ADVANCED SECURITY-AWARE : A PRACTICAL
SECURITY MECHANISM FOR WIRELESS SENSOR
NETWORKS
Basil Kuriakose1 and P.S Periasamy 2
1
PG scholar, K.S.R College of Engineering, Tiruchengode, Tamil Nadu, India
Head of Department, K.S.R College of Engineering, Tiruchengode, Tamil Nadu, India
Email:basilkuriakose012@gmail.com,
2
Abstract — Sensor network is a dominant technology
among different wireless communication technologies
due to its great deal of efficiency. Security is the critical
issue for every types of network whether it is sensor
networks or other networks. Ensuring the security of
communication and access control in Wireless Sensor
Networks (WSNs) is of paramount importance. In this
paper, we present a security mechanism, Advanced
Security-Aware, built on the network layer for WSNs
with focus on secure network protocol and data access
control for large scale network. Bloom filter is a
technique used here to reduce storage overhead. A
Bloom filter is a space-efficient probabilistic data
structure that is used to test whether an element is a
member of a set. The results demonstrate that Advanced
security-Aware consumes much less energy, it suitable
for large scale networks yet achieves higher security
than several state-of-the-art methods.
Index Terms –Sensor networks, security, Bloom
filter.
I. INTRODUCTION
A Sensor is a device that has the capability of
sensing to receive a signal and responds to that signal in
individual manner. Sensor network consists of multiple
detection stations called sensor nodes; each of which is
smaller in size and communicates with other nodes in
short range distance. Sensor devices require high power
consumption, low storage capacity, light weight and
portable. Sensor networks are used for monitoring at
various diverse locations. So the diverse locations are:
Video surveillance, weather conditions monitoring, Air
traffic control (Military purpose), Robot control etc.
Sensor technology is one of the cheapest technologies
to provide security in very restrictive environment.
For many applications it is essential to provide
secure communications. In general, WSNs face the
same security risks as conventional wired or wireless
networks; eavesdropping, packet injection, replay and
denial of service attacks are some of the common
attacks in WSNs. Due to the inherent properties of
sensor nodes, traditional security protocols are not
suitable for WSNs. A set of different attempts to
implement secure communication specifically for
WSNs appeared recently in the literature, such as
TinySec [1], Zigbee [2], MiniSec [3], SPINS [4], and
Mote-sec[5]. All of these are designed to run under
TinyOS , a widely used operating system for sensor
nodes.
TinySec, a popular secure link layer protocol,
achieves low energy consumption and memory usage.
Unfortunately, it also sacrifices on the level of security.
For example, it employs a single network-wide key,
such that every node in the network can masquerade as
any other node. Second, TinySec does not attempt to
protect against replay attacks.
ZigBee provides a higher level of security than
TinySec since it is not restricted to a network-wide key.
By keeping a per-message counter as the Initialization
Vector (IV), ZigBee protects against message replay
attacks. However, ZigBee is an expensive protocol.
First, ZigBee sends the entire 8-byte IV with each
packet, resulting in high communication overhead and
high energy consumption by the radio. Also, ZigBee
requires per-sender state, which consumes a large
amount of memory as the number of participants
increases. SPINS, on the other hand, achieves low
energy consumption by keeping a consistent counter
between the sender and receiver, such that an
initialization vector (IV) is not required to be appended
to each packet. MiniSec achieves low energy
consumption by appending a few bits of the IV to each
packet. Packet loss, however, would cause SPINS and
MiniSec to incur more energy consumption for
communication
and
computation,
respectively.
MoteSec-Aware is able to achieve the goals of much
less energy consumption and higher security than
previous works. But it does not suitable for large scale
networks. Other prior works, such as ContikiSec [9]
and FlexiSec [10], all focus on secure network protocol
and do not consider the security of data stored in nodes.
In addition to secure network protocol, the issue of
secure data storage receives considerable attention at all
times. Recently, technologies for secure data storage
have been developed not only for social networks (or
cloud networks) but also for sensor networks in view of
the need of privacy preserving [6] [7] [8]. In contrast to
privacy-preserving, we focus on the authority of
accessing the stored data in this paper.
II. OVERVIEW
A wireless detector network (WSN) consists of
spatially distributed autonomous sensors to watch
physical or environmental conditions, such as
temperature, sound, pressure, etc. and to hand and glove
pass their information through the network to a main
location.Wireless detector networks (WSNs) modify
new applications and need non-conventional paradigms
for protocol style because of many constraints. Wireless
Sensor Network (WSN) composed of many resource
limited sensor nodes that employment collaboratively.
It delivers helpful info to users upon queries and events.
detector nodes collect sensitive info that provides
security and privacy becomes a serious concern. Due to
resource-limited detector nodes ancient network
security mechanisms don't seem to be appropriate for
WSNs. Study is instigated on problems with secure
network protocol and information access management
in WSNs to avoid information leaking to individual or
unauthorized half. We propose Advanced Security-
Aware, a secure network-layer protocol for wireless
detector networks. It not solely works with low energy
consumption however additionally establishes a
practical high security mechanism, that is appropriate
for large scale network on TelosB motes, that run the
TinyOS 1.X package. In fact, Advanced Secirty-Aware
provides (1) a secure network protocol to permit
information transmitted in associate encrypted format
within the air and (2) a filtering capability to allow or
deny information access primarily based upon a
collection of rules, that area unit oft used to shield the
info from unauthorized access whereas permitting
legitimate communications to pass.
A. configuration for construction Access
Fig 1. Advanced security-aware topology
Their relationship is illustrated in Fig. 1. There are
threetypes of nodes, together with leader node (LN),
function node(FN), and detector node (SN), in our
sensor network topology.They are classified per their
hardware resources (remaining energy, memory size,
etc.) [19]. The network region is divided into physical
clusters, every of that contains a FN to blame of SNs
therein cluster. counting on concrete applications,
clusters could overlap such SNs within the overlapping
region area unit attached with multiple FNs. In each
cluster, SNs area unit accountable for aggregation
detected data, whereas FNs combination {the
information|the info|the information} from SNs; send
commands to SNs; keep utility data, appliances, etc. in
within memory; and forward the received information
to their higher level nodes (i.e., LNs, FNs). The LN
may be a network owner with plentiful resources which
will question information by associate on-demand
wireless link connected to any or all FNs. to forestall
storage overflow of FNs, the LN may also be
sporadically sent to gather information and empty the
storage of FNs.
rights in every node that wants low computation
overhead. KLM every user is related to a key (e.g., a
primary number) every file is related to a lock worth.
every file has corresponding locks extracted from prime
resolution. information access management is intended
for operate nodes.
A. VCM with Synchronized Incremental Counter
B. Attack Model
The individual could launch each external and
internal attacks. In external attacks, the individual
doesn't management any valid nodes within the
network. Instead, the individual could arrange to listen
in for sensitive info, inject cast messages, replay
antecedently intercepted messages, and impersonate
valid detector nodes. Moreover, we tend to assume that
the individual will jam the communication between 2
nodes by transmission signals that disrupt packet
reception at the receiver. The individual may
additionally launch DoS attacks by, as an example,
false information injection or path-based DoS (PDoS)
to spend the energy of FNs. As for internal attacks, we
tend to don't contemplate that the FN are going to be
captured. Instead, we tend to contemplate that the
individual could arrange to browse the info hold on in
FNs’ recollections by, as an example, utilizing associate
unauthorized node to browse necessary information
from FNs haphazardly.
IV. EXISTING METHOD
The MoteSec-Aware a security mechanism designed
on network layer for WSNs. It focuses on secure
network protocol and information access management
Virtual Counter Manager (VCM) with a synchronous
progressive counter observe. The replay and ECM
attacks
supported
regular
key
cryptography
mistreatment AES in Offset Codebook Mode (OCB)
mode. Virtual Counter Manager (VCM) resist the DoS
attacks it method of execution in AES with OCB mode.
Key-Lock Matching (KLM) methodology is employed
to forestall unauthorized access for access management.
Consumes abundant less energy and achieves higher
security. Key-Lock Matching (KLM) is defines access
Construct VCM with synchronous progressive
counter among every node for initializing counter. It
maintains counter synchronization between sender and
receiver and every node will increase one count per
average delay mechanically. outline most counter
synchronization error (MCSE) is predicated on the
delay counter between any try of nodes i.e., once packet
coordinated universal time is far longer than delay. The
attacks detected at receiver and if a packet doesn't suffer
jamming attack. The receiver applies a buffer filter to
observe whether or not packet suffers replay attack.
Synchronized progressive counter approaches at
Sender facet has the sender starts to send a packet to the
receiver. The sender gets a counter worth from VCM if
radio channel is evident then it signals radio to channel
packets. Otherwise it backs off for a random amount of
your time. synchronous progressive counter approaches
at Receiver facet the receiver node receive associate
incoming packet when propagation delay. The receiver
node has to perform 2 checks the confirm whether or
not packet may be a legitimate one and confirm whether
or not packet has suffered attacks. Counter
Synchronization of all nodes boot up with identical
counter worth. once network runs for a amount of your
time the counters of nodes could lose synchronization.
It permits the try wise time synchronization with error
of mere μs. Transmission delay between neighboring
nodes area unit on order of ms. Launch VCM to
synchronize counter worth supported Secure try wise
Synchronization (SPS).
B. Memory Data Access Control Policy ( MDACP)
Secure info in storage and defend against
unauthorized users accessing information apply KLM
to appreciate MDACP. associate unauthorized user may
be a mobile device/node with radio transceiver has
personal info, key materials, and alternative info have
security considerations area unit encrypted by AESOCFA and hold on within the within memory. In
MDACP every user is related to a key (prime number)
and every file is related to a lock worth. for every files
there area unit some corresponding locks to extract
from prime resolution. MDACP stores encrypted files
in nodes binds user keys and specific encrypted files
along to reduced risk of cracking keys by assaultive the
encrypted files. method a replacement user or file is
joined to corresponding key values and lock values
determined right away while not dynamical any
antecedently outlined keys and locks. When user or file
is additional to or aloof from network LN sends a
packet together with info regarding user or file like user
entry or file entry to FN. Overhead prices a FN just one
packet. once operation of insertion or deletion is
conducted for access right matrix the MDACP takes
constant time economical for communication and
computation.
polynomials permits the individual to get the
coefficients by capturing many nodes.Here CFA is
slightly changed and incorporated with AES in OCB
mode among MoteSec-Aware to produce DoS
resilience.
V. PROPOSED METHOD
For a large-scale network, ways like Bloom Filter
[11] could also be helpful in reducing the storage
overhead. A Bloom filter, formed by Burton Howard
Bloom in 1970 may be a space-efficient probabilistic
organization that's wont to take a look at whether or not
a part may be a member of a collection. False positive
matches area unit attainable, however false negatives
area unit not; i.e. a question returns either "inside set
(may be wrong)" or "definitely not in set". parts will be
additional to the set, however not removed (though this
may be addressed with a "counting" filter). The
additional parts that area unit additional to the set, the
larger the likelihood of false positives.
.
C. Constrained Function Authentification With Advance
Encryption Standard In Offset Codebook Mode
In order to trot out DoS attacks, authentication may
be a necessary security mechanism for preventing the
communications within the network from DoS
attacks.There are several authentication schemes
planned for wireless detector networks. However,
they're not as economical in energy consumption
because the CFA theme. especially, CFA is that the
initial authentication theme supporting en-route filtering
with solely one packet overhead. within the CFA
theme, the network planner, before detector readying,
selects a secret polynomial from the unnatural operate
set whose coefficients ought to be unbroken secret,
thereby constituting the safety basis of CFA. For
simplicity, assume that the degree of every variable is
that the same, though they will be distinct within the
theme. for every node u, the network planner constructs
2 polynomials. Since directly storing these 2
Fig 2. Bloom filter, representing the set
An example of a Bloom filter, representing the set .
the coloured arrows show the positions within the bit
array that every set part is mapped to. The part w isn't
within the set , as a result of it hashes to at least one bitarray position containing zero. For this figure, m=18
and k=3. An empty Bloom filter may be a bit array of m
bits, geared up to zero. There should even be k totally
different hash functions outlined, every of that maps or
hashes some set part to at least one of the m array
positions with a standardized random distribution.
To add a part, feed it to every of the k hash
functions to urge k array positions. Set the bits in the
least these positions to one. To query for a part (test
whether or not it's within the set), feed it to every of the
k hash functions to urge k array positions. If any of the
bits at these positions area unit zero, the part is certainly
It is usually the case that every one the keys area unit
out there however area unit costly to enumerate (for
example, requiring several disk reads). once the false
positive rate gets too high, the filter will be regenerated;
this could be a comparatively rare event.
A. Simulation Results
The performance of our method was also
simulated in the TinyOS environment with ns2 as the
WSN simulator, ns2 is a discrete-event simulator
especially designed for TinyOS operating system to
evaluate the energy consumption and the large-scale
sensor network operations of Advanced securityAware.
Energy consumption
600
500
400
MOTSECAWARE
300
200
ADVANCED
SECURITYAWARE
100
0
20
40
60
80
100
Communication time
Fig 3: Communiction time vs Energy consumption
In this set of simulation 100 nodes are randomly
deployed in flat space with a size of 670*670 m2 . User
Datagram Protocol traffic with constant bit rate is
implemented with a packet size of 512 B. Transmission
range of nodes is set to 200m.
0.8
Overhead
not within the set – if it were, then all the bits would are
set to one once it absolutely was inserted. If all area unit
one, then either the part is within the set, or the bits
have out of the blue been set to one throughout the
insertion of alternative parts, leading to a false positive.
during a straightforward bloom filter, there's no thanks
to distinguish between the 2 cases, however additional
advanced techniques will address this drawback.
The requirement of planning k totally different
freelance hash functions will be preventive for big k.
For a decent hash operate with a good output, there
ought to be very little if any correlation between totally
different bit-fields of such a hash, therefore this kind of
hash will be wont to generate multiple "different" hash
functions by slicing its output into multiple bit fields. as
an alternative, one will pass kdifferent initial values
(such as zero, 1, ..., k − 1) to a hash operate that takes
associate initial value; or add (or append) these values
to the key. For larger m and/or k, independence among
the hash functions will be relaxed with negligible
increase in false positive rate Specifically, show the
effectiveness of account the k indices mistreatment
increased double hashing or triple hashing, variants of
double hashing that area unit effectively straightforward
random range generators seeded with the 2 or 3 hash
values. Removing a part from this easy Bloom filter is
not possible as a result of false negatives don't seem to
be allowable. a part maps to k bits, and though setting
anyone of these k bits to zero suffices to get rid of the
part, it additionally ends up in removing the other parts
that happen to map onto that bit. Since there's no means
of determinative whether or not the other parts are
additional that have an effect on the bits for a part to be
removed, clearing any of the bits would introduce the
likelihood for false negatives.
One-time removal of a part from a Bloom filter will
be simulated by having a second Bloom filter that
contains things that are removed. However, false
positives within the second filter become false
negatives within the composite filter, which can be
undesirable. during this approach re-adding a
antecedently removed item isn't attainable, mutually
would have to be compelled to take away it from the
"removed" filter.
0.6
Motsec-aware
0.4
0.2
0
20
40
60
80 100
Advanced
security-aware
No. of nodes
FIG 4. NO OF NODES VS OVERHEAD
VI. CONCLUSION
Security is that the main concern of communication.
Security has some benefit and demerit per the character
of apply. Sensor networks area unit one in every of
them to produce high flexibility, fault tolerance, high
sensing conformity and low price. These options of
sensors have given rise to several new applications
from existing applications. In existing model, there's no
powerful filter to regulate the communication and
authentication method which will additionally
bottleneck of the network however in planned model,
there's a bloom filter is employed for the authentication.
It reduces the storage overhead of the network and it's
appropriate for dominant giant scale network with low
energy.
REFERENCES
[1] C. Karlof, N. Sastry, and D. Wagner, 2004 ‘Tiny
Sec: a link layer security architecture for wireless
sensor networks,’ in Proc. International Conference
on Embedded Networked Sensor Systems, pp.
162–175.
[2] ZigBee Alliance, Zigbee specifications, Technical
Report Document 053474r06, 2005.
[3] M. Luk, G. Mezzour, A. Perrig, and V. Gligor,2007
‘Mini Sec: a secure sensor network communication
architecture,’ in Proc. International Conference on
Information Processing in Sensor Networks, pp.
479–488.
[4] A. Perrig, R. Szewczyk, V. Wen, D. Culler, and J.
D. Tygar,2001 ‘SPINS: security protocols for
sensor networks,’ in Proc. International Conference
on Mobile Computing and Networking, pp. 189–
199
[5] Yao-Tung Tsou, Chun-Shien Lu, Member and SyYen Kuo, Fellow, “MoteSec-Aware: A Practical
Secure Mechanism for Wireless Sensor Networks”
IEEE transactions on wireless communications, vol.
12, no. 6, june 2013.
[6] X. Lin, X. Sun, X. Wang, C. Zhang, P.-H. Ho, and
X. (S.) Shen, “TSVC: timed efficient and secure
vehicular
communications
with
privacy
preserving,” IEEE Trans. Wireless Commun., vol.
7, no. 12, pp. 4987–4998,M Dec. 2008.
[7] J. Shi, R. Zhang, and Y. Zhang, “A sspatiotemporal
approach for secure range queries in tiered sensor
networks,” IEEE Trans. Wireless Commun., vol.
10, no. 1, pp. 264–273, Jan. 2011
[8] C. M. Yu, Y. T. Tsou, C. S. Lu, and S. Y. Kuo,
“Practical and secure multidimensional query
framework in tiered sensor networks,” IEEE Trans.
Inf. Forensic and Security, vol. 6, no. 2, pp. 241–
255, 2011.
[9] L. Casado and P. Tsigas, “Contikisec: a secure
network layer for wireless sensor networks under
the Contiki operating system,” in Proc. 2009
Nordic Conference on Secure IT Systems, pp. 133–
147.
[10] D. Jinwala, D. Patel, and K. Dasgupta, “FlexiSec:
a configurable link layer security architecture for
wireless sensor networks,” Inf. Assurance and
Security, vol. 4, no. 6, pp. 582–603, 2009.
[11] H. Burton, “Bloom: space/time trade-offs in hash
coding with allowable errors,” Commun. of the
ACM, vol. 13, no. 7, pp. 422–426, 1970.