A secure over-the-air programming scheme in wireless sensor networks

Over-The-Air dissemination of code updates in Wireless Sensor Networks (WSNs) have been researchers’ point of interest in past a few years and more importantly security challenges toward remote propagation of code update have taken the majority of efforts in this context. Many security models have been proposed to establish a balance between the energy consumption and security strengthen with having their concentration on constraint nature of WSN nodes. For authentication purposes most of them have used Merkle-Hash-Tree to avoid using multiple public cryptography operations. These models mostly have assumed an environment in which security has to be in a standard level and therefore they have not investigated the tree structure for mission-critical situations in which security has to be in maximum possible extent (e.g. military zones). Two major problems have been identified in Merkle Tree structure which is used in Seluge scheme, including: 1) an exponential growth in number of overhead packets when block size of hash algorithm used in design is increased. 2) Limitation of using hash algorithms with larger block size of 11 bytes when payload size is set to 72 bytes. Then several existing security models are investigated for possible vulnerabilities and a set of countermeasures correspondingly named Security Model Requirements (SMR) is provided. After concentrating on Seluge’s design, a new secure Over-The-Air Programming (OTAP) scheme named Seluge++ is proposed that complies with SMR and replaces the use of inefficient Merkle Tree with a novel method

SECURING MULTIHOP NETWORK BY DETECTING AND LOCATING POLLUTION ATTACKS USING SPACEMAC.

It has been widely observed that providing security is one of the challenging task in Wireless sensor network(WSN). Program images need to be updated continuously as network programming happens in WSN. Many Networking protocols provide an efficient way to update these program images running on sensor nodes. One of the cryptographically strong protocol called DELUGE exists to address this challenge, but it involves high computational cost such as power consumption and communication costs. So Multiple one way key chain is proposed to secure a multihop network programming protocol which is lower in power consumption and communication costs. Even though one way key chain is used to provide security, network with static topology is considered. Network is made dynamic by adding mobility nodes to it. But the extra node added may not always be the genuine node. If it is an attacker node, there can be several pollution attacks. Attacker node travels through the network, and pollute the entire network. Wirelesss sensor network may not be able to detect these pollution attacks. In this paper, we are proposing a MAC scheme called Spacemac. It expands the network by adding nodes to it. Using SpaceMac, i) it detects the polluted packets early at the intermediate nodes. ii) it identifies the exact location of an attacker and eliminates them

Implementation of Secure Key Management Techniques in Wireless Sensor Networks

Creating a secure wireless sensor network involves authenticating and encrypting messages that are sent throughout the network. The communicating nodes must agree on secret keys in order to be able to encrypt packets. Sensor networks do not have many resources and so, achieving such key agreements is a difficult matter. Many key agreement schemes like Diffie-Hellman and public-key based schemes are not suitable for wireless sensor networks. Pre-distribution of secret keys for all pairs of nodes is not viable due to the large amount of memory used when the network size is large. We propose a novel key management system that works with the random key pre-distribution scheme where deployment knowledge is unknown. We show that our system saves users from spending substantial resources when deploying networks. We also test the new system’s memory usage, and security issues. The system and its performance evaluation are presented in this thesis

Seluge++: A Secure Over-the-Air Programming Scheme in Wireless Sensor Networks

Over-the-air dissemination of code updates in wireless sensor networks have been researchers’ point of interest in the last few years, and, more importantly, security challenges toward the remote propagation of code updating have occupied the majority of efforts in this context. Many security models have been proposed to establish a balance between the energy consumption and security strength, having their concentration on the constrained nature of wireless sensor network (WSN) nodes. For authentication purposes, most of them have used a Merkle hash tree to avoid using multiple public cryptography operations. These models mostly have assumed an environment in which security has to be at a standard level. Therefore, they have not investigated the tree structure for mission-critical situations in which security has to be at the maximum possible level (e.g., military applications, healthcare). Considering this, we investigate existing security models used in over-the-air dissemination of code updates for possible vulnerabilities, and then, we provide a set of countermeasures, correspondingly named Security Model Requirements. Based on the investigation, we concentrate on Seluge, one of the existing over-the-air programming schemes, and we propose an improved version of it, named Seluge++, which complies with the Security Model Requirements and replaces the use of the inefficient Merkle tree with a novel method. Analytical and simulation results show the improvements in Seluge++ compared to Seluge

DiDrip: A Secure and Distributed Protocol for Updation and Dissemination of Data in WSN

A data discovery and dissemination protocol for wireless sensor networks (WSNs) is responsible for updation of configuration parameters and distribution of management commands to the sensor nodes. The existing data discovery and dissemination protocols faces several drawbacks. The idea behind the project is to use the first secure and distributed data discovery and dissemination protocol named DiDrip for WSN. DiDrip allows the network owners to authorize multiple network users with different privileges to directly and simultaneously disseminate data items to the nodes. Extensive security analysis shows that DiDrip is probably secure

DI-SEC: Distributed Security Framework for Heterogeneous Wireless Sensor Networks

Wireless Sensor Networks (WSNs) are deployed for monitoring in a range of critical domains (e.g., health care, military, critical infrastructure). Accordingly, these WSNs should be resilient to attacks. The current approach to defending against malicious threats is to develop and deploy a specific defense mechanism for a specific attack. However, the problem with this traditional approach to defending sensor networks is that the solution for one attack (i.e., Jamming attack) does not defend against other attacks (e.g., Sybil and Selective Forwarding). This work addresses the challenges with the traditional approach to securing sensor networks and presents a comprehensive framework, Di-Sec, that can defend against all known and forthcoming attacks. At the heart of Di-Sec lies the monitoring core (M-Core), which is an extensible and lightweight layer that gathers information and statistics relevant for creating defense modules. Along with Di-Sec, a new user-friendly domain-specific language was developed, the M-Core Control Language (MCL). Using the MCL, a user can implement new defense mechanisms without the overhead of learning the details of the underlying software architecture (i.e., TinyOS, Di-Sec). Hence, the MCL expedites the development of sensor defense mechanisms by significantly simplifying the coding process for developers. The Di-Sec framework has been implemented and tested on real sensors to evaluate its feasibility and performance. Our evaluation shows that Di-Sec is feasible on today’s resource-limited sensors and has a nominal overhead. Furthermore, we illustrate the functionality of Di-Sec by implementing four detection and defense mechanisms for attacks at various layers of the communication stack

Toward trusted wireless sensor networks

This article presents the design and implementation of a trusted sensor node that provides Internet-grade security at low system cost. We describe trustedFleck, which uses a commodity Trusted Platform Module (TPM) chip to extend the capabilities of a standard wireless sensor node to provide security services such as message integrity, confidentiality, authenticity, and system integrity based on RSA public-key and XTEA-based symmetric-key cryptography. In addition trustedFleck provides secure storage of private keys and provides platform configuration registers (PCRs) to store system configurations and detect code tampering. We analyze system performance using metrics that are important for WSN applications such as computation time, memory size, energy consumption and cost. Our results show that trustedFleck significantly outperforms previous approaches (e.g., TinyECC) in terms of these metrics while providing stronger security levels. Finally, we describe a number of examples, built on trustedFleck, of symmetric key management, secure RPC, secure software update, and remote attestation