18-08-2012, 03:54 PM
Intrusion Detection in Wireless Sensor Networks
Intrusion Detection.pdf (Size: 242.79 KB / Downloads: 111)
Abstract
Wireless Sensor Networks (WSNs) offer an excellent opportunity to monitor environments, and have a lot of interesting
applications in warfare. The problem is that security mechanisms used for wired networks do not transfer directly to sensor
networks. Some of this is due to the fact that there is not a person controlling each of the nodes, and even more importantly,
energy is a scarce resource. Batteries have a short lifetime and cannot be replaced on deployed sensor nodes. In this paper I
look at some of the special actions that need to be taken in WSNs versus wire-line networks, reviewing some of the approaches
to intrusion detection as well as offering a new game theoretic-approach.
INTRODUCTION
Wireless sensor networks (WSNs) have become a hot research topic in recent years. Applications include military, rescue,
environment monitoring, and smart homes. A WSN is composed of hundreds or even thousands of small, cheap sensors nodes
which communicate with one another wirelessly. Sensor nodes typically do not have very much computational power, limiting
the kinds of networking protocols and security mechanisms they can employ. Because WSNs are composed of so many nodes,
which may be deployed in a hostile environment, replacing batteries is not feasible. Sensor nodes must therefor survive on
the small amount of energy in the batteries they are deployed with (typically about 6 amp-hours [5]). This creates a need to
conserve energy. Because of the wireless nature of WSNs, security is a fairly difficult issue. Adversaries can easily listen to all
the traffic and inject their own, especially if the WSN is deployed in a hostile environment. It is also important that the WSN
be robust to losing some of the sensor nodes, because it can be very easy for an adversary to capture any given node.
The general network topology is a dense collection of nodes, randomly distributed over some geographic area.
Attacks on Service Availability
This class of attacks is not at all concerned with the actual data that is begin sent. Rather, the goal is to make the network
not function properly. This can be done by sending bogus routing information (for example advertising a route that does not
exist). It can also be done by flooding the network with packets (denial of service attack), or even jamming the frequency at
the physical layer.
Another interesting type of attack is homing. In a homing attack, the attacker looks at network traffic to deduce the
geographic location of critical nodes, such as cluster heads or neighbors of the base station. The attacker can then physically
disable these nodes. This leads to another type of attack: the “black hole attack”. In a “black hole” attack, the attacker
compromises all the neighbors of the base station, making it effectively a black hole. A final kind of attack on service
availability is a de-synchronization attack, where the attacker tries to disrupt a transport-layer connection, by forging packets
from either side [2].
Denial of Sleep Attacks (Energy)
The constrained energy of WSNs adds a new element that can greatly complicate security issues. Because there is a limited
amount of energy available and no way to replenish it, it is not sufficient to make sure that bad data is not used. We need
to make sure that we do not waste energy listening to or re-transmitting bad packets. This introduces a whole new set of
possible attacks. These include constantly sending RTS packets to stop nodes from going to a low power “sleep” state, sending
falsified or repeated packets so that nodes waste energy re-transmitting them, or draining the power of a node by forcing it to
do excessive computations [5].
SOUTIONS
SPINS
Many of the confidentiality and data integrity issues can be handled by SPINS [7]. SPINS is a collection of protocols for
sensor networks. The key security components are SNEP and μTESLA.
SNEP provides a lot of key security features. It provides confidentiality and data integrity for pairwise connections as well
as weak freshness. Freshness means that old packets cannot be repeated by an adversary to create confusion and waste energy.
Weak freshness means that there are no delay guarantees, but packets cannot be repeated or re-ordered.
In SNEP, each pair of nodes shares a pair-wise key . This key is used in DES in cipher block chaining (CBC) mode.
The cipher block chain provides semantic security (meaning that the same message string will not always encrypt to the same
cipher string) through the use of an initialization vector (IV). Rather than sending this IV in the clear along with a message, the
IV comes from a shared counter. This alleviates the need to send unnecessary bits. The counter also provides data freshness,
because since.
CLUSTER-BASED SECURITY
As we have seen in the G-MAC example, clusters can provide major advantages in sensor network security. In the case of
G-MAC, we let the GS be the CH. The CH can also monitor the traffic coming from each MN and figure out if any of them
have been compromised. It can then blacklist these nodes, isolating them from the network. In case a CH is compromised,
MNs must also have the ability to decommission the CH if there are enough MNs that agree to do so [10]. This will defend
against homing attacks. It is critical that several nodes agree to decommission the cluster head, because if only a few nodes
are compromised, they should not be able to take down the cluster head.
When a node is removed, its transmissions will be ignored, and nothing will be sent to the node. However, it will still be
able to hear and understand broadcast traffic.
THE MODIFIED GAME
This game formulation is rather unsatisfying. There are a few obvious problems with it. First, the attacker benefit is
independent of what the IDS does. But if the attacker’s goal is to cause harm to the network, it should derive greater utility if
the IDS does not defend against the attack. Secondly, the IDS should not have to defend only one cluster. If only one cluster
could be defending at any given time, many extra control messages would have to be sent to coordinate the clusters. Plus,
there could be a benefit to defending more than one cluster. It would just cost more resources. In the earlier discussion of
cluster-based security using CHs as suggested in [4], we had assumed that all potential IDS nodes were always on. That is, all
packets were checked initially at the CH.
CONCLUSION
We have seen that WSNs have special vulnerabilities that do not exist in wire-line networks. We cannot, therefore, simply
transfer all our protocols for wire-line networks to WSNs. Protocols must be designed with low computational power and low
energy requirements in mind. In this paper we have seen some of the protocols that are used, as well as some ways to determine
where to check packets, including a new game theoretic approach in which we saw that by allowing the attack to have some
utility, we are able to increase ours through energy saving for sufficiently large, resource constrained networks.