10-08-2012, 04:05 PM
Security Issues in Wireless Sensor Networks
Security Issues in Wireless Sensor Networks.pdf (Size: 462.37 KB / Downloads: 118)
INTRODUCTION
ONE of fundamental goals for Wireless Sensor Networks
(WSNs) is to collect information from the physical
world. Although a number of proposals have been reported
concerning security in WSNs, provisioning security remains
critical and challenging task. WSNs have attracted much
attention due to its great potential to be used in various
applications. Comparing to existing infrastructure – based
networks, wireless sensor networks can virtually work in any
environment, especially those where wired connections are
not possible. Unlike conventional networks supporting mostly
point-to-point or point-to-multipoint data forwarding, WSNs
are often deployed to sense, process and disseminate
information of targeted physical environments.
GENERAL SECURITY REQUIREMENTS IN WIRELESS SENSOR NETWORKS
Because of the nature of wireless communications, resource
limitation on sensor nodes, size and density of the networks,
unknown topology prior to deployment, and high risk of
physical attacks to unattended sensors, it is a challenge to
provide security in WSNs. The ultimate security requirement
is to provide confidentiality, integrity, authenticity, and
availability of all messages in the presence of resourceful
adversaries.
KEY DISTRIBUTION SCHEMES
The three simplest keying models that are used to compare
the different relationships between the WSN security and
operational requirements are [5]:
• network keying,
• pair-wise keying, and
• group keying.
The network keying model has inherent advantages over the
other two schemes. It is simple, easy to manage, and uses very
small amount of resources. Network keying also allows easy
collaboration of nodes since neighboring nodes can read and
interpret each other’s data, satisfying the self-organization and
accessibility requirements. It is also excellent in terms of
scalability and flexibility because there is only one key for the
entire network, and it does not change with the addition of
nodes. However, an unacceptable drawback in robustness
exists. Suppose one node is compromised, and the networkwide
key is exposed. With this key, an adversary can
eavesdrop on all messages in the network and even inject
forged messages into the network, possibly disrupting the
proper operation of the network.
INTRUSION DETECTION SYSTEM
There are some mechanisms that try to detect abnormal
situations caused by malicious nodes, either by analyzing the
behavior of the network, or by using protocol-specific
technologies such as for example, automate theory. An
intrusion detection system (IDS) is an interesting,
underdeveloped service, useful for scenarios where there is a
possibility for a node being subverted and controlled by an
adversary. The major task of IDS is to monitor networks and
systems to detect eventual intrusions in the network, alert
users after specific intrusions have been detected and finally,
if possible reconfigure the network and mark the root of the
problem as malicious [8]. An IDS protects data integrity and
manages system availability during an intrusion.