Seminar Topics & Project Ideas On Computer Science Electronics Electrical Mechanical Engineering Civil MBA Medicine Nursing Science Physics Mathematics Chemistry ppt pdf doc presentation downloads and Abstract

Intrusion Detection in Wireless Sensor Networks

[attachment=30724]

Abstract

Wireless Sensor Networks (WSNs) offer an excellent opportunity to monitor environments, and have a lot of interesting
applications in warfare. The problem is that security mechanisms used for wired networks do not transfer directly to sensor
networks. Some of this is due to the fact that there is not a person controlling each of the nodes, and even more importantly,
energy is a scarce resource. Batteries have a short lifetime and cannot be replaced on deployed sensor nodes. In this paper I
look at some of the special actions that need to be taken in WSNs versus wire-line networks, reviewing some of the approaches
to intrusion detection as well as offering a new game theoretic-approach.

INTRODUCTION

Wireless sensor networks (WSNs) have become a hot research topic in recent years. Applications include military, rescue,
environment monitoring, and smart homes. A WSN is composed of hundreds or even thousands of small, cheap sensors nodes
which communicate with one another wirelessly. Sensor nodes typically do not have very much computational power, limiting
the kinds of networking protocols and security mechanisms they can employ. Because WSNs are composed of so many nodes,
which may be deployed in a hostile environment, replacing batteries is not feasible. Sensor nodes must therefor survive on
the small amount of energy in the batteries they are deployed with (typically about 6 amp-hours [5]). This creates a need to
conserve energy. Because of the wireless nature of WSNs, security is a fairly difficult issue. Adversaries can easily listen to all
the traffic and inject their own, especially if the WSN is deployed in a hostile environment. It is also important that the WSN
be robust to losing some of the sensor nodes, because it can be very easy for an adversary to capture any given node.
The general network topology is a dense collection of nodes, randomly distributed over some geographic area. Traffic
typically goes from all the sensor nodes to a single sink, called the base station (BS), or broadcast traffic. A lot of work is
currently being done on routing protocols, and not all of the details are figured out and agreed upon but, in general, routing
is multi-hop like an ad-hoc wireless network. Cluster-based routing is a popular idea, because it is possible to exploit the fact
that nearby nodes have highly correlated data [10]. In cluster-based routing, the network is divided up into clusters, which
consist of a cluster head (CH) and member nodes (MNs). The MNs send their data to the CH, which aggregates the data before
sending it out of the cluster toward the base station.

SOUTIONS

SPINS

Many of the confidentiality and data integrity issues can be handled by SPINS [7]. SPINS is a collection of protocols for
sensor networks. The key security components are SNEP and μTESLA.
SNEP provides a lot of key security features. It provides confidentiality and data integrity for pairwise connections as well
as weak freshness. Freshness means that old packets cannot be repeated by an adversary to create confusion and waste energy.
Weak freshness means that there are no delay guarantees, but packets cannot be repeated or re-ordered.
In SNEP, each pair of nodes shares a pair-wise key . This key is used in DES in cipher block chaining (CBC) mode.
The cipher block chain provides semantic security (meaning that the same message string will not always encrypt to the same
cipher string) through the use of an initialization vector (IV). Rather than sending this IV in the clear along with a message, the
IV comes from a shared counter. This alleviates the need to send unnecessary bits. The counter also provides data freshness,
because since it is incremented with each transmission, a previous transmission cannot be repeated, and the correct ordering is
evident.
In addition to being encrypted, messages are also authenticated in SNEP through the use of a message authentication code
(MAC), which is a function that takes two arguments and maps them to an 8 byte number. The arguments used are the pairwise
key and the concatenation of the count and the encrypted message. Because all of these are available to the receiver, it can
calculate the function to verify the signature.
SNEP is very good because it provides all of this security for an overhead of merely 8 bytes per message.
While SNEP provides pairwise authentication, it cannot provide authentication for broadcasts, because if the key is shared
among several nodes, compromising any of them would allow the attacker to masquerade as any node in the group. Broadcast
authentication is therefore handles using μTESLA.

CLUSTER-BASED SECURITY

As we have seen in the G-MAC example, clusters can provide major advantages in sensor network security. In the case of
G-MAC, we let the GS be the CH. The CH can also monitor the traffic coming from each MN and figure out if any of them
have been compromised. It can then blacklist these nodes, isolating them from the network. In case a CH is compromised,
MNs must also have the ability to decommission the CH if there are enough MNs that agree to do so [10]. This will defend
against homing attacks. It is critical that several nodes agree to decommission the cluster head, because if only a few nodes
are compromised, they should not be able to take down the cluster head.

THE MODIFIED GAME

This game formulation is rather unsatisfying. There are a few obvious problems with it. First, the attacker benefit is
independent of what the IDS does. But if the attacker’s goal is to cause harm to the network, it should derive greater utility if
the IDS does not defend against the attack. Secondly, the IDS should not have to defend only one cluster. If only one cluster
could be defending at any given time, many extra control messages would have to be sent to coordinate the clusters. Plus,
there could be a benefit to defending more than one cluster. It would just cost more resources. In the earlier discussion of
cluster-based security using CHs as suggested in [4], we had assumed that all potential IDS nodes were always on. That is, all
packets were checked initially at the CH.
In the modified game, each cluster will have to act independently of the others, but they are restricted to playing the strategy
decided by the IDS. (Since nodes are not real people, they have no desire to put their individual utility above the rest of the
network.) Each cluster is also assigned its own utility, Uk(t). Each cluster also has an associated cost to defend it (i.e. energy
consumption spent on defense), which we will call Ck(t). We can also ignore the average loss for losing a cluster, because
we can count this into the cluster utility. That is, Uk(t) represents the difference in utility between having a cluster and losing
it. This simplification costs us nothing as long as we assume the network is already deployed. (We never have to consider the
case where a given cluster never existed.)

CONCLUSION

We have seen that WSNs have special vulnerabilities that do not exist in wire-line networks. We cannot, therefore, simply
transfer all our protocols for wire-line networks to WSNs. Protocols must be designed with low computational power and low
energy requirements in mind. In this paper we have seen some of the protocols that are used, as well as some ways to determine
where to check packets, including a new game theoretic approach in which we saw that by allowing the attack to have some
utility, we are able to increase ours through energy saving for sufficiently large, resource constrained networks.