90 research outputs found
Resilient networking in wireless sensor networks
This report deals with security in wireless sensor networks (WSNs),
especially in network layer. Multiple secure routing protocols have been
proposed in the literature. However, they often use the cryptography to secure
routing functionalities. The cryptography alone is not enough to defend against
multiple attacks due to the node compromise. Therefore, we need more
algorithmic solutions. In this report, we focus on the behavior of routing
protocols to determine which properties make them more resilient to attacks.
Our aim is to find some answers to the following questions. Are there any
existing protocols, not designed initially for security, but which already
contain some inherently resilient properties against attacks under which some
portion of the network nodes is compromised? If yes, which specific behaviors
are making these protocols more resilient? We propose in this report an
overview of security strategies for WSNs in general, including existing attacks
and defensive measures. In this report we focus at the network layer in
particular, and an analysis of the behavior of four particular routing
protocols is provided to determine their inherent resiliency to insider
attacks. The protocols considered are: Dynamic Source Routing (DSR),
Gradient-Based Routing (GBR), Greedy Forwarding (GF) and Random Walk Routing
(RWR)
Intrusion-Tolerant Middleware: the MAFTIA approach
The pervasive interconnection of systems all over the world has given computer services a significant socio-economic value, which can be affected both by accidental faults and by malicious activity. It would be appealing to address both problems in a seamless manner, through a common approach to security and dependability. This is the proposal of intrusion tolerance, where it is assumed that systems remain to some extent faulty and/or vulnerable and subject to attacks that can be successful, the idea being to ensure that the overall system nevertheless remains secure and operational. In this paper, we report some of the advances made in the European project MAFTIA, namely in what concerns a basis of concepts unifying security and dependability, and a modular and versatile architecture, featuring several intrusion-tolerant middleware building blocks. We describe new architectural constructs and algorithmic strategies, such as: the use of trusted components at several levels of abstraction; new randomization techniques; new replica control and access control algorithms. The paper concludes by exemplifying the construction of intrusion-tolerant applications on the MAFTIA middleware, through a transaction support servic
A Survey on Wireless Sensor Network Security
Wireless sensor networks (WSNs) have recently attracted a lot of interest in
the research community due their wide range of applications. Due to distributed
nature of these networks and their deployment in remote areas, these networks
are vulnerable to numerous security threats that can adversely affect their
proper functioning. This problem is more critical if the network is deployed
for some mission-critical applications such as in a tactical battlefield.
Random failure of nodes is also very likely in real-life deployment scenarios.
Due to resource constraints in the sensor nodes, traditional security
mechanisms with large overhead of computation and communication are infeasible
in WSNs. Security in sensor networks is, therefore, a particularly challenging
task. This paper discusses the current state of the art in security mechanisms
for WSNs. Various types of attacks are discussed and their countermeasures
presented. A brief discussion on the future direction of research in WSN
security is also included.Comment: 24 pages, 4 figures, 2 table
INSENS: Intrusion-tolerant routing for wireless sensor networks
This paper describes an INtrusion-tolerant routing protocol for wireless SEnsor NetworkS (INSENS). INSENS securely and efficiently constructs tree-structured routing for wireless sensor networks (WSNs). The key objective of an INSENS network is to tolerate damage caused by an intruder who has compromised deployed sensor nodes and is intent on injecting, modifying, or blocking packets. To limit or localize the damage caused by such an intruder, INSENS incorporates distributed lightweight security mechanisms, including efficient one-way hash chains and nested keyed message authentication codes that defend against wormhole attacks, as well as multipath routing. Adapting to WSN characteristics, the design of INSENS also pushes complexity away from resource-poor sensor nodes towards resource-rich base stations. An enhanced single-phase version of INSENS scales to large networks, integrates bidirectional verification to defend against rushing attacks, accommodates multipath routing to multiple base stations, enables secure joining/leaving, and incorporates a novel pairwise key setup scheme based on transitory global keys that is more resilient than LEAP. Simulation results are presented to demonstrate and assess the tolerance of INSENS to various attacks launched by an adversary. A prototype implementation of INSENS over a network of MICA2 motes is presented to evaluate the cost incurred
Routing Security Issues in Wireless Sensor Networks: Attacks and Defenses
Wireless Sensor Networks (WSNs) are rapidly emerging as an important new area
in wireless and mobile computing research. Applications of WSNs are numerous
and growing, and range from indoor deployment scenarios in the home and office
to outdoor deployment scenarios in adversary's territory in a tactical
battleground (Akyildiz et al., 2002). For military environment, dispersal of
WSNs into an adversary's territory enables the detection and tracking of enemy
soldiers and vehicles. For home/office environments, indoor sensor networks
offer the ability to monitor the health of the elderly and to detect intruders
via a wireless home security system. In each of these scenarios, lives and
livelihoods may depend on the timeliness and correctness of the sensor data
obtained from dispersed sensor nodes. As a result, such WSNs must be secured to
prevent an intruder from obstructing the delivery of correct sensor data and
from forging sensor data. To address the latter problem, end-to-end data
integrity checksums and post-processing of senor data can be used to identify
forged sensor data (Estrin et al., 1999; Hu et al., 2003a; Ye et al., 2004).
The focus of this chapter is on routing security in WSNs. Most of the currently
existing routing protocols for WSNs make an optimization on the limited
capabilities of the nodes and the application-specific nature of the network,
but do not any the security aspects of the protocols. Although these protocols
have not been designed with security as a goal, it is extremely important to
analyze their security properties. When the defender has the liabilities of
insecure wireless communication, limited node capabilities, and possible
insider threats, and the adversaries can use powerful laptops with high energy
and long range communication to attack the network, designing a secure routing
protocol for WSNs is obviously a non-trivial task.Comment: 32 pages, 5 figures, 4 tables 4. arXiv admin note: substantial text
overlap with arXiv:1011.152
- …