Wireless networks security


Published on

1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Wireless networks security

  1. 1. WIRELESS NETWORKS SECURITY– © J.YABESH, L.R.ELANGO WIRELESS NETWORKS SECURITY , L.R.ELANGO,P.LINGANATHAN Pre-final year Department Of Informationtechnology, Velammal Engineering College, Chennai Emailid:,elangovec@gmail.com Abstract Recent advances in electronics and many applications of sensor networks, such wireless communication technologies have as military and homeland security enabled the development of large-scale applications. Several recent contributions to wireless sensor networks that consist of many low-powers, low cost and small-size sensor the literature have addressed security and nodes. Sensor networks hold the promise of privacy issues in sensor networks. In this facilitating large scale and real-time data article we discuss current and past research processing in complex environments. Security is activities carried out on sensor network critical for many sensor network applications, such as military target tracking and security security. The rest of the article is outlined as monitoring. To provide security and privacy to follows. We summarize typical attacks on small sensor nodes is challenging, due to the sensor networks. We give typical limited capabilities of sensor nodes in terms of assumptions and security objectives of Computation, communication, memory/storage, and energy supply. In this article we survey the sensor networks. Then we discuss key state of the art in research on sensor network management, secure time synchronization, security. secure location discovery, and secure 1. Introduction routing, respectively. Wireless sensor networks have applications in many important areas, such as the military, homeland security, health care, the environment, agriculture, and manufacturing. One can envision in the future the deployment of large scale sensor networks where hundreds and thousands of small sensor nodes form self-organizing wireless networks. Providing security in sensor networks is not an easy task. Compared to conventional desktop computers, severe constraints exist since sensor nodes have limited processing capability, storage, and energy, and wireless links have limited bandwidth. Despite the aforementioned challenges, security is important and even critical for
  2. 2. WIRELESS NETWORKS SECURITY– © J.YABESH, L.R.ELANGO 2. Attacks on Wireless Sensor 6. Selective forwarding attack (network Networks layer): redundancy, probing 7. Sybil attack (network layer): A large-scale sensor network consists of authentication thousands of sensor nodes and may be 8. Sinkhole (black hole) attack (network dispersed over a wide area. Typical sensor layer): authentication, monitoring, nodes are small with limited communication redundancy and computing capabilities, and are powered 9. Wormhole attack (network layer): by batteries. These small sensor nodes are monitoring, flexible route selection susceptible to many kinds of attacks. For a 10. Hello flood attack (network layer): two- large-scale sensor network, it is impractical way authentication, three-way handshake to monitor and protect each individual 11. Flooding (transport layer): limiting sensor from physical or logical attack. connection numbers, client puzzles Attacks on sensor networks can be classified 12. Clone attack (application layer): unique into attacks on physical, link (medium pair wise keys access control), network, transportation, and application layers. Attacks can also be 3. Security Objectives For Sensor classified based on the capability of the Networks attacker, such as sensor level and laptop- Wireless sensor networks have many level. unique features that differ from mobile ad A powerful laptop-level adversary can do hoc networks and other wireless (and wired) much more harm to a network than a networks. When considering security in malicious sensor node, since it has much sensor networks, we need to give better power supply, as well as larger assumptions on the network. Some typical computation and communication capabilities assumptions made in the existing literature than a sensor node. Attacks can also be are listed below. classified into outside and inside attacks. An outside attacker has no access to most 4. Typical Assumptions cryptographic materials in sensor networks, Since sensor nodes use wireless while an inside attacker may ave partial key communications, radio links are generally materials and the trust of other sensor nodes. insecure. Eavesdropping, injection, replay, Inside attacks are much harder to detect and and other attacks can be placed on the defend against. We summarize typical network. The adversary is able to deploy attacks on sensor networks and possible malicious nodes in the network, or defense techniques below: compromises some legitimate nodes. Most 1. Jamming (physical layer): spread papers published in the literature on sensor spectrum, lower duty cycle network security do not assume that sensor 2. Tampering (physical layer): tamper nodes are tamper resistant since the proofing, effective key management corresponding investment adds significant schemes per-unit cost to sensor nodes. A typical 3. Collision (link layer): error correcting assumption is to assume that base stations code are well protected and trusted. Since a base 4. Exhaustion (link layer): rate limitation station is the gateway for sensor nodes to 5. Manipulating routing information communicate with the outside world, (network layer): authentication, encryption compromising the base station could render the entire sensor network useless. Thus, base
  3. 3. WIRELESS NETWORKS SECURITY– © J.YABESH, L.R.ELANGO stations in sensor networks are assumed to sensor nodes sending data to one (or a few) be secure. base station(s) at the top right corner. Other typical assumptions on sensor In-network processing such as data networks are: aggregation, duplicate elimination, or data Sensor nodes are densely and statically compression is very important for sensor deployed in the network. networks to run in an energy-efficient Sensor nodes are aware of their own manner. In the presence of insider locations. adversaries, link layer security is not enough Location awareness is a basic requirement to protect the whole network, since an for sensor nodes in many sensor networks, insider has complete access to any message since most sensing data must be associated routed through it, and it can modify, with the locations where data is generated. suppress, or even discard the message. In The network may use localization services such a case one might not be able to provide to estimate the locations of individual nodes, confidentiality, integrity, authenticity, and and no GPS receiver is required at each availability to every message. sensor. There are other particular Thus, in the presence of insider attacks, the assumptions made in some work that may security objectives should be to ensure that limit the applicability of the proposed the sensor network can provide the basic schemes. functionalities (i.e., performing sensing and transmitting data to the base station) with 5. Security Objectives minimum degradation. The ultimate security objective is to provide confidentiality, integrity, 6. Key Management authenticity, and availability of all messages To achieve security in wireless sensor in the presence of resourceful adversaries. networks, it is important to be able to Every eligible receiver should receive all perform various cryptographic operations, messages intended for it and be able to including encryption, authentication, and so verify the integrity of every message as well on. Keys for these cryptographic operations as the identity of the sender. Adversaries must be set up by communicating nodes should not be able to infer the contents of before they can exchange information any message. In conventional computer securely. networks the primary security goal is Key management schemes are reliable delivery of messages (i.e., protection mechanisms used to establish and distribute against DOS attack). Message authenticity, various kinds of cryptographic keys in the integrity, and confidentiality are usually network, such as individual keys, pair wise achieved by an end-to-end security keys, and group keys. Key management is mechanism such as Secure Socket Layer an essential cryptographic primitive upon (SSL). The reason is because the dominating which other security primitives are built. traffic pattern is end to- end communication, Most security requirements, such as privacy, where it is neither necessary nor desirable authenticity, and integrity, can be addressed for the contents of the message (beyond the by building on a solid key management necessary headers) to be available to the framework. In fact, a secure key intermediate routers. management scheme is the prerequisite for However, the dominant traffic pattern in the security of these primitives, and thus sensor networks is many-to-one, as essential to achieving secure infrastructure illustrated in Fig. 1, where a large number of in sensor networks.
  4. 4. WIRELESS NETWORKS SECURITY– © J.YABESH, L.R.ELANGO Due to resource constraints, achieving such and each sensor node stores only an key agreement in wireless sensor networks embedded key such that a is nontrivial. compromising/captured node cannot reveal The challenge of designing key much security information of the sensor management protocols for sensor networks network. The drawback of the trusted server lies in establishing a secure communication scheme is that if the server is compromised, infrastructure, before any routing fabric has the network is totally unsecured. However, been established with or without the we usually assume that the base station presence of any trusted authority or fixed where the server runs is secured. server, from a collection of sensor nodes that have no prior contact with each other. Some 8. Self-Enforcing Schemes cryptographic information (e.g., a key) is A self-enforcing scheme depends on normally preloaded in sensor nodes before asymmetric cryptography, such as key deployment, and allows sensor nodes to agreement using public key certificates. If perform secure communications with each the sensor node can support the other. Most schemes do not assume prior computationally intensive asymmetric knowledge of the network deployment cryptographic operations, key distribution topology and allow nodes to be added to the via asymmetric cryptography is a favored network after deployment. scheme (e.g., the schemes proposed in [9, The schemes must have low computational 10]). Sensor nodes conduct exchanges of and low storage requirements. There are public keys and master key signatures after four types of key management schemes: deployment. trusted server, self-enforcing, key pre- A sensor node is legitimate if the master distribution and public key cryptography. key’s signature is verified using the master We discuss these schemes in the following public key. A symmetric session key for a subsections sensor node can be generated and sent using . the sensor node’s public key. In a self- 7. Trusted Server Schemes enforcing scheme, a compromising sensor Trusted server schemes depend on a node reveals no security information about trusted and secure server such as the base other keys in the network except current station for key agreement among nodes. The ongoing session keys. However, limited server can be treated as the key distribution computation and energy resources of sensor center (KDC). For example, assume that two nodes make it undesirable to use public key sensor nodes intend to make a secure algorithms such as Diffie -Hellman key connection. In a typical case, a symmetric agreement or RSA. key is generated for each node in a sensor network before deployment and embedded 9. Key Pre-distribution Schemes in each sensor node’s memory. This The third type of key agreement scheme embedded key is used for the two sensors to is key pre-distribution, where key authenticate themselves to the base station. information is distributed among all sensor Then the base station generates a link key or nodes prior to deployment. Recent research session key and sends it securely to both on sensor networks suggests that key pre- sensor nodes via a single hop or multiple distribution schemes are a promising hops. practical option for scenarios where the In the trusted server scheme the base station network topology is not known prior to is the most appropriate choice for the server, deployment. Eschenauer and Gligor [4] first
  5. 5. WIRELESS NETWORKS SECURITY– © J.YABESH, L.R.ELANGO presented a key management scheme for networks. The proposed time sensor networks based on probabilistic key synchronization schemes for sensor pre distribution. Chan et al. [5] extended this scheme and presented three mechanisms for key establishment. Liu and Ning [6] proposed a key management scheme based on key pre-distribution to establish pair wise keys in sensor networks. In [7] Perrig et al. proposed SPINS, a suite of security building blocks for sensor networks. SPINS includes SNEP, a protocol for data confidentiality and two- party data authentication, and mTESLA, a protocol for broadcast data authentication. 10. Secure Time Synchronization Due to the collaborative nature of sensor nodes, time synchronization is very important for many sensor network operations, such as coordinated sensing Networks include Reference-Broadcast tasks, sensor scheduling (sleep and wake), Synchronization (RBS) [12], Timing-Sync mobile object tracking, time-ivision multiple Protocol for Sensor Networks (TPSN) [13], access (TDMA) medium access control, data and so on. These time synchronization aggregation, and multicast source algorithms try to achieve either pair-wise authentication protocol. For example, in the clock synchronization or global clock target tracking application illustrated in Fig. synchronization. Pair-wise clock 2, sensor nodes need to know both the synchronization aims to obtain high location where and time when the target is precision clock synchronization between sensed in order to correctly determine the pairs of sensor neighbors, while global clock target moving direction and speed. synchronization aims to provide network The Network Time Protocol (NTP) [11] is wide clock synchronization in the whole used for synchronization in the Internet. A sensor network. Existing pair-wise clock sensor network is a resource constrained synchronization protocols use either distributed system, and the NTP cannot be receiver–receiver synchronization (e.g., RBS directly used by sensor networks. Several [12]), in which a reference node broadcasts a time synchronization algorithms (e.g., [12, reference packet to help pairs of receivers 13]) have been proposed for sensor identify the clock differences, or sender– networks. All network time synchronization receiver synchronization (e.g., TPSN [13]), methods rely on some kind of message where a sender communicates with a exchanges between nodes. receiver to estimate the clock difference. No determinism in the network dynamics, Most of the global clock synchronization such as physical channel access time and protocols establish multi-hop paths in a operation system overhead (e.g., system sensor network so that all nodes can calls), makes synchronization synchronize their clocks to a given source implementation challenging in sensor based on these paths and the pair wise clock differences between adjacent nodes in these
  6. 6. WIRELESS NETWORKS SECURITY– © J.YABESH, L.R.ELANGO paths. However, none of the aforementioned keys for each pair of neighbor sensors. Then time synchronization schemes were a sender can calculate a message designed with security in mind. Hence, they authentication code (MAC) by using the are not suitable for applications in hostile shared key and append the MAC to an environments (e.g., military battlefields) outgoing message. The MAC prevents an where security is critical. Most existing time attacker from impersonating other nodes or synchronization schemes are vulnerable to altering the message content without being several attacks. In [14] the authors identified detected. To prevent a replay attack, a four possible attacks on sensor time sequence number can be added to each synchronization: exchanged message. Message dropping may be noticed by some misbehavior detection Masquerade attack: Suppose that node A schemes. However, delay and DoS attacks sends out a reference beacon to its two cannot be defended against by cryptographic neighbors, B and C. An attacker, E, can techniques. In Song et al. [14] identified the pretend to be B and exchange wrong time delay attack and propose solutions to defend information with C, disrupting the time against it. The general idea [14] is to collect a synchronization process between B and C. set of time offsets from multiple involved nodes, and some statistical methods are used Replay attack: Using the same scenario as to identify the malicious time offsets (from mentioned in the first attack, attacker E can attackers). Then the identified malicious replay B’s old timing packets, misleading C time offsets are excluded and the rest of the to be synchronized to a wrong time. time offsets are used to estimate the actual time offsets. Two schemes were proposed in Message manipulation attack: In this [14] to defend against the delay attack. The attack, an attacker may drop, modify, or first scheme uses a statistical method, or the even forge the exchanged timing messages generalized extreme studentized deviate to interrupt the time synchronization (GESD) algorithm, to detect multiple process. outliers introduced by the compromised nodes, and the second scheme utilizes a Delay attack: The attacker deliberately threshold derived using a time delays some of the time messages (e.g., the transformation technique to filter out the beacon message in the RBS scheme) so as to outliers. fail the time synchronization process. It is noted that this attack cannot be defended. In addition to the above four attacks, denialof- service (DOS) attack can also disrupt most time synchronization schemes. For example, an adversary can cause jamming or packet collision with timing messages, and thus disrupt the time synchronization process. The first three attacks can be addressed by cryptographic techniques. Authentication can be used to defend against a masquerade attack. For example, a sensor network can first use a key management scheme to establish shared
  7. 7. WIRELESS NETWORKS SECURITY– © J.YABESH, L.R.ELANGO security and better efficiency by utilizing the long transmission range and other features of high-end sensors. Figure 3 shows a heterogeneous sensor network, where the small squares represent low-end sensors, large rectangular nodes are high-end sensors, and the large square at the top right corner is the base station. For example, MICA2-DOT sensors (as shown in the top left corner of Fig. 4) may function as low- end sensors, and Star gate nodes (as shown at the bottom of Fig. 4) may serve as high-end sensors. Both sensor nodes are manufactured by Crossbow Technology Inc. In the top right of Fig. 4 is a quarter used to show the sensor’s size. 11. Secure Location Discovery As mentioned earlier, sensor locations In Wood and Stankovic[1] discussed DOS play a critical role in many sensor network attacks in sensor networks and listed applications, such as environment possible defense schemes against these monitoring and target tracking. Furthermore, attacks. For example, spread-spectrum several fundamental techniques developed technique may be used to avoid jamming for wireless sensor networks also require attack, and error-correcting code may be sensor location information, such as used to defend packet collision attack. In geographical routing protocols that make general, it is not an easy task to detect and routing decisions based on node locations. defend DOS attacks in sensor networks. The Indeed, many sensor network applications above time synchronization schemes are will not work without sensor location designed for homogeneous sensor networks, information. Many location where all sensor nodes are modeled to have discovery/estimation (also called the same capabilities. These schemes localization) protocols have been proposed involve nontrivial computation and for sensor networks, for instance, the communications, and thus incur large scheme suggested in [16]. These protocols overhead. Furthermore, many share a common feature: they all should synchronization algorithms need to make use of some special nodes, called propagate a time synchronization message beacon nodes, which are assumed to know from some reference point (e.g., the base their own locations (e.g., through GPS station) to all sensors via multiple hops, and receivers or manual configuration). These synchronization error can be accumulated protocols work in two stages. In the first during the multihop transmissions. In Du et stage nonbeacon nodes receive radio signals al. [15] proposed a secure, efficient, and called reference messages from the beacon effective time synchronization scheme for nodes. heterogeneous sensor networks, which A reference message includes the location include physically different types of sensor of the beacon node. In the second stage the nodes. The scheme achieves stronger nonbeacon nodes then make certain
  8. 8. WIRELESS NETWORKS SECURITY– © J.YABESH, L.R.ELANGO measurements (e.g., distance between the between any pair of nodes, which is beacon and nonbeacon nodes) based on different from the many-to-one traffic features of the reference messages (e.g., pattern dominant in sensor networks. In [1] received signal strength indicator [RSSI], Wood and Stankovic identified a number of time difference of arrival). Without DOS attacks in sensor networks. Many of protection, an attacker may easily mislead these DOS attacks are on sensor network the location estimation at sensor nodes and routing. In [2] Karlof and Wagner described subvert the normal operation of sensor several security attacks on routing protocols networks. in sensor networks. They also analyzed the For example, an attacker may provide possible attacks on several existing routing incorrect location references by replaying protocols, including Directed Diffusion and the beacon packets intercepted in different LEACH. However, Karlof and Wagner did locations. Moreover, an attacker may not present any secure routing protocol for compromise a beacon node and distribute sensor networks in [2]. In [19] Du et al. malicious location references by lying about proposed an efficient and secure routing the location or manipulating the beacon protocol for heterogeneous sensor networks. signals (e.g., changing the signal strength if The protocol achieves energy efficiency and RSSI is used to estimate the distance). In can defend against many typical attacks on either case, nonbeacon nodes will determine sensor routing. In [20] Ye et al. considered their locations incorrectly.schemes to detect how to efficiently detect false data injected localization anomalies caused by attackers. by compromised nodes. 12. Secure Routing The primary functionality of wireless sensor networks is to sense the environment and transmit the acquired information to base stations for further processing. Thus, routing is an essential operation in sensor networks. A number of routing protocols have been proposed for sensor networks. However, previous research on sensor network routing was focused very much on efficiency and effectiveness of data dissemination, and very few studies considered security issues in the design of the routing protocol. Studies and experiences (e.g., [2]) have shown that considering security in the design stage is the best way to provide security for sensor network routing. Several secure routing protocols have been proposed for mobile ad hoc networks (MANETs). However, these protocols are not suitable for sensor 13. Conclusions networks because:• They require lots of Security is critical for many sensor computations for routingand security. • They networks. Due to the limited capabilities of were designed to find and establish routes sensor nodes, providing security and privacy
  9. 9. WIRELESS NETWORKS SECURITY– © J.YABESH, L.R.ELANGO to a sensor network is a challenging task. In this article, we summarize typical attacks on sensor networks and surveyed the literatures on several important security issues relevant to the sensor networks, including key management, secure time synchronization, secure location discovery, and secure routing. Many security issues in wireless sensor networks remain open and we expect to see more research activities on these exciting topics in the future. 14. References [1] A.D. Wood and J. A. Stankovic, “Denial of Service in Sensor Networks,” Computer, vol. 35, no. 10, Oct. 2002, pp. 54–62. [2] C. Karlof and D. Wagner, “Secure Routing in Sensor Networks: Attacks and Countermeasures,” Proc.1st IEEE Int’l. Wks , Sensor Network Protocols and Apps., 2003.