Introduction

WSN or in other words Wireless sensor Networks are basically a large collection of small
devices each with the capability of sensing, processing and communicating in order to
monitor the real-world environment. A typical sensor node has 4 main parts to it
Power supply
Sensor and analog to digital converter (ADC)
Processor and storage memory
Transceiver to send and receive data

(Figure 1)
The networks themselves are made up of two different types of configurations as seen below.

(Figure 2)
Both the above pictures show a wide spread geographical area which is divided up into
clusters with a gateway in each of them. The gateway is the communication hub for all nodes.
It is the gateway that collects data and forwards it to the user. In the first picture the nodes are
directly communicating with the gateway in its cluster. In the second picture the nodes are
chaining in order to communicate with the gateway. This offers several advantages such as
reduces energy for transmission but on the other hand it increases the energy in processing as
each node receives and forwards messages.
There are two modes of operation that of continuous operation and query mode. In the first
mode the node is continually sensing the environment and sending data to neighbouring or
the central node. In the query mode it remains on low power just waiting for a command to
bring it to life from the central or neighbouring node. Upon receiving a command it collects
the data, processes it and sends it to the requesting node.
(Aboelaze, M and Aloul, F)

The vision for the future is to use WSN to implement a major role in society by using a wide
variety of applications from critical military surveillance to forest fires. These sensor nodes
will be deployed in large numbers to monitor, process and communicate the information they
have been programmed to do in all kinds of terrain and conditions.
There is however one small problem in that they have severe resource constraints because of
their lack of power, limited memory and energy. The fact is that these nodes will be left
unattended in hostile and remote locations and so security is of the upmost. Security threats
include:
Node capture
Physical tampering
Eavesdropping
Denial of service attacks ... to name but a few.
As these sensor nodes are resource constrained traditional security mechanisms are not
viable. Research has come up with various security schemes which are specially developed
for WSNs. A few protocols have been proposed and these include:

(Figure 3)
The reason why perhaps we havent really seen much of these networks around may be due
to several factors: (i) WSN technology can be very expensive on large scale systems. (ii) The
technology is limited and unreliable due to the use of low cost and low power radios
operating in highly crowded ISM bands. (iii) Investment is viable due to the lack of
applications which are cost effective. (iv) Many applications are still not available which are
ready to use and able to fulfil the functional and non-functional requirements. There is one
system though that is striving to overcome the problems stated above and that is the EMMON
system architecture for large-scale, dense, real-time embedded monitoring and provides a
hierarchical middleware and command software.
(Tennina, S. Et all)
How are Wireless Sensor Networks going to benefit us?
The uses for WSNs are many, lets take a look at a few of them. Where better to start than in
the home, the place where we look for things to make our lives convenient and comfortable.

In the home they are able to control almost anything that can be controlled through an
electronic circuit including:
Lighting
Heating / cooling
Security
Entertainment
Cooking and so on...
Next we look at health. This is an area where sensor networks are extensive so can experience
them in:
Health monitors for
o Glucose
o Heart rate
o Cancer detection....
Chronic diseases
o Artificial retina
o Cochlear implants...
Hospital sensors
o Monitor vital signs
o Record anomalies...
In the defence of our country the military use them to monitor troop movements. They can set
up sensors to guard and protect crucial locations and information. They could also be used as
spies reporting on enemy movement and so on...
When we move onto industrial and commercial environments we can see them being used to
Monitor crop conditions.
Inventory tracking.
In process parts tracking.
Automated problem reporting
RFDI theft deterrent and customer tracing
Plant equipment maintenance monitoring...
Another use could be for traffic management and monitoring.
Future cars could use wireless sensors to
o Handle accidents
o Handle thefts
Sensors embedded into the roads could
o Monitor traffic flow
o Provide real time updates
It doesnt matter where we go or what we do wireless sensors can and do help us in one way
or another.
(Wayne)

In this piece of work the intention is to look at the security issue relating to WSM. As I
mentioned above WSNs must be secured against intruders who wish to obstruct the delivery
or forge the sensor data. One way that has been implemented to secure the data is by
integrating end-to-end data integrity checksums and post-processing of sensor data used to
identify forged data. As this is a wireless technology it is exposed to wireless hacking threats
such as eavesdropping, unauthorised access, spoofing, replay, and denial of service (DoS)
attacks. If that werent enough the sensors themselves are limited to the degree of encryption,
decryption, and authentication due to resource constraints. Common security mechanisms
such as computation-intensive public-key cryptography are questionable.
Another major risk is physical risk where by an intruder could easily be captured and
subjected to attacks. Such attacks could result in advertising false routing information, and
launching of a DoS attack from within the sensor network. Developers are working on
designs so as to design a intrusion-tolerant WSN whereby a single compromised node will
only disrupt a small portion of the network without bringing the whole of the network down.
This requires protection against two classes of attack, DoS type and routing disruption.
In a more conventional network for secure routing message integrity, authentication, and
confidentiality are handled at a higher layer by end-to-end security mechanisms including
SSL and SSH. For the routers they need not see the content of the data packets or indeed have
access to the content of the data packets. However, the same is not true for sensor networks
because the intermediate nodes need direct access to the contents of the data. As a result
much more is needed from the protocols used and they must be designed with this in mind.
So what are the requirements for security in WSNs?
As I have mentioned there are several threats to WSNs and at the same time there are unique
characteristics. So with that security measures have to be thought out meticulously. Lets now
look at some of the security requirements needed.
(i) Data confidentiality: This means that the messages being send over the network should
only be understood by the intended recipient. In order to achieve this:
The sensor node should not allow access to anyone who is unauthorised to do so.
Key distribution mechanism should be robust.
(ii) Data integrity: The mechanism must certify that no messages can be tampered with as it
crosses the network.
(iii) Availability: Services should always be available even during attacks.
(iv) Data freshness: This refers to the data being recent and no adversary can replay old
messages.
(v) Self-organization In other words each and every node in the WSN should be able to
organize and heal itself. Nodes in the WSN must organise among themselves multi=hop
routing, key management, and developing trust relations.
(vi) Secure localization: It must be necessary to be able to accurately and automatically locate
each and every sensor node in the WSN. This would ensure that false routing information is
addressed.
(vii) Time synchronization: All mechanisms should be time-synchronized as most of the
applications need time synchronization.

(viii) Authentication: It has to be made very clear that the communicating node is the node it
claims to be to safe guard against the modification and fabrication of data packets.
What are the vulnerabilities?
Although there are many types of attacks they generally fall into three categories.
(i) Attacks on network availability: These are commonly known as DoS attacks.
(ii) Attacks on secrecy and authentication: These types of attacks such as spoofing of packets,
packet replay, modification of packets, and eavesdropping are defended against by the use of
standard cryptographic techniques.
(iii) Stealthy attack against service integrity: This relate to an attacker injecting false data
values and forcing the network to accept them.
(Obaidat and Misra)
DoS Attacks
There are many DoS attacks and can be aimed at different layers of the OSI solets take a
look at the types of DoS attacks mapped out to the OSI model.

Physical Layer
Sensor networks communicate via wireless communication on an ad-hoc network on a large
scale. This makes any other form of communication impractical.
Jamming
This is one of the better known attacks and is simple and effective. It interferes with the radio
frequencies being used disrupting the whole network putting nodes out of action.
Nodes are able to tell the difference between jamming and failure of its neighbours through
the constant energy and lack of response impedes communication. The normal defence
against this is to use various forms of the spread-spectrum. Its difficult for jammers to follow
the hopping sequence or to even jam a wide area of the frequency band.

(Figure 4)

(Figure 5)
In figure 1 it shows us that nodes should communicate and maximize the successful delivery
of messages. This is achieved by switching to a prioritizes transmission scheme to minimize
collisions. And also nodes can buffer high-priority messages indefinitely relaying the
message again and again when there is a gap due to jamming.
In figure 2 the nodes are surrounding the affected region to map and report the DoS attack
boundary to a base station. Closer nodes to the attack can detect the higher than normal
background noise and report it to nodes outside the attack region.
Tampering
It is unrealistic to expect access to hundreds of nodes over a several kilometres. These nodes
are susceptible to attackers who can inflict total destruction, damage or even replace sensors
and hardware to extract sensitive data such as cryptographic keys to gain higher access of
communication. Such defences include automatic erasing of cryptographic or program
memory or camouflaging then to conceal them out of sight.

Link Layer
The MAC layer allows neighbours to communicate and rely on carrier sense to detect other
nodes transmitting which is vulnerable to DoS attacks.
Collision
It only takes a collision in one octet to disrupt an entire packet. A checksum mismatch
causing a corrupted ACK control message could provoke exponential back-off.
Variable levels of corruption in messages are checked by error-correction codes which are
flexible. The network can use collision detection to weed out malicious collisions creating a
link layer jamming. Although it can do this no real solution to this problem is effective.
Exhaustion
A native link layer implementation may attempt retransmission repeatedly. This is an active
DoS attack and could lead to the exhaustion of battery resources in nearby nodes. Time
divisional multiplexing gives each node a time slot for transmission but is still at risk to
collisions. A typical DoS attack would be an interrogation attack. Here one node would

continually send Request To Send, Clear To Send messages to reserve channel access.
Constant transmission would deplete the energy resources of both nodes. One form of
defence here is the MAC admission control rate limiting. This tells the network to ignore
excessive requests and thus protects against battery energy loss.
Unfairness
This is relating to the cooperative MAC-layer priority scheme whereby attacks exploit this
scheme causing unfairness. It could avert legitimate access to the channel or degrade the
service by causing users to miss their real-time MAC protocol deadlines.
The use of small frames is a defence against this attack as it enables the node to capture the
channel for a short time. The attacker can still gain control when trying to get access by
responding quickly while others delay randomly.

Network and Routing Layer

As messages progress by many hops to their destination the aggregate network cost of
replaying a packet increases. There is also a probability that the packet could be dropped or
misdirected on the way.
Because of the absence of routers in the network the nodes will become routers themselves
routing all traffic flowing through them. This in itself creates a vulnerability. Protocol have to
be simple but robust enough to deal with failures which occur many hops away from the
source.
Neglect and greed
This form of DoS attack is known as node-as-router vulnerability. The problem is that
messages can be neglected with regard to routing. The captured node still participates in low
level protocol and even acknowledges reception of data but it can drop messages randomly
being neglectful. It is also greedy in the fact that it gives higher priority to its own messages.
As a result of its greediness traffic will be degraded or even blocked from the region to the
base station.
The use of multiple routing paths or sending redundant messages has an effect on this attack
by reducing it. But finding a greedy node is not easy so prevention is better than detection.
Homing
In a WSN network nodes are given responsibilities. One node could act as coordinator while
another could serve as cryptographic key managers. These nodes attract much attention
because they are the nodes with crucial information and critical services to the network.
Because they rely on geographic forwarding it exposes them to homing attacks.
In order to find these nodes the attacker will be passive observing the traffic to find the
location of critical nodes. Once found the nodes are then open to being attacked by
collaborators or mobile adversaries using other means.
A defence against this is if all the neighbours were using cryptographic keys then at each hop
the headers could be encrypted. As a result this would hide the location or the source and

destination of the messages. Of course this will only work if the nodes themselves have not
been hijacked and the decryption keys are valid.
Misdirection
This is where messages are misguided by fabricated of malicious route advertisements. This
is another DoS attack which is aimed at the sender getting it to send the message away from
its intended destination. If the attacker can misdirect a lot of traffic flow in one direction it
can target an random victim. This is similar to a smurf attack where the attacker forges the
victims address as the source of many broadcast Internet control message protocol echoes.
As the replies are directed back to the victim which in turn floods the network link. The
protocol in a WSN that is susceptible to this kind of attack is the DSR (Dynamic Source
Routing) protocol.
In Internet gateways they use egress filtering which is a mechanism used to prevent smurf
attacks. It does this by verifying source addresses where parent routers can verify that all
packets from below have originated from their children. This approach can also be used in a
WSN providing the network has a hierarchical routing mechanism.
Black Holes
A more effective DoS attack is used against Distance vector based networks. Nodes advertise
zero-cost routes to every other node forming routing black holes. More traffic is directed in
their direction which results in intense resource contention around the node as others fight for
limited bandwidth. Although these are easily detected they can be very disruptive as other
nodes innocent knowledge of the network topology may suspect inconsistent advertisements.
Authorization
This is a defence against black holes as it only allows authorized nodes to exchange routing
information by the use of a public key encryption infrastructure to sign and verify routing
updates. Designers have fond that public key encryption is difficult in WSN. The networks
scalability would be troubled due to ad hoc relations upon deployment such as mobile or
additional nodes being added through time so a centralized certification authority would
create a single point of failure. This gives the attacker the ability to construct valid routing
messages. To protect against this threshold cryptography with shared updating can help.
Monitoring
Nodes monitor their neighbours to ensure correct routing behaviour. It does this by relaying a
message to the next hop and then acts as a watchdog that verifies the next hop transmission of
the same packet. This enables the watchdog to detect any changes in the packet causing
limitations caused by collisions, asymmetric physical connectivity and so on. The quality
rating mechanism is informed which enables the node to choose the most reliable router to
transmit its message to.
Probing
Probing is a more active approach which does not involve all the nodes on the network. If the
network is using geography based routing then black holes can be detected by periodically
sending out probes crossing the network diameter. Blackout regions can be detected to
subject of transient routing errors and overload.

Probing can be used to detect malicious nodes transmitting anything but normal traffic thus
detecting the node infected.
Redundancy
Is something that can be used to identify and lessen the probability of encountering a
malicious node. Duplicate massages can be sent along the same path to protect against
intermittent routing failure or random malice If each of these messages were to be directed on
a different path then black holes and malicious nodes can be obverted. Another and better
approach is diversity coding. In this encoded messages are sent along different paths, but with
lower cost than full duplication.

Transportation Layer
This layer is responsible for end to end connection ranging from unreliable area-to-area
anycast to the more complex reliable sequenced-multicast bytestream. For sensor networks
they tend to use simple protocols in order to minimize the communication overheads of
acknowledgements and retransmissions. Any protocol that uses sequencing are vulnerable to
many DoS attacks.
Flooding
Protocols that remain alive from end to end are vulnerable to memory exhaustion through
flooding. One of the most common attacks is the TCP SYN where many connection
establishment requests are sent to the victim. Each request is allocated a portion of resources
to maintain that connection.
To fight this attack a limited number of connections can be introduced thus preventing
complete resources exhaustion. The problem here though is genuine clients will also be
rejected from connecting interfering with all other process at the victim. It also means that
tables fill up with abandoned connections and queues form up. Protocols that are
connectionless are able to resist this attack but cannot provide adequate transport layer
services for the network.
One solution the defence of this attack is client puzzles that requires the client to demonstrate
the commitment of their resources to each connection. The puzzles are easily created and
verified by the server and client specific information s not required to be stored. In order for a
client to get a connection it is first presented with a puzzle. The client must solve the puzzle
and present it to the server to get a connection. As a result of this the attacker must commit
more computation resources per unit time to flood the server with valid connections. If the
server experienced heavy loads it would scale the puzzles to require even more work by the
potential clients.
This is a great defence if the adversaries possess the same limitations as sensor nodes but has
the disadvantage of requiring more computation energy for genuine nodes but it is less costly
than wasting radio transmissions by flooding.
Desynchronization
Dsynchroniatio is when two points are connected and the connection is disrupted. The attack
is crafted by repeatedly forging messages and sending then to both end points. Within these

messages the sequence numbers cause the end points to request retransmission of missed
frames. If proper timing is maintained by the adversary it prevents end points from sending
any useful information. This leads to a waste in energy ina= an endless synchronization
protocol.
One of the ways to counter this attack is authentication where by all fields are checked in the
transport layer protocol header. Assuming the authentication mechanism at the ends points
could detect and drop malicious packets.
Protocol Vulnerabilities when designing new protocols.
Dos attacks are a very real threat to sensor networks. There is a need for developers to
analyze these vulnerabilities
Adaptive Rate Control
Protocols have been improved upon and developed into standard MAC protocols which are
more applicable to sensor networks by Woo and Culler.. Key mechanisms include:
Back-off tha shifts an applications periodicity phase.
Passive adaptation of originating and route through admission control rates.
Anticipatory delay for avoiding multihop hidden mode problems.
All these impressive features can only work through cooperation among nodes. With
efficiency in mid preference has been given to route through traffic in admission control by
making it probabilistic multiplicative back-off factor 50 percent less than the back-off factor
of originating traffic. This allows for preservation of packets that travel many hops.
Once again though this is not attacker proof it still leaves vulnerabilities by making flooding
attacks more effective. High bandwidth packet streams generated by a malicious node will
receive preference during collisions which can occur at every hop on the way. Meaninng that
not only does the network transport the malicious traffic but also gives it preference.
RAP
Chenyang Lus real time location protocols (RAP) provide real time communication
architecture integrating a query event service API and geographic forwarding with novel
velocity monotonic scheduling (VMS) policy.

(Figure 6)
The above picture in figure three gives us a view of the architecture encompassing several
network payers, from prioritizing MAC layer to the query event API just below the
application layer.
The VMS layer stamps packets with a desired velocity calculated from the distance to travel
and the end to end deadline. Each node will compute it by looking to see what distance is left
and how long it has taken so far. Packet relay gives higher priority to higher velocity packets.
This is of course a vulnerability in itself as the attacker could flood the network with high
priority packets and wasting bandwidth and energy. This is easily done by the attacker by
making the deadline short or the distance extraordinarily large. On a brighter side packets will
soon be dropped if they have a short deadline as they would have missed it. The attacker
could inject the packets with geographic destinations far away outside the sensor network.
This may not be discovered though until the packet reaches the networks edge therefore it
has wasted high priority bandwidth all the while.
It is possible for this attack to be successful if the network uses a location directory service
that could detect out-of-area packets. This service is usually invoked in order to find a
destination node by the original node. The packet includes the destination so that intermediate
nodes only need to make local forwarding decisions. The attacker would avoid this allowing
the malicious location to go undetected.
Crytographic-authentication mechanisms are what developers are focused on when
developing protocols in order to add DoS resistance. In sensor networks there are serious
problems as digital signature schemes are impractical to use due to limited resources
available. In an ad hoc network deployment of possible ID-less nodes causes the problem of
how to establish trust and identity especially in large scale networks.

The most effective defence is to consider DoS attacks at the time of design. Unsolvable
problems can be helped if defence strategies were applied in the case of cooperatively
mapping jammed regions. It would become relatively easy to compromise a network if these
DoS vulnerabilities went unattended.
The sensor network is only as good as it is secured. Without sufficient protection form DoS
and other types of attacks sensor networks will become deployable in wide areas and good
for limited, controlled environments. This would completely defeat the whole purpose of
having sensor networks in the first place.
(Wood and Stankovic 54 - 61)

Below is a table depicting a table reflecting the types of attacks at each layer of the protocol
stack and other attacks.

(Figure 7)

Conclusion
As the days go by wireless sensor networks become bigger and bigger and as they become
more and more popular they are being used more and more for mission-critical applications.
This continual growth tells us that there is a serious need for security as they are being used
in some of the most sensitive areas of data recording. There are problems though in that they
suffer from many constraints such as limited energy, processing capabilities, and storage
capacity. Other constraints also include unreliable communication and unattended operation.
The main form of security in use is cryptography. In order to provide security in WSNs it is
necessary to select the appropriate cryptography method for sensor nodes. Public key
cryptosystems bear too much load on the resource constrained sensor nodes. But as a result of
research it is viable to apply public key cryptography to the sensor networks by using the
correct selection of algorithms and associated parameters, optimization, and low power
techniques.
For tiny sensor modes it is possible to achieve good results with smaller keys bu using RSA
and Diffie-Hellman based on the elliptic curve cryptography. This reduces computation time
and also the amount of data transmitted and stored. There is a promising outlook for WSNs
meeting security requirements by using asymmetric approaches with public key
cryptosystems, specifically elliptic curve cryptography.
(Chelli, K)

REFERENCES
1
2
3
4
5

Aboelaze, M and Aloul, F, Current and Future Trends in Sensor Networks: A Survey,
viewed 9/5/2016 available at http://ieeexplore.ieee.org.
Tennina, S. Et all. EMMON: A WSM System Architecture for Large Scale and Dense
Real-Time Embedded Monitoring, viewed 9/5/2016 available at
http://ieeexplore.ieee.org.
Obaidat. M, S. and Misra, S, 2014, Principles of Wireless Sensor Networks,
Cambridge University Press, United Kingdom.
Wood, A, D and J, A Stankovic. "Denial Of Service In Sensor Networks". Computer
2002: Viewed 9/5/2016
www.cs.wpi.edu/~emmanuel/courses/.../wk12_p1_Luba_sensor_DoS.pdf, 54 - 61.
Wayne, L, What does the Future hold for Wireless Sensors, PowerPoint presentation,
State University Department of Computer Science, U.S.A.
Chelli, K, 2015, Security Issues in Wireless Sensor Networks: Attacks and
Countermeasures, Proceedings of the World Congress on Engineering 2015 Vol I,
London UK. viewed 9/5/2016 available at
http://www.iaeng.org/publication/WCE2015/WCE2015 pp519-524.pdf

FIGURES
Figure 1
&2

Aboelaze, M and Aloul, F, Current and Future Trends in Sensor Networks: A

Survey, viewed 9/5/2016 available at http://ieeexplore.ieee.org.
Singh, S, K, Singh, M, P and Singh, D, K, 2010, Routing Protocols in Wireless
Figure 3 Sensor Networks A Survey, International Journal of Computer Science &
Engineering Survey (IJCSES) Vol.1, No.2 November 2010.
Wood, A, D and J, A Stankovic. "Denial Of Service In Sensor Networks".
Figure 4,
Computer 2002: Viewed 9/5/2016
5 and 6
www.cs.wpi.edu/~emmanuel/courses/.../wk12_p1_Luba_sensor_DoS.pdf, 54 - 61.
Chelli, K, 2015, Security Issues in Wireless Sensor Networks: Attacks and
Countermeasures, Proceedings of the World Congress on Engineering 2015 Vol I,
Figure 7
London UK. viewed 9/5/2016 available at
http://www.iaeng.org/publication/WCE2015/WCE2015 pp519-524.pdf