
challenges.
Some challenges are resolved and many haven’t resolved yet or
under studying.
18 Sensor network
19. References.
T.Kavitha and D.Sridharan, “Security Vulnerabilities In
Wireless Sensor Networks: A Survey”, Journal of Information
Assurance and SecurityVol. 5, No. 1 pp. 31– 44, 2010.
Yi Qian and Kejie Lu and David Tipper, “A Design For Secure
And Survivable Wireless Sensor Networks”, IEEE Wireless
Communications , pp. 30 - 37, October 2007.
K. Xing, S. Srinivasan, M. Rivera, J. Li, and X. Cheng, Attacks
and Countermeasures in Sensor Networks: A Survey, The
George Washington University Technical Report GWU-CS-
TR-010-05, 2005.
19 Sensor network
uncontrolled and hostile environments (e.g., environmental monitoring, military command and control, battlefield monitoring, etc.).
security in a WSN is extremely important for both controlled environments (e.g., health-care, automation in transportation, etc.) and uncontrolled and hostile environments (e.g., environmental monitoring, military command and control, battlefield monitoring, etc.). Moreover, the majority of the WSN applications should be run continuously and reliably without interruption. Hence, survivability also should be taken into account in developing a WSN.
Confidentiality: Sensitive information is well protected and not revealed to unauthorized third parties. between the sensor nodes of the network or between the sensors and the base station,
Authentication : verify the identity of the participants in a communication, it is essential for each sensor node and base station to have the capability to verify that the data received was really sent by a trusted sender and not by an adversary that tricked legitimate nodes into accepting false data.
Integrity: This refers to the danger that information could be altered when exchanged over insecure networks.
Access-control prevents unauthorized access to a resource.
Non-repudiation proves the source of a packet. In authentication the source proves its identity. Non-repudiation prevents the source from denying that it sent a packet.
Freshness ensures that a malicious node does not resend previously captured packets
Forward secrecy a sensor should not be able to read any future messages after it leaves the network.
Backward secrecy a joining sensor should not be able to read any previously transmitted message
Reliability: Is the capability to keep the functionality of the WSN even if some sensor nodes fail, many applications require the WSN to operate in uncontrolled environments.
Availability. ensures that services and information can be accessed at the time that they are required. Lack of availability as denial of service attacks
Lack of availability may affect the operation of many critical realtime applications. Sol disablement of a specific node by assigning its duties to other nodes in the network.
Energy efficiency:
Energy conservation is a critical issue in a WSN, because batteries are the only limited life energy source available to power the sensor nodes. Apparently, the battery life affects the reliability and availability of the WSN.
Outsider: Attacks from nodes which do not belong to a WSN.
Insider: Nodes of a WSN behave in unintended ways.
Passive: Attacks eavesdrop or monitor exchanged packets.
Active: Attacks involve some modifications of the data steam.
Mote-class: Nodes with similar capabilities to the network nodes.
laptop-class: Powerful devices have greater capabilities.
greater transmission range, processing power, and energy reserves than the network nodes.
In a sensor network, sensors monitor the changes of specific parameters or values and report to the sink While sending the report, the information in transit may be attacked to provide wrong information to the base stations or sinks.
Interruption : Communication link in sensor networks becomes lost.(For all layers)
Interception : Attacker gains unauthorized access to sensor node or data on.
Affects confidentiality, The main purpose is to eavesdrop on the information carried in the messages (confidentiality) (application layer. )
Modification : Attacker not only accesses the data but also tampers with it.
mislead the parties involved in the communication protocol (integrity) (network layer and application layer)
Fabrication
If an unauthorized party gains access to the system and inserts false objects into it, this is Fabrication and it degrades the authenticity of the system. Diagram (e) reflects this information.
Replaying existing messages This operation threatens message freshness.
The main purpose of this operation is to confuse or mislead the parties involved in
http://homepages.uel.ac.uk/u0305518/classification_of%20security_attacks.htm
The power management plane manages how a sensor node uses its power.
The mobility management plane detects and registers the movement of sensor nodes, so a route back to the user is always maintained, and the sensor nodes can keep track of who their neighbor sensor nodes are. By knowing who the neighbor sensor nodes are, the sensor nodes can balance their power and task usage.
The task management plane balances and schedules the sensing tasks given to a specific region. These management planes are needed so that sensor nodes can work together in a power efficient way, route data in a mobile sensor network, and share resources between sensor nodes.
Responsible for frequency selection, signal detection and processing, encryption and energy minimization.
Many attacks target this layer as all upper layer functionalities rely on it.
Device Tampering
-damage or modify sensors physically and thus stop or alter their services. The negative impact will be greater if base stations or aggregation points instead of normal sensors are attacked,
-Unless large amount of sensors are compromised, the operations of WSNs will not be affected much.
Another way to attack is to capture sensors and extract sensitive data from them. such attacks are probably more threatening.
Eavesdropping
-attackers monitor the traffic in transmission on communication channels and collect data that can later be analyzed to extract sensitive information.
-wireless signals are broadcast in the air and thus accessible to the public. With modest equipment, attackers within the sender’s transmission range can easily plug themselves into the wireless channel
-Since eavesdropping is a passive behavior, such attacks are rarely detectable.
Jamming is type of Dos attacks in physical layer.
Jamming attacks in WSNs, classifying [5] them as constant (corrupts packets as they are transmitted), deceptive (sends a constant stream of bytes into the network to make it look like legitimate traffic), random (randomly alternates between sleep and jamming to save energy), and reactive (transmits a jam signal when it senses traffic).
Could be solved by speed spectrum technique or Network layer deals with it, by mapping the jammed area in the network and routing around the area.
Broad cast of high energy signal
Sol
Access Restriction (communication restriction as sleeping/hibernating and spread spectrum communication by frequency hopping By this way, attackers cannot easily locate the communication channel but both are expensive
but physically is infeasible )
2. Encryption
Cryptography can be applied to the data stored on sensors. Once data are encrypted, even if the sensors are captured, it is difficult for the adversaries to obtain useful information.
Responsible for data streams multiplexing , data frame detection and sharing the wireless media, Regulate who will send when
Adversaries can disobey the coordination rules and produce malicious traffic to interrupt network operations in the MAC layer.
They can also forge MAC layer identifications and masquerade as other entities for various purposes.
Traffic Manipulation
Attackers monitor the channel then transmit packets right at the moment when legitimate users do so to cause excessive packet collisions. Type of Dos
This decrease signal quality and network availability
Identity Spoofing
Due to the broadcast nature of wireless communications, the MAC identity (such as a MAC address or a certificate) of a sensor is open to all the neighbors
attacker can fake an identity and pretend to be a different one.
It can even spoof as a base station or aggregation point to obtain unauthorized privileges or resources of the WSN.
Ex. Sybil attacks :provide wrong information for routing to launch false routing attacks
Solution
Misbehavior Detection Because attacks deviate from normal behaviors, it is possible to identify attackers by observing what has happened.
Another solution uses “watchdogs” on every node to monitor whether or not the neighbors of a node forward the packets sent out by this particular node. A neighbor not forwarding packets will be identified by the watchdog as a misbehaving
node.
Identity Protection
-cryptography-based authentication can be used to prevent identity spoofing.
Position verification can be used to detect immobile attackers. If different identities appear at the same position, the node at that place can be identified as an attacker.
locates destinations and calculates the optimal path to a destination.
takes care of routing the data supplied by the transport layer. It is responsible for specifying the assignment of addresses and how packets are forwarded – Routing.
False Routing enforcing false routing information
• Overflowing routing tables : If the routing table of a normal network node overflows, the node will have to ignore later incoming routing information. Therefore, attackers can inject a large volume of void routing information into the network.
• Poisoning routing tables compromised nodes inside the network modify route update packets before sending them Such modifications result in wrong routing tables of all nodes inside the network.
Black Hole the attacker swallows (i.e. receives but does not forward) all the messages he receives
Sinkhole attacker tries to attract the traffic from a particular region through it. For example, the attacker can announce a false –
- optimal path by advertising attractive power, bandwidth, or high quality routes to a particular region.
the sinkhole attack can make other attacks efficient by positioning the attacker in busy information traffic
Solution
Routing Access Restriction
Multi-path routing –packets are routed through multiple paths. Even if the attacker on one of the paths other paths still exist
Authentication -- With authentication, it can be easily determined whether a sensor can participate in routing or not.
False Routing Information Detection
Watchdog Nodes can start to trace the source of false routing information.
-Comes into play when the system is planned to be accessed through the Internet or external networks.
helps to maintain the flow of data if the sensor networks application requires it. This layer is especially needed when the system is planned to be accessed through the Internet or other external networks.
-Flooding: An attacker may repeatedly make new connection requests until the resources required by each connection are exhausted or reach a maximum limit Dos of Transport layer
Sol
a limit can be put on the number of connections from a particular node
-De-synchronization Attacks:
-the adversary forges packets to one or both ends of a connection using different sequence number on the packets. This will cause the end points of the connection to request retransmission of the missed packets.
-This will cause a considerable drainage of energy of legitimate nodes in the network
Sol
Header or full packet authentication
- Implements the services seen by users as data aggregation and time synchronization.
-Application layer Depending on the sensing tasks, different types of application software can be built and used.
Since WSNs are energy constrained and bandwidth limited, reducing communications between sensors and base stations has a significant effect on power conservation and bandwidth utilization. Aggregated sensor networks serve this purpose.
-data aggregation sends the data collected by sensors to base stations, and time synchronization synchronizes sensor clocks for cooperative operations.
Clock Skewing
The targets of this attack are those sensors in need of synchronized operations
Selective Message Forwarding
-The attack can be launched by forwarding some or partial messages selectively but not others
- attackers need to understand the semantics of the payload of the application layer packet
- selective forwarding attack in the network layer only requires attackers to know the network layer information, such as the source and destination addresses.
Data Aggregation Distortion
Once data is collected, sensors usually send it back to base stations for processing. Attackers may maliciously modify the data to be aggregated, and make the final aggregation results computed by the base stations distorted.
Sol
application data semantics . Therefore, the countermeasures focus on protecting the integrity and confidentiality of data,
Data Integrity Protection
Outlier detection algorithm [63] can locate such sensors by comparing their readings with those of their neighbors
Base stations launch marked packets to probe certain sensors and try to route packets through them. If a sensor fails to respond, the base stations may conclude that this node is dead.
Data Confidentiality Protection
- Encryption is an effective approach to prevent attackers from understanding captured data.
* The security issues in MANETs are more challenging than wired networks and security in sensor networks is even more difficult than in MANETs due to the resource limitations.
- energy as well as computational resource like CPU cycles, memory, communication bandwidth.
Advanced anti-jamming techniques such as frequency- hopping spread spectrum and physical tamper proofing of nodes
Unlike fixed hardwired networks with physical defense at firewalls and gateways
current standard were designed for two-party settings
Knowledge of the position of the sensing nodes in a WSN is an essential part of many sensor network operations and applications. Sensors reporting monitored data need to also report the location where the information is sensed, and hence, sensors need to be aware of their position.
Designing secure routing algorithms for mobile WSNs is complex and current secure routing algorithms will meet issues when they are applied in mobile environments.
1. time synchronization is very important for many sensor network operations, such as coordinated sensing tasks, sensor scheduling (sleep and wake), mobile object tracking
3.Sensors that operate in an unattended, harsh or hostile environment often suffer from break-in compromises .
code attestation to validate the code running on each sensor node. Because the code running on a malicious node must be different from that on a legitimate node, we can detect compromised nodes by verifying their memory content.
4. During the lifetime of a sensor network, the network topology changes frequently, and routing error messages are normally produced.