Solutions and Tools for Secure Communication in Wireless Sensor Networks

Secure communication is considered a vital requirement in Wireless Sensor Network (WSN) applications. Such a requirement embraces different aspects, including confidentiality, integrity and authenticity of exchanged information, proper management of security material, and effective prevention and reaction against security threats and attacks. However, WSNs are mainly composed of resource-constrained devices. That is, network nodes feature reduced capabilities, especially in terms of memory storage, computing power, transmission rate, and energy availability. As a consequence, assuring secure communication in WSNs results to be more difficult than in other kinds of network. In fact, trading effectiveness of adopted solutions with their efficiency becomes far more important. In addition, specific device classes or technologies may require to design ad hoc security solutions. Also, it is necessary to efficiently manage security material, and dynamically cope with changes of security requirements. Finally, security threats and countermeasures have to be carefully considered since from the network design phase. This Ph.D. dissertion considers secure communication in WSNs, and provides the following contributions. First, we provide a performance evaluation of IEEE 802.15.4 security services. Then, we focus on the ZigBee technology and its security services, and propose possible solutions to some deficiencies and inefficiencies. Second, we present HISS, a highly scalable and efficient key management scheme, able to contrast collusion attacks while displaying a graceful degradation of performance. Third, we present STaR, a software component for WSNs that secures multiple traffic flows at the same time. It is transparent to the application, and provides runtime reconfigurability, thus coping with dynamic changes of security requirements. Finally, we describe ASF, our attack simulation framework for WSNs. Such a tool helps network designers to quantitatively evaluate effects of security attacks, produce an attack ranking based on their severity, and thus select the most appropriate countermeasures

An Energy Aware and Secure MAC Protocol for Tackling Denial of Sleep Attacks in Wireless Sensor Networks

Wireless sensor networks which form part of the core for the Internet of Things consist of resource constrained sensors that are usually powered by batteries. Therefore, careful energy awareness is essential when working with these devices. Indeed,the introduction of security techniques such as authentication and encryption, to ensure confidentiality and integrity of data, can place higher energy load on the sensors. However, the absence of security protection c ould give room for energy drain attacks such as denial of sleep attacks which have a higher negative impact on the life span ( of the sensors than the presence of security features. This thesis, therefore, focuses on tackling denial of sleep attacks from two perspectives A security perspective and an energy efficiency perspective. The security perspective involves evaluating and ranking a number of security based techniques to curbing denial of sleep attacks. The energy efficiency perspective, on the other hand, involves exploring duty cycling and simulating three Media Access Control ( protocols Sensor MAC, Timeout MAC andTunableMAC under different network sizes and measuring different parameters such as the Received Signal Strength RSSI) and Link Quality Indicator ( Transmit power, throughput and energy efficiency Duty cycling happens to be one of the major techniques for conserving energy in wireless sensor networks and this research aims to answer questions with regards to the effect of duty cycles on the energy efficiency as well as the throughput of three duty cycle protocols Sensor MAC ( Timeout MAC ( and TunableMAC in addition to creating a novel MAC protocol that is also more resilient to denial of sleep a ttacks than existing protocols. The main contributions to knowledge from this thesis are the developed framework used for evaluation of existing denial of sleep attack solutions and the algorithms which fuel the other contribution to knowledge a newly developed protocol tested on the Castalia Simulator on the OMNET++ platform. The new protocol has been compared with existing protocols and has been found to have significant improvement in energy efficiency and also better resilience to denial of sleep at tacks Part of this research has been published Two conference publications in IEEE Explore and one workshop paper

Cluster Based Intrusion Detection Technique for Wireless Networks

Wireless networks are vulnerable to spoofing attacks, which allows for many other forms of attacks on the networks. Although th e identity of a node can be verified through cryptographic authentication, authentication is not always possible because it requires key management and additional infrastructural overhead. In this paper we propose a method for both detect ing spoofing attacks, as well as locating the positions of adversaries performing the attacks. We propose to use the spatial correlation of received signal strength (RSS) inherited from wireless nodes to detect the spoofing attacks. We then formulate the problem of determin ing the number of attackers as a multiclass detection problem. Cluster - based mechanisms are developed to determine the number of attackers. When the training data are available, we explore using the Support Vector Machines (SVM) method to further improve t he accuracy of determining the number of attackers. In addition, we developed an integrated detection and localization system that can localize the positions of multiple attackers. We evaluated our techniques through two test beds using both an 802.11 ( Wi - Fi ) network and an 802.15.4 network in two real office buildings. Our experimental results show that our proposed methods can achieve over 90 percent Hit Rate and Precision when determining the number of attackers. Our localizatio n results using a represen tative set of algorithms provide strong evidence of high accuracy of localizing multiple adversaries

Attacking and Securing Beacon-Enabled 802.15.4 Networks

The IEEE 802.15.4 has attracted time-critical applications in wireless sensor networks (WSNs) because of its beacon-enabled mode and guaranteed timeslots (GTSs). However, the GTS scheme’s security still leave the 802.15.4 MAC vulnerable to attacks. Further, the existing techniques in the literature for securing 802.15.4 either focus on non beacon-enabled 802.15.4 or cannot defend against insider attacks for beacon-enabled 802.15.4. In this thesis, we illustrate this by demonstrating attacks on the availability and integrity of the beacon-enabled 802.15.4. To proof the attacks, we implement the attacks using Tmote Sky motes for a malicious node along with regular nodes. We show that the malicious node can freely exploit the beacon frames to compromise the integrity and availability of the network. For the defense, we present beacon-enabled MiniSec (BCN-MiniSec) and analyze its cost

Service-oriented wireless sensor networks and an energy-aware mesh routing algorithm

Service-oriented wireless sensor networks (WSNs) are being paid more and more attention because service computing can hide complexity of WSNs and enables simple and transparent access to individual sensor nodes. Existing WSNs mainly use IEEE 802.15.4 as their communication specification, however, this protocol suite cannot support IP-based routing and service-oriented access because it only specifies a set of physical- and MAC-layer protocols. For inosculating WSNs with IP networks, IEEE proposed a 6LoWPAN (IPv6 over LoW Power wireless Area Networks) as the adaptation layer between IP and MAC layers. However, it is still a challenging task how to discover and manage sensor resources, guarantee the security of WSNs and route messages over resource-restricted sensor nodes. This paper is set to address such three key issues. Firstly, we propose a service-oriented WSN architectural model based on 6LoWPAN and design a lightweight service middleware SOWAM (service-oriented WSN architecture middleware), where each sensor node provides a collection of services and is managed by our SOWAM. Secondly, we develop a security mechanism for the authentication and secure connection among users and sensor nodes. Finally, we propose an energyaware mesh routing protocol (EAMR) for message transmission in a WSN with multiple mobile sinks, aiming at prolonging the lifetime of WSNs as long as possible. In our EAMR, sensor nodes with the residual energy lower than a threshold do not forward messages for other nodes until the threshold is leveled down. As a result, the energy consumption is evened over sensor nodes significantly. The experimental results demonstrate the feasibility of our service-oriented approach and lightweight middleware SOWAM, as well as the effectiveness of our routing algorithm EAMR.<br /

Attacking and securing beacon-enabled 802.15.4 networks

The IEEE 802.15.4 standard has attracted timecritical applications in wireless sensor networks because of its beacon-enabled mode and guaranteed timeslots (GTSs). However, the GTS management scheme’s security mechanisms still leave the 802.15.4 medium access control vulnerable to attacks. Further, the existing techniques in the literature for securing 802.15.4 networks either focus on nonbeacon-enabled 802.15.4 networks or cannot defend against insider attacks for beacon-enabled 802.15.4 networks. In this paper, we illustrate this by demonstrating attacks on the availability and integrity of the beaconenabled 802.15.4 network. To confirm the validity of the attacks, we implement the attacks using Tmote Sky motes for wireless sensor nodes, where the malicious node is deployed as an inside attacker. We show that the malicious node can freely exploit information retrieved from the beacon frames to compromise the integrity and availability of the network. To defend against these attacks, we present BCN-Sec, a protocol that ensures the integrity of data and control frames in beacon-enabled 802.15.4 networks. We implement BCN-Sec, and show its efficacy during various attacks

Wireless body sensor networks for health-monitoring applications

This is an author-created, un-copyedited version of an article accepted for publication in Physiological Measurement. The publisher is not responsible for any errors or omissions in this version of the manuscript or any version derived from it. The Version of Record is available online at http://dx.doi.org/10.1088/0967-3334/29/11/R01

Performance Analysis of Denial-of-Sleep Attack-Prone MAC Protocols in Wireless Sensor Networks

Wireless sensor networks which form part of the core for the Internet of Things consist of resource constrained sensors that are usually powered by batteries. Therefore, careful energy awareness is essential when working with these devices. On the other hand, the presence as well as the absence of security features implemented in resource constrained sensors can have negative effects on their energy consumption. Indeed, the introduction of security techniques such as authentication and encryption, to ensure confidentiality and integrity of data, can place higher energy load on the sensors. However, the absence of security protection could give room for energy-drain attacks such as denial-of-sleep attacks which has a higher negative impact on the life span (availability) of the sensors than the presence of security techniques. This paper focuses on denial-of-sleep attacks by simulating three Media Access Control (MAC) protocols – Sensor-MAC, Timeout-MAC and TunableMAC – under different network sizes. We evaluate, compare, and analyse the received signal strength and the link quality indicators for each of these protocols. The results of our simulation provide insight into how these parameters can be used to detect a denial-of-sleep attack. Finally, we propose a novel architecture for tackling denial-of-sleep attacks by propagating relevant knowledge via intelligent agents