Unit-IV-Ad Hoc & WSN
Unit-IV-Ad Hoc & WSN
Unit-IV-Ad Hoc & WSN
SENSOR NETWORK
SECURITY
UNIT IV
SENSOR NETWORK SECURITY
Availability:
• Security mechanisms must ensure that a system or network and its
applications are able to perform their tasks at any time without
interruption.
• Availability is often measured in terms of percentages of up or down
time
Accountability
• The entity requesting a service, triggering an action, or sending a packet
must be uniquely identifiable.
Controlled access
• A service or information access should only be granted to authorized
entities.
• Any security analysis must start with stating the desired security goals,
followed by an assessment of the possible risks or security threats posed
by an attacker.
• Some common threats are eavesdropping, masquerading (i.e. pretending
to have another entity’s identity), authorization violation (using services
without being allowed to use them), provoking loss or modification of
information, forgery (i.e. creating new information), repudiation, and
sabotage.
• When considering networking, some of the common attacks are
– eavesdropping as a purely passive attack, and
– insertion, deletion, or replaying of packets as an active attack.
• Attacks can be placed on all the layers of a given protocol stack.
• Many countermeasures have been developed against these threats.
• These mechanisms frequently depend on on symmetric or asymmetric
cryptographic algorithms.
• Cryptography is the process of hiding and protecting information using
encoding and decoding mechanisms.
• In symmetric key cryptography, a single key between two
communicating parties is used for the encryption and decryption of a
message.
• These algorithms can be used to encrypt data packets, to sign these with
almost unique hash/cryptographic check values, or to create certificates.
• Cryptographic algorithms essentially work by applying certain operations on
combinations of the user data and specific key values, which optimally are only
known to the sender and the receiver of a packet.
• For example, a simplistic encoding strategy could be to replace each
plaintext letter with another letter that is a certain number of positions
down the alphabet.
• For example, using a shift of 2 would replace the letter A with the letter
C.
• In this shift cipher, the fixed shift value is then the symmetric key
• Distributing these keys to the users and taking care of their lifecycle are
essential parts of key management protocols.
• In practice, key management turns out to be the most complex part of
security protocols; the raw encryption and decryption procedures are
small but important building blocks
Security considerations in wireless sensor networks
• Can security measures and cryptographic protocols in wireless sensor
networks be considered in the same way as for other types of networks?
There is some consensus that the answer seems to be “no”, for the
following reasons:
• The network infrastructure of a WSN is made up of small, cheap nodes
spread over a possibly hostile area.
• Unlike other types of networks, it is often impossible to prevent the
sensor nodes from being physically accessed by attackers. This is also
referred to as node capture.
• It is reasonable to assume that an attacker can achieve full control over a
captured node, that is he can read its memory or influence the operation
of the node software.
• Special secure memory devices would be needed to prevent the attacker
from reading the memory; however, these will only rarely be present in
cheap sensor nodes.
• The constraints regarding memory and computational capabilities are a
serious obstacle for implementing cryptographic algorithms.
• Especially asymmetric key cryptography is considered too heavyweight
for small processors, let alone the key management involved.
• When in-network processing is to be performed, intermediate nodes
need to access and modify the information contained in packets; hence, a
larger number of parties is involved in end-to-end information transfers.
• The SAR algorithm selects the path based on the energy resources and
additive QoS metric of each path, and the packet’s priority level.
• As a result, each sensor node selects its path to route the data back to the
sink.
• Also, two more algorithms called single winner election and
multiwinner election handle the necessary signaling and data transfer
tasks in local cooperative information processing
Reliability requirements in sensor networks
• What are the requirements for reliable data transport in wireless sensor
networks? A first glance toward this question can be gained by
comparing sensor networks with other networks.
• In traditional networks like the Internet, the transport protocols (TCP,
UDP) and the underlying network layer protocols have essentially no
clue which kind of data they transport.
• In fact, a key design requirement for these protocols is data
transparency. Such a protocol must strive to deliver every single bit to
the receiver(s), since nothing is known about the relative importance of
the different data bits.
• On the other hand, sensor networks are not designed with the goal of
transporting multiple independent data streams.
• Sensor networks are data-centric and rely on in-network processing. The
reliability requirements are pretty much application specific and the
protocols can take advantage of this; they know the data they carry.
• These can be roughly classified into the following orthogonal axes:
Solutions:
Client Puzzles and Authentication schemes
Application Layer Attacks
• Attacks by sending large amount of stimuli
• Network Programming attack
• Path based DOS
Solutions:
Periodic monitoring of sensor nodes
Layer Attacks Defense (Solutions)