15-02-2013, 12:39 PM
WIRELESS SENSOR NETWORK SECURITY ANALYSIS
1WIRELESS SENSOR.docx (Size: 49.7 KB / Downloads: 25)
ABSTRACT
The emergence of sensor networks as one of the dominant technology trends in the coming decades has posed numerous unique challenges to researchers. These networks are likely to be composed of hundreds,and potentially thousands of tiny sensor nodes, functioning autonomously, and in many cases, without access to renewable energy resources. Cost constraints and the need for ubiquitous, invisible deployments will result in small sized, resource-constrained sensor nodes. While the set of challenges in sensor networks are diverse, we focus on security of Wireless Sensor Network in this paper. We proposesome of the security goal for Wireless Sensor Network. Further, security being vital to the acceptance and use of sensor networks for many applications; we have made an in depth threat analysis of Wireless Sensor Network. We also propose some countermeasures against these threats in Wireless Sensor Network.
INTRODUCTION
We use the term sensor network to refer to a heterogeneous system combining tiny sensors and
actuators with general purpose computing elements. The Application domains of Wireless
Sensor Network are diverse due to the availability of micro-sensors and low-power wireless
communications. Unlike the traditional sensors, in the remote sensor network, a vast numbers of
sensors are densely deployed. These sensor nodes will perform significant signal processing,
computation, and network self-configuration to achieve scalable, robust and long-lived
networks[5]. More specifically, sensor nodes will do local processing to reduce
communications, and consequently, energy costs. We believe that most efficient and adaptive
routing model for WSN is cluster based hierarchical model. For a cluster based sensor network,
the cluster formation plays a key factor to the cost reduction, where cost refers to the expense of
setup and maintenance of the sensor networks.
In this paper, we will take a more in-depth look at security in WSN and discuss counter
measures.
WSN ARCHITECTURE
In a typical WSN we see following network components –
• Sensor motes (Field devices) – Field devices are mounted in the process and must be
capable of routing packets on behalf of other devices. In most cases they characterize or
control the process or process equipment. A router is a special type of field device that
does not have process sensor or control equipment and as such does not interface with
the process itself.
• Gateway or Access points – A Gateway enables communication between Host
application and field devices.
• Network manager – A Network Manager is responsible for configuration of the
network, scheduling communication between devices (i.e., configuring super frames),
management of the routing tables and monitoring and reporting the health of the
network
WSN SECURITY ANALYSIS
Simplicity in Wireless Sensor Network with resource constrained nodes makes them extremely
vulnerable to variety of attacks. Attackers can eavesdrop on our radio transmissions, inject bits
in the channel, replay previously heard packets and many more. Securing the Wireless Sensor
Network needs to make the network support all security properties: confidentiality, integrity,
authenticity and availability. Attackers may deploy a few malicious nodes with similar hardware
capabilities as the legitimate nodes that might collude to attack the system cooperatively. The
attacker may come upon these malicious nodes by purchasing them separately, or by "turning" a
few legitimate nodes by capturing them and physically overwriting their memory. Also, in
some cases colluding nodes might have high-quality communications links available for
coordinating their attack. Sensor nodes may not be tamper resistant and if an adversary
compromises a node, she can extract all key material, data, and code stored on that node. While
tamper resistance might be a viable defense for physical node compromise for some networks,
we do not see it as a general purpose solution. Extremely effective tamper resistance tends to
add significant per-unit cost, and sensor nodes are intended to be very inexpensive [1] [2] [3]
[4].
COUNTER MEASURES
In this section, we discuss some of the counter measures.
Outsider attacks and link layer security
The majority of outsider attacks against sensor network routing protocols can be prevented by
simple link layer encryption and authentication using a globally shared key. Major classes of
attacks not countered by link layer encryption and authentication mechanisms are wormhole
attacks and HELLO flood attacks because, although an adversary is prevented from joining the
network, nothing prevents her from using a wormhole to tunnel packets sent by legitimate nodes
in one part of the network to legitimate nodes in another part to convince them they are
neighbors or by amplifying an overheard broadcast packet with sufficient power to be received
by every node in the network.
Link layer security mechanisms using a globally shared key are completely ineffective in
presence of insider attacks or compromised nodes. Insiders can attack the network by spoofing
or injecting bogus routing information, creating sinkholes, selectively forwarding packets, using
the Sybil attack, and broadcasting HELLO floods. More sophisticated defense mechanisms are
needed to provide reasonable protection against wormholes and insider attacks. We focus on
countermeasures against these attacks in the remaining sections.
The Sybil attacks
An insider cannot be prevented from participating in the network, but she should only be able to
do so using the identities of the nodes she has compromised. Using a globally shared key allows
an insider to masquerade as any (possibly even nonexistent) node. Identities must be verified. In
the traditional setting, this might be done using public key cryptography, but generating and
verifying digital signatures is beyond the capabilities of sensor nodes. One solution is to have
every node share a unique symmetric key with a trusted base station. Two nodes can then use a
Needham-Schroeder like protocol to verify each other's identity and establish a shared key. A
pair of neighboring nodes can use the resulting key to implement an authenticated, encrypted
link between them. In order to prevent an insider from wandering around a stationary network
and establishing shared keys with every node in the network, the base station can reasonably
limit the number of neighbors a node is allowed to have and send an error message when a node
exceeds it. Thus, when a node is compromised, it is restricted to (meaningfully) communicating
only with its verified neighbors. This is not to say that nodes are forbidden from sending
messages to base stations or aggregation points multiple hops away, but they are restricted from
using any node except their verified neighbors to do so. In addition, an adversary can still use a
wormhole to create an artificial link between two nodes to convince them they are neighbors,
but the adversary will not be able to eavesdrop on or modify any future communications
between them.
CONCLUSION
Security in Wireless Sensor Network is vital to the acceptance and use of sensor networks. In
particular, Wireless Sensor Network product in industry will not get acceptance unless there is a
fool proof security to the network. In this paper, we have made a threat analysis to the Wireless
Sensor Network and suggested some counter measures. Link layer encryption and
authentication mechanisms may be a reasonable first approximation for defense against mote
class outsiders, but cryptography is not enough to defend against laptop-class adversaries and
insiders: careful protocol design is needed as well.