Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks

A Review of Existing Security frameworks and Encryption Methods

advertisement 
A Review of Existing Security frameworks and Encryption Methods for Wireless Sensor
Networks
Vartika Shah
Research Scholar (M.Tech.)
Department Of Computer Science
Engineering & Information Technology
Madhav Institute of Technology and Science,
Gwalior(M.P.)
vartika.shah@gmail.com
Sanjiv Sharma
Assistant Professor
Department Of Computer Science
Engineering & Information Technology
Madhav Institute of Technology and Science,
Gwalior(M.P.)
dr.s.sanjiv@gmail.com
Abstract
variety of attacks. Security is primary concern for
sensor networks because nodes assume a large
amount of trust among themselves during data
transmission and aggregation. A secure and faster
(time and memory space efficient) encryption
algorithm can achieve higher protection and energy
efficient WSN transmission. In WSN, security can be
achieved by stream or block cipher. Block ciphers are
faster than stream ciphers. On the basis of
observation, time and space complexity of block
cipher is dependent on number of rounds used for
converting plain text into cipher text and encryption
modes. This paper is organized in various sections
subsequently. In section II existing security services
and attacks are given. Further in section III, existing
security frameworks for WSN are briefly explained
and finally in section IV, conclusion and the future
directions are shown.
Wireless Sensor Network (WSN) is gaining more
popularity and drawn more interest because of its
recent advancement and wide implementation areas.
These networks are deployed in variety of fields in
unattended way and this makes them prone to different
types of attacks. Limited resources, like battery power,
memory and wireless communication channel enhance
difficulty of implementation of security in wireless
sensor networks. Some researchers have proposed
their frameworks for implementing security in energy
efficient way and provide various symmetric
encryption methods for fast processing with small
memory consumption and less storage requirement.
Keywords
Wireless Sensor Network,
Security framework.
I.
Encryption
method,
Introduction
A Wireless Sensor Network is a group of spatially
distributed autonomous sensor nodes, communicating
wirelessly over limited frequency and bandwidth.
The development of Wireless Sensor Networks was
motivated by military applications such as battlefield
surveillance. Now a day, such networks are used in
many industrial and consumer applications. Unlike
traditional networks, sensor networks have to deal
with some issues such as energy efficiency,
synchronization among nodes, reliable and real-time
end-to-end data delivery and security of the network.
Usually, sensor nodes are dropped into the
environment from which data is to be collected and
their exact positions are not fixed, hence
synchronization of nodes is required to determine the
relative positions. Sensor nodes are vulnerable to a
II. Existing Security Services and Attacks in
WSN
While dealing with security in WSNs, small battery
of sensors and different behavior of WSN created
more difficulty for achieving following security
services: Confidentiality: data confidentiality is the
most important issue in military applications.
It ensures that the data in transit is kept secret
from eavesdroppers. Encryption methods are
used for achieving confidentiality.
 Integrity: data integrity measures that the
received data is never corrupted and not
altered in transit by an adversary. Sometimes,
the data can be altered without the presence
of an intruder if the communication channel
is unreliable. To prevent data integrity,
message authentication codes or cyclic codes
are used.





Authentication:
authentication enables a
node to ensure the identity of the peer with
which it is communicating. For only two
nodes to communicate, authentication can be
provided by symmetric key cryptography.
The sender and the receiver may share a
secret key to compute the message
authentication code (MAC) for all transmitted
data.
Availability: it guarantees the survivability of
the network services against Denial-ofService (DoS) attack. In DoS, battery is
exhausted due to excessive communication or
computations. In applications like battlefield
surveillance, the consequences of availability
loss may be catastrophic. Here, enemy
invasion can take place.
Data freshness: to ensure the freshness of
each message. It suggests that the data is
recent and it also ensure that no old message
has been replayed. This is especially
important in case of shared key. Because, we
need to change is over time.
Non-repudiation: it ensures that the node
sending or receiving the data cannot deny
sending or receiving it previously.
Authorization: it ensures that only authorized
nodes can access the services or resources of
the network.
Security is crucial issue for sending data using WSN.
Security is of prime importance in sensor network
because nodes assume a large amount of trust among
themselves during data transmission. Following
attacks are possible on WSN:

Wormhole attack: in wormhole attack [13]
the adversary tunnels the messages which
was received in one part of the network over
a low latency link and replays these messages
in a different part. As a result, the nodes lying
in one area consider nodes in another area as
their neighbors and vice versa. Wormholes
can cause damage without even knowing the
services offered or protocol used in the
network. These are hard to detect because
they use a private, out-of-band channel which
are invisible to the underlying sensor network
[21].
Jamming attack: jamming attack [15] is the
act of intentionally directing electromagnetic
energy towards a communication system for




disrupting or preventing signal transmission.
Interference with the radio frequencies of the
sensor nodes takes place in Jamming attack.
Few jamming nodes can put substantial
amount of nodes out of order and can cause
complete DoS(Denial of Service) [11].
Blackhole/Sinkhole attack: a compromised
node looks especially attractive to
surrounding nodes with respect to the routing
algorithm [19]. Detection of sinkhole attack
is difficult because routing information
supplied by a node is difficult to verify.
Sybil attack: the attacker disguises itself as a
valid sensor and normally has more than one
identity [17][18].
Selective forwarding attack: the adversary
become the part of the data flow path of
interest and may choose not to forward
certain packets or packets coming from a
specific source [16].
Hello Flood Attack: attacker uses HELLO
packets as a weapon for convincing the
sensors in WSN. The attacker with high radio
transmission range and processing power
forwards these packets to the dispersed nodes
and convince these nodes that the adversary
is their neighbor.
III. Existing Frameworks for Security
Implementation in Wireless Sensor
Network
Perrig et al., 2001 proposed SPIN [1] framework for
WSN. SPIN Framework run on TinyOS operating
system and has two building blocks, SNEP (Secure
Network Encryption Protocol) for data confidentiality,
two-party authentication, integrity, freshness with low
communication overhead and μTESLA (the micro
version of the Timed, Efficient, Streaming, Losstolerant Authentication Protocol) for broadcast data
authentication. In this protocol, the sensor node trust
on the base station intimately and the base station is
involved to establish a pairwise key between the two
nodes which can be targeted. This can also cause the
issue of scalability and Sybil attacks. The
communication parties derive independent keys for
encryption and decryption and MAC keys for each
direction of communication. SPIN does not consider
the problem of information leakage through cover
channels and also does not deal completely with
compromised sensors and denial-of-service (DoS)
attacks. For encryption SPIN uses RC5 algorithm [22].
Karlof et al., 2004 describe Tiny-Sec [3], the first
fully-implemented link layer security mechanism of
wireless sensor network that is a part of the TinyOS
platform. For achieving node access control, data
integrity and data confidentiality, it employs RC5,
Skipjack and other symmetric encryptions and is
widely used for point-to-point security. Here, a key is
pre-deployed when the node joins the network which
makes the key distribution very simple. But Tiny-Sec
doesn’t provide any solution for rekeying and key life
management [3]. If a single node is compromised, the
security of the whole network will be at risk.
Moreover, it doesn’t consider the node capture attack.
This makes the scheme poor for real world
deployment. This scheme is portable to a variety of
hardware and radio platforms. It provides access
control, message integrity and message confidentiality.
It supports two different type of security options:
TinySec authentication encryption(TinynSec-AE) in
which the data payload is encrypted and the encrypted
data and packet header are authenticated with a MAC
and Tinysec authentication only(TinySec-Auth) in
which the whole packet is authenticated with a MAC
but the data payload is not encrypted. This protocol
also discusses the impact of different keying
mechanisms on the effectiveness of in-network
processing in sensor networks. Some pragmatic
aspects like key management are not defined in this
protocol which is very important aspect of any security
architecture.
Roberto D. Corin et al., 2011 has proposed TinyKey
[4] to overcome the limitations of Tinysec. This is the
first protocol in which the performance results are
conducted on full-scale deployment. It also avail a key
management mechanism within the architecture of the
protocol and is available for the research community
to download and test. Protocol uses KMS (Key
Management Sub-module) for validating and saving
new keys on the non-volatile memory. For key
validation the version number of the message is
compared with the version umber of the current keys.
The current key will be replaced only if the version
number of the new key is higher, CBC-MAC which
provides message authentication and integrity, RKG
(Random Key Generator) and ENC which provides
message confidentiality and protection against reply
attacks. It also supports Initialization Vector (IV)
which prevents repetition in data encryption.
Mark Luk et al., 2007 proposed MiniSec [5], the first
general purpose security protocol for Telos motes. In
this protocol, higher level of security is achieved with
lower energy overhead. This protocol provides
authentication, data secrecy, replay protection and
weak data freshness. The performance of this protocol
is measured under most real-world scenarios. They
have used OCB encryption mode to reduce the energy
consumption. Bloom filters and loose time
synchronization is used for achieving efficient replay
protection in broadcast communication. Here, a
synchronized monotonically increasing counter is used
between the sender and the receiver as the IV and
there is no need to send this with the packet. However,
this protocol includes the last few bits of the counter
along with each packet. By keeping these numbers of
bits low, the energy consumption can be reduced to the
negligible. MiniSec has 2 modes of operations:
MiniSec-U(Unicast) provides secure communication
in unicast settings and MinniSec-B(Broadcast) for
secure communication in broadcast settings. The main
difference in these two is the way they manage the
counters.
S. Zhu et al., 2003 proposed LEAP [6]
(Localized Encryption and Authentication Protocol)
which was designed for supporting in-network
processing. The protocol is based on the idea that the
type of messages exchanged between the nodes are of
different types so different security mechanism are
required and four types of keys are required for
achieving security. Individual key is used for every
node that it shares with base station used to secure the
communication between a node and the base station.
Group key is a secret key shared by all the nodes and
the base station used by the base station to encrypt the
messages that are to be broadcasted to the whole
group. This key provides confidentiality. Cluster key
shared with multiple neighboring nodes mainly used
for securing the locally broadcast messages. Nodes
share Pairwise Shared keys with other sensor nodes to
secure the communications that require privacy or
source authentication. LEAP minimizes the
participation of the base station in an energy-efficient
way [10]. This protocol also supports inter-node traffic
authentication which is based on one-way key chains.
The process of establishing and updating the key is
efficient and require small storage. In this spoofing,
altering, replay routing information and selective
forwarding attacks are not prevented but the
consequences of these attacks are minimized. The
scheme can prevent the HELLO flood and Sybil
attacks.
S. Zhu et al., 2006 have proposed LEAP+ [7], making
some improvements in their own protocol LEAP.
They used four types of keys for implementing
LEAP+. Individual Key is to be shared with the base
station used for secure communication between the
base station and the node. Pairwise key is shared with
each of its immediate neighboring sensor node, used
for securing the communication that requires privacy
or source authentication. Cluster key is shared with
multiple neighboring nodes used for securing locally
broadcast messages. Global key is a secret key shared
by all the nodes in the network and the base station is
used by the base station to encrypt the messages that
are to be broadcasted to the whole network. This
protocol is very efficient in terms of communication,
computational, and storage costs.
It provides
confidentiality and authentication. In this protocol the
false HELLO message can be detected and dropped
immediately. This scheme has lower performance
overhead
than
previous
schemes,
provides
deterministic security and also prevents node cloning
attacks or node replication attacks. This protocol uses
one-time authentication keys and uses μTESLA for
providing global broadcast authentication of node
revocation messages. This authentication scheme is
motivated by observations that node needs to
authenticate a packet to its immediate neighbors and
will normally receive the packet before copy
forwarded by any other nodes. RC5 block cipher is
used for providing encryption and CBC-MAC. Here,
the base station acts as a controller or a key server and
assumes that this will not be compromised. This can
work as single point of failure.
Min Shao et al., 2009 has proposed pDCS [8] which is
a security and privacy support for data-centric sensor
networks. Data centric sensor networks are those in
which the availability of the persistent base station is
not required. Here, on appropriate occasions, to collect
the stored data, the mobile sinks (MS) like mobile
sensors, users or soldiers may be dispatched ondemand. Hence, it saves the network from a single
point of failure from the operation perspective and also
security. The location of sensors storing different types
of data could be easily determined. pDCS provide
security and privacy to DCS networks. It uses five
types of keys. Master key is shared with the MS used
for encrypting the new cell key to achieve secure key
distribution. Nodes shares pairwise keys with every
neighbor used for securely distributing key materials
and for preventing from packet injection attacks and
hop-to-hop authentication of data messages. Cell key
is shared by all the nodes in same cell used for
encrypting the sensed data, for private cell-to-cell
mapping and works as key encryption key for secure
delivery of row key. Row key is shared by all the
nodes in same row used by achieving secure row-tocell mapping or works as key encryption key for
secure delivery of a group key. Group key shared by
all the nodes in the network and is used for secure
group-to-cell mapping and MS uses it for broadcasting
secure query or commands. The main advantages of
using this are: first, even if an attacker can
compromise a sensor node and obtain all its keys, he
cannot decrypt the data stored in the compromised
node. Second, after an attacker has compromised a
sensor node, he cannot know where this compromised
node stored its event data generated in the previous
time intervals. Third, pDCS includes very efficient key
management scheme for revoking a compromised
node once its compromise has been detected, thus
preventing an attacker from knowing the future
storage location for particular events. Finally, pDCS
provides a novel query optimization scheme to
significantly reduce the message overhead without
losing any query privacy. pDCS does not include its
own anonymous communication techniques yet.
Instead, it relies on one of the existing schemes to
provide the service when required.
Jyh-Ming Huang et al., 2013 has proposed ERP-DCS
[9], an improvement over pDCS. In this protocol the
main emphasize is on narrowing down the rekeying
areas by which rekeying message overhead could be
reduced if any sensor node is compromised. Here, the
base station preloads a master key Ki shared with base
station, an initial key Kinit for generating other keys in
key setup and a one-way hash function H(.) for
generating new keys and the storage location of event
data. Besides these, 3 types of keys are also used in
this protocol. Pairwise key shared with all the
neighbors and can decide a common key individually
with some pre-distributed schemes. Cell key shared by
all the nodes in the same cell can be created by hash
function K(i,j)=H(Kinit, i|j). EBS (Exclusion Basis
System) keys are generated by the CH and distributed
individually to all member nodes. ERP-DCS removes
the global and raw key of pDCS protocol. In ERP-
DCS each CH builds ESB key and distribute it to the
other members. By doing this the energy conservation
can be achieved. The simulation results of this
protocol shows that as compare to the pDCS protocol,
the significant reduction in number of rekeying
messages take place if there is slight increase in key
storage overhead of each node.
Table 1: Detailed information about available security frameworks for WSN
Framework
IV.
Block
Cipher
RC5
Keys used
Security provided
SPIN
Encryption
mode
CTR mode
Master Key
TinySec
CBC mode
Cipher
Independent
TinyKey
CBC-MAC
SkipJack
MiniSec
LEAP
OBC
&
CBC-MAC
RC5
SkipJack or
RC5
RC5
LEAP+
RC5
RC5
Shared
Symmetric
key
preinstalled
node keys
encryption
key
Individual
Key
Group Key
Cluster Key
Pairwise
Shared Key
Individual
Key
Global Key
Cluster Key
Pairwise
Key
Data and Information
Spoofing, Message
Replay Attacks
Data and Information
spoofing, Message
Replay Attack
Message
authentication,
confidentiality and integrity.
pDCS
RC5
RC5
ERP-DCS
RC5
RC5
Master key
Pairwise
Key
Cell key
Row key
Group key
Pairwise
key
Cell key
EBS key
Conclusion and Future work
This research paper provides information about existing
researches and observes available research issues on
WSN security. Energy preservation is a primary
concern for achieving WSN security. Many researches
are showing that key management consumes more
Support(type
of mote)
SmartDust
Release
Year
2002
Mica, Mica2
& Mica2Dot
2004
TMote
Motes
2011
Sky
Authentication, Data Secrecy
and Reply Attack
HELLO flood attack, Sybil
attack and minimizes the
consequences of spoofing,
altering,
replay
routing
information and selective
forwarding attacks
Confidentiality
and
authentication. HELLO flood
attack, Sybil attack and
minimizes the consequences
of spoofing, altering, replay
routing information and
selective forwarding attacks
Location and Query privacy
Telos
2007
Mica2
motes(xbow
2005)
2003
Mica2
motes(xbow
2005)
2006
Mica2
2009
Location and Query privacy
Mica2
2013
battery and energy resources. An efficient technique is
required for managing keys, Secure & energy
preserving communication in WSN. Furthermore, a
framework is needed for achieving security services by
WSN. This framework must be efficient and scalable
for WSN communication.
References
[1] A. Perrig, R. Szewczyk, V. Wen, D. Culler, and J.D.
Tygar, July 2001, “SPINS: Security Protocols for
Sensor Networks.” Proceedings of MobiCom ’01,
Rome, Italy, Vol. 8 pp. 189-199.
[2] A. Perrig, R. Canetti, J.D. Tygar and D. Song, 2002,
‘The TESLA Broadcast Authentication Protocol’,
CryptoBytes, 5(2), pp. 2-13.
[3] C. Karlof, N. Sastry, D. Wagner, 03 – 05
November 2004, ‘TinySec: A Link Layer Security
Architecture for Wireless Sensor Networks’,
Proceedings of the 2nd International Conference on
Embedded Networked Sensor Systems Baltimore, MD,
USA, New York, NY, USA: ACM Press, pp. 162 –
175.
[4] R. D. Corin, G. Russello and E. Salvadori
CREATE-NET, 2011, “TinyKey: A light-weight
architecture for Wireless Sensor Networks securing
real-world
applications”
Eighth
International
Conference on Wireless On-Demand Network Systems
and Services
[5] M. Luk, G. Mezzour, A. Perrig, V. Gligor, April 2527, 2007, “MiniSec: A Secure Sensor Network
Communication Architecture”, IPSN’07, Cambridge,
Massachusetts, USA. Copyright 2007 ACM 978-159593-638-7/07/0004.
[6]S. Zhu, S. Setia, and S. Jajodia, 2003, “LEAP:
Efficient Security Mechanisms for Large-scale
Distributed Sensor Networks,” Procs. of the 4th ACM
Workshop on Wireless Security. pp. 62-72.
[7] S. Zhu, S. Setia, and S. Jajodia, 2006 “Leap+:
Efficient security mechanisms for large-scale
distributed sensor networks”. TOSN, 2(4), pp. 500–528.
[8] M. Shao, S. Zhu, W. Zhang, G. Cao., and Y. Yang,
2009 “pDCS: Security and Privacy Support for DataCentric Sensor Networks,” IEEE Transactions on
Mobile Computing, Vol.8, No.8, pp. 1023-1038.
[9] J. Huang, S. Yanga, C. Daia, 2013 “An Efficient
Key Management Scheme for Data-Centric Storage
(ERP-DCS) Wireless Sensor Networks”. IERI Procedia
4
[10] R.M. Verma, and B.E. Basile, 2013, “Modeling
and Analysis of LEAP, a Key Management Protocol for
Wireless Sensor Networks”, IEEE International
Workshop on Security and Privacy of Mobile, Wireless,
and Sensor Networks (MWSN).
[11] W.J. Blackert, D.M. Gregg , A.K. Castner, E.M.
Kyle, R.L. Hom, and R.M. Jokerst, 22-24 April, 2003
“Analyzing interaction between distributed denial of
service attacks and mitigation technologies”, Proc.
DARPA Information Survivability Conference and
Exposition, Volume 1, pp. 26 – 36.
[12] B-T. Wang and H. Schulzrinne, 2-5 May 2004,
“An IP traceback mechanism for reflective DoS
attacks”, Canadian Conference on Electrical and
Computer Engineering, Volume 2, pp. 901 – 904.
[13] Z. Zhao, B. Wei, X. Dong, L. Yao and F. Gao,
2010 “Detecting Wormhole Attacks in Wireless Sensor
Networks with Statistical Analysis” International
Conference on Information Engineering(ICIE), pp.
251-254
[14] C. P. Pfleeger and S. L. Pfleeger, 2003, “Security
in Computing”, 3rd edition, Prentice Hall.
[15] S. Periyanayagi, V. Sumathy and R. Kulandaivel,
2011, “A Defense Technique for Jamming Attacks in
Wireless Sensor Networks Based On SI” International
Conference on Process Automation, Control and
Computing, pp. 1-5.
[16] Hung-Min Sun, Chien-Ming Chen, and Ying-Chu
Hsiao, Oct. 2007. An efficient countermeasure to the
selective forwarding attack in wireless sensor networks,
pp. 1 –4.
[17] J. Douceur, 2002 “The Sybil Attack”, 1st
International Workshop on Peer-to-Peer Systems.
[18] J. Newsome, E. Shi, D. Song, and A. Perrig, 2004,
“The sybil attack in sensor networks: analysis &
defenses”, Proc. of the third international symposium
on Information processing in sensor networks, ACM,
pp. 259 – 268.
[19] B.J. Culpepper and H.C. Tseng, 2004, “Sinkhole
intrusion indicators in DSR MANETs”, Proc. of the
First International Conference on Broad band
Networks, pp. 681 – 688.
[20] C. Karlof and D. Wagner, September 2003,
“Secure routing in wireless sensor networks: Attacks
and countermeasures”, Elsevier's Ad Hoc Network
Journal, Special Issue on Sensor Network Applications
and Protocols, pp. 293-315.
[21] Y.C. Hu, A. Perrig, and D.B. Johnson, 30 March-3
April 2003, “Packet leashes: a defense against
wormhole attacks in wireless networks”, TwentySecond Annual Joint Conference of the IEEE Computer
and Communications Societies. IEEE INFOCOM 2003,
Vol. 3, pp. 1976 – 1986.
[22] R. Rivest, 1994, ‘The RC5 Encryption Algorithm’,
Fast Software Encryption LNCS 1008, Preneel, B., Ed.,
Springer-Verlag, 1995, pp. 86-96
Related documents
How to Efficiently Communicate When Your Network is Under Attack
How to Efficiently Communicate When Your Network is Under Attack
A Pairwise Key Pre-Distribution Scheme for Wireless Sensor Networks
A Pairwise Key Pre-Distribution Scheme for Wireless Sensor Networks
Sensor Management Protocol
Sensor Management Protocol
Industrial Wireless Sensor Networks_ Challenges, Design Principles
Industrial Wireless Sensor Networks_ Challenges, Design Principles
Case Study (ZigBee) -System Model
Case Study (ZigBee) -System Model
- Krest Technology
- Krest Technology
WSN-Presentation
WSN-Presentation
lectures\WSN-Intro-Class
lectures\WSN-Intro-Class
Download
advertisement