Page 1
1
CHAPTER 1
INTRODUCTION
WSN is a wireless network consisting of spatially dispersed and
dedicated autonomous devices which use sensors to monitor physical or
environmental conditions.WSN is composed of a large number of sensor nodes
formed by combining autonomous devices or nodes with routers and a gateway,
which has limited computation and communication. Sensor nodes rely on
wireless communication to deliver the sensed data to a remote base station.The
wireless sensor network is primarily proposed in domains as wired networks are
infrastructure missing and not suitable. Hundreds of nodes are needed to
achieve the assigned tasks for the purpose of military application.
Fig 1.1 Block diagram of Wireless Sensor Network
1.1 NEED FOR SECURITY IN WSN:
Today’s world, the Network security is important in every field such as
military, government and also in our daily lives. Network security is preferred
to protect the websites, domains or servers from various adversaries or attacks.
Page 2
2
Having the knowledge of the attacks that has been executed, we can better
protect ourselves. The architecture of the network is modified to prevent from
these attacks, many companies use firewall and various polices for network
security. Network security has a very vast field which was developed in stages
and as of today, still it is in evolutionary stage.
Security systems fall into two categories based on using key algorithms.
Secret-key algorithm
Public-key algorithm
1.1.1 SECRET-KEY ALGORITHM:
Symmetric (same) secret-key is used for both encryption and decryption.
The standards used for this algorithm is Data Encryption Standard (DES) and
Advanced Encryption Standard (AES).
1.1.2 PUBLIC-KEY ALGORITHM:
Asymmetric (different) keys are used for encryption and decryption.
RSA (Rivest, Shamir and Adleman) is a public key algorithm.
1.2 SECURING WIRELESS NETWORKS:
There are basically three ways to secure a wireless network.
Security by Obscurity
The Perimeter Defense
Defense in Depth
1.2.1 SECURITY BY OBSCURITY:
It follows Stealth approach. Its basic working principle is that if no one
knows the system exists then it won’t be attacked. The problem with this
Page 3
3
approach is that it won’t be a long term solution, and once the system is
detected, it will be completely vulnerable.
1.2.2 THE PERIMETER DEFENSE:
Organization hardens the network security by using tools such as hiding
the network behind a firewall, separating the network from an untrusted
network. This method does nothing to stop an attack from inside. Once the
perimeter system fails the inside system is completely left vulnerable.
1.2.3 DEFENSE IN DEPTH:
This is the best way to protect the system but also very difficult to
implement. In this each system is hardened and is monitored thus acting like an
island and it defends itself against the attacks. Even if one of the networks is
compromised it won’t affect the other networks. In this method internal
networks are less susceptible to be compromised. With this system it can also
detect hack attempts from the compromised systems.
1.3 SECURITY THREATS IN WSN:
Security and privacy issues become more important as wireless sensor
networks are usually used for several very critical applications. A WSN consists
of large number of tiny and resource-constrained sensor nodes, which are
spatially distributed and deployed to collect security-sensitive information in
uncontrollable environment. Sensor nodes rely on wireless communication to
deliver the sensed data to a base station at a remote distance. In a basic WSN
scenario, resource constraint, wireless communication, security-sensitive data,
uncontrollable environment, and distributed deployment are all vulnerabilities
that make WSNs to suffer from number of security threats. There are several
number of threats in different layer of network.
Physical Layer Threats
Page 4
4
Link Layer Threats
Network Layer Threats
Application Layer Threats
Fig. 1.2 Security in wireless sensor networks layers model
1.3.1 PHYSICAL LAYER THREATS:
In physical layer, there may be several threats to the wireless sensor
network, due to the non tamper-resistant WSN nodes and broadcasting nature of
wireless transmission. Security threats to WSN are always more, when
compared to traditional network.
The attacks in the physical layer include physical layer jamming and the
subversion of a node.
1.3.2 LINK LAYER THREATS:
The responsibility of data link layer is multiplexing of data streams, data
frame detection, Medium access, and error control. Types of attacks possible in
the data link layer are:
Data link layer jamming
Eavesdropping
Resource exhaustion and
Traffic analysis of WSN.
SECURITY
APPLICATION LAYER
TRANSPORT LAYER
NETWORK LAYER
LINK LAYER
PHYSICAL LAYER
Page 5
5
1.3.3 NETWORK LAYER THREATS:
Network layer threats mostly aim at disturbing data-centric and energy
efficient multihop routing. Types of attacks and threats possible in the network
layer include Spoofed, altered or replayed routing information, Selective
forwarding, Sinkhole, Sybil and flooding attack.
1.3.4 APPLICATION LAYER THREATS
Applications in the application layer of WSN mostly rely on
localization, time synchronization and in-network data processing to
collaboratively process data. Types of attacks and threat can be possible in the
network layer are Clock un-synchronization, False data - filtering, injection.
1.3.5 COUNTERMEASURES:
The threats in wireless network may violate the secrecy and
authentication or violate availability of the network or some other network
functionalities. Countermeasures to the threats in WSNs should fulfil the
certain following security requirements.
• Availability: The desired network services are available whenever required.
• Authentication : Communication from one node to another node is genuine.
• Confidentiality : Provides the privacy of the wireless communication
channels.
• Integrity : Ensures the message or the entity under consideration is
not altered.
• Non-reputation : It prevents malicious nodes to hide or deny their
activities.
• Freshness : Implies that the data is recent and ensures that no adversary can
replay old messages.
Page 6
6
• Survivability : It ensures the acceptable level of network services even in
the presence of node failures and malicious attacks.
• Self-security : Countermeasures may introduce additional hardware and
software infrastructures into the network, which must be secure enough to
withstand attacks.
Countermeasures should also fulfil appropriate performance requirements
according to the application.
1.4 Security Attacks:
Security attacks are generally classified into two types such as active
attack and passive attack. Active attack involves the modification of
information, interruption of information transmission and fabrication of
message such as Denial-of-service (DoS).Passive attack involves eavesdropping
on transmission and analyze the network traffic.
Fig 1.3 Classification of Security Attacks on WSN
Page 7
7
1.4.1 Denial of Service (DoS):
Denial of Service (DoS) is produced by the unintentional failure of
nodes or malicious action. This attack is a pervasive threat to most networks.
Sensor networks being very energy-sensitive and resource-limitation, they are
very vulnerable to DoS attacks.Wood and Stankovic explored various DoS
attacks that may happen in every network layers of sensor networks. The
simplest DoS attack tries to exhaust the resources available to the victim node,
by sending extra unnecessary packets and thus prevents legitimate network
users from accessing services or resources to which they are entitled.
Jamming
Collisions
Flooding
Data integrity attack
In wireless sensor networks, several types of DoS attacks in different
layers might be performed. At physical layer the DoS attacks could be jamming
and tampering, at link layer, collision, exhaustion, unfairness, at network layer,
neglect and greed, homing, misdirection, black holes and at transport layer this
attack could be performed by malicious flooding and de-synchronization.
1.4.2 Routing Attacks
Sybil attack:
Sybil attack is defined as a malicious device illegitimately taking on
multiple identities. In Sybil attack, an adversary can appear to be in multiple
places at the same time. In other words, a single node presents multiple
identities to other nodes in the sensor network either by fabricating or stealing
the identities of legitimate nodes.
Page 8
8
Fig.1.4 sybil attack
Figure 1.4 demonstrates Sybil attack where an adversary node ‘AD’ is
present with multiple identities. ‘AD’ appears as node ‘F’ for ‘A’, ‘C’ for ‘B’
and ‘A’ as to ‘D’ so when ‘A’ wants to communicate with ‘F’ it sends the
message to ‘AD’. Sybil attack is a harmful threat to sensor networks. It poses a
significant threat to geographic routing protocols, where location aware routing
requires nodes to exchange coordinate information with their neighbours to
efficiently route geographically addressed packets. The Sybil attack can disrupt
normal functioning of the sensor network, such as multipath routing, used to
explore the multiple disjoint paths between source-destination pairs. It can
significantly reduce the effectiveness of fault tolerant schemes such as
distributed storage, diversity and multipath.
Sinkhole (Blackhole) attack:
In sinkhole attacks, a malicious node acts as a blackhole to attract all the
traffic in the sensor network through a compromised node creating a
metaphorical sinkhole with the adversary at the centre. A compromised node is
placed at the centre, which looks attractive to surrounding nodes and lures
nearly all the traffic destined for a base station from the sensor nodes. Thus,
creating a metaphorical sinkhole with the adversary at the centre, from where it
can attract the most traffic, possibly closer to the base station so that the
Page 9
9
malicious could be perceived as a basestation. .
Fig 1.5 An example of Sinkhole (Blackhole) attack
Figure 1.5 demonstrates sinkhole attack where ‘SH’ is a sinkhole. This
sinkhole attracts traffic from nearly all the nodes to rout through it.
The main reason for the sensor networks susceptible to sinkhole attacks is
due to their specialized communication pattern. Sinkholes are difficult to defend
in protocols that use advertised information such as remaining energy or an
estimate of end-to-end reliability to construct a routing topology because this
information is hard to verify.
Hello flood attack:
Hello flood attack uses HELLO packets as a weapon to convince the
sensors in WSN. In this type of attack an attacker with a high radio transmission
range (termed as a laptop-class attacker) and processing power sends HELLO
packets to a number of sensor nodes which are dispersed in a large area within a
WSN. The sensors are thus persuaded that the adversary is their neighbour. This
assumption may be false. As a consequence, while sending the information to
the base station, the victim nodes try to go through the attacker as they know
that it is their neighbour and are ultimately spoofed by the attacker. A laptop-
class attacker with large transmission power could convince every node in the
network that the adversary is its neighbour, so that all the nodes will respond to
the HELLO message and waste their energy.
Page 10
10
Fig 1.6 helloflood attack
Figure 4 illustrates how an adversary node ‘AD’ broadcast hello packets
to convince nodes in the network as neighbour of ‘AD’. Though some node like
I,H,F are far away from ‘AD’ they think ‘AD’ as their neighbour and try to
forward packets through it which results in wastage of energy and data loss
In a HELLO flood attack, every node thinks that the attacker is within
one-hop radio communication range. If the attacker subsequently advertises
low-cost routes, nodes will attempt to forward their messages to the attacker.
Protocols which depend on localized information exchange between
neighbouring nodes for topology maintenance or flow control are also subject to
this attack. HELLO floods can also be thought of as one-way, broadcast
wormholes.
Wormhole attack:
Wormhole attack is a critical attack in which the attacker records the
packets (or bits) at one location in the network and tunnels those to another
location. In the wormhole attack, an adversary (malicious nodes) eavesdrop the
packet and can tunnel messages received in one part of the network over a low
latency link and retransmit them in a different part. This generates a false
scenario that the original sender is in the neighbourhood of the remote location.
Page 11
11
The tunneling procedure forms wormholes in a sensor network. The tunnelling
or retransmitting of bits could be done selectively.
Fig.1.7 warmhole attack
The above figure demonstrates Wormhole attack where ‘WH’ is an
adversary node which creates a tunnel between nodes ‘E’ and ‘I’. These two
nodes are present at most distance from each other.
The simplest case of this attack is to have a malicious node forwarding
data between two legitimate nodes. Wormholes often convince distant nodes
that they are neighbours, leading to quick exhaustion of their energy resources.
Wormholes are effective even if routing information is authenticated or
encrypted. wormhole can artificially provide a high quality route to the base
station, potentially all traffic in the surrounding area will be drawn through her
if alternate routes are significantly less attractive.
Wormhole attack is a significant threat to wireless sensor networks,
because this type of attack does not require compromising a sensor in the
network rather, it could be performed even at the initial phase when the sensors
start to discover the neighbouring information.
Page 12
12
CHAPTER 2
LITERATURE SURVEY
The following is the literature survey about the " Security Mechanisms
and Challenges in Wireless Networks".
1. "Network Security Attacks and its Defence”,Kartikey Agarwal, Dr.
Sanjay Kumar Dubey(2014), have proposed the trust management models
to improve the security level in wireless sensor networks and the
misbehaving nodes are detetcted neighbour nodes can trust information
to avoid cooperating with them.
2. Dr.G.Padmavathi(2009), has identified the purpose and capabilities of the
attackers and proposed a Survey of Attacks attempted to explore the
various security mechanisms widely used to handle the attacks which
occur in the wireless sensor networks to prevent and recover from the
security attacks.
3. Anazida Zainal, Raja Waseem Anwar, Majid Bakhtiari, Abdul Hanan
Abdullah and Kashif Naseer Qureshi (2014),compared with the WSN’s
physical attacks, their properties and their associated detection and
defensive techniques against these attacks to handle them independently.
4. Jaykumar Shantilal Patel, Dr. Vijaykumar M. Chadha (2014), have
proposed the public key management to ensure robust security in sensor
network environment. They suggested the model to preserve the
confidentiality and integrity of the exchanged information to verify the
authenticity. And it will ensure robust security in the whole network.
Page 13
13
CHAPTER 3
COMPARATIVE STUDY OF EXISTING METHOD
3.1 DIFFERENT FACETS OF SECURITY:
Authentication
Authorization
Integrity
Confidentiality or Privacy
Availability
Non-repudiation
Authentication validate authentic identity. Authorization access control.
Integrity protects the data from unauthorized change. Confidentiality keep
information private such that authorized users can understand it. Availability
outsider cannot block legitimate access. Non-repudiation supplies undeniable
evidence to prove the message transmission and network access.
3.2 DEFENCE AGAINST NETWORK ATTACKS
An inherent weakness in the system may be its design, configuration or
implementation which renders to a threat. But most of the vulnerabilities are not
because of faulty design but some may be caused due to disasters both natural
and made, or some may be caused by the same persons trying to protect the
system. Vulnerabilities are mostly caused due to poor design, poor
implementation, poor management, physical vulnerabilities, hardware and
software, interception of information and human vulnerabilities. Many of the
network attacks were easily prevented by the network admin monitoring his
network closely and applying the entire latest patch available from the vendor to
Page 14
14
his software. However, this cannot prevent most of the attacks, to prevent them,
the network requires configurations such as:
Configuration management
Firewalls
Encryption
Defense against DOS Attacks
Vulnerability testing
3.2 DEFENCE AGAINST NETWORK ATTACKS
3.2.1 CONFIGURATION MANAGEMENT:
It is important to have a descent firewall to protect the system. As a
network setup is completed all its default logins, Ids, address must be changed,
as all these information is available on the internet for anyone to view. Anyone
can use the default login to gain access to the network and it can make all the
network at risk. The machines inside the network must be running the running
up-to-date copies and the patches. The security patches must be installed as
soon as they are available, configuration files must not have any known security
holes, all the data is backed up in a secure manner, it allows us to deal with nine
out of the ten topmost attacks. Several tools are available which allows patches
to deployed simultaneously and keep things tight.
3.2.2 FIREWALLS
It is the most widely sold and available network security tool available in
the market. The wall which stands between the local network and the internet,
filters the traffic and prevents most of the network attacks. The three different
types of firewalls depending on filtering at the IP level exists are Packet level, at
the TCP or application level. Firewalls help to prevent unauthorized network
Page 15
15
traffic through an unsecured network to a private network. They notify the user
when an untrusted application is requested access to the internet and also create
a log of all the connections made to the system, very harmful in case of any
hacking attempts. Firewalls only works when they are correctly configured, if
someone makes a mistake while configuring the firewall, it may allow
unauthorized to enter or leave the system. It takes certain knowledge and
experience to correctly configure a firewall. If the firewall goes down, one
cannot connect to the network in a case of occurrence of DOS attack. Firewall
reduces the speed of network performance as it examines both incoming and
outgoing traffic. Firewall does not manage any internal traffic where most of the
attacks come from. Companies are under false assumptions, that by just using a
firewall they are safe, but the firewall can be easily be circumvented. The best
thing while configuring firewall is to deny anything that is not allowed.
3.2.3 ENCRYPTION
By using encryption methods, one can prevent hacker listening onto the
data because without the right key, it will just be garbage to him. Different
encryption method such as TTPS or SHTTP during the data transmission
between the client and user, will prevent Man in the middle attack (MIM), also
prevent any sniffing of data and thus eavesdropping. Using VPN will encrypt all
the data going through the network, it will improve the privacy of the user.
Encryption also has drawbacks as all the encrypted mail and web pages are
allowed through firewall they can also contain malware in them.
Encrypting data takes processing power from the CPU which in turn
reduces the speed at which data can be send, the stronger the encryption it takes
more time.
Page 16
16
3.2.4. DEFENSE AGAINST DOS ATTACKS
To prevent from DoS attack, many technologies have been developed.
They are intrusion detection systems (IDSs), firewalls and enhanced routers
which are used between the internet and servers. They monitor incoming as well
as outgoing connections and automatically take steps to protect network. They
have traffic analysis, access control, redundancy built into them. IDSs make a
log of both the incoming and outgoing connections. These logs can then be
compared to baseline traffic to detect potential Dos attacks. Firewalls can also
be used with the required configuration. Firewalls can also be used to allow or
deny certain packets, ports and IP addresses etc. They perform real time
evaluation of the traffic and take the necessary steps to prevent the attack.
Security measures can also be employed in routers as it can create another
defense line away from the target, so even if a DOS attack takes place it won’t
affect the internal network. Service providers also increase the service quality of
infrastructure
Fig. 3.1: Path Based DOS Attack in end-to-end Communication
Page 17
17
Whenever a server fails a backup server can take its place, this will make
DOS attack negligible. If the service providers are able to distribute the heavy
traffic of a DOS attack over a wide network quickly it can prevent DOS attacks,
but this method require computer and network resources and they can be costly
to provide on daily basis as a result.
3.2.5 VULNERABILITY TESTING
To prevent any attacks on the network, one must find any open
vulnerabilities in the network and close them, these may include open ports and
also faulty and outdated software with known vulnerabilities, outdated firewall
rules etc. Different tools are available which allows a user to test his own
network security and find vulnerabilities in a network. One method is using a
port scanner which can be used to probe a server and find any open ports. This
is used by many admins to verify policies of their servers and also can be used
by attackers on a network to find exploits. Nmap, SuperScan are some of the
tools which are available for free on the internet.
3.2 Figure Comparison of security Levels – ECC and RSA
Page 18
18
3.3 COMPARISON OF ECC AND RSA :
3.3.1 COMPARABLE KEY SIZES FOR EQUIVALENT SECURITY
TABLE 3.1
DSA and RSA key length comparisons
S.No.
Symmetric scheme
(key size in bits)
ECC-based scheme
(size of n in bits)
RSA/DSA
(modulus size in bits)
1.
56 112 512
2.
80
160
1024
3.
112
224
2048
4.
128
256
3072
5.
192
384
7680
6.
256
512
15360
3.4 COST &EASE OF DEPLOYMENT
Ease of deployment is the most important evaluation metrics
of wireless sensor network. For the successful deployments of the system, the
Page 19
19
WSN must configure itself. It must be possible for nodes to be placed
throughout the environment by an untrained person and have the system simply
work. Ideally, the system would automatically configure itself for any possible
physical node placement. The initial deployment and configuration is only the
first step in the network lifecycle. In the long term, the total cost of ownership
for a system may have more to do with the maintenance cost than the initial
deployment cost. It is necessary to go for hardware and software testing prior to
the deployment and also the sensor system must be constructed so that it is
capable of performing continual self-maintenance.
Page 20
20
CHAPTER 4
CONCLUSION
To deploy security in network is a complex feature in wireless sensor
network because due to the constraint nature of network. Even a small
unnoticed vulnerability in a network may lead to disastrous affect. For an
example if companies records may be leaked, customers data such as their
banking details and credit card information may be at risk, numerous software’s
such as intrusion detection will prevents these kind of attacks. Security schemes
are invented to counter malicious attacks. Most of the security attacks can be
easily prevented, by following many simply methods as outlined in this paper.
As new sophisticated attacks occur, it may lead to a key area for such attacks
researchers have to find new methods to prevent them.
Security is becoming a major concern for energy constrained wireless
sensor network because of the broad security-critical applications of WSNs.
Thus, security in WSNs has attracted a lot of attention in the recent years.The
salient features of WSNs make it very challenging to design strong security
protocols while still maintaining low overheads.We have introduced some
security issues,threats and attacks in WSNs and some of the solutions.
Most of the attacks in wireless sensor networks are caused by the
insertion of false information for defending the inclusion of false reports by
compromised nodes is required detecting mechanism. Developing such
detection mechanism is great research challenge. All of the previously
mentioned security threats such as the HELLO flood attack, wormhole attack,
sinkhole attack, Sybil attack serves one common purpose that is to compromise
the integrity of the network they attack. In the past focus has not been on the
security of WSNs. Security has become a major issue for data confidentiality as
the various threats are arising.
Page 21
21
REFERENCES
1. Guangjie Han, Jinfang Jiang, Lei Shuc, Jianwei Niud, Han-Chieh Chaoe
(2014),“Management and applications of trust in Wireless Sensor
Networks”, Journal of Computer and System Sciences pages 602–617s .
2. Kartikey Agarwal, Dr. Sanjay Kumar Dubey (2014), “Network Security:
Attacks and Defence”, International Journal of Advance Foundation and
Research in Science & Engineering (IJAFRSE) Volume 1, Issue 3.
3. Dr. G. Padmavathi (2009), “A Survey of Attacks, Security Mechanisms and
Challenges in Wireless Sensor Networks”, International Journal of Computer
Science and Information Security, Vol. 4, No. 1 & 2.
4. Anazida Zainal Raja Waseem Anwar, Majid Bakhtiari, Abdul Hanan
Abdullah and Kashif Naseer Qureshi (2014), “Security Issues and Attacks in
Wireless Sensor Network”, World Applied Sciences Journal 30 (10): pages
1224-1227.
5. Jaykumar Shantilal Patel, Dr. Vijaykumar M.Chavda (2014), “Security
Vulnerability and Robust Security Requirements using Key Management in
Sensor Network”, Vol.7, no.3, Pages 23-28.
6. Y. Zou, K. Chakrabarty,( 2003) "Sensor deployment and target localization
based on virtual forces",. IEEE Computer and Communications Societies.
IEEE, Vol 2,Pages: 1293 - 1303.
Page 22
22
PLAGIARISM RESULT