wireless sensor network security

Research On Wireless Sensor Network Security

Yan-Xiao Li Telecommunication Engineering

Institute Air Force Engineering University

Xi’an, Shaanxi, China e-mail: [email protected]

Lian-Qin Telecommunication Engineering



Qian-Liang Telecommunication Engineering



Abstract—Wireless sensor networks are a new type of networked systems, characterized by severely constrained computational and energy resources, and an ad hoc operational environment. When wireless sensor networks are deployed in a hostile terrain, security becomes extremely important, as they are prone to different types of malicious attacks. Due to the inherent resource limitations of sensor nodes, existing network security methods, including those developed for Mobile Ad-Hoc Networks, are not well suitable for wireless sensor networks. As a crucial issue security in wireless sensor networks has attracted a lot of attention in the recent year. This paper made a thorough analysis of the major security issue and presented the ongoing aspect of further development to designers in their struggle to implement the most cost effective and appropriate method of securing their network.

Keywords- wireless sensor network; security; threat; attack; benchmark

I. INTRODUCTION Wireless Sensor Network (WSN) consists of hundreds or thousands of self organizing, low-power, low cost wireless nodes and is used in a variety of applications such as military sensing and tracking, environmental monitoring, disaster management, etc. But when WSN is deployed in open, un-monitored, hostile environment [1], or operated on an unattended mode, sensor nodes will be exposed to the risk of being captured by an active adversary. So with the demanding constraints of nodes’ limited capability, the key issue for WSN is designing viable security mechanisms for the protection of confidentiality, integrity and authentication to prevent malicious attacks, involved. Besides the inherent limitations in communication and computing, the deployment nature of sensor networks makes them more vulnerable to various attacks. Largely deployed sensor nodes may cover a huge area further exposing them to attackers who may capture and reprogram the individual nodes，as shown in Fig.1. The adversary may use its own formula of attacking and induce the network to accept them as legitimate nodes. Falsification of original data, extraction of private sensed data, hacking of collected network readings and denial of service are also certain possible threats to the security and

the privacy of the sensor networks. Though hardware and software improvements may address many of such security issues, but development of new supporting technologies and security principles are challenging research issues in WSNs.

Figure 1. Scenario of wireless sensor nodes deployment

II. SENSOR NETWORK SECURITY ISSUE Two of the most security-oriented applications of wireless sensor networks are military and medical solutions. Due to the nature of the military, it is obvious that the data (sensed or disseminated) is of a private nature and is required to remain this way to ensure the success of the application. Enemy tracking and targeting are among the most useful applications of wireless sensor networks in military terms. The most up to date work can be found on the Defense Advanced Research Projects Agency (DARPA) website [2, 3]. The choice of which security services to implement on a given sensor mainly depends on the type of application and its security requirements. Amongst these we examined:

• Authenticity - it makes possible that the message receiver is capable of verifying the identity the message sender, hence preventing that likely intruder nodes inject malicious data into the network.

• Confidentiality - it ensures that the content of the message is accessed only by authorized nodes.

• Integrity - it guarantees that should a message have its content modified during the transmission, the receiver is able to identify these alterations.

2010 International Conference on Computational Intelligence and Security

978-0-7695-4297-3/10 $26.00 © 2010 IEEE

DOI 10.1109/CIS.2010.113

494


978-0-7695-4297-3/10 $26.00 © 2010 IEEE

DOI 10.1109/CIS.2010.113

493


978-0-7695-4297-3/10 $26.00 © 2010 IEEE

DOI 10.1109/CIS.2010.113

493

In order to design a completely secure wireless sensor network, security must be integrated into every node of the system. This is due to the possibility that a component implemented without any security could easily become a point of attack. This dictates that security must pervade every aspect of the design of a wireless sensor network application that will require a high level of security [4].

A. Link Layer Security Movivation In conventional networks, message authenticity,

integrity, and confidentiality are usually achieved by an end-to-end security mechanism such as SSH [5], SSL [6] or IPSec [7] because the dominant traffic pattern is end-to-end communication; intermediate routers only need to view message headers and it is neither necessary nor desirable for them to have access to message bodies. This is not the case in sensor networks. The dominant traffic pattern in sensor networks is many-to-one, with many sensor nodes communicating sensor readings or network events over a multihop topology to a central base station. To prune these redundant messages to reduce traffic and save energy, sensor networks use in- network processing such as aggregation and duplicate elimination [8,9]. Since in-network processing requires intermediate nodes to access, modify, and suppress the contents of messages, it is unlikely we can use end-to-end security mechanisms between each sensor node and the base station to guarantee the authenticity, integrity, and confidentiality of these messages. Link-layer security architecture can detect unauthorized packets when they are first injected into the network. For the above reasons, Link-layer security mechanisms guarantee the authenticity, integrity, and confidentiality of messages between neighboring nodes, while permitting in-network processing. The security goals of a link layer protocol are listed here as following:

• Access Control and Message Integrity • Message Confidentiality • Data Authenticity • Data Freshness

B. Routing Security Motivation In the design of a new security routing protocol, first understand the analysis of the WSN routing attacks. The problems are summarized as follows: eavesdropping, fraud, tampering or replay (Relay) routing information; selective forwarding attack; "collapse" (Sink-hole) attacks; Hello flooding attacks; response to deceive, and so on.

• Eavesdropping, fraud, tampering or replay information

The most direct route to the agreement of the target node is the exchange between the routing information. The attacker through eavesdropping, fraud, tampering or replay routing information, routing loop can be generated, or refuse to lure traffic, to extend or shorten the source route, a false error messages, separated by the network to increase the end-to-end delay (Latency ) , and so on. • Selective forwarding attack

Multi-hop (Multi-hop) is usually assumed that the network involved in the transfer node will be transparent to transmit it to the receiver. In the selective forwarding attacks, malicious node may refuse to forward certain messages and discarding them. The attack is a simple form of malicious nodes as a black hole (Black Hole) refused to forward the same as it received the packet. • Sinkhole attack Sinkhole in the attack, the attacker's goal is to "mutiny" to lure specific nodes in the region of all communications traffic in the center of the region caused by similar "collapse" of the same attack. In fact, the attackers set up a large "hole" in order to attract node to all the communications sent to the base station. • Hello flooding attack HELLO flooding attacks is a new type of sensor network for the attack. Many agreements require HELLO packet radio node to node adjacent to its own broadcasting. Attacker with enough power to launch route broadcasts or other information, so that the network each node is believed to attack its neighbors. In order to use HELLO flooding attack the attacker does not need to build a legitimate communications. An attacker can simply use a large enough power tapping replay (Overheard) to the package, so that each node in the network can be received. • Response to deceive As the number of routing protocol relies on a fixed link layer response, so an attacker can deceive the link layer response to the "bugging" of the adjacent node packet. Response to deceive the goals, including the sender to make sure the actual efficiency of low-efficient link, or that have been suspended or banned node is also effective.

III. SECURITY REQURIEMENT The goal of security services in WSNs is to protect the

information and resources from attacks and misbehavior. The security requirements in WSNs include:

• Availability, which ensures that the desired network services are available even in the presence of denial-of-service attacks require configuring the initial duty cycle carefully.

• Authorization, which ensures that only authorized sensors can be involved in providing information to network services.

• Authentication, which ensures that the communication from one node to another node is genuine, that is, a malicious node cannot masquerade as a trusted network node.

• Confidentiality, which ensures that a given message cannot be understood by anyone other than the desired recipients.

• Integrity, which ensures that a message sent from one node to another is not modified by malicious intermediate nodes.

• Nonrepudiation, which denotes that a node cannot deny sending a message it has previously sent.

495494494

• Freshness, which implies that the data is recent and ensures that no adversary can replay old messages.

Moreover, as new sensors are deployed and old sensors fail, we suggest that forward and backward secrecy should also be considered:

• Forward secrecy: a sensor should not be able to read any future messages after it leaves the network.

• Backward secrecy: a joining sensor should not be able to read any previously transmitted message. The security services in WSNs are usually centered around cryptography. However, due to the constraints in WSNs, many already existing secure algorithms are not practical for use.

IV. THREAT MODEL AND ATTACKS In WSNs, it is usually assumed that an attacker may

know the security mechanisms that are deployed in a sensor network; they may be able to compromise a node or even physically capture a node. Due to the high cost of deploying tamper resistant sensor nodes, most WSN nodes are viewed as non tamper- resistant. Further, once a node is compromised, the attacker is capable of stealing the key materials contained within that node.

Base stations in WSNs are usually regarded as trustworthy. Most research studies focus on secure routing between sensors and the base station. Deng et al. considered strategies against threats which can lead to the failure of the base station [10].

Attacks in sensor networks can be classified into the following categories:

• Outsider versus insider attacks: outside attacks are defined as attacks from nodes which do not belong to a WSN; insider attacks occur when legitimate nodes of a WSN behave in unintended or unauthorized ways.

• Passive versus active attacks: passive attacks include eavesdropping on or monitoring packets exchanged within a WSN; active attacks involve some modifications of the data steam or the creation of a false stream.

• Mote-class versus laptop-class attacks: in mote-class attacks, an adversary attacks a WSN by using a few nodes with similar capabilities to the network nodes; in laptop-class attacks, an adversary can use more powerful devices (e.g., a laptop) to attack a WSN. These devices have greater transmission range, processing power, and energy reserves than the network nodes.

WSNs are vulnerable to various types of attacks. According to the security requirements in WSNs, these attacks can be categorized as [11]:

• Attacks on secrecy and authentication: standard cryptographic techniques can protect the secrecy and authenticity of communication channels from outsider attacks such as eavesdropping, packet replay attacks, and modification or spoofing of packets.

• Attacks on network availability: attacks on availability are often referred to as denial-of-service (DoS) attacks. DoS attacks may target any layer of a sensor network.

• Stealthy attacks against service integrity: in a stealthy attack, the goal of the attacker is to make the network accept a false data value. For example, an attacker compromises.

V. SECURITY BENCHMARKS We suggest using the following metrics to evaluate whether a security scheme is appropriate in WSNs:

• Security: a security scheme has to meet the requirements discussed above.

• Resiliency: in case a few nodes are compromised, a security scheme should still protect against the attacks.

• Energy efficiency: a security scheme must be energy efficient so as to maximize node and network lifetime.

• Flexibility: key management needs to be flexible so as to allow for different network deployment methods, such as random node scattering and predetermined node placement.

• Scalability: a security scheme should be able to scale without compromising the security requirements.

• Fault-tolerance: a security scheme should continue to provide security services in the presence of faults such as failed nodes.

• Self-healing: sensors may fail or run out of energy. The remaining sensors may need to be reorganized to maintain a set level of security.

• Assurance: assurance is the ability to disseminate different information at different levels to end-users [12]. A security scheme should offer choices with regard to desired reliability, latency, and so on.

VI. SECURITY RESEARCH FORMS • New, more efficient cryptographic algorithms and

security protocols. Efficient versions of public key cryptography (such as the NTRU algorithms [13]) and broadcast authentication protocols (such as μTESLA [14]) have been devised.

• Asymmetric algorithms and protocols. Security services have been designed to place the primary computational and communication burden on external entities and/or relay devices rather than on sensor nodes.

• Integration of security into applications. The computing infrastructure of miniaturized devices is often much flatter than conventional devices, avoiding layers of networking protocols and application functionality for performance reasons. This approach requires security to be deployed at higher abstraction levels, since a generic security service is too costly.

496495495

VII. CONCLUSION AND FUTURE SCOPE Security in wireless sensor networks has attracted a lot of attention in the recent years. The severe energy constraints and demanding deployment environments of wireless sensor networks make computer security for these systems more challenging than for conventional networks. Components designed without security can easily become a point of attack. So it is critical to integrate security into every component to pervade security and privacy into every aspect of the design. While each of the security solutions could be used go part of the way to effectively securing a WSN, there is currently no one solution that can be “plugged-in” to an application to provide all the necessary security primitives.

REFERENCES [1] I. F. Akyildiz,W. Su, Y. Sankasubramaniam, and E. Cayirci.

“Wireless Sensor Networks: A Survey”, Computer Networks, 38:393–422, 2002.

[2] Defence Advanced Research Projects Agency (13 Oct 2006) Defence Advanced Research Projects Agency Home [online], available:

[3] http://www.darpa.mil/index.html [accessed 13 Dec 06]

[4] Perrig, A., Stankovic, J., Wagner, D. (2004), “Security in Wireless Sensor Networks”, Communications of the ACM, 47(6), 53-57.

[5] OpenSSL. http://www.openssl.org. [6] Security architecture for the Internet Protocol. RFC 2401,

November 1998. [7] http://www.ssh.com [8] Samuel R. Madden, Michael J. Franklin, Joseph M. Hellerstein,

and Wei Hong. TAG: A tiny aggregation service for ad-hoc sensor networks. In The Fifth Symposium on Operating Systems Design and Implementation (OSDI 2002),2002.

[9] Samuel R. Madden, Robert Szewczyk, Michael J. Franklin, and David Culler. Supporting aggregate queries over ad-hoc wireless sensor networks. In Workshop on Mobile Computing and Systems Applications, 2002.

[10] J. Deng, R. Han, and S. Mishra, “Enhancing Base Station Security in Wireless Sensor Networks,” Department of Computer Science, University of Colorado, Tech. Report CU-CS-951-03, 2003.

[11] B. Deb, S. Bhatnagar, and B. Nath, “Information Assurance in Sensor Networks,” Proc. 2nd ACM Int'l. Conf. Wireless Sensor Networks and Applications (WSNA '03), New York: ACM Press, 2003, pp. 160–68.

[12] E. Shi and A. Perrig, “Designing Secure Sensor Networks,” Wireless Commun. Mag., vol. 11, no. 6, Dec. 2004 pp. 38 43.

[13] J. Hoffstein, J. Pipher, J. H. Silverman, “NTRU: A Ring-Based Public Key Cryptosystem,” in Algorithmic Number Theory (ANTS III), J.P. Buhler (ed.), Lecture Notes in Computer Science 1423, Springer-Verlag, Berlin, 1998.

[14] A. Perrig, R. Szewczyk, V. Wen, D. Cullar, and J. D. Tygar, “SPINS: Security protocols for sensor networks,” in Proceedings of MOBICOM, 2001.

497496496

Technology

wireless sensor network security