More Related Content
Similar to Wireless Networks Security Research
Similar to Wireless Networks Security Research (20)
Wireless Networks Security Research
- 1. WIRELESS NETWORKS SECURITY– © J.YABESH, L.R.ELANGO
WIRELESS NETWORKS SECURITY
, L.R.ELANGO,P.LINGANATHAN Pre-final year
Department Of Informationtechnology,
Velammal Engineering College, Chennai
Emailid:,elangovec@gmail.com
Abstract
Recent advances in electronics and many applications of sensor networks, such
wireless communication technologies have as military and homeland security
enabled the development of large-scale
applications. Several recent contributions to
wireless sensor networks that consist of many
low-powers, low cost and small-size sensor the literature have addressed security and
nodes. Sensor networks hold the promise of privacy issues in sensor networks. In this
facilitating large scale and real-time data article we discuss current and past research
processing in complex environments. Security is
activities carried out on sensor network
critical for many sensor network applications,
such as military target tracking and security security. The rest of the article is outlined as
monitoring. To provide security and privacy to follows. We summarize typical attacks on
small sensor nodes is challenging, due to the sensor networks. We give typical
limited capabilities of sensor nodes in terms of
assumptions and security objectives of
Computation, communication, memory/storage,
and energy supply. In this article we survey the sensor networks. Then we discuss key
state of the art in research on sensor network management, secure time synchronization,
security. secure location discovery, and secure
1. Introduction routing, respectively.
Wireless sensor networks have applications
in many important areas, such as the
military, homeland security, health care, the
environment, agriculture, and
manufacturing. One can envision in the
future the deployment of large scale sensor
networks where hundreds and thousands of
small sensor nodes form self-organizing
wireless networks. Providing security in
sensor networks is not an easy task.
Compared to conventional desktop
computers, severe constraints exist since
sensor nodes have limited processing
capability, storage, and energy, and wireless
links have limited bandwidth. Despite the
aforementioned challenges, security is
important and even critical for
- 2. WIRELESS NETWORKS SECURITY– © J.YABESH, L.R.ELANGO
2. Attacks on Wireless Sensor 6. Selective forwarding attack (network
Networks layer): redundancy, probing
7. Sybil attack (network layer):
A large-scale sensor network consists of authentication
thousands of sensor nodes and may be 8. Sinkhole (black hole) attack (network
dispersed over a wide area. Typical sensor layer): authentication, monitoring,
nodes are small with limited communication redundancy
and computing capabilities, and are powered 9. Wormhole attack (network layer):
by batteries. These small sensor nodes are monitoring, flexible route selection
susceptible to many kinds of attacks. For a 10. Hello flood attack (network layer): two-
large-scale sensor network, it is impractical way authentication, three-way handshake
to monitor and protect each individual 11. Flooding (transport layer): limiting
sensor from physical or logical attack. connection numbers, client puzzles
Attacks on sensor networks can be classified 12. Clone attack (application layer): unique
into attacks on physical, link (medium pair wise keys
access control), network, transportation, and
application layers. Attacks can also be 3. Security Objectives For Sensor
classified based on the capability of the Networks
attacker, such as sensor level and laptop- Wireless sensor networks have many
level. unique features that differ from mobile ad
A powerful laptop-level adversary can do hoc networks and other wireless (and wired)
much more harm to a network than a networks. When considering security in
malicious sensor node, since it has much sensor networks, we need to give
better power supply, as well as larger assumptions on the network. Some typical
computation and communication capabilities assumptions made in the existing literature
than a sensor node. Attacks can also be are listed below.
classified into outside and inside attacks. An
outside attacker has no access to most 4. Typical Assumptions
cryptographic materials in sensor networks, Since sensor nodes use wireless
while an inside attacker may ave partial key communications, radio links are generally
materials and the trust of other sensor nodes. insecure. Eavesdropping, injection, replay,
Inside attacks are much harder to detect and and other attacks can be placed on the
defend against. We summarize typical network. The adversary is able to deploy
attacks on sensor networks and possible malicious nodes in the network, or
defense techniques below: compromises some legitimate nodes. Most
1. Jamming (physical layer): spread papers published in the literature on sensor
spectrum, lower duty cycle network security do not assume that sensor
2. Tampering (physical layer): tamper nodes are tamper resistant since the
proofing, effective key management corresponding investment adds significant
schemes per-unit cost to sensor nodes. A typical
3. Collision (link layer): error correcting assumption is to assume that base stations
code are well protected and trusted. Since a base
4. Exhaustion (link layer): rate limitation station is the gateway for sensor nodes to
5. Manipulating routing information communicate with the outside world,
(network layer): authentication, encryption compromising the base station could render
the entire sensor network useless. Thus, base
- 3. WIRELESS NETWORKS SECURITY– © J.YABESH, L.R.ELANGO
stations in sensor networks are assumed to sensor nodes sending data to one (or a few)
be secure. base station(s) at the top right corner.
Other typical assumptions on sensor In-network processing such as data
networks are: aggregation, duplicate elimination, or data
Sensor nodes are densely and statically compression is very important for sensor
deployed in the network. networks to run in an energy-efficient
Sensor nodes are aware of their own manner. In the presence of insider
locations. adversaries, link layer security is not enough
Location awareness is a basic requirement to protect the whole network, since an
for sensor nodes in many sensor networks, insider has complete access to any message
since most sensing data must be associated routed through it, and it can modify,
with the locations where data is generated. suppress, or even discard the message. In
The network may use localization services such a case one might not be able to provide
to estimate the locations of individual nodes, confidentiality, integrity, authenticity, and
and no GPS receiver is required at each availability to every message.
sensor. There are other particular Thus, in the presence of insider attacks, the
assumptions made in some work that may security objectives should be to ensure that
limit the applicability of the proposed the sensor network can provide the basic
schemes. functionalities (i.e., performing sensing and
transmitting data to the base station) with
5. Security Objectives minimum degradation.
The ultimate security objective is to
provide confidentiality, integrity, 6. Key Management
authenticity, and availability of all messages To achieve security in wireless sensor
in the presence of resourceful adversaries. networks, it is important to be able to
Every eligible receiver should receive all perform various cryptographic operations,
messages intended for it and be able to including encryption, authentication, and so
verify the integrity of every message as well on. Keys for these cryptographic operations
as the identity of the sender. Adversaries must be set up by communicating nodes
should not be able to infer the contents of before they can exchange information
any message. In conventional computer securely.
networks the primary security goal is Key management schemes are
reliable delivery of messages (i.e., protection mechanisms used to establish and distribute
against DOS attack). Message authenticity, various kinds of cryptographic keys in the
integrity, and confidentiality are usually network, such as individual keys, pair wise
achieved by an end-to-end security keys, and group keys. Key management is
mechanism such as Secure Socket Layer an essential cryptographic primitive upon
(SSL). The reason is because the dominating which other security primitives are built.
traffic pattern is end to- end communication, Most security requirements, such as privacy,
where it is neither necessary nor desirable authenticity, and integrity, can be addressed
for the contents of the message (beyond the by building on a solid key management
necessary headers) to be available to the framework. In fact, a secure key
intermediate routers. management scheme is the prerequisite for
However, the dominant traffic pattern in the security of these primitives, and thus
sensor networks is many-to-one, as essential to achieving secure infrastructure
illustrated in Fig. 1, where a large number of in sensor networks.
- 4. WIRELESS NETWORKS SECURITY– © J.YABESH, L.R.ELANGO
Due to resource constraints, achieving such and each sensor node stores only an
key agreement in wireless sensor networks embedded key such that a
is nontrivial. compromising/captured node cannot reveal
The challenge of designing key much security information of the sensor
management protocols for sensor networks network. The drawback of the trusted server
lies in establishing a secure communication scheme is that if the server is compromised,
infrastructure, before any routing fabric has the network is totally unsecured. However,
been established with or without the we usually assume that the base station
presence of any trusted authority or fixed where the server runs is secured.
server, from a collection of sensor nodes that
have no prior contact with each other. Some 8. Self-Enforcing Schemes
cryptographic information (e.g., a key) is A self-enforcing scheme depends on
normally preloaded in sensor nodes before asymmetric cryptography, such as key
deployment, and allows sensor nodes to agreement using public key certificates. If
perform secure communications with each the sensor node can support the
other. Most schemes do not assume prior computationally intensive asymmetric
knowledge of the network deployment cryptographic operations, key distribution
topology and allow nodes to be added to the via asymmetric cryptography is a favored
network after deployment. scheme (e.g., the schemes proposed in [9,
The schemes must have low computational 10]). Sensor nodes conduct exchanges of
and low storage requirements. There are public keys and master key signatures after
four types of key management schemes: deployment.
trusted server, self-enforcing, key pre- A sensor node is legitimate if the master
distribution and public key cryptography. key’s signature is verified using the master
We discuss these schemes in the following public key. A symmetric session key for a
subsections sensor node can be generated and sent using
. the sensor node’s public key. In a self-
7. Trusted Server Schemes enforcing scheme, a compromising sensor
Trusted server schemes depend on a node reveals no security information about
trusted and secure server such as the base other keys in the network except current
station for key agreement among nodes. The ongoing session keys. However, limited
server can be treated as the key distribution computation and energy resources of sensor
center (KDC). For example, assume that two nodes make it undesirable to use public key
sensor nodes intend to make a secure algorithms such as Diffie -Hellman key
connection. In a typical case, a symmetric agreement or RSA.
key is generated for each node in a sensor
network before deployment and embedded 9. Key Pre-distribution Schemes
in each sensor node’s memory. This The third type of key agreement scheme
embedded key is used for the two sensors to is key pre-distribution, where key
authenticate themselves to the base station. information is distributed among all sensor
Then the base station generates a link key or nodes prior to deployment. Recent research
session key and sends it securely to both on sensor networks suggests that key pre-
sensor nodes via a single hop or multiple distribution schemes are a promising
hops. practical option for scenarios where the
In the trusted server scheme the base station network topology is not known prior to
is the most appropriate choice for the server, deployment. Eschenauer and Gligor [4] first
- 5. WIRELESS NETWORKS SECURITY– © J.YABESH, L.R.ELANGO
presented a key management scheme for networks. The proposed time
sensor networks based on probabilistic key synchronization schemes for sensor
pre distribution. Chan et al. [5] extended this
scheme and presented three mechanisms for
key establishment. Liu and Ning [6] proposed
a key management scheme based on key
pre-distribution to establish pair wise keys in
sensor networks.
In [7] Perrig et al. proposed SPINS, a suite
of security building blocks for sensor
networks. SPINS includes SNEP,
a protocol for data confidentiality and two-
party data authentication, and mTESLA, a
protocol for broadcast data authentication.
10. Secure Time Synchronization
Due to the collaborative nature of sensor
nodes, time synchronization is very
important for many sensor network
operations, such as coordinated sensing Networks include Reference-Broadcast
tasks, sensor scheduling (sleep and wake), Synchronization (RBS) [12], Timing-Sync
mobile object tracking, time-ivision multiple Protocol for Sensor Networks (TPSN) [13],
access (TDMA) medium access control, data and so on. These time synchronization
aggregation, and multicast source algorithms try to achieve either pair-wise
authentication protocol. For example, in the clock synchronization or global clock
target tracking application illustrated in Fig. synchronization. Pair-wise clock
2, sensor nodes need to know both the synchronization aims to obtain high
location where and time when the target is precision clock synchronization between
sensed in order to correctly determine the pairs of sensor neighbors, while global clock
target moving direction and speed. synchronization aims to provide network
The Network Time Protocol (NTP) [11] is wide clock synchronization in the whole
used for synchronization in the Internet. A sensor network. Existing pair-wise clock
sensor network is a resource constrained synchronization protocols use either
distributed system, and the NTP cannot be receiver–receiver synchronization (e.g., RBS
directly used by sensor networks. Several [12]), in which a reference node broadcasts a
time synchronization algorithms (e.g., [12, reference packet to help pairs of receivers
13]) have been proposed for sensor identify the clock differences, or sender–
networks. All network time synchronization receiver synchronization (e.g., TPSN [13]),
methods rely on some kind of message where a sender communicates with a
exchanges between nodes. receiver to estimate the clock difference.
No determinism in the network dynamics, Most of the global clock synchronization
such as physical channel access time and protocols establish multi-hop paths in a
operation system overhead (e.g., system sensor network so that all nodes can
calls), makes synchronization synchronize their clocks to a given source
implementation challenging in sensor based on these paths and the pair wise clock
differences between adjacent nodes in these
- 6. WIRELESS NETWORKS SECURITY– © J.YABESH, L.R.ELANGO
paths. However, none of the aforementioned keys for each pair of neighbor sensors. Then
time synchronization schemes were a sender can calculate a message
designed with security in mind. Hence, they authentication code (MAC) by using the
are not suitable for applications in hostile shared key and append the MAC to an
environments (e.g., military battlefields) outgoing message. The MAC prevents an
where security is critical. Most existing time attacker from impersonating other nodes or
synchronization schemes are vulnerable to altering the message content without being
several attacks. In [14] the authors identified detected. To prevent a replay attack, a
four possible attacks on sensor time sequence number can be added to each
synchronization: exchanged message. Message dropping may
be noticed by some misbehavior detection
Masquerade attack: Suppose that node A schemes. However, delay and DoS attacks
sends out a reference beacon to its two cannot be defended against by cryptographic
neighbors, B and C. An attacker, E, can techniques. In Song et al. [14] identified the
pretend to be B and exchange wrong time delay attack and propose solutions to defend
information with C, disrupting the time against it. The general idea [14] is to collect a
synchronization process between B and C. set of time offsets from multiple involved
nodes, and some statistical methods are used
Replay attack: Using the same scenario as to identify the malicious time offsets (from
mentioned in the first attack, attacker E can attackers). Then the identified malicious
replay B’s old timing packets, misleading C time offsets are excluded and the rest of the
to be synchronized to a wrong time. time offsets are used to estimate the actual
time offsets. Two schemes were proposed in
Message manipulation attack: In this [14] to defend against the delay attack. The
attack, an attacker may drop, modify, or first scheme uses a statistical method, or the
even forge the exchanged timing messages generalized extreme studentized deviate
to interrupt the time synchronization (GESD) algorithm, to detect multiple
process. outliers introduced by the compromised
nodes, and the second scheme utilizes a
Delay attack: The attacker deliberately threshold derived using a time
delays some of the time messages (e.g., the transformation technique to filter out the
beacon message in the RBS scheme) so as to outliers.
fail the time synchronization process. It is
noted that this attack cannot be defended.
In addition to the above four attacks,
denialof- service (DOS) attack can also
disrupt most time synchronization schemes.
For example, an adversary can cause
jamming or packet collision with timing
messages, and thus disrupt the time
synchronization process. The first three
attacks can be addressed by cryptographic
techniques. Authentication can be used to
defend against a masquerade attack. For
example, a sensor network can first use a
key management scheme to establish shared
- 7. WIRELESS NETWORKS SECURITY– © J.YABESH, L.R.ELANGO
security and better efficiency by utilizing the
long transmission range and other features
of high-end sensors. Figure 3 shows a
heterogeneous sensor network, where the
small squares represent low-end sensors,
large rectangular nodes are high-end
sensors, and the large square at the top right
corner is the base station. For example,
MICA2-DOT sensors (as shown in the top
left corner of Fig. 4) may function as low-
end sensors, and Star gate nodes (as shown
at the bottom of
Fig. 4) may serve as high-end sensors. Both
sensor nodes are manufactured by Crossbow
Technology Inc. In the top right of Fig. 4 is
a quarter used to show the sensor’s size.
11. Secure Location Discovery
As mentioned earlier, sensor locations
In Wood and Stankovic[1] discussed DOS play a critical role in many sensor network
attacks in sensor networks and listed applications, such as environment
possible defense schemes against these monitoring and target tracking. Furthermore,
attacks. For example, spread-spectrum several fundamental techniques developed
technique may be used to avoid jamming for wireless sensor networks also require
attack, and error-correcting code may be sensor location information, such as
used to defend packet collision attack. In geographical routing protocols that make
general, it is not an easy task to detect and routing decisions based on node locations.
defend DOS attacks in sensor networks. The Indeed, many sensor network applications
above time synchronization schemes are will not work without sensor location
designed for homogeneous sensor networks, information. Many location
where all sensor nodes are modeled to have discovery/estimation (also called
the same capabilities. These schemes localization) protocols have been proposed
involve nontrivial computation and for sensor networks, for instance, the
communications, and thus incur large scheme suggested in [16]. These protocols
overhead. Furthermore, many share a common feature: they all should
synchronization algorithms need to make use of some special nodes, called
propagate a time synchronization message beacon nodes, which are assumed to know
from some reference point (e.g., the base their own locations (e.g., through GPS
station) to all sensors via multiple hops, and receivers or manual configuration). These
synchronization error can be accumulated protocols work in two stages. In the first
during the multihop transmissions. In Du et stage nonbeacon nodes receive radio signals
al. [15] proposed a secure, efficient, and called reference messages from the beacon
effective time synchronization scheme for nodes.
heterogeneous sensor networks, which A reference message includes the location
include physically different types of sensor of the beacon node. In the second stage the
nodes. The scheme achieves stronger nonbeacon nodes then make certain
- 8. WIRELESS NETWORKS SECURITY– © J.YABESH, L.R.ELANGO
measurements (e.g., distance between the between any pair of nodes, which is
beacon and nonbeacon nodes) based on different from the many-to-one traffic
features of the reference messages (e.g., pattern dominant in sensor networks. In [1]
received signal strength indicator [RSSI], Wood and Stankovic identified a number of
time difference of arrival). Without DOS attacks in sensor networks. Many of
protection, an attacker may easily mislead these DOS attacks are on sensor network
the location estimation at sensor nodes and routing. In [2] Karlof and Wagner described
subvert the normal operation of sensor several security attacks on routing protocols
networks. in sensor networks. They also analyzed the
For example, an attacker may provide possible attacks on several existing routing
incorrect location references by replaying protocols, including Directed Diffusion and
the beacon packets intercepted in different LEACH. However, Karlof and Wagner did
locations. Moreover, an attacker may not present any secure routing protocol for
compromise a beacon node and distribute sensor networks in [2]. In [19] Du et al.
malicious location references by lying about proposed an efficient and secure routing
the location or manipulating the beacon protocol for heterogeneous sensor networks.
signals (e.g., changing the signal strength if The protocol achieves energy efficiency and
RSSI is used to estimate the distance). In can defend against many typical attacks on
either case, nonbeacon nodes will determine sensor routing. In [20] Ye et al. considered
their locations incorrectly.schemes to detect how to efficiently detect false data injected
localization anomalies caused by attackers. by compromised nodes.
12. Secure Routing
The primary functionality of wireless
sensor networks is to sense the environment
and transmit the acquired information to
base stations for further processing. Thus,
routing is an essential operation in sensor
networks. A number of routing protocols
have been proposed for sensor networks.
However, previous research on sensor
network routing was focused very much on
efficiency and effectiveness of data
dissemination, and very few studies
considered security issues in the design of
the routing protocol. Studies and
experiences (e.g., [2]) have shown that
considering security in the design stage is
the best way to provide security for sensor
network routing. Several secure routing
protocols have been proposed for mobile ad
hoc networks (MANETs). However, these
protocols are not suitable for sensor 13. Conclusions
networks because:• They require lots of Security is critical for many sensor
computations for routingand security. • They networks. Due to the limited capabilities of
were designed to find and establish routes sensor nodes, providing security and privacy
- 9. WIRELESS NETWORKS SECURITY– © J.YABESH, L.R.ELANGO
to a sensor network is a challenging task. In
this article, we summarize typical attacks on
sensor networks and surveyed the literatures
on several important security issues relevant
to the sensor networks, including key
management, secure time synchronization,
secure location discovery, and secure
routing. Many security issues in wireless
sensor networks remain open and we expect
to see more research activities on these
exciting topics in the future.
14. References
[1] A.D. Wood and J. A. Stankovic, “Denial
of Service in Sensor Networks,” Computer,
vol. 35, no. 10, Oct. 2002, pp. 54–62.
[2] C.
Karlof and D. Wagner, “Secure
Routing in Sensor Networks: Attacks and
Countermeasures,” Proc.1st IEEE Int’l. Wks
, Sensor Network Protocols and Apps.,
2003.