Wireless Sensor Network Security: A Survey

Authors: John Paul Walters, Zhengqiang Liang, Weisong Shi, and Vipin Chaudhary Department of Computer Science Wayne State University E-mail: {jwalters, sean, weisong, vipin}@wayne.edu

Presented By: Anubhav Mathur Department of Computer Science University of Connecticut 1/32

Introduction

• Security Wireless Sensor Networks • Operate in Unattended and Hostile Environments • Interacts with sensitive data • Resource Constraints • Issues should be addressed from the beginning of the system design • Enormous Research Potential in the field of WSN Security • A survey to facilitate effective research 2/32

What do we know?

• Popular low cost solutions for military and civilian applications • Resource constraints – Data storage and Processor speed and Power • Security • Unreliable Communication Channel • Unattended Operation 3/32

Areas Covered

• Secure and Efficient Routing • Data Aggregation • • Group Formation Cryptographic Security • Sensor Trust Model • Physical Attacks & Defenses 4/32

Main Aspects

1. The obstacles to Sensor Network Security 2. The requirements of a secure wireless sensor network 3. Attacks 4. Defensive measures 5/32

1. The obstacles to Sensor Network Security

• • • • Difficult to apply existing approaches to WSN Security Very Limited Resources • Limited Memory and Storage Space • Power Limitation Unreliable Communication • Unreliable Transfer (Routing is connectionless & Packet loss / Error handling) • • Conflicts (Packet collision) Latency (Multihop routing/network congestion/ node processing) Unattended Operation • Exposure to Physical Attacks (Bad weather etc) • • Managed Remotely (Physical tampering)

No Central Management point

6/32

2. Security Requirements of a Wireless Sensor Network

• • • • • • • • Data Confidentiality • Military Sensitive Data • Encryption Data Integrity Data Freshness • Important because of shared key strategies Availability Self Organization Time Synchronization Secure Localization Authentication 7/32

3. Attacks

1. Denial of service attack 2. The Sybil attack Malicious device illegitimately taking on multiple identities (Voting systems) 3. Traffic Analysis Attack 4. Node Replication Attacks 5. Attacks against Privacy 1. Monitor and Eavesdropping 2. Traffic Analysis 3. Camouflage 6. Physical Attacks 8/32

Denial of Service Attack

“Any event that diminishes or eliminates network’s capacity to perform its expected function”

• •

Constraints:

Computational Overhead in WSN Critical applications • • • •

Types of DoS

Intermittent Jamming Constant Jamming Link Layer Attacks (Collision) 9/32

Sybil Attack

“Malicious device illegitimately taking on multiple identities”

Effective against Routing algorithms, Data Aggregation, Voting, Fair resource allocation and foiling misbehavior detection Example: • Sensor Network Voting Scheme Multiple votes registered using multiple identities 10/32

Traffic Analysis

11/32

Node Replication Attack

Add another node to existing sensor network by replicating the node ID • Can lead to: Packet Corruption • Incorrect packet routing Insert a node at strategic points to manipulate a specific segment of the node. 12/32

Attacks against Privacy

1. Devices have a potential for abuse in data collection. 2. Seemingly innocuous data can derive sensitive information 3. Monitor and Eavesdropping 1. Listening to the control information about sensor network configuration 4. Traffic Analysis 5. Camouflage 1. Insertion and Impersonation of a node 13/32

Physical Attacks

Destruction, tampering with circuitry or modification of programming Causes:

1. Nodes operate in hostile outdoor environments 2. Small form factor 3. Unattended nature of deployment 14/32

4. Defensive Measures

1. Key Establishment 2. Defending against DoS attacks 3. Secure Broadcasting and Multicasting 4. Defending against attacks on routing protocols 5. Detecting node replication attacks 6. Combating Traffic Analysis Attacks 7. Defending against attacks on Sensor Privacy 8. Intrusion Detection 9. Secure Data Aggregation 10. Defending against physical attacks 11. Trust Management 15/32

Key Establishment

“Secure Key management is an absolute necessity because nearly all aspects of Wireless Sensor Networks defenses rely on solid encryption”

• Traditional Key Management Algorithms use: Asymmetric Cryptography (Public Key Cryptography) • • Too Computationally intensive But feasible with the right selection of algorithms • Most Commonly used: Deffie Hellman Public Key protocol 16/32

Key Establishment

• Symmetric Key Cryptography • Single shared key.

• Known only to the two communicating hosts • Shortcoming: Key Exchange problem • Example: DES ( Data Encryption Standard ) • Broken relatively easily • Proposed: 3DES, RC5, AES etc.

17/32

Most efficient cipher : Rijndael. 18/32

Defending against DoS attacks

• • • • • DoS attacks are very common Defending against the jamming attack • Identify the jammed part of the sensor network and effectively route around the unavailable portion Two Phase Approach [Wood & Stankovic]: • Nodes along the perimeter of the jammed region report their status to their neighbors • Collaboratively define the jammed region and route around it Handling Jamming at the MAC Layer: • Nodes utilize a MAC admission control that is rate limiting • Ignores requests designed to exhaust power reserves of the node Handling Jamming at the Transport Layer [Aura,Nikander and Leiwo] • Use client puzzles to discern a node’s commitment to making the connection by utilizing its own resources • Server should always force a client to commit more resources up front than the server 19/32

Defending against DoS attacks

20/32

Secure Broadcasting and Multicasting

• • Major communication pattern in wireless sensor networks 1-to-N, N-to-1, M-to-N

1. Traditional Broadcasting and Multicasting:

Uses Standard encryption Techniques using Cryptography

2. Secure Multicasting:

Logical Key Hierarchy (Central Key Distribution Center) Energy Efficient

3. Secure Broadcasting

Routing-aware tree based key distribution scheme Takes advantage of routing information to improve the efficiency 21/32

Secure Broadcasting and Multicasting

• Traditional Broadcasting & Multicasting Key Management Protocols: Centralized Group Key Management protocol • Central Authority used to maintain the group • Decentralized management protocol • Divide the task of group management amongst multiple nodes • Distributed management protocol • No single key management authority. • Entire group of nodes are responsible for key management 22/32

Defending against attacks on routing protocols

• • Need for secure and energy efficient routing protocols in WSNs Attacks: Sinkhole, Wormhole, Sybil attacks • • • Techniques for securing the routing protocol INSENS (Intrusion tolerant routing protocol) [Deng, Han and Mishra] • To mitigate the damage: they use redundancy to transmit the messages • • • An authentication scheme can employed to confirm message integrity Makes use of assumed symmetry between base stations and wireless nodes.

Creates forwarding Tables which include the redundancy information. from each node TRANS (Trust Routing for Location Aware Sensor Networks) • Loose-time synchronization asymmetric cryptographic scheme to ensure message confidentiality 23/32

Defending against attacks on routing protocols

• Wormhole attack: 1. Malicious node eavesdrops on a packet or series of packets.

2. Tunnels them through the sensor network to another malicious node.

3. Replays the packets.

• Defenses: 1. Hardware additions like directional antenna, 2. Visualization approach [Wang, Bhargava] • Compute the distance between all neighbor sensors • Compute the virtual layout of the network using multi-dimensional scaling . • The shape of virtual network will bend and curve towards the offending nodes.

• Offending nodes are identified and removed.

24/32

Detecting Node Replication Attacks

• Randomized Multicast Algorithm • Each sensor propagates an authenticated broadcast message throughout the network • Communication cost is expensive • Communication cost of the randomized multicast algorithm is still O(n 2 ) • Line selected multicast Algorithm • Based upon rumor routing • Communication cost O(n√n) • Storage cost O(√n) 25/32

Combating Traffic analysis attacks

• • Using a random walk forwarding technique that occasionally forwards a packet to a node other than the sensor’s parent node • Mitigate the rate monitoring attack • Vulnerable to the time correlation attack Fractal Propagation Strategy 1. Generate a fake packet when its neighbor is forwarding a packet to the base station. 2. The fake packet is sent randomly to another neighbor who may also generate a fake packet. 3. These packets essentially use a TTL to decide when forwarding should stop. 4. This effectively hides the base station from time correlation attacks. 26/32

Defending attacks against sensor privacy

• • • Anonymity Mechanisms • Decentralize Sensitive data • • • Secure Communication Channel Change Data Traffic Node Mobility Policy-based Approach • Access control decisions made based on privacy policies Information Flooding: • Randomized data routing mechanism and phantom traffic generation mechanism are used to disguise the real data traffic, so that it is difficult for an adversary to track the source of data by analyzing network traffic 1.

2.

3.

4.

Baseline Flooding (every node forwards a message once with no retransmission) Probabilistic Flooding (only some nodes will participate in data forwarding) Flooding with fake messages (attacker has no idea which packets are real) Phantom Flooding (enticing the attacker away from the real source and towards a fake source) 27/32

Intrusion detection

• • • Anomaly based intrusion detection (AID) • Intruders will demonstrate abnormal behavior relative to the legitimate nodes • • System compares the Normal Use profile vs Current Profile Advantage: • Able to detect previously unknown attacks • Disadvantages: • False positives (difficult to profile normal system behavior) • Computational cost for profile comparison Is high Misuse intrusion detection (MID) • Maintains a database of intrusion signatures • Advantages: Lesser false positives, Less computation power • Disadvantages: Unable to detect unknown attacks Solution : Hybrid System 28/32

Intrusion detection

• 3 Architectures for Intrusion Detection Systems in Wireless Sensor Networks 1. Standalone Architecture: • Each node functions as an independent intrusion detection system • Nodes don’t co-operate with each other 2. Distributed and cooperative architecture • an intrusion detection agent still resides on each node • Nodes cooperate to share information in order to detect global intrusion attempts 3. Hierarchical architecture • Multilayered network divided into clusters with each cluster head responsible for routing within the cluster 29/32

Defending against Physical attacks

• • • • • • • • Sensor nodes may be equipped with physical hardware to enhance protection against various attacks. (tamper-proofing) Employ special software and hardware outside the sensor to detect physical tampering Self-termination in case of attack Randomized Clock Signal: • Inserting random time delays between critical operations Randomized Multithreading • Scheduling the processor between two or more threads of execution randomly Destruction of Test circuitry Restricted Program Counter Top Layer Sensor Meshes • Inserting additional Layers that form a sensor mesh above the actual circuit and that do not carry any critical signals 30/32

Conclusions

• As wireless sensor networks continue to grow, further expectations of security will be required • Current and future work in privacy and trust will make wireless sensor networks more attractive option in a variety of new arenas 31/32

Thank You

Any Questions?

32/32