Resilient networking in wireless sensor networks

This report deals with security in wireless sensor networks (WSNs), especially in network layer. Multiple secure routing protocols have been proposed in the literature. However, they often use the cryptography to secure routing functionalities. The cryptography alone is not enough to defend against multiple attacks due to the node compromise. Therefore, we need more algorithmic solutions. In this report, we focus on the behavior of routing protocols to determine which properties make them more resilient to attacks. Our aim is to find some answers to the following questions. Are there any existing protocols, not designed initially for security, but which already contain some inherently resilient properties against attacks under which some portion of the network nodes is compromised? If yes, which specific behaviors are making these protocols more resilient? We propose in this report an overview of security strategies for WSNs in general, including existing attacks and defensive measures. In this report we focus at the network layer in particular, and an analysis of the behavior of four particular routing protocols is provided to determine their inherent resiliency to insider attacks. The protocols considered are: Dynamic Source Routing (DSR), Gradient-Based Routing (GBR), Greedy Forwarding (GF) and Random Walk Routing (RWR)

A resilient key predistribution scheme for multiphase wireless sensor networks

In wireless sensor networks, sensor nodes eventually die due to battery depletion. Wireless sensor networks (WSNs) in which new nodes are periodically redeployed with certain intervals, called generations, to replace the dead nodes are called multi-phase wireless sensor networks. In the literature, there are several key predistribution schemes proposed for secure operation of WSNs. However, these schemes are designed for single phase networks which are not resilient against continuous node capture attacks; even under temporary attacks on the network, the harm caused by the attacker does not heal in time. However, the periodic deployments in multi-phase sensor networks could be utilized to improve the resiliency of the WSNs by deploying nodes with fresh keys. In the literature, there is limited work done in this area. In this paper, we propose a key predistribution scheme for multi-phase wireless sensor networks which is highly resilient under node capture attacks. In our scheme, called RGM (random generation material) key predistribution scheme, each generation of deployment has its own random keying material and pairwise keys are established between node pairs of particular generations. These keys are specific to these generations. Therefore, a captured node cannot be abused to obtain keys of other generations. We compare the performance of our RGM scheme with a well-known multi-phase key predistribution scheme and showed that RGM achieves up to three-fold more resiliency. Even under heavy attacks, our scheme's resiliency performance is 50% better in steady state

HaG: Hash graph based key predistribution scheme for multiphase wireless sensor networks

Wireless Sensor Networks (WSN) consist of small sensor nodes which operate until their energy reserve is depleted. These nodes are generally deployed to the environments where network lifespan is much longer than the lifetime of a node. Therefore, WSN are typically operated in a multiphase fashion, as in [1-3, 9-10], which use different key pools for nodes deployed at different generations. In multiphase WSN, new nodes are periodically deployed to the environment to ensure constant local and global network connectivity. Also, key ring of these newly deployed nodes is selected from their deployment generation key pool to improve the resiliency of WSN. In this paper, we propose a key predistribution scheme for multiphase WSN which is resilient against permanent and temporary node capture attacks. In our Hash Graph based (HaG) scheme, every generation has its own key pool which is generated using the key pool of the previous generation. This allows nodes deployed at different generations to have the ability to establish secure channels. Likewise, a captured node can only be used to obtain keys for a limited amount of successive generations. We compare the connectivity and resiliency performance of our scheme with other multiphase key predistribution schemes and show that our scheme performs better when the attack rate is low. When the attack rate is high, our scheme still has better resiliency performance inasmuch as using less key ring size compared to the existing multiphase schemes

Uneven key pre-distribution scheme for multi-phase wireless sensor networks

In multi-phase Wireless Sensor Networks (WSNs), sensor nodes are redeployed periodically to replace nodes whose batteries are depleted. In order to keep the network resilient against node capture attacks across different deployment epochs, called generations, it is necessary to refresh the key pools from which cryptographic keys are distributed. In this paper, we propose Uneven Key Pre-distribution (UKP) scheme that uses multiple different key pools at each generation. Our UKP scheme provides self healing that improves the resiliency of the network at a higher level as compared to an existing scheme in the literature. Moreover, our scheme provides perfect local and global connectivity. We conduct our simulations in mobile environment to see how our scheme performs under more realistic scenarios

A highly resilient and zone-based key predistribution protocol for multiphase wireless sensor networks

Pairwise key distribution among the sensor nodes is an essential problem for providing security in Wireless Sensor Networks (WSNs). The common approach for this problem is random key predistribution, which suffers from resiliency issues in case of node captures by adversaries. In the literature, the resiliency problem is addressed by zone-based deployment models that use prior deployment knowledge. Another remedy in the literature, which is for multiphase WSNs, aims to provide self-healing property via periodic deployments of sensor nodes with fresh keys over the sensor field. However, to the best of our knowledge, these two approaches have never been combined before in the literature. In this paper, we propose a zone-based key predistribution approach for multiphase WSNs. Our approach combines the best parts of these approaches and provides self-healing property with up to 9-fold more resiliency as compared to an existing scheme. Moreover, our scheme ensures almost 100% secure connectivity, which means a sensor node shares at least one key with almost all of its neighbors

Using combined keying materials for key distribution in wireless sensor networks

In this paper, we propose a probabilistic key predistribution scheme for wireless sensor networks that increases connectivity of the basic scheme while keeping sizes of keyring and key pool fixed. We introduce the concept of XORed key, which is the bitwise XOR of two regular (a.k.a. single) keys. Sensor nodes are preloaded with a mixture of single and XORed keys. Nodes establish secure links by using shared XORed keys whenever possible. If node pairs do not have any shared XORed or single keys, they transfer keys from their secure neighbors in a couple of ways, and use them to match with their XORed keys. In this way, the probability of securing links, i.e. local connectivity, increases. The decision of which key is to be transferred from which node is given based on local information at the hand of the nodes. We aim to control the resilience of the network against node capture attacks by using XORed keys since an attacker has to know either both single key operands or the XORed key itself. Simulations show that our scheme is up to 50% more connected as compared to basic scheme. Also it has better resilience performance at the beginning of a node capture attack. When it starts to deteriorate, the difference between the resilience of our proposed scheme and basic scheme is not greater than 5%

Secure Distributed Dynamic State Estimation in Wide-Area Smart Grids

Smart grid is a large complex network with a myriad of vulnerabilities, usually operated in adversarial settings and regulated based on estimated system states. In this study, we propose a novel highly secure distributed dynamic state estimation mechanism for wide-area (multi-area) smart grids, composed of geographically separated subregions, each supervised by a local control center. We firstly propose a distributed state estimator assuming regular system operation, that achieves near-optimal performance based on the local Kalman filters and with the exchange of necessary information between local centers. To enhance the security, we further propose to (i) protect the network database and the network communication channels against attacks and data manipulations via a blockchain (BC)-based system design, where the BC operates on the peer-to-peer network of local centers, (ii) locally detect the measurement anomalies in real-time to eliminate their effects on the state estimation process, and (iii) detect misbehaving (hacked/faulty) local centers in real-time via a distributed trust management scheme over the network. We provide theoretical guarantees regarding the false alarm rates of the proposed detection schemes, where the false alarms can be easily controlled. Numerical studies illustrate that the proposed mechanism offers reliable state estimation under regular system operation, timely and accurate detection of anomalies, and good state recovery performance in case of anomalies