Wireless Sensor Network Security:
A Survey
Authors:
John Paul Walters, Zhengqiang Liang,
Weisong Shi, and Vipin Chaudhary
Department of Computer Science
Wayne State University
E-mail: {jwalters, sean, weisong, vipin}@wayne.edu
Presented By:
Anubhav Mathur
Department of Computer Science
University of Connecticut
1/32
Introduction
• Security Wireless Sensor Networks
• Operate in Unattended and Hostile Environments
• Interacts with sensitive data
• Resource Constraints
• Issues should be addressed from the beginning of the system design
• Enormous Research Potential in the field of WSN Security
• A survey to facilitate effective research
2/32
What do we know?
• Popular low cost solutions for military and civilian applications
• Resource constraints – Data storage and Processor speed and Power
• Security
• Unreliable Communication Channel
• Unattended Operation
3/32
Areas Covered
• Secure and Efficient Routing
• Data Aggregation
• Group Formation
• Cryptographic Security
• Sensor Trust Model
• Physical Attacks & Defenses
4/32
Main Aspects
1.
2.
3.
4.
The obstacles to Sensor Network Security
The requirements of a secure wireless sensor network
Attacks
Defensive measures
5/32
1. The obstacles to Sensor Network Security
• Difficult to apply existing approaches to WSN Security
• Very Limited Resources
• Limited Memory and Storage Space
• Power Limitation
• Unreliable Communication
• Unreliable Transfer (Routing is connectionless & Packet loss / Error handling)
• Conflicts (Packet collision)
• Latency (Multihop routing/network congestion/ node processing)
• Unattended Operation
• Exposure to Physical Attacks (Bad weather etc)
• Managed Remotely (Physical tampering)
• No Central Management point
6/32
2. Security Requirements of a Wireless Sensor
Network
• Data Confidentiality
• Military Sensitive Data
• Encryption
• Data Integrity
• Data Freshness
• Important because of shared key strategies
•
•
•
•
•
Availability
Self Organization
Time Synchronization
Secure Localization
Authentication
7/32
3. Attacks
1. Denial of service attack
2. The Sybil attack
Malicious device illegitimately taking on multiple identities (Voting systems)
3. Traffic Analysis Attack
4. Node Replication Attacks
5. Attacks against Privacy
1. Monitor and Eavesdropping
2. Traffic Analysis
3. Camouflage
6. Physical Attacks
8/32
Denial of Service Attack
“Any event that diminishes or eliminates network’s capacity to perform its
expected function”
Constraints:
• Computational Overhead in WSN
• Critical applications
•
•
•
•
Types of DoS
Intermittent Jamming
Constant Jamming
Link Layer Attacks (Collision)
9/32
Sybil Attack
“Malicious device illegitimately taking on multiple identities”
Effective against
Routing algorithms, Data Aggregation, Voting, Fair resource allocation
and foiling misbehavior detection
Example:
Sensor Network Voting Scheme
• Multiple votes registered using multiple identities
10/32
Traffic Analysis
11/32
Node Replication Attack
Add another node to existing sensor network by replicating the node ID
Can lead to:
• Packet Corruption
• Incorrect packet routing
Insert a node at strategic points to manipulate a specific segment of
the node.
12/32
Attacks against Privacy
1. Devices have a potential for abuse in data collection.
2. Seemingly innocuous data can derive sensitive information
3. Monitor and Eavesdropping
1. Listening to the control information about sensor network configuration
4. Traffic Analysis
5. Camouflage
1. Insertion and Impersonation of a node
13/32
Physical Attacks
Destruction, tampering with circuitry or modification of programming
Causes:
1. Nodes operate in hostile outdoor environments
2. Small form factor
3. Unattended nature of deployment
14/32
4. Defensive Measures
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
Key Establishment
Defending against DoS attacks
Secure Broadcasting and Multicasting
Defending against attacks on routing protocols
Detecting node replication attacks
Combating Traffic Analysis Attacks
Defending against attacks on Sensor Privacy
Intrusion Detection
Secure Data Aggregation
Defending against physical attacks
Trust Management
15/32
Key Establishment
“Secure Key management is an absolute necessity because nearly all
aspects of Wireless Sensor Networks defenses rely on solid encryption”
Traditional Key Management Algorithms use:
• Asymmetric Cryptography (Public Key Cryptography)
• Too Computationally intensive
• But feasible with the right selection of algorithms
Most Commonly used:
• Deffie Hellman Public Key protocol
16/32
Key Establishment
• Symmetric Key Cryptography
• Single shared key.
• Known only to the two communicating hosts
• Shortcoming: Key Exchange problem
• Example: DES ( Data Encryption Standard )
• Broken relatively easily
• Proposed: 3DES, RC5, AES etc.
17/32
Most efficient cipher : Rijndael.
18/32
Defending against DoS attacks
• DoS attacks are very common
• Defending against the jamming attack
• Identify the jammed part of the sensor network and effectively route around the unavailable
portion
• Two Phase Approach [Wood & Stankovic]:
• Nodes along the perimeter of the jammed region report their status to their neighbors
• Collaboratively define the jammed region and route around it
• Handling Jamming at the MAC Layer:
• Nodes utilize a MAC admission control that is rate limiting
• Ignores requests designed to exhaust power reserves of the node
• Handling Jamming at the Transport Layer [Aura,Nikander and Leiwo]
• Use client puzzles to discern a node’s commitment to making the connection by utilizing its
own resources
• Server should always force a client to commit more resources up front than the server
19/32
Defending against DoS attacks
20/32
Secure Broadcasting and Multicasting
• Major communication pattern in wireless sensor networks
• 1-to-N, N-to-1, M-to-N
1. Traditional Broadcasting and Multicasting:
Uses Standard encryption Techniques using Cryptography
2. Secure Multicasting:
Logical Key Hierarchy (Central Key Distribution Center)
Energy Efficient
3. Secure Broadcasting
Routing-aware tree based key distribution scheme
Takes advantage of routing information to improve the efficiency
21/32
Secure Broadcasting and Multicasting
Traditional Broadcasting & Multicasting Key Management Protocols:
• Centralized Group Key Management protocol
• Central Authority used to maintain the group
• Decentralized management protocol
• Divide the task of group management amongst multiple nodes
• Distributed management protocol
• No single key management authority.
• Entire group of nodes are responsible for key management
22/32
Defending against attacks on routing
protocols
• Need for secure and energy efficient routing protocols in WSNs
• Attacks: Sinkhole, Wormhole, Sybil attacks
• Techniques for securing the routing protocol
• INSENS (Intrusion tolerant routing protocol) [Deng, Han and Mishra]
•
•
•
•
To mitigate the damage: they use redundancy to transmit the messages
An authentication scheme can employed to confirm message integrity
Makes use of assumed symmetry between base stations and wireless nodes.
Creates forwarding Tables which include the redundancy information. from each
node
• TRANS (Trust Routing for Location Aware Sensor Networks)
• Loose-time synchronization asymmetric cryptographic scheme to ensure message
confidentiality
23/32
Defending against attacks on routing
protocols
• Wormhole attack:
1. Malicious node eavesdrops on a packet or series of packets.
2. Tunnels them through the sensor network to another malicious node.
3. Replays the packets.
• Defenses:
1. Hardware additions like directional antenna,
2. Visualization approach [Wang, Bhargava]
•
•
•
•
Compute the distance between all neighbor sensors
Compute the virtual layout of the network using multi-dimensional scaling .
The shape of virtual network will bend and curve towards the offending nodes.
Offending nodes are identified and removed.
24/32
Detecting Node Replication Attacks
• Randomized Multicast Algorithm
• Each sensor propagates an authenticated broadcast message throughout the
network
• Communication cost is expensive
• Communication cost of the randomized multicast algorithm is still O(n2)
• Line selected multicast Algorithm
• Based upon rumor routing
• Communication cost O(n√n)
• Storage cost O(√n)
25/32
Combating Traffic analysis attacks
• Using a random walk forwarding technique that occasionally forwards
a packet to a node other than the sensor’s parent node
• Mitigate the rate monitoring attack
• Vulnerable to the time correlation attack
• Fractal Propagation Strategy
1. Generate a fake packet when its neighbor is forwarding a packet to the
base station.
2. The fake packet is sent randomly to another neighbor who may also
generate a fake packet.
3. These packets essentially use a TTL to decide when forwarding should stop.
4. This effectively hides the base station from time correlation attacks.
26/32
Defending attacks against sensor privacy
• Anonymity Mechanisms
•
•
•
•
Decentralize Sensitive data
Secure Communication Channel
Change Data Traffic
Node Mobility
• Policy-based Approach
• Access control decisions made based on privacy policies
• Information Flooding:
• Randomized data routing mechanism and phantom traffic generation mechanism are used to
disguise the real data traffic, so that it is difficult for an adversary to track the source of data by
analyzing network traffic
1. Baseline Flooding (every node forwards a message once with no retransmission)
2. Probabilistic Flooding (only some nodes will participate in data forwarding)
3. Flooding with fake messages (attacker has no idea which packets are real)
4. Phantom Flooding (enticing the attacker away from the real source and towards a fake source)
27/32
Intrusion detection
• Anomaly based intrusion detection (AID)
• Intruders will demonstrate abnormal behavior relative to the legitimate nodes
• System compares the Normal Use profile vs Current Profile
• Advantage:
• Able to detect previously unknown attacks
• Disadvantages:
• False positives (difficult to profile normal system behavior)
• Computational cost for profile comparison Is high
• Misuse intrusion detection (MID)
• Maintains a database of intrusion signatures
• Advantages: Lesser false positives, Less computation power
• Disadvantages: Unable to detect unknown attacks
• Solution : Hybrid System
28/32
Intrusion detection
• 3 Architectures for Intrusion Detection Systems in Wireless Sensor
Networks
1. Standalone Architecture:
• Each node functions as an independent intrusion detection system
• Nodes don’t co-operate with each other
2. Distributed and cooperative architecture
• an intrusion detection agent still resides on each node
• Nodes cooperate to share information in order to detect global intrusion attempts
3. Hierarchical architecture
• Multilayered network divided into clusters with each cluster head responsible for
routing within the cluster
29/32
Defending against Physical attacks
• Sensor nodes may be equipped with physical hardware to enhance protection against
various attacks. (tamper-proofing)
• Employ special software and hardware outside the sensor to detect physical tampering
• Self-termination in case of attack
• Randomized Clock Signal:
• Inserting random time delays between critical operations
• Randomized Multithreading
• Scheduling the processor between two or more threads of execution randomly
• Destruction of Test circuitry
• Restricted Program Counter
• Top Layer Sensor Meshes
• Inserting additional Layers that form a sensor mesh above the actual circuit and that do not carry
any critical signals
30/32
Conclusions
• As wireless sensor networks continue to grow, further expectations of
security will be required
• Current and future work in privacy and trust will make wireless sensor
networks more attractive option in a variety of new arenas
31/32
Thank You
Any Questions?
32/32