This document discusses security challenges in wireless sensor networks. It covers several topics: why security is needed in WSNs given their mission-critical applications; why security is more complicated in WSNs due to resource constraints of sensor nodes; common security requirements like confidentiality, integrity, and availability; guiding principles for securing WSNs like decentralized management and adaptive security; common attacks against WSNs at different layers of the protocol stack; and open research issues regarding cryptography, key management, secure data aggregation, and other high-level security mechanisms for WSNs.
Overview on security and privacy issues in wireless sensor networks-2014Tarek Gaber
Lecture Outlines
Why Security is Important for WSN
WSNs have many applications e.g.:
military, homeland security
assessing disaster zones
Others.
This means that such sensor networks have mission-critical tasks.
Security is crucial for such WSNs deployed in these hostile environments.
Why Security is Important for WSN
Moreover, wireless communication employed by WSN facilitates
eavesdropping and
packet injection by an adversary.
These mentioned factors require security for WSN during the design stage to ensure operation safety, secrecy of sensitive data, and privacy for people in sensor environments.
Algorithms to achieve security services
Symmetric Encryption
Asymmetric Encryption
Hash Function/Algorithm
Digital Signature
Why Security is Complex in WSN
Because of WSNs Characteristics:
Anti-jamming and physical temper proofing are impossible
greater design complexity and energy consumption
Denial-of-service (DoS) attack is difficult
Sensor node constraints
Sensor nodes are susceptible to physical capture
Deploying in hostile environment.
eavesdropping and injecting malicious message are easy
Using wireless communication
Why Security is Complex in WSN
Because of WSNs Characteristics:
maximization of security level is challenging
Resource consumption
asymmetric cryptography is often too expensive
Node constraints
centralized security solutions are big issue
no central control and constraints, e.g. small memory capacity.
Cost Issues
Overall cost of WSN should be as low as possible.
Typical Attacks to WSN
Physical Attacks
Environmental
Permanently destroy the node, e.g., crashing or stealing a node.
Attacks at the Physical Layer
Jamming: transmission of a radio signal to interfere with WSN radio frequencies.
Constant jamming: No message are able to be sent or received.
Intermittent jamming: Nodes are able to exchange messages periodically
Jamming Attack Countermeasure
Physical Attacks
Node Capture Attacks
routing functionalities
Countermeasure
tamper-proof features
Expensive solution
Self-Protection
disable device when attack detected
Attacks on Routing
Sinkhole attack
attacker tries to attract the traffic from a particular region through it
Solution:
Watchdog Nodes can start to trace the source of false routing information
Attacks on Routing
Sybil attack (Identity Spoofing)
attacker claims to have multiple identities or locations
provide wrong information for routing to launch false routing attacks
Solutions:
Misbehavior Detection.
Identity Protection
Privacy Attacks
Attempts to obtain sensitive information collected and communicated in WSNs
Eavesdropping
made easy by broadcast nature of wireless networks
Traffic analysis
used to identify sensor nodes of interest (data of interest),
WSN Privacy Issues Cont.
WSN Privacy Issues Attack
Trust and reputation in WSN
WSN Traditional Security Techniques
Cryptographic primitive
How to put these nodes together to form a meaningful network.
How a network should function at high-level application scenarios .
On the basis of these scenarios and optimization goals, the design of networking protocols in wireless sensor networks are derived
A proper service interface is required and integration of WSNs into larger network contexts.
Overview on security and privacy issues in wireless sensor networks-2014Tarek Gaber
Lecture Outlines
Why Security is Important for WSN
WSNs have many applications e.g.:
military, homeland security
assessing disaster zones
Others.
This means that such sensor networks have mission-critical tasks.
Security is crucial for such WSNs deployed in these hostile environments.
Why Security is Important for WSN
Moreover, wireless communication employed by WSN facilitates
eavesdropping and
packet injection by an adversary.
These mentioned factors require security for WSN during the design stage to ensure operation safety, secrecy of sensitive data, and privacy for people in sensor environments.
Algorithms to achieve security services
Symmetric Encryption
Asymmetric Encryption
Hash Function/Algorithm
Digital Signature
Why Security is Complex in WSN
Because of WSNs Characteristics:
Anti-jamming and physical temper proofing are impossible
greater design complexity and energy consumption
Denial-of-service (DoS) attack is difficult
Sensor node constraints
Sensor nodes are susceptible to physical capture
Deploying in hostile environment.
eavesdropping and injecting malicious message are easy
Using wireless communication
Why Security is Complex in WSN
Because of WSNs Characteristics:
maximization of security level is challenging
Resource consumption
asymmetric cryptography is often too expensive
Node constraints
centralized security solutions are big issue
no central control and constraints, e.g. small memory capacity.
Cost Issues
Overall cost of WSN should be as low as possible.
Typical Attacks to WSN
Physical Attacks
Environmental
Permanently destroy the node, e.g., crashing or stealing a node.
Attacks at the Physical Layer
Jamming: transmission of a radio signal to interfere with WSN radio frequencies.
Constant jamming: No message are able to be sent or received.
Intermittent jamming: Nodes are able to exchange messages periodically
Jamming Attack Countermeasure
Physical Attacks
Node Capture Attacks
routing functionalities
Countermeasure
tamper-proof features
Expensive solution
Self-Protection
disable device when attack detected
Attacks on Routing
Sinkhole attack
attacker tries to attract the traffic from a particular region through it
Solution:
Watchdog Nodes can start to trace the source of false routing information
Attacks on Routing
Sybil attack (Identity Spoofing)
attacker claims to have multiple identities or locations
provide wrong information for routing to launch false routing attacks
Solutions:
Misbehavior Detection.
Identity Protection
Privacy Attacks
Attempts to obtain sensitive information collected and communicated in WSNs
Eavesdropping
made easy by broadcast nature of wireless networks
Traffic analysis
used to identify sensor nodes of interest (data of interest),
WSN Privacy Issues Cont.
WSN Privacy Issues Attack
Trust and reputation in WSN
WSN Traditional Security Techniques
Cryptographic primitive
How to put these nodes together to form a meaningful network.
How a network should function at high-level application scenarios .
On the basis of these scenarios and optimization goals, the design of networking protocols in wireless sensor networks are derived
A proper service interface is required and integration of WSNs into larger network contexts.
Design Issues and Challenges in Wireless Sensor NetworksKhushbooGupta145
Wireless Sensor Networks (WSNs) are composed self-organized wireless ad hoc networks which comprise of a large number of resource constrained sensor nodes. The major areas of research in WSN is going on hardware, and operating system of WSN, deployment, architecture, localization, synchronization, programming models, data aggregation and dissemination, database querying, architecture, middleware, quality of service and security. This paper study highlights ongoing research activities and issues that affect the design and performance of Wireless Sensor Network.
sensors are what we experience the most in our life. they are even working in our body in different aspects. they may be as eyes, ears, skin, tongue etc. when we combine them they make a network. it may be a human sensor network. but i have shared something interesting about wireless sensor networks.
This ppt describes about the Different protocols of Ad-Hoc Network .It is a pure survey report which will make clarification about each protocols used in ad-hoc network and helps to future generation to make more publishing of recent trends of ad-hoc networks.
Design Issues and Challenges in Wireless Sensor NetworksKhushbooGupta145
Wireless Sensor Networks (WSNs) are composed self-organized wireless ad hoc networks which comprise of a large number of resource constrained sensor nodes. The major areas of research in WSN is going on hardware, and operating system of WSN, deployment, architecture, localization, synchronization, programming models, data aggregation and dissemination, database querying, architecture, middleware, quality of service and security. This paper study highlights ongoing research activities and issues that affect the design and performance of Wireless Sensor Network.
sensors are what we experience the most in our life. they are even working in our body in different aspects. they may be as eyes, ears, skin, tongue etc. when we combine them they make a network. it may be a human sensor network. but i have shared something interesting about wireless sensor networks.
This ppt describes about the Different protocols of Ad-Hoc Network .It is a pure survey report which will make clarification about each protocols used in ad-hoc network and helps to future generation to make more publishing of recent trends of ad-hoc networks.
LPWAN Technologies for Internet of Things (IoT) and M2M ScenariosPeter R. Egli
Rapid technological advances in the past made possible the miniaturization of network devices to meet the cost and power consumption requirements in IoT and M2M scenarios. What is missing in this picture is a radio technology with both long range capability and a very low cost footprint. Existing radio technologies such as 3G/4G or Short Range Radio do not aptly meet the requirements of IoT scenarios because they are either too expensive or are not able to provide the required range. Other wireless technologies are geared towards high bandwidth which is in most cases not a requirement for IoT.
Emerging LPWAN technologies such as ETSI LTN or LoRAWAN are poised for filling the gap by providing long range (up to 40km) and low power connectivity. These technologies allow low cost radio devices and operation thus enabling scaling up IoT applications.
Low Power Wireless Sensor Network Technologies and Standards for the Internet...Duncan Purves
Presentation on Low Power Wireless Sensor Network Technologies and Standards for the Internet of Things given at Institute of Physics, Sensors & their Applications XVIII Conference, 12 September 2016
Data Transfer Security solution for Wireless Sensor NetworkEditor IJCATR
WSN is a wide growth area for specific resource limited application. Factor associated with technology like, the encryption
security, operating speed and power consumption for network. Here, we introduce a mechanism for secure transferring of data is WSN
and various security related issues. This energy-efficient encryption is a secure communication framework in which an algorithm is
used to encode the sensed data using like, RC5, AES and CAST Algorithm. The proposed scheme is most suitable for wireless sensor
networks that incorporate data centric routing protocols. An algorithm in sensor network is help to designers predict security
performance under a set of constraints for WSNs. This symmetric key function is used to guarantee secure communications between
in-network nodes and reliable operation cost. RC5 is good on the code point of view, but the key schedule consumes more resource
time for efficient security aspects.
2.espk external agent authentication and session key establishment using publ...EditorJST
Wireless sensor networks (WSNs) have recently attracted a lot of interest in the research community due their wide range of applications. Due to distributed and deployed in a un attend environment, these are vulnerable to numerous security threats. In this paper, describe the design and implementation of public-key-(PK)-based protocols that allow authentication and session key establishment between a sensor network and a third party. WSN have limitations on computational capacity, battery etc which provides scope for challenging problems. We fundamentally focused on the security issue of WSNs The proposed protocol is efficient and secure in compared to other public key based protocols in WSNs.
As of late, remote sensor organize (WSN) is
utilized in numerous application zones, for
example, checking, following, and controlling. For
some utilizations of WSN, security is an essential
necessity. In any case, security arrangements in
WSN vary from conventional systems because of
asset confinement and computational
requirements. This paper investigates security
arrangements: Tiny Sec, IEEE 802.15.4, Twists,
Mini SEC, LSec, LLSP, LISA, and Drawl in
WSN. The paper additionally introduces qualities,
security prerequisites, assaults, encryption
calculations, and operation modes. This paper is
thought to be valuable for security planners in
WSNs.
AN ANTI-CLONE ATTACK KEY MANAGEMENT SCHEME FOR WIRELESS SENSOR NETWORKScsandit
Wireless Sensor Networks (WSNs) are subject to various kinds of attacks such as replaying of
messages, battery exhausting, and nodes compromising. While most of these attacks can be
dealt with through cryptographic security protocols provided by key management schemes,
there are always a few that manage to really cause problems. One such attack that is most
common and significant in WSNs is cloning attack. In clone attack, the intruder tries to capture
and compromise some nodes and inject them into several locations throughout the network in
order to conduct other types of attacks. Moreover, if this attack is not detected early, then these
replicated injected nodes will consume a large amount of the network resources. In this paper,
we analyze several key management schemes that can be used for checking integrity and
preventing cloning attacks. After analyzing the problems associated with these schemes, we
propose a model that allows us to distinguish between legitimate nodes and cloned nodes in
such sensor networks.
A SURVEY ON WIRELESS SENSOR NETWORKS SECURITY WITH THE INTEGRATION OF CLUSTER...cscpconf
Keying technique in Wireless Sensor Networks(WSNs) is one of the most emerging fields ofWSN security. In order to provide security on WSN, the role of Key distribution technique is
considered to be very significant and thus the key management plays a crucial and fundamentalroles in the security service of WSNs. This paper reviews pairwise key establishment techniquealong with the architecture and the environment of WSN. The cluster based group key
agreement protocols for infrastructure base WSN are discussed in this paper. This paper also
reviews how the security can be provided to WSNs with the integration of clustering and keying
techniques. The survey also provides a more detailed discussion on the comparison between different cluster based group key agreement protocols.
A survey on wireless sensor networks security with the integration of cluster...csandit
Keying technique in Wireless Sensor Networks(WSNs) is one of the most emerging fields of
WSN security. In order to provide security on WSN, the role of Key distribution technique is
considered to be very significant and thus the key management plays a crucial and fundamental
roles in the security service of WSNs. This paper reviews pairwise key establishment technique
along with the architecture and the environment of WSN. The cluster based group key
agreement protocols for infrastructure base WSN are discussed in this paper. This paper also
reviews how the security can be provided to WSNs with the integration of clustering and keying
techniques. The survey also provides a more detailed discussion on the comparison between
different cluster based group key agreement protocols.
Wireless Sensor Networks: An Overview on Security Issues and ChallengesIJAEMSJORNAL
Wireless Sensor Networks (WSNs) are formed by deploying as large number of sensor nodes in an area for the surveillance of generally remote locations. A typical sensor node is made up of different components to perform the task of sensing, processing and transmitting data. WSNs are used for many applications in diverse forms from indoor deployment to outdoor deployment. The basic requirement of every application is to use the secured network. Providing security to the sensor network is a very challenging issue along with saving its energy. Many security threats may affect the functioning of these networks. WSNs must be secured to keep an attacker from hindering the delivery of sensor information and from forging sensor information as these networks are build for remote surveillance and unauthorized changes in the sensed data may lead to wrong information to the decision makers. This paper gives brief description about various security issues and security threats in WSNs.
A SURVEY ON SECURITY IN WIRELESS SENSOR NETWORKSIJNSA Journal
The emergence of wireless sensor networks (WSNs) can be considered one of the most important
revolutions in the field of information and communications technology (ICT). Recently, there has been a
dramatic increase in the use of WSN applications such as surveillance systems, battleground applications,
object tracking, habitat monitoring, forest fire detection and patient monitoring. Due to limitations of
sensor nodes in terms of energy, storage and computational ability, many security issues have arisen in
such applications. As a result, many solutions and approaches have been proposed for different attacks and
vulnerabilities to achieve security requirements. This paper surveys different security approaches for
WSNs, examining various types of attacks and corresponding techniques for tackling these. The strengths
and weaknesses for each technique are also discussed at the conclusion of this paper.
A SURVEY ON SECURITY IN WIRELESS SENSOR NETWORKSIJNSA Journal
The emergence of wireless sensor networks (WSNs) can be considered one of the most important
revolutions in the field of information and communications technology (ICT). Recently, there has been a
dramatic increase in the use of WSN applications such as surveillance systems, battleground applications,
object tracking, habitat monitoring, forest fire detection and patient monitoring. Due to limitations of
sensor nodes in terms of energy, storage and computational ability, many security issues have arisen in
such applications. As a result, many solutions and approaches have been proposed for different attacks and
vulnerabilities to achieve security requirements. This paper surveys different security approaches for
WSNs, examining various types of attacks and corresponding techniques for tackling these. The strengths
and weaknesses for each technique are also discussed at the conclusion of this paper.
Energy Efficient Key Management Analysis using AVL Trees in Wireless Sensor N...inventionjournals
International Journal of Engineering and Science Invention (IJESI) is an international journal intended for professionals and researchers in all fields of computer science and electronics. IJESI publishes research articles and reviews within the whole field Engineering Science and Technology, new teaching methods, assessment, validation and the impact of new technologies and it will continue to provide information on the latest trends and developments in this ever-expanding subject. The publications of papers are selected through double peer reviewed to ensure originality, relevance, and readability. The articles published in our journal can be accessed online.
KEY MANAGEMENT TECHNIQUES IN WIRELESS SENSOR NETWORKSIJNSA Journal
The way that is used to achieve most important security requirements is the cryptography. Cryptography mainly depends on what is called cryptography keys; the cryptographic keys required to be managed by using a robustness technique that guarantees the needed security requirements. So first of all, the necessary keys need to be distributed to the nodes before they are disseminated in the target area, and then let the sensors that need to communicate establish its secure communication by having a deal on what is called pair-wise key, and allow the refreshment process for those keys to be occurred successfully when it is needed, and finally, having the ability to revoke the keys that related to compromised nodes. These phases are performing the process that is called Key Management. In this paper we will explain different key management schemes, critique them theoretically, and propose an idea as a way out for the expected problems in one of these schemes.
Analysis of security threats in wireless sensor networkijwmn
Wireless Sensor Network(WSN) is an emerging technology and explored field of researchers worldwide
in the past few years, so does the need for effective security mechanisms. The sensing technology
combined with processing power and wireless communication makes it lucrative for being exploited in
abundance in future. The inclusion of wireless communication technology also incurs various types of
security threats due to unattended installation of sensor nodes as sensor networks may interact with
sensitive data and /or operate in hostile unattended environments. These security concerns be addressed
from the beginning of the system design. The intent of this paper is to investigate the security related
issues in wireless sensor networks. In this paper we have explored general security threats in wireless
sensor network with extensive study.
Security Attacks and its Countermeasures in Wireless Sensor NetworksIJERA Editor
Wireless Sensor Networks have come to the forefront of the scientific community recently. Present WSNs typically communicate directly with a centralized controller or satellite. Going on the other hand, a smart WSN consists of a number of sensors spread across a geographical area; each sensor has wireless communication ability and sufficient intelligence for signal processing and networking of the data. This paper surveyed the different types of attacks, security related issues, and it’s Countermeasures with the complete comparison between Layer based Attacks in Wireless Sensor Networks
Similar to Security in wireless sensor networks (20)
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Monitoring Java Application Security with JDK Tools and JFR Events
Security in wireless sensor networks
1. Prof. S K Jena
Department of Computer Science and Engineering
National Institute of Technology Rourkela
2. Why Need Security?
Why Security Complicated in WSN?
Security Requirements
Guiding Principles for Securing WSN
Evaluation Metrics to Security Scheme
Taxonomy of Attacks
Issues with High-Level Security Mechanisms
Conclusion
3. Wireless sensor networks have many applications in military,
homeland security and other areas. In that many sensor
networks have mission-critical tasks.
Security is critical for such networks deployed in hostile
environments.
Most sensor networks actively monitor their surroundings,
and it is often easy to deduce information other than the
data monitored.
4. Such unwanted information leakage often results in privacy
breaches of the people in environment.
Moreover, the wireless communication employed by sensor
networks facilitates eavesdropping and packet injection by an
adversary.
The combination of these factors demands security for
sensor networks at design time to ensure operation safety,
secrecy of sensitive data, and privacy for people in sensor
environments.
Providing security in sensor networks is even more difficult
than MANETs due to the resource limitations of sensor
nodes.
5. Why Need Security?
Why Security Complicated in WSN?
Security Requirements
Guiding Principles for Securing WSN
Evaluation Metrics to Security Scheme
Taxonomy of Attacks
Issues with High-Level Security Mechanisms
Conclusion
6. Overall cost of WSN should be as low as possible.
Sensor nodes are susceptible to physical capture.
Sensor nodes use wireless communication, easy to
eavesdrop.
Attacker can easily inject malicious message into network.
Anti-jamming and physical temper proofing techniques are
impossible due to greater design complexity and energy
consumption
Sensor node constraints make WSNs more susceptible to
denial-of-service attack
7. Frequent topology change of WSN facilitates different link
attacks ranging from passive eavesdropping to active
interfering
There is a conflict between resource consumption and
maximization of security level.
Due to node constraints asymmetric cryptography is often
too expensive.
Managing key distribution is not unique to WSNs, but
constraints such as small memory capacity make centralized
keying techniques impossible.
8. Why Need Security?
Why Security Complicated in WSN?
Security Requirements
Guiding Principles for Securing WSN
Evaluation Metrics to Security Scheme
Taxonomy of Attacks
Issues with High-Level Security Mechanisms
Conclusion
10. Why Need Security?
Why Security Complicated in WSN?
Security Requirements
Guiding Principles for Securing WSN
Evaluation Metrics to Security Scheme
Taxonomy of Attacks
Issues with High-Level Security Mechanisms
Conclusion
11. Security of a network is determined by the security over all layers.
In a massively distributed network, security measures should be
amenable to dynamic reconfiguration and decentralized
management.
In a given network, at any given time, the cost incurred due to the
security measures should not exceed the cost assessed due to the
security risks at that time.
If physical security of nodes in a network is not guaranteed, the
security measures must be resilient to physical tampering with nodes
in the field of operation.
Because of various constraints in WSN the following aspects should
be carefully considered when designing a security scheme: Power
efficiency, Node Density and Reliability, Adaptive security, Self
configurability, Simplicity and local ID.
12. Why Need Security?
Why Security Complicated in WSN?
Security Requirements
Guiding Principles for Securing WSN
Evaluation Metrics to Security Scheme
Taxonomy of Attacks
Issues with High-Level Security Mechanisms
Conclusion
14. Why Need Security?
Why Security Complicated in WSN?
Security Requirements
Guiding Principles for Securing WSN
Evaluation Metrics to Security Scheme
Taxonomy of Attacks
Issues with High-Level Security Mechanisms
Conclusion
15. Wireless networks are vulnerable to security attacks due to
the broadcast nature of the transmission medium.
Furthermore, WSNs have an additional vulnerability
because nodes are often placed in a hostile or dangerous
environment where they are not physically protected.
For a large-scale sensor network, it is impractical to
monitor and protect each individual sensor from physical
or logical attack. Attackers may device different types of
security threats to make the WSN system unstable.
16. Based on Capability of attacker
Outsider versus insider (Node Compromise) attacks
Passive versus active attacks
Mote-class versus laptop-class attacks
Attacks on Information in Transit
Interruption
Interception
Modification
Fabrication
Replaying existing messages
17. Host Based Vs Network Based
Host-based attacks
▪ User compromise
▪ Hardware compromise
▪ Software compromise
Network-based attacks
▪ Layer-specific compromises
▪ Protocol-specific compromises
Deviating from protocol
18. Based on Protocol Stack
Physical layer
▪ Jamming
▪ Radio interference
▪ Tampering or destruction
Data Link Layer
▪ Continuous Channel Access (Exhaustion)
▪ Collision
▪ Unfairness
▪ Interrogation
▪ Sybil Attack
19. Based on Protocol Stack
Network Layer
▪ Sinkhole
▪ Hello Flood
▪ Node Capture
▪ Selective Forwarding/ Black Hole Attack (Neglect And Greed)
▪ Sybil Attack
▪ Wormhole Attacks
▪ Spoofed, Altered, or Replayed Routing Information
▪ Acknowledgment Spoofing
▪ Misdirection
▪ Internet Smurf Attack
▪ Homing
20. Based on Protocol Stack
Transport Layer
▪ Flooding
▪ De-synchronization Attacks
Application Layer
▪ Overwhelm attack
▪ Path-based DOS attack
▪ Deluge (reprogram) attack
21. Why Need Security?
Why Security Complicated in WSN?
Security Requirements
Guiding Principles for Securing WSN
Evaluation Metrics to Security Scheme
Taxonomy of Attacks
Issues with High-Level Security Mechanisms
Conclusion
22. Cryptograph
To achieve security in WSNs, it is important to be able to perform various
cryptographic operations, including encryption, authentication, and so on.
However, decision for Selecting the appropriate cryptography method
depends on the computation and communication capability of the sensor
nodes.
Asymmetric cryptography is often too expensive for many applications. Thus,
a promising approach is to use more efficient symmetric cryptographic
alternatives.
However, symmetric cryptography is not as versatile as public key
cryptographic techniques, which complicates the design of secure
applications.
Applying any encryption scheme requires transmission of extra bits, hence
extra processing, memory and battery power, which are very important
resources for the sensors’ longevity.
Applying the security mechanisms such as encryption could also increase
delay, jitter and packet loss in WSNs.
23. Cryptography
The process by which public key and symmetric key
cryptography schemes should be selected is based on the
following criteria:
▪ Energy
▪ Program memory
▪ Temporary memory
▪ Execution time
▪ Program parameters memory
24. Key Management
The security of a cryptographic system relies mainly on the secrecy of
the key it uses.
Keys for these cryptographic operations must be set up by
communicating nodes before they can exchange information securely.
Key management schemes are mechanisms used to establish and
distribute various kinds of cryptographic keys in the network, such as
individual keys, pair wise keys, and group keys.
Key management is an essential cryptographic primitive upon which
other security primitives are built. If an attacker can find the key, the
entire system is broken.
In fact, a secure key management scheme is the prerequisite for the
security of these primitives, and thus essential to achieving secure
infrastructure in sensor networks.
25. Open Research Issue on Cryptography algorithms and Key
Management protocols
Public key cryptography
Symmetric key cryptography
Link layer security (hop-by-hop encryption)
Authenticity of public keys (Identity-based cryptography)
Key revocation
Key management schemes based on symmetric key cryptography
Key management schemes based on public key cryptography
path key establishment
Good-shared key discovery
Key management and Security mechanisms for mobile WSNs
study of node compromise distribution and integrating it in key
management
26. Secure Data Aggregation
Data aggregation (or data fusion) is a process in which intermediary nodes
called “aggregators” collect the raw sensed information form sensor nodes,
process it locally, and forward only the result to the end-user.
This important operation essentially reduces the amount of transmitted data
on the network and thus prolongs its overall lifetime
This operation cannot be efficiently done without being secured.
Because of deployment environment, the physical compromise of
aggregators and some of the sensor nodes is possible.
An active adversary can forge, the home server to accept false aggregation
results (Stealthy attacks), which are very much different from the actual results
determined by the measured values.
The first line of defence against threats is cryptographic mechanisms: integrity
and confidentiality can be achieved using cryptographic schemes.
27. Open Research Issue on Secure Data Aggregation
Techniques are needed to ensure that the user can still be confident of the
(approximate) accuracy of the aggregated data even when the aggregator and
a small subset of the sensor nodes are under the control of an adversary .
In secure data aggregation protocols, performance comparison are required in
terms of matrices such as security, processing overhead, communication
overhead, energy consumption, and data compression rate.
New data aggregation protocols need to be developed to address higher
scalability and reliability against aggregator and sensor node cheating.
Cryptography within in-network data processing (secure data processing ).
Secure, very efficient and cost-effective, data aggregation mechanisms .
Trustworthiness and reliability of the aggregated data.
Secure data aggregation scheme in the environments without big nodes.
secure data aggregation schemes for mobile WSNs including mobile
aggregators
28. Secure Group Management
In-network processing of the raw data is performed in WSNs by
dividing the network into small groups and analyzing the data
aggregated at the group leaders.
So the group leader has to authenticate the data it is receiving from
other nodes in the group.
This requires group key management. However, addition or deletion of
nodes from the group leads to more problems.
Consequently, secure protocols for group management are required.
29. Intrusion Detection
The problem of intrusion detection is very important in the case of
WSNs.
Traditional approaches which do an anomaly analysis of the network
at a few concentration points, are expensive in terms of network's
memory and energy consumption.
So there is a need for decentralized intrusion detection .
30. Open Research Issue on Intrusion Detection
The problem of intrusion detection needs to be well defined in WSNs.
The proposed IDS protocols focus on filtering injected false
information only.
These protocols need to be improved so as to address scalability
issues.
It is very difficult to integrate intrusion detection techniques into a
uniform hardware platform due to cost and implementation
considerations .
31. Secure Time Synchronization
Due to the collaborative nature of sensor nodes, time synchronization
is very important for many sensor network operations, such as
coordinated sensing tasks, sensor scheduling (sleep and wake), mobile
object tracking, time- division multiple access (TDMA) medium access
control, data aggregation, and multicast source authentication
protocol.
However, none of the aforementioned time synchronization schemes
were designed with security in mind. Hence, they are not suitable for
applications in hostile environments (e.g., military battlefields) where
security is critical.
Most existing time synchronization schemes are vulnerable to several
attacks which include Masquerade attack, Replay attack, Message
manipulation attack, Delay attack and Denial of service (DoS).
32. Secure Location Discovery
Sensor locations play a critical role in many sensor network applications,
such as environment monitoring and target tracking.
Without protection, an attacker may easily mislead the location estimation
at sensor nodes and subvert the normal operation of sensor networks.
For example, an attacker may provide incorrect location references by
replaying the beacon packets intercepted in different locations.
In either case, non-beacon nodes will determine their locations incorrectly.
Two approaches to deal with malicious attacks against location discovery
in WSNs are based on minimum mean square estimation (MMSE) and use
a voting-based location estimation technique and iteratively refine voting
to tolerate malicious location references sent by attackers.
33. Code Attestation
Sensors that operate in an unattended, harsh or hostile environment often suffer
from break-in compromises, because their low costs do not allow the use of
expensive tamper-resistant hardware.
Besides the exposure of secret information (e.g., cryptographic keys),
compromised sensors may be reprogrammed with malicious code to launch all
kinds of insider attacks.
If we can identify and further revoke those corrupted nodes in a timely manner,
the potential damages caused by them could be minimized.
To address this problem, a promising direction is to use code attestation to
validate the code running on each sensor node. Because the code running on a
malicious node must be different from that on a legitimate node, we can detect
compromised nodes by verifying their memory content.
Code attestation may be achieved through either hardware or software.
So far little research has been done in this aspect, and I believe it is a promising
research direction.
34. Secure Routing
Many sensor network routing protocols have been proposed, but none of them
have been designed with security as a goal. WSNs use multi-hop routing and
wireless communication to transfer data, thus incur more routing attacks.
Security attributes are the mechanisms that allow the routing protocols to
defend against the possible threats in the whole network.
These attributes consist of identity verification, bi- directionality confirmation,
topology structure restriction, base station decentralization and braided and
multi-path transmission.
35. Secure Routing
There are a lot of approaches to ease routing security:
▪ Most current proposals are suitable for static WSNs. Designing secure routing algorithms for
mobile WSNs is complex and current secure routing algorithms will meet issues when they are
applied in mobile environments.
▪ Undetected node compromise issues
▪ Currently most proposals only consider security metrics and only a few of them evaluate other
metrics. More metrics, such as QoS (quality of service) need to be considered in addition of
security.
▪ Some secure routing algorithms are proposed based on hierarchical sensor networks, most of
these studies did not show the different effects such as energy consummations, security, etc. due
to different cluster size. More elaborate studies need to be done in the future.
▪ Routing maintenance
36. Trust Management System
Trust, or the trust on the behaviour of the elements of the network, is a key
aspect for WSN.
A trust management system can be useful for detecting a node which is not
behaving as expected (either faulty or maliciously) or it can assist in the
decision-making process, for instance, if a node needs a partner in order to
achieve a common goal.
Even though trust is an important feature for WSN few systems have
considered it.
However, more efforts have been made on the fields of Ad-hoc and P2P
networks, which are somehow similar to WSN.
It is clear that any trust management system has to be specially designed and
prepared for reacting against the particular issues, such as autonomy,
decentralization, and initialization that can be found in WSN environments.
37. Trust Management System
Although there are some existing architectures for WSN that partially solve
these problems, it is still possible to point out the neglected aspects that can
be considered crucial for creating a satisfactory trust system.
▪ Any trust management system has to be specially designed and prepared for reacting
against the particular issues, such as autonomy, decentralization, and initialization
that can be found in WSN environments.
▪ It should be necessary to deduce different trust values for every distinct behaviour of
the nodes.
▪ Sensor nodes should also be aware of the trust history of their neighbourhood. The
consistence in the trust readings is also significant.
▪ Note that all the important decisions taken by the nodes, such as node exclusion,
should be notified to the base station for logging, monitoring and maintenance
purposes.
▪ One of the biggest constraints regarding trust management for sensor networks is
the overhead that the existence of this system may impose over the constrained
elements of the network.
38. Other Security Issues
Security-energy assessment,
Data assurance,
Survivability,
Trust,
End to end security,
Security and Privacy Support for data centric sensor networks (DCS),
Node compromise distribution.
It’s very important to study these areas due to a sensor network’s
special character, such as battery limitation, high failure probability
nodes, easier compromised nodes, unreliable transmission media, etc.
Until now, there have been only a few approaches available, and more
studies are needed in these areas.
39. Security concerns constitute a potential stumbling block to the
impending wide deployment of sensor networks.
WSNs are still under development, and many protocols designed so far
for WSNs have not taken security into consideration.
On the other hand, the salient features of WSNs make it very challenging
to design strong security protocols while still maintaining low overheads.
We summarize typical attacks on sensor networks and several important
security issues relevant to the sensor networks, including key
management, secure time synchronization, secure location discovery and
etc.
Many security issues in WSNs remain open and I expect to see more
research activities on these exciting topics in the future.
40. Chris Karlof and David Wagner, “Secure routing in wireless sensor networks: attacks
and countermeasures”, Ad Hoc Networks, Elsevier Publications, Vol.1, pp.293–315,
2003.
Xiangqian Chen, Kia Makki, Kang Yen, and Niki Pissinou, “Sensor Network
Security: A Survey”, IEEE Communications Surveys & Tutorials, Vol. 11, No. 2, pp.
52 – 73, Second Quarter 2009.
T.Kavitha and D.Sridharan, “Security Vulnerabilities In Wireless Sensor Networks:
A Survey”, Journal of Information Assurance and Security (2010) Vol. 5, No. 1 pp.
31– 44, 2010.
Holger Karl and Andreas Willing, “Protocols and Architectures for Wireless Sensor
Networks”, John Wiley & Sons publication, 2007.
Editor's Notes
the analysis of security and survivability requirements concern with the design goals of scalability, efficiency, key connectivity, resilience and reliability. Security services include the following: Authentication ensures that the other end of a connection or the originator of a packet is the node that is claimed. Access-control prevents unauthorized access to a resource. Confidentiality protects overall content or a field in a message. Confidentiality can also be required to prevent an adversary from undertaking traffic analysis. Privacy prevents adversaries from obtaining information that may have private content. The private information may be obtained through the analysis of traffic patterns, i.e. frequency, source node, routes, etc. Ensures that a packet is not modified during transmission is known as Integrity . Authorization : authorizes another node to update information (import authorization) or to receive information (export authorization). Anonymity hides the source of a packet or frame. It is a service that can help with data confidentiality and privacy. Non-repudiation proves the source of a packet. In authentication the source proves its identity. Non-repudiation prevents the source from denying that it sent a packet. Freshness ensures that a malicious node does not resend previously captured packets. Availability mainly targets DoS attacks and is the ability to sustain the networking functionalities without any interruption due to security threats. Resilience to attacks required to sustain the network functionalities when a portion of nodes is compromised or destroyed. In Forward secrecy a sensor should not be able to read any future messages after it leaves the network. In Backward secrecy a joining sensor should not be able to read any previously transmitted message. Survivability is the ability to provide a minimum level of service in the presence of power loss, failures or attacks. Ability to change security level as resource availability changes is the Degradation of security services.
Security: a security scheme has to meet the requirements discussed above. • Resiliency: in case a few nodes are compromised, a security scheme should still protect against the attacks. • Energy efficiency: a security scheme must be energy efficient so as to maximize node and network lifetime. • Flexibility: key management needs to be flexible so as to allow for different network deployment methods, such as random node scattering and predetermined node placement. • Scalability: a security scheme should be able to scale without compromising the security requirements. • Fault-tolerance: a security scheme should continue to provide security services in the presence of faults such as failed nodes. • Self-healing: sensors may fail or run out of energy. The remaining sensors may need to be reorganized to maintain a set level of security. • Assurance: assurance is the ability to disseminate different information at different levels to end-users. A security scheme should offer choices with regard to desired reliability, latency, and so on.
Based On the Capability of the Attacker 1 Outsider versus insider (Node Compromise) attacks Outside attacks are defined as attacks from nodes, which do not belong to a WSN; insider attacks occur when legitimate nodes of a WSN behave in unintended or unauthorized ways. To overcome these attacks, we require robustness against Outsider Attacks, Resilience to Insider Attacks, Graceful Degradation with Respect to Node Compromise and Realistic Levels of Security. 2 Passive versus active attacks Passive attacks include eavesdropping on or monitoring packets exchanged within a WSN; active attacks involve some modifications of the data steam or the creation of a false stream. 3 Mote-class versus laptop-class attacks In mote-class attacks, an adversary attacks a WSN by using a few nodes with similar capabilities to the network nodes; in laptop-class attacks, an adversary can use more powerful devices (e.g., a laptop) to attack a WSN. These devices have greater transmission range, processing power, and energy reserves than the network nodes. Attacks on Information in Transit In a sensor network, sensors monitor the changes of specific parameters or values and report to the sink according to the requirement. While sending the report, the information in transit may be attacked to provide wrong information to the base stations or sinks. 1 Interruption : Communication link in sensor networks becomes lost or unavailable. This operation threatens service availability. The main purpose is to launch denial-of-service (DoS) attacks. From the layer-specific perspective, this is aimed at all layers. 2 Interception : Sensor network has been compromised by an adversary where the attacker gains unauthorized access to sensor node or data in it. Example of this type of attacks is node capture attacks. This threatens message confidentiality. The main purpose is to eavesdrop on the information carried in the messages. From the layer-specific perspective, this operation is usually aimed at the application layer. 3 Modification : Unauthorized party not only accesses the data but also tampers with it. This threatens message integrity. The main purpose is to confuse or mislead the parties involved in the communication protocol. This is usually aimed at the network layer and the application layer, because of the richer semantics of these layers. 4 Fabrication : An adversary injects false data and compromises the trustworthiness of information. This threatens message authenticity. The main purpose is to confuse or mislead the parties involved in the communication protocol. This operation can also facilitate DOS attacks, by flooding the network. 5 Replaying existing messages : This operation threatens message freshness. The main purpose of this operation is to confuse or mislead the parties involved in the communication protocol that is not time- aware.
Host Based Vs Network Based 1 Host-based attacks It is further broken down in to: User compromise : This involves compromising the users of a WSN, e.g. by cheating the users into revealing information such as passwords or keys about the sensor nodes. Hardware compromise : This involves tampering with the hardware to extract the program code, data and keys stored within a sensor node. The attacker might also attempt to load its program in the compromised node. Software compromise : This involves breaking the software running on the sensor nodes. Chances are the operating system and/or the applications running in a sensor node are vulnerable to popular exploits such as buffer overflows. 2 Network-based attacks It has two orthogonal perspectives: layer-specific compromises , and protocol-specific compromises . This includes all the attacks on information in transit. Apart from that it also includes Deviating from protocol : When the attacker is, or becomes an insider of the network, and the attacker’s purpose is not to threaten the service availability, message confidentiality, integrity and authenticity of the network, but to gain an unfair advantage for itself in the usage of the network, the attacker manifests selfish behaviors, behaviors that deviate from the intended functioning of the protocol.
Based On Protocol Stack ,provides the layer wise issues. 1 Physical Layer (a) Jamming : This is one of the Denial of Service Attacks in which the adversary attempts to disrupt the operation of the network by broadcasting a high-energy signal. Jamming attacks in WSNs, classifying them as constant (corrupts packets as they are transmitted), deceptive (sends a constant stream of bytes into the network to make it look like legitimate traffic), random (randomly alternates between sleep and jamming to save energy), and reactive (transmits a jam signal when it senses traffic). To defense against this attack, use spread-spectrum techniques for radio communication. Handling jamming over the MAC layer requires Admission Control Mechanisms. Network layer deals with it, by mapping the jammed area in the network and routing around the area. Algorithms that combine statistically analyzing the received signal strength indicator (RSSI) values, the average time required to sense an idle channel (carrier sense time), and the packet delivery ratio (PDR) techniques can reliably identify all four types of jamming. (b) Radio interference : In which the adversary either produces large amounts of interference intermittently or persistently. To handle this issue, use of symmetric key algorithms in which the disclosure of the keys is delayed by some time interval. (c) Tampering or destruction : Given physical access to a node, an attacker can extract sensitive information such as cryptographic keys or other data on the node. One defence to this attack involves tamper-proofing the node’s physical package. Self Destruction (tamper-proofing packages) – whenever somebody accesses the sensor nodes physically the nodes vaporize their memory contents and this prevents any leakage of information. Second - Fault Tolerant Protocols – the protocols designed for a WSN should be resilient to this type of attacks. 2 Data Link Layer ( a)Continuous Channel Access (Exhaustion) : A malicious node disrupts the Media Access Control protocol, by continuously requesting or transmitting over the channel. This eventually leads a starvation for other nodes in the network with respect to channel access. One of the countermeasures to such an attack is Rate Limiting to the MAC admission control such that the network can ignore excessive requests, thus preventing the energy drain caused by repeated transmissions. A second technique is to use time-division multiplexing where each node is allotted a time slot in which it can transmit. (b) Collision : This is very much similar to the continuous channel attack. A collision occurs when two nodes attempt to transmit on the same frequency simultaneously. When packets collide, a change will likely occur in the data portion, causing a checksum mismatch at the receiving end. The packet will then be discarded as invalid. A typical defence against collisions is the use of error-correcting codes. (c) Unfairness : Repeated application of these exhaustion or collision based MAC layer attacks or an abusive use of cooperative MAC layer priority mechanisms, can lead into unfairness. This kind of attack is a partial DOS attack, but results in marginal performance degradation. One major Security Vulnerabilities In Wireless Sensor Networks: A Survey defensive measure against such attacks is the usage of small frames, so that any individual node seizes the channel for a smaller duration only. (d) Interrogation : Exploits the two-way request-to- send/clear to send (RTS/CTS) handshake that many MAC protocols use to mitigate the hidden-node problem. An attacker can exhaust a node’s resources by repeatedly sending RTS messages to elicit CTS responses from a targeted neighbor node. To put a defence against such type of attacks a node can limit itself in accepting connections from same identity or use Anti replay protection and strong link-layer authentication. (e) Sybil Attack : This type of attack is very much prominent in Link Layer. First type of link layer Sybil Attack is Data Aggregation in which single malicious node is act as different Sybil Nodes and then this may many negative reinforcements to make the aggregate message a false one.
Based On Protocol Stack ,provides the layer wise issues. 3 Network Layer (a) Sinkhole : Depending on the routing algorithm technique, a sinkhole attack tries to lure almost all the traffic toward the compromised node, creating a metaphorical sinkhole with the adversary at the centre. Geo-routing protocols are known as one of the routing protocol classes that are resistant to sinkhole attacks, because that topology is constructed using only localized information, and traffic is naturally routed through the physical location of the sink node, which makes it difficult to lure it elsewhere to create a sinkhole. (b) Hello Flood : This attack exploits Hello packets that are required in many protocols to announce nodes to their neighbors. A node receiving such packets may assume that it is in radio range of the sender. A laptop-class adversary can send this kind of packet to all sensor nodes in the network so that they believe the compromised node belongs to their neighbors. This causes a large number of nodes sending packets to this imaginary neighbor and thus into oblivion. Authentication is the key solution to such attacks. Such attacks can easily be avoided by verify bi-directionality of a link before taking action based on the information received over that link. (c) Node Capture : It is observed and analyzed that even a single node capture is sufficient for an attacker to take over the entire network. Good solution to this problem would definitely constitute a groundbreaking work in WSN. (d) Selective Forwarding/ Black Hole Attack (Neglect And Greed) : WSNs are usually multi-hop networks and hence based on the assumption that the participating nodes will forward the messages faithfully. Malicious or attacking nodes can however refuse to route certain messages and drop them. If they drop all the packets through them, then it is called a Black Hole Attack. However if they selectively forward the packets, then it is called selective forwarding. To overcome this, Multi path routing can be used in combination with random selection of paths to destination, or braided paths can be used which represent paths which have no common link or which do not have two consecutive common nodes, or use implicit acknowledgments, which ensure that packets are forwarded as they were sent. (e) Sybil Attack : In this attack, a single node presents multiple identities to all other nodes in the WSN. This may mislead other nodes, and hence routes believed to be disjoint with respect to node can have the same adversary node. A countermeasure to Sybil Attack is by using a unique shared symmetric key for each node with the base station.(f) Wormhole Attacks : An adversary can tunnel messages received in one part of the network over a low latency link and replay them in another part of the network. This is usually done with the coordination of two adversary nodes, where the nodes try to understate their distance from each other, by broadcasting packets along an out-of-bound channel available only to the attacker. To overcome this, the traffic is routed to the base station along a path, which is always geographically shortest or use very tight time synchronization among the nodes, which is infeasible in practical environments. (g) Spoofed, Altered, or Replayed Routing Information : The most direct attack against a routing protocol in any network is to target the routing information itself while it is being exchanged between nodes. An attacker may spoof, alter, or replay routing information in order to disrupt traffic in the network. These disruptions include the creation of routing loops, attracting or repelling network traffic from select nodes, extending and shortening source routes, generating fake error messages, partitioning the network, and increasing end-to-end latency. A countermeasure against spoofing and alteration is to append a message authentication code (MAC) after the message. Efficient encryption and authentication techniques can defend spoofing attacks. (h) Acknowledgment Spoofing : Routing algorithms used in sensor networks sometimes require Acknowledgments to be used. An attacking node can spoof the Acknowledgments of overheard packets destined for neighboring nodes in order to provide false information to those neighboring nodes. The most obvious solution to this problem would be authentication via encryption of all sent packets and also packet headers.(i) Misdirection : This is a more active attack in which a malicious node present in the routing path can send the packets in wrong direction through which the destination is unreachable. In place of sending the packets in correct direction the attacker misdirects those and that too towards one node and thus this node may be victimized. If it gets observed that a node's network link is getting flooded without any useful information then the victim node can be scheduled into sleep mode for some time to over come this. (j) Internet Smurf Attack : In this type of attack the adversary can flood the victim node's network link. The attacker forges the victim's address and broadcasts echoes in the network and also routes all the replies to the victim node. This way the attacker can flood the network link of the victim. If it gets observed that a node's network link is getting flooded without any useful information then the victim node can be scheduled into sleep mode for some time to over come this. (k) Homing : uses traffic pattern analysis to identify and target nodes that have special responsibilities, such as cluster heads or cryptographic- key managers. An attacker then achieves DoS by jamming or destroying these key network nodes. Header encryption is a common prevention technique. Using “dummy packets” throughout the network to equalize traffic volume and thus prevent traffic analysis. Unfortunately, this wastes significant sensor node energy, so use it only when preventing traffic analysis is of utmost importance.
Based On Protocol Stack ,provides the layer wise issues. 4 Transport Layer (a) Flooding : An attacker may repeatedly make new connection requests until the resources required by each connection are exhausted or reach a maximum limit. It produces severe resource constraints for legitimate nodes. One proposed solution to this problem is to require that each connecting client demonstrate its commitment to the connection by solving a puzzle. As a defence against this class of attack, a limit can be put on the number of connections from a particular node . (b) De-synchronization Attacks : In this attack, the adversary repeatedly forges messages to one or both end points which request transmission of missed frames. Hence, these messages are again transmitted and if the adversary maintains a proper timing, it can prevent the end points from exchanging any useful information. This will cause a considerable drainage of energy of legitimate nodes in the network in an end less synchronization-recovery protocol. A possible solution to this type of attack is to require authentication of all packets including control fields communicated between hosts . Header or full packet authentication can defeat such an attack . 5 Application Layer (a) Overwhelm attack : An attacker might attempt to overwhelm network nodes with sensor stimuli, causing the network to forward large volumes of traffic to a base station. This attack consumes network bandwidth and drains node energy. We can mitigate this attack by carefully tuning sensors so that only the specifically desired stimulus, such as vehicular movement, as opposed to any movement, triggers them. Rate-limiting and efficient data-aggregation algorithms can also reduce these attacks’ effects. (b) Path-based DOS attack : It involves injecting spurious or replayed packets into the network at leaf nodes. This attack can starve the network of legitimate traffic, because it consumes resources on the path to the base station, thus preventing other nodes from sending data to the base station. Combining packet authentication and anti replay protection prevents these attacks. (c) Deluge (reprogram) attack : Network-programming system let you remotely reprogram nodes in deployed networks If the reprogramming process isn’t secure, an intruder can hijack this process and take control of large portions of a network. It can use authentication streams to secure the reprogramming process.
1. Energy: how much energy is required to execute the encrypt/decryption functions 2. Program memory: the memory required to store the encryption/decryption program 3. Temporary memory: the required RAM size or number of registers required temporarily when the encryption/decryption code is being executed 4. Execution time: the time required to execute the encryption/decryption code. 5. Program parameters memory: the required memory size to save the required number of keys used by the encryption/decryption function.
1. Recent studies on public key cryptography have demonstrated that public key operations may be practical in sensor networks. However, private key operations are still too expensive in terms of computation and energy cost to accomplish in a sensor node. The application of private key operations to sensor nodes needs to be studied further. 2. Symmetric key cryptography is superior to public key cryptography in terms of speed and low energy cost. However, the key distribution schemes based on symmetric key cryptography are not perfect. Efficient and flexible key distribution schemes need to be designed. 3. Most current symmetric key schemes for WSNs aim at link layer security for one-hop communications, but not the Security Vulnerabilities In Wireless Sensor Networks: A Survey transport layer security for multi hop communications, because usually, it is unlikely for each node to store a transport layer key for each of the other nodes in a network due to the huge number of nodes. A more promising approach is to combine both symmetric and asymmetric cryptography techniques. 4. Proving the authenticity of public keys is another important problem. Identity-based cryptography is a shortcut to avoid the problem. 5. Key revocation is another un-addressed problem. It is very difficult to design a universal key revocation scheme. It is still an open problem for resource constrained WSNs. 6. Current proposed key management schemes assume that the base station is trustworthy. However, there may be situations (e.g., in the battlefield) where the security of a base station needs to be considered. 7. All key management protocols discussed in literature so far are based on symmetric key cryptography. Key management schemes based on public key cryptography need to be designed. A typical WSN may contain from hundreds to thousands of sensor nodes. Any protocol used for key management and distribution must be adaptable to such scales. 8. For any pair of nodes that do not share a key and are connected by multiple hops, there needs to be assigned a path-key to guarantee end-to-end secure communication. Such a path key establishment needs to be improved 9. Another challenging issue is that each node needs to discover a neighbor in wireless communication range with which it shares at least one key. A good-shared key discovery approach should not permit an attacker to know shared keys between every two nodes. 10. Most key management schemes discussed in literature so far are suitable for static WSNs. Following technique advance, key management and security mechanisms for mobile WSNs should be considered and become a focus of attention. 11. Though many key management approaches consider defending against node compromise, the efficiency and security performance is not high when their mechanisms are deployed in some special application environment. Thus, the study of node compromise distribution and integrating it in key management is a promising research area.
1. Most current proposals are suitable for static WSNs. Designing secure routing algorithms for mobile WSNs is complex and current secure routing algorithms will meet issues when they are applied in mobile environments. 2. Undetected node compromise issues: The current cryptography mechanisms, such as authentication, identification, etc. may detect and defend against node compromise in some extent. However, most compromise activities cannot be detected immediately. Designing secure routing that can defend against undetected node compromise is a promising research area. 3. Currently most proposals only consider security metrics and only a few of them evaluate other metrics. More metrics, such as QoS (quality of service) need to be considered in addition of security. 4. Though some secure routing algorithms are proposed based on hierarchical sensor networks, most of these studies did not show the different effects such as energy consummations, security, etc. due to different cluster size. What’s more, though these algorithms may ease secure routing issues, they bring complex cluster management issues and costs. More elaborate studies need to be done in the future. 5. Routing maintenance: During the lifetime of a sensor network, the network topology changes frequently, and routing error messages are normally produced. Preventing unauthorized nodes from being producing this type of message is important and needs more studies.