05-03-2013, 10:38 AM
Wireless Sensor Network Security model using Zero Knowledge Protocol
Wireless Sensor Network.pdf (Size: 450.37 KB / Downloads: 42)
Abstract
Wireless Sensor Networks (WSNs) offer an excellent
opportunity to monitor environments, and have a lot
of interesting applications, some of which are quite sensitive
in nature and require full proof secured environment. The
security mechanisms used for wired networks cannot be directly
used in sensor networks as there is no user-controlling of each
individual node, wireless environment, and more importantly,
scarce energy resources. In this paper, we address some of
the special security threats and attacks in WSNs. We propose
a scheme for detection of distributed sensor cloning attack
and use of zero knowledge protocol (ZKP) for verifying the
authenticity of the sender sensor nodes. The cloning attack
is addressed by attaching a unique fingerprint to each node,
that depends on the set of neighboring nodes and itself. The
fingerprint is attached with every message a sensor node
sends. The ZKP is used to ensure non transmission of crucial
cryptographic information in the wireless network in order to
avoid man-in-the middle (MITM) attack and replay attack. The
paper presents a detailed analysis for various scenarios and also
analyzes the performance and cryptographic strength.
INTRODUCTION
Advances in technology have made it possible to develop
sensor nodes which are compact and inexpensive. They
are mounted with a variety of sensors and are wireless
enabled. Once sensor nodes have been deployed, there will
be minimal manual intervention and monitoring. But, when
nodes are deployed in a hostile environment and there
is no manual monitoring, it creates a security concern.
Nodes may be subjected to various physical attacks. The
network must be able to autonomously detect, tolerate,
and/or avoid these attacks. One important physical attack is
the introduction of cloned nodes into the network. When
commodity hardware and operating systems are used,
it is easy for an adversary to capture legitimate nodes,
make clones by copying the cryptographic information,
and deploying these clones back into the network. These
clones may even be selectively reprogrammed to subvert
the network. Individual sensor node contains a light weight
processor, cheap hardware components, less memory.
Because of these constraints, general-purpose security
protocols are hardly appropriate.
IMPORTANT ATTACKS IN WSN
Though there are various attacks in Wireless Sensor
Networks, but certain active attacks, that can be detected
with our proposed model are as follows:
Clone Attack
In clone attack, an adversary may capture a sensor node
and copy the crytographic information to another node
known as cloned node. Then this cloned sensor node can
be installed to capture the information of the network. The
adversary can also inject false information, or manipulate
the information passing through cloned nodes. Continuous
physical monitoring of nodes is not possible to detect
potential tampering and cloning. Thus reliable and fast
schemes for detection is necessary to combat these attacks
[1],[13].
Man in the Middle Attack
The man-in-the-middle attack (MITM) is a form of active
eavesdropping in which the attacker makes independent
connections with the victims and relays messages between
them, making them believe that they are talking directly to
each other over a private connection. The attacker will be
able to intercept all messages exchanging between the two
victims and inject new ones.
ZERO KNOWLEDGE PROTOCOL
Zero-knowledge protocol allow identification, key
exchange and other basic cryptographic operations to be
implemented without revealing any secret information
during the conversation and with smaller computational
requirements in comparison to public key protocols. Thus
ZKP seems to be very attractive for resource constrained
devices. ZKP allows one party to prove its knowledge of
a secret to another party without ever revealing the secret.
ZKP is an interactive proof system which involves a prover,
P and verifier, V.
EXPERIMENTAL SETUP
MATLAB has been used to conduct the experiments and
verify the proposed model. First, the s-disjunct code matrix,
X is generated based on the number of nodes (which is
always more than the number of nodes to be deployed in
the network). Each column in the matrix corresponds to
codeword of each node. Next, a data structure is generated
and maintained by the base station corresponding to every
sensor node, and their fingerprints.
CONCLUSIONS
In this paper, we proposed a new security model to address
three important active attacks namely cloning attack, MITM
attack and Replay attack. We used the concept of zero
knowlege protocol which ensures non-transmission of crucial
information between the prover and verifier. The proposed
model uses social finger print based on s-disjunct code
together with ZKP to detect clone attacks and avoid MITM
and replay attack. We analysed various attack scenarios,
cryptographic strength and performance of the proposed
model. In future, we propose to extend our work to detect the
passive attacks also and evaluate performance in real time
using TinyOS and Tossim.