Wireless Sensor Network Security: A Survey

Presented By: Anubhav Mathur

Department of Computer ScienceUniversity of Connecticut

Authors:John Paul Walters, Zhengqiang Liang,

Weisong Shi, and Vipin ChaudharyDepartment of Computer Science

Wayne State UniversityE-mail: {jwalters, sean, weisong, vipin}@wayne.edu

1/32

Introduction

• Security Wireless Sensor Networks• Operate in Unattended and Hostile Environments• Interacts with sensitive data

• Resource Constraints

• Issues should be addressed from the beginning of the system design• Enormous Research Potential in the field of WSN Security• A survey to facilitate effective research

2/32

What do we know?

• Popular low cost solutions for military and civilian applications• Resource constraints – Data storage and Processor speed and Power• Security • Unreliable Communication Channel• Unattended Operation

3/32

Areas Covered

• Secure and Efficient Routing• Data Aggregation• Group Formation• Cryptographic Security• Sensor Trust Model • Physical Attacks & Defenses

4/32

Main Aspects

1. The obstacles to Sensor Network Security2. The requirements of a secure wireless sensor network3. Attacks4. Defensive measures

5/32

1. The obstacles to Sensor Network Security• Difficult to apply existing approaches to WSN Security• Very Limited Resources

• Limited Memory and Storage Space• Power Limitation

• Unreliable Communication• Unreliable Transfer (Routing is connectionless & Packet loss / Error handling)• Conflicts (Packet collision)• Latency (Multihop routing/network congestion/ node processing)

• Unattended Operation• Exposure to Physical Attacks (Bad weather etc)• Managed Remotely (Physical tampering)• No Central Management point

6/32

2. Security Requirements of a Wireless Sensor Network• Data Confidentiality

• Military Sensitive Data• Encryption

• Data Integrity• Data Freshness

• Important because of shared key strategies

• Availability• Self Organization• Time Synchronization• Secure Localization• Authentication

7/32

3. Attacks

1. Denial of service attack2. The Sybil attack

Malicious device illegitimately taking on multiple identities (Voting systems)

3. Traffic Analysis Attack4. Node Replication Attacks5. Attacks against Privacy

1. Monitor and Eavesdropping2. Traffic Analysis3. Camouflage

6. Physical Attacks8/32

Denial of Service Attack

“Any event that diminishes or eliminates network’s capacity to perform its expected function”Constraints:• Computational Overhead in WSN• Critical applications

• Types of DoS• Intermittent Jamming• Constant Jamming• Link Layer Attacks (Collision)

9/32

Sybil Attack

“Malicious device illegitimately taking on multiple identities”

Effective against

Routing algorithms, Data Aggregation, Voting, Fair resource allocation and foiling misbehavior detection

Example: Sensor Network Voting Scheme• Multiple votes registered using multiple identities

10/32

Traffic Analysis

11/32

Node Replication Attack

Add another node to existing sensor network by replicating the node ID

Can lead to:• Packet Corruption• Incorrect packet routing

Insert a node at strategic points to manipulate a specific segment of the node.

12/32

Attacks against Privacy

1. Devices have a potential for abuse in data collection. 2. Seemingly innocuous data can derive sensitive information

3. Monitor and Eavesdropping1. Listening to the control information about sensor network configuration

4. Traffic Analysis5. Camouflage

1. Insertion and Impersonation of a node

13/32

Physical Attacks

Destruction, tampering with circuitry or modification of programming

Causes: 1. Nodes operate in hostile outdoor environments2. Small form factor3. Unattended nature of deployment

14/32

4. Defensive Measures

1. Key Establishment2. Defending against DoS attacks3. Secure Broadcasting and Multicasting4. Defending against attacks on routing protocols5. Detecting node replication attacks6. Combating Traffic Analysis Attacks7. Defending against attacks on Sensor Privacy8. Intrusion Detection9. Secure Data Aggregation10. Defending against physical attacks11. Trust Management

15/32

Key Establishment

“Secure Key management is an absolute necessity because nearly all aspects of Wireless Sensor Networks defenses rely on solid encryption”

Traditional Key Management Algorithms use:• Asymmetric Cryptography (Public Key Cryptography)• Too Computationally intensive• But feasible with the right selection of algorithms

Most Commonly used:• Deffie Hellman Public Key protocol

16/32

Key Establishment

• Symmetric Key Cryptography• Single shared key.• Known only to the two communicating hosts• Shortcoming: Key Exchange problem

• Example: DES ( Data Encryption Standard )• Broken relatively easily• Proposed: 3DES, RC5, AES etc.

17/32

Most efficient cipher : Rijndael. 18/32

Defending against DoS attacks

• DoS attacks are very common• Defending against the jamming attack

• Identify the jammed part of the sensor network and effectively route around the unavailable portion

• Two Phase Approach [Wood & Stankovic]:• Nodes along the perimeter of the jammed region report their status to their neighbors• Collaboratively define the jammed region and route around it

• Handling Jamming at the MAC Layer:• Nodes utilize a MAC admission control that is rate limiting• Ignores requests designed to exhaust power reserves of the node

• Handling Jamming at the Transport Layer [Aura,Nikander and Leiwo]• Use client puzzles to discern a node’s commitment to making the connection by utilizing its own

resources• Server should always force a client to commit more resources up front than the server

19/32

Defending against DoS attacks

20/32

Secure Broadcasting and Multicasting• Major communication pattern in wireless sensor networks • 1-to-N, N-to-1, M-to-N

1. Traditional Broadcasting and Multicasting: Uses Standard encryption Techniques using Cryptography

2. Secure Multicasting: Logical Key Hierarchy (Central Key Distribution Center)Energy Efficient

3. Secure Broadcasting Routing-aware tree based key distribution schemeTakes advantage of routing information to improve the efficiency

21/32

Secure Broadcasting and MulticastingTraditional Broadcasting & Multicasting Key Management Protocols: • Centralized Group Key Management protocol• Central Authority used to maintain the group

• Decentralized management protocol • Divide the task of group management amongst multiple nodes

• Distributed management protocol • No single key management authority. • Entire group of nodes are responsible for key management

22/32

Defending against attacks on routing protocols• Need for secure and energy efficient routing protocols in WSNs• Attacks: Sinkhole, Wormhole, Sybil attacks

• Techniques for securing the routing protocol• INSENS (Intrusion tolerant routing protocol) [Deng, Han and Mishra]

• To mitigate the damage: they use redundancy to transmit the messages• An authentication scheme can employed to confirm message integrity• Makes use of assumed symmetry between base stations and wireless nodes.• Creates forwarding Tables which include the redundancy information. from each node

• TRANS (Trust Routing for Location Aware Sensor Networks)• Loose-time synchronization asymmetric cryptographic scheme to ensure message

confidentiality23/32

Defending against attacks on routing protocols• Wormhole attack:

1. Malicious node eavesdrops on a packet or series of packets.2. Tunnels them through the sensor network to another malicious node.3. Replays the packets.

• Defenses: 1. Hardware additions like directional antenna, 2. Visualization approach [Wang, Bhargava]

• Compute the distance between all neighbor sensors• Compute the virtual layout of the network using multi-dimensional scaling . • The shape of virtual network will bend and curve towards the offending nodes.• Offending nodes are identified and removed.

24/32

Detecting Node Replication Attacks

• Randomized Multicast Algorithm• Each sensor propagates an authenticated broadcast message throughout the

network• Communication cost is expensive• Communication cost of the randomized multicast algorithm is still O(n2)

• Line selected multicast Algorithm• Based upon rumor routing• Communication cost O(n√n)• Storage cost O(√n)

25/32

Combating Traffic analysis attacks

• Using a random walk forwarding technique that occasionally forwards a packet to a node other than the sensor’s parent node• Mitigate the rate monitoring attack• Vulnerable to the time correlation attack

• Fractal Propagation Strategy1. Generate a fake packet when its neighbor is forwarding a packet to the

base station. 2. The fake packet is sent randomly to another neighbor who may also

generate a fake packet. 3. These packets essentially use a TTL to decide when forwarding should stop. 4. This effectively hides the base station from time correlation attacks.

26/32

Defending attacks against sensor privacy• Anonymity Mechanisms

• Decentralize Sensitive data• Secure Communication Channel• Change Data Traffic• Node Mobility

• Policy-based Approach• Access control decisions made based on privacy policies

• Information Flooding:• Randomized data routing mechanism and phantom traffic generation mechanism are used to disguise the

real data traffic, so that it is difficult for an adversary to track the source of data by analyzing network traffic

1. Baseline Flooding (every node forwards a message once with no retransmission)2. Probabilistic Flooding (only some nodes will participate in data forwarding)3. Flooding with fake messages (attacker has no idea which packets are real)4. Phantom Flooding (enticing the attacker away from the real source and towards a fake source)

27/32

Intrusion detection

• Anomaly based intrusion detection (AID)• Intruders will demonstrate abnormal behavior relative to the legitimate nodes• System compares the Normal Use profile vs Current Profile• Advantage:

• Able to detect previously unknown attacks• Disadvantages:

• False positives (difficult to profile normal system behavior)• Computational cost for profile comparison Is high

• Misuse intrusion detection (MID)• Maintains a database of intrusion signatures

• Advantages: Lesser false positives, Less computation power• Disadvantages: Unable to detect unknown attacks

• Solution : Hybrid System28/32

Intrusion detection

• 3 Architectures for Intrusion Detection Systems in Wireless Sensor Networks

1. Standalone Architecture: • Each node functions as an independent intrusion detection system• Nodes don’t co-operate with each other

2. Distributed and cooperative architecture• an intrusion detection agent still resides on each node• Nodes cooperate to share information in order to detect global intrusion attempts

3. Hierarchical architecture• Multilayered network divided into clusters with each cluster head responsible for

routing within the cluster

29/32

Defending against Physical attacks

• Sensor nodes may be equipped with physical hardware to enhance protection against various attacks. (tamper-proofing)

• Employ special software and hardware outside the sensor to detect physical tampering• Self-termination in case of attack• Randomized Clock Signal:

• Inserting random time delays between critical operations

• Randomized Multithreading• Scheduling the processor between two or more threads of execution randomly

• Destruction of Test circuitry• Restricted Program Counter• Top Layer Sensor Meshes

• Inserting additional Layers that form a sensor mesh above the actual circuit and that do not carry any critical signals

30/32

Conclusions

• As wireless sensor networks continue to grow, further expectations of security will be required

• Current and future work in privacy and trust will make wireless sensor networks more attractive option in a variety of new arenas

31/32

Thank YouAny Questions?

32/32