Embed Size (px)
DESCRIPTION
Citation preview
This covers the security threats, review proposed security mechanisms for wireless sensor networks and also at the same time discusses about the holistic view of security for ensuring layered and robust security in wireless sensor networks.
What are Wireless Sensor Networks?
A wireless network consisting of spatially distributed autonomous devices.
Basic idea is to wide spread the tiny sensing devices which are capable of sensing some.
Can monitor temperature, pressure, humidity, soil makeup, vehicular movement, noise levels, lighting conditions, the presence or absence of certain kinds of objects or substances, mechanical stress levels on attached objects, and other properties .
Issues to concentrate on
The routing strategies get more preference, the security issues are yet to receive extensive focus.
Explore the security issues and challenges, discuss crucial parameters that require extensive investigations.
Talk about cryptography, steganography and other basics of network security
Discuss various types of threats and attacks against wireless sensor network .
Discuss related work and proposed schemes concerning security in WSN and introduce the view of holistic security in WSN.
Security Schemes in Wireless Sensor Networks
Authentication, integrity, privacy, no repudiation, and anti-playback.
For secure transmission of various types of information over networks, several cryptographic, steganographic and other techniques are used.
Network security fundamentals and how all these techniques are meant for wireless sensor network.
Cryptography
Encryption-decryption techniques meant for the traditional wired networks are not capable in WSN.
Wireless sensor networks consist of tiny sensors which really suffer from the lack of processing, memory and battery power.
Applying any encryption scheme requires transmission of extra bits.
Steganography
Cryptography aims at hiding the main content of a message, steganography aims at hiding the present existence of the message.
Steganography is the art of covert communication by embedding a message into the multimedia data (image, sound, video, etc.).
Objective of steganography is to modify the carrier in a way that is not perceptible and hence, it looks just like ordinary message.
Securing wireless sensor networks is not directly related to steganography and processing multimedia data (like audio, video) with the inadequate resources of the sensors is difficult.
Security Threats and Issues in Wireless Sensor Networks
Most are similar to their wired counterparts while some are severe with the inclusion of wireless connectivity.
Wireless networks are usually more open to various security threats as unguided transmission medium is more open to security attacks than those of the guided transmission medium.
Attacks in Wireless Sensor Networks
Attacks against wireless sensor networks could be broadly considered from two different levels of views.
1. The attack against the security mechanisms
2. Against the basic mechanisms (like routing mechanisms).
Denial of Service
A standard attack on wireless sensor networks is to jam a node or set of nodes.
Jamming, the transmission of a radio signal that interferes with the radio frequencies being used by the sensor network.
Two forms: constant jamming, and intermittent jamming.
Constant jamming involves the complete jamming of the entire network. No messages are able to be sent or received.
If the jamming is only intermittent, then nodes are able to exchange messages periodically, but not consistently.
Can have a detrimental impact as the messages may be time sensitive.
Simplest DoS tries to exhaust the resources available to the victim node, by sending extra unnecessary packets preventing legitimate network users from accessing.
Not only for the adversary’s attempt to subvert, disrupt, or destroy a network, but also for any event that diminishes a network’s capability to provide a service.
Denial of service attacks in different layers
Denial of service attacks could be jamming and tampering, at link layer, collision, exhaustion, unfairness, at network layer, neglect and greed, homing, misdirection, black holes and at transport layer this attack could be performed by malicious flooding and desynchronization.
Prevention: The mechanisms to prevent Denial of service attacks include payment for network resources, strong authentication and identification of traffic.
Transport Layer:Attacks :
Transport layer susceptible to flooding. Flooding can be as simple as sending many
connection requests to a susceptible node. Prevention :
Resources must be allocated to handle the connection request.
Eventually a node’s resources will be exhausted, thus rendering the node useless.
Attacks on Information in transit
In a sensor network, sensors monitor the changes of specific parameters or values and report to the sink according to the requirement.
While sending the report, the information in transit may be altered, spoofed, replayed again or vanished.
Eaves dropper can monitor the traffic flow and get into action to interrupt, intercept, modify or fabricate packets thus, provide wrong information to the base.
Attacker with high processing power and larger communication range could attack several sensors at the same time.
Sybil Attack
Sensors in a WSN might need to work together to accomplish a task, hence they can use distribution of subtasks and redundancy of information.
In such a situation, a node can pretend to be more than one node using the identities of other legitimate nodes .
This type of attack where a node forges the identities of more than one node is the Sybil attack.
Degrades integrity of data, security and resource utilization that the distributed algorithm attempts to achieve.
Black hole/Sinkhole Attack
Malicious node acts as a black hole to attract all the traffic in the sensor network.
Attacker listens to requests for routes then replies to the target nodes that it contains the high quality or shortest path to the base station.
Inserts itself between the communicating nodes, it is able to do anything with the packets passing between them.
Hello Flood Attack
Uses HELLO packets as a weapon to convince the sensors in WSN.
Attacker with a high radio transmission range and processing power sends HELLO packets to a number of sensor nodes.
Sensors are thus persuaded that the adversary is their neighbor.
Victim nodes try to go through the attacker.
Wormhole Attack
Attacker records the packets (or bits) at one location in the network and tunnels those to another location.
The tunneling or retransmitting of bits could be done selectively.
Attack does not require compromising a sensor in the network rather, it could be performed even at the initial.
The figure shows a situation where a wormhole attack takes place. When a node B (for example, the base station or any other sensor) broadcasts the routing request packet, the attacker receives this packet and replays it in its neighborhood. Each neighboring node receiving this replayed packet will consider itself to be in the range of Node B, and will mark this node as its parent. Hence, even if the victim nodes are multihop apart from B, attacker in this case convinces them that B is only a single hop away from them, thus creates a wormhole.
Traffic Analysis Attack & Rate Monitoring Attack
For an adversary to effectively render the network useless, the attacker can simply disable the base station.
Rate monitoring attack makes use of the idea that nodes closest to the base station tend to forward more.
An attacker need only monitor which nodes are sending packets and follow those nodes that are sending the most packets.
Time correlation attack
Adversary generates events and monitors to whom a node sends its packets.
To generate an event, the adversary could simply generate a physical event that would be monitored by the sensor(s) in the area (turning on a light, for instance).
Node Replication Attacks
Attacker seeks to add a node to an existing sensor network by copying (replicating) the node ID of an existing sensor node .
Packets can be corrupted or even misrouted.
Physical Attacks
Sensor networks typically operate in hostile outdoor environments.
The small form factor of the sensors, both of these together with the unattended and distributed nature of their deployment make them highly susceptible to physical attacks, i.e., threats due to physical node destructions.
Proposed Security Schemes and Related Work
In this section we review and map various security schemes proposed or implemented so far for wireless sensor networks.
Security Schemes for Wireless Sensor Networks
Gives an analysis of secure routing in wireless sensor networks and studies how to design secure distributed sensor networks
It studies Denial of service attacks against different layers of sensor protocol stack.
JAM presents a mapping protocol which detects a jammed region in the sensor network and helps to avoid the faulty region to continue routing within the network.
Wormholes which are considered harmful for wireless sensor network could effectively be used as a reactive defense mechanism for preventing jamming Denial of service attacks.
Statistical en-route filtering (SEF) mechanism to detect injected false data in sensor network and focus mainly on how to filter false data using collective secret.
SNEP & μTESLA are two secure building blocks for providing data confidentiality, data freshness and broadcast authentication.
Sec proposes a link layer security mechanism for sensor networks which uses an efficient symmetric key encryption protocol.
The scheme uses a bidirectional verification technique and also introduces multi-path multi-base station routing if bidirectional verification is not sufficient to defend the attack.
Data Confidentiality
A sensor network should not leak sensor readings to its neighbors.
In many applications nodes communicate highly sensitive data, e.g., key distribution, is extremely important to build a secure channel in a wireless sensor network.
Public sensor information, such as sensor identities and public keys, should also be encrypted to some extent to protect against traffic analysis attacks.
The standard approach for keeping sensitive data secret is to encrypt the data with a secret key that only intended receivers possess, thus achieving confidentiality.
Data Integrity
With the implementation of confidentiality, an adversary may be unable to steal information.
This doesn’t mean the data is safe. The adversary can change the data, so as to send the sensor network into disarray.
Thus, data integrity ensures that any received data has not been altered in transit.
Data Freshness
Need to ensure the freshness of each message.
Informally, data freshness suggests that the data is very much recent, and it ensures that no old messages have been replayed.
This requirement is especially important when there are shared-key strategies.
Holistic Security in Wireless Sensor Networks
A holistic approach aims at improving the performance of wireless sensor networks with respect to security, longevity and connectivity under changing environmental conditions.
The holistic approach of security concerns about involving all the layers for ensuring overall security in a network.
A single security solution for a single layer might not be an efficient solution rather employing a holistic approach could be the best option.
Conclusion
Most of the attacks against security in wireless sensor networks are caused by the insertion of wrong information by the nodes which are agreed or compromised within the network.
For defending the inclusion of these false reports by compromised nodes, a mean is required for detecting these false reports.
However, developing such a detection mechanism and making it efficient represents a great research challenge.
Again, ensuring the holistic security in wireless sensor network is one of the major research issue.
References
http://en.wikipedia.org/wiki/Wireless_sensor_network#Environmental_monitoring
http://arxiv.org/abs/0712.4169 http://www.cs.wayne.edu/~weisong/papers/walters05-wsn-
security-survey.pdf http://arri.uta.edu/acs/networks/
WirelessSensorNetChap04.pdf http://www.cs.utk.edu/~saraogi/594paper.pdf
