security protocols in sensor networks. introduction –security in sensor networks is important to...
TRANSCRIPT
Security Protocols
In Sensor Networks
Introduction
– Security in sensor networks is important to prevent unauthorized users Security in sensor networks is important to prevent unauthorized users
from eavesdropping, obstructing and tampering with sensor data, and from eavesdropping, obstructing and tampering with sensor data, and
launching denial-of-service (DOS) attacks against entire networklaunching denial-of-service (DOS) attacks against entire network
– The challenges of designing and implementing of a secure routing in The challenges of designing and implementing of a secure routing in
WSN are as follows:WSN are as follows:
1.1. The vulnerability of the network to eavesdropping, spoofing, The vulnerability of the network to eavesdropping, spoofing,
unauthorized access, and DOS attacks increases due to the unauthorized access, and DOS attacks increases due to the
wireless communication among the sensor nodeswireless communication among the sensor nodes
2.2. The limited resource constraints of the sensor nodes, such as The limited resource constraints of the sensor nodes, such as
memory, CPU, bandwidth, and battery life, hinders the degree of memory, CPU, bandwidth, and battery life, hinders the degree of
implementation of encryption, decryption and authentication implementation of encryption, decryption and authentication
mechanisms in individual sensor nodesmechanisms in individual sensor nodes
A Performance Evaluation of Intrusion-Tolerant Routing in Wireless Sensor Networks [Deng+ 2003]
Introduction
3.3. Physical security risk of being deployed in the field – individual Physical security risk of being deployed in the field – individual
sensor nodes can be obtained and face attacks from an sensor nodes can be obtained and face attacks from an
unauthorized user in order to compromise a single sensor node. unauthorized user in order to compromise a single sensor node.
If attack is successful, a compromised sensor node can start If attack is successful, a compromised sensor node can start
malicious activities within the network such as false routing malicious activities within the network such as false routing
information and launching DOS attacks information and launching DOS attacks
– The secure routing protocol should handle such attacks such that The secure routing protocol should handle such attacks such that
networks continues to function properlynetworks continues to function properly
– Since this paper assumes that base station has more resources to defend Since this paper assumes that base station has more resources to defend
against these kinds of attacks; therefore, it investigates on how to secure against these kinds of attacks; therefore, it investigates on how to secure
the system against attacks on the resource-poor sensor nodesthe system against attacks on the resource-poor sensor nodes
A Performance Evaluation of Intrusion-Tolerant Routing in Wireless Sensor Networks [Deng+ 2003]
Introduction
– This paper evaluates the performance of This paper evaluates the performance of INSENSINSENS, an , an ININtrusion-tolerant trusion-tolerant
routing protocol for wireless routing protocol for wireless SESEnsor nsor NNetworketworkSS
– More specifically, it evaluates implementations on the motes of the RC5 More specifically, it evaluates implementations on the motes of the RC5
and AES encryption standards:and AES encryption standards:
RC5-based scheme to generate message authentication codes RC5-based scheme to generate message authentication codes
(MACs) and(MACs) and
RC5-based generation of one-way sequence numbersRC5-based generation of one-way sequence numbers
– The proposed secure routing protocol is resilient to obstruction of the The proposed secure routing protocol is resilient to obstruction of the
data delivery, develops end-to-end integrity checksums and data delivery, develops end-to-end integrity checksums and
authentication schemes to detect tampering with sensor dataauthentication schemes to detect tampering with sensor data
A Performance Evaluation of Intrusion-Tolerant Routing in Wireless Sensor Networks [Deng+ 2003]
Introduction
– INSENS has the property that a single compromised node can only INSENS has the property that a single compromised node can only
disrupt a localized section of the network and is not enough to stop the disrupt a localized section of the network and is not enough to stop the
entire network from functioningentire network from functioning
– The INSENS system adheres to the following design principles:The INSENS system adheres to the following design principles:
1.1. The individual nodes are not allowed broadcast to the entire network in The individual nodes are not allowed broadcast to the entire network in
order to prevent DOS flooding attacks – only base station can broadcast order to prevent DOS flooding attacks – only base station can broadcast
and it is considered as a gateway to the wired network. The base station and it is considered as a gateway to the wired network. The base station
is loosely authenticated via one-way sequence number such that nodes is loosely authenticated via one-way sequence number such that nodes
cannot spoof the base station and flood the network. Sensor nodes can cannot spoof the base station and flood the network. Sensor nodes can
unicast a packet only to the base station. Peer-to-peer sensor unicast a packet only to the base station. Peer-to-peer sensor
communication is not directly supported; however, tunneling through the communication is not directly supported; however, tunneling through the
base station allows indirect sensor-to-sensor communication base station allows indirect sensor-to-sensor communication
A Performance Evaluation of Intrusion-Tolerant Routing in Wireless Sensor Networks [Deng+ 2003]
Introduction
2.2. Control routing information needs to be authenticated to prevent false Control routing information needs to be authenticated to prevent false
routing data advertisements. This way, the base station receives routing data advertisements. This way, the base station receives
correct knowledge of the topology even if it may not represent the full correct knowledge of the topology even if it may not represent the full
view due to malicious packet droppingview due to malicious packet dropping
3.3. To address resource constraints:To address resource constraints:
Symmetric key cryptography is chosen for confidentiality and Symmetric key cryptography is chosen for confidentiality and
authentication between a base station and a sensor node instead of authentication between a base station and a sensor node instead of
computation intensive public key cryptography techniquescomputation intensive public key cryptography techniques
Base station is in charge for computation and dissemination of the Base station is in charge for computation and dissemination of the
routing tablesrouting tables
4.4. The redundant multipath routing is built into INSENS to achieve secure The redundant multipath routing is built into INSENS to achieve secure
routing. The goal is to have disjoint paths such that even if the intruder routing. The goal is to have disjoint paths such that even if the intruder
compromises a node or a path, secondary paths will function correctlycompromises a node or a path, secondary paths will function correctly
A Performance Evaluation of Intrusion-Tolerant Routing in Wireless Sensor Networks [Deng+ 2003]
Introduction
A Performance Evaluation of Intrusion-Tolerant Routing in Wireless Sensor Networks [Deng+ 2003]
Figure 1: Sample asymmetric WSN topology rooted at the base station. Figure 1: Sample asymmetric WSN topology rooted at the base station. Triangle node is a malicious node. Black nodes are its downstream nodes. Intrusion-tolerant routing Triangle node is a malicious node. Black nodes are its downstream nodes. Intrusion-tolerant routing
is assisted by multiple paths; downstream nodes can still communicate with the base station is assisted by multiple paths; downstream nodes can still communicate with the base station
Protocol Description
– The INSENS is comprised of The INSENS is comprised of a route discoverya route discovery phase phase and data and data
forwardingforwarding phase phase
– The The route discoveryroute discovery phase builds appropriate forwarding tables at some phase builds appropriate forwarding tables at some
nodes and it is divided into three roundsnodes and it is divided into three rounds
1.1. Route request:Route request: The base station floods a The base station floods a request messagerequest message to all reachable to all reachable
sensor nodessensor nodes
2.2. Route feedback:Route feedback: Each sensor node sends its neighborhood topology Each sensor node sends its neighborhood topology
information back to the base station using a information back to the base station using a feedback messagefeedback message
3.3. Computing and propagating multipath routing tables:Computing and propagating multipath routing tables: The base station The base station
authenticates the neighborhood information, builds a topological view of the authenticates the neighborhood information, builds a topological view of the
network, computes the forwarding tables for each sensor node, and sends network, computes the forwarding tables for each sensor node, and sends
the tables to the appropriate nodes using a routing the tables to the appropriate nodes using a routing update messageupdate message
A Performance Evaluation of Intrusion-Tolerant Routing in Wireless Sensor Networks [Deng+ 2003]
Protocol Description
– The The data forwardingdata forwarding phase forwards data from each sensor node to and phase forwards data from each sensor node to and
from the base stationfrom the base station
– A symmetric communication channel is assumed A symmetric communication channel is assumed
– Each node has a shared symmetric key with base station and has a Each node has a shared symmetric key with base station and has a
globally known one-way function globally known one-way function FF and initial sequence number and initial sequence number KK00
– FF and and KK00 are used to authenticate messages from the base station are used to authenticate messages from the base station
– The shared symmetric key, The shared symmetric key, FF and and KK00 are distributed in advance – are distributed in advance –
preprogrammed into each sensor node prior to deploymentpreprogrammed into each sensor node prior to deployment
A Performance Evaluation of Intrusion-Tolerant Routing in Wireless Sensor Networks [Deng+ 2003]
Advantages:Advantages:
– Builds a secure routing protocol, rather than placing security layer on top of Builds a secure routing protocol, rather than placing security layer on top of
existing routing protocolsexisting routing protocols
– INSENS prevents DoS-style attacks by not allowing individual nodes to INSENS prevents DoS-style attacks by not allowing individual nodes to
broadcast to the entire networkbroadcast to the entire network
– The resource rich base station is chosen as the central point for The resource rich base station is chosen as the central point for
computation rather than resource-poor network nodescomputation rather than resource-poor network nodes
– Redundant multipath routing is used to achieve secure routingRedundant multipath routing is used to achieve secure routing
– The one-way cryptographic hash function used to generate the sequence The one-way cryptographic hash function used to generate the sequence
helps hiding attacker from guessing the next sequence number to spoof helps hiding attacker from guessing the next sequence number to spoof
the networkthe network
– It is not constrained by time synchronization or delayed release scheduleIt is not constrained by time synchronization or delayed release schedule
A Transmission Control Scheme for Media Access in Sensor Networks [Woo+, 2003]
Disadvantages:Disadvantages:
– Base stations are given too much responsibility and thus the prime target Base stations are given too much responsibility and thus the prime target
for hackers to bring the entire network downfor hackers to bring the entire network down
– If an alternate path is not available, then the network is susceptible to If an alternate path is not available, then the network is susceptible to
partitioning under attackpartitioning under attack
– No mentioning about the advantages of building a bottom up secure No mentioning about the advantages of building a bottom up secure
routing protocol (i.e. no numerical comparison of the proposed approach routing protocol (i.e. no numerical comparison of the proposed approach
with other approaches)with other approaches)
A Transmission Control Scheme for Media Access in Sensor Networks [Woo+, 2003]
A Transmission Control Scheme for Media Access in Sensor Networks [Woo+, 2003]
Suggestions/Improvements/Future Work:Suggestions/Improvements/Future Work:
– For multipath routing table dissemination, meshed multipath routing For multipath routing table dissemination, meshed multipath routing
algorithm can be usedalgorithm can be used
– Further route failure detection via flow monitoring and overlay routing for Further route failure detection via flow monitoring and overlay routing for
route reconfiguration canroute reconfiguration can be added to ensure fault tolerance in WSNbe added to ensure fault tolerance in WSN
– Better algorithm to find disjoint multi paths with minimum number of Better algorithm to find disjoint multi paths with minimum number of
common nodes between node and base stationcommon nodes between node and base station
Introduction
– It is very difficult to incorporate security mechanisms into sensor routing It is very difficult to incorporate security mechanisms into sensor routing
protocols after the design has completedprotocols after the design has completed
– Therefore, sensor network routing protocols must be designed with Therefore, sensor network routing protocols must be designed with
security considerations and this is the only effective solution for secure security considerations and this is the only effective solution for secure
routing in sensor networksrouting in sensor networks
– The main contributions of this paper are as follows:The main contributions of this paper are as follows:
1.1. Proposed threat models and security goals for secure routing in Proposed threat models and security goals for secure routing in
wireless sensor networkswireless sensor networks
2.2. Introduced two novel classes of previously undocumented attacks Introduced two novel classes of previously undocumented attacks
against sensor networks: sinkhole attacks and HELLO floodsagainst sensor networks: sinkhole attacks and HELLO floods
3.3. It is shown how attacks against ad hoc and peer-to-peer networks can It is shown how attacks against ad hoc and peer-to-peer networks can
be adapted into powerful attacks against sensor networksbe adapted into powerful attacks against sensor networks
Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures [Karlof+ 2003]
Introduction
4.4. Presented the first detailed security analysis of all the major routing Presented the first detailed security analysis of all the major routing
protocols and energy conserving topology maintenance algorithms for protocols and energy conserving topology maintenance algorithms for
sensor networks – described practical attacks against all of them that sensor networks – described practical attacks against all of them that
would defeat any reasonable security goalswould defeat any reasonable security goals
5.5. Discussed countermeasures and design considerations for secure Discussed countermeasures and design considerations for secure
routing protocols in sensor networksrouting protocols in sensor networks
Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures [Karlof+ 2003]
Introduction
Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures [Karlof+ 2003]
Figure 2: Sensor network legendFigure 2: Sensor network legend
All nodes may use low power radio links, but only All nodes may use low power radio links, but only laptop-class adversaries and base stations can use low laptop-class adversaries and base stations can use low
latency, high bandwidth links latency, high bandwidth links
Figure 3: A representative sensor network Figure 3: A representative sensor network architecturearchitecture
Problem Statement:
A. Network Assumptions
– Due to wireless communications, the radio links are insecureDue to wireless communications, the radio links are insecure
– Attackers can eavesdrop on radio transmissions, inject bits in the Attackers can eavesdrop on radio transmissions, inject bits in the
channel, and replay previously heard messageschannel, and replay previously heard messages
– It is assumed that the adversary can deploy few malicious nodes with It is assumed that the adversary can deploy few malicious nodes with
similar hardware capabilities as the legitimate nodessimilar hardware capabilities as the legitimate nodes
– It is not assumed that sensor nodes are tamper resistantIt is not assumed that sensor nodes are tamper resistant
– Even though tamper resistance might be a defense for physical node Even though tamper resistance might be a defense for physical node
compromise, this is not considered a general purpose solution since compromise, this is not considered a general purpose solution since
effective temper resistance can add significant per-unit cost, and sensor effective temper resistance can add significant per-unit cost, and sensor
nodes are generally inexpensivenodes are generally inexpensive
Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures [Karlof+ 2003]
Problem Statement:
B. Trust Requirements
– Base stations are assumed to be Base stations are assumed to be trustworthytrustworthy to behave correctly since to behave correctly since
they act as gateway nodes to the outside worldthey act as gateway nodes to the outside world
– Aggregation points which are often regular nodes are trusted in certain Aggregation points which are often regular nodes are trusted in certain
protocols to accurately combine other messages to forward to base protocols to accurately combine other messages to forward to base
stationsstations
– It is possible that adversaries may deploy malicious aggregation points It is possible that adversaries may deploy malicious aggregation points
or turn malicious nodes into aggregation points; therefore, aggregation or turn malicious nodes into aggregation points; therefore, aggregation
points may not be trustworthypoints may not be trustworthy
Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures [Karlof+ 2003]
Problem Statement:
C. Threat Models
– There is a difference between There is a difference between mote-classmote-class and and laptop-classlaptop-class attackers attackers
– In mote-class attackers, the attacker has access to a few sensor nodes In mote-class attackers, the attacker has access to a few sensor nodes
with similar capabilities to motes, but nothing morewith similar capabilities to motes, but nothing more
– A laptop-class attacker may have access to more powerful devices in A laptop-class attacker may have access to more powerful devices in
which case, malicious nodes have advantages over legitimate nodes – which case, malicious nodes have advantages over legitimate nodes –
may jam the entire network using stronger transmitter, eavesdrop on an may jam the entire network using stronger transmitter, eavesdrop on an
entire network, may have high bandwidth low-latency channelentire network, may have high bandwidth low-latency channel
– Second distinction can be made between Second distinction can be made between outsideroutsider and and insiderinsider attacks attacks
– The discussion so far has been related to the outsider attacks, where the The discussion so far has been related to the outsider attacks, where the
attacker has no special access to the networkattacker has no special access to the network
Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures [Karlof+ 2003]
Problem Statement:
C. Threat Models
– Insider attacks may occur either when an authorized participant in the Insider attacks may occur either when an authorized participant in the
network has been compromised, running malicious code or adversaries network has been compromised, running malicious code or adversaries
who have stolen the key material, code, and data from legitimate nodeswho have stolen the key material, code, and data from legitimate nodes
D. Security Goals
– Ideally, a secure routing protocol should guarantee the integrity, Ideally, a secure routing protocol should guarantee the integrity,
authenticity, and availability of messages in the presence of adversariesauthenticity, and availability of messages in the presence of adversaries
– Protection against eavesdropping is not an explicit goal for secure routingProtection against eavesdropping is not an explicit goal for secure routing
– Routing protocol should prevent eavesdropping caused by misuse of Routing protocol should prevent eavesdropping caused by misuse of
abuse of the protocol itself, for instance, eavesdropping achieved by the abuse of the protocol itself, for instance, eavesdropping achieved by the
cloning or rerouting of a data flow should be preventedcloning or rerouting of a data flow should be prevented
Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures [Karlof+ 2003]
Problem Statement:
D. Security Goals
– Protection against the replay of data packets is not the responsibility of Protection against the replay of data packets is not the responsibility of
the secure routing protocol, rather application layer can provide such the secure routing protocol, rather application layer can provide such
service since only the application can fully and accurately detect the service since only the application can fully and accurately detect the
replay of data packetsreplay of data packets
– In the case of insider laptop-class attacks, all of these goals are not fully In the case of insider laptop-class attacks, all of these goals are not fully
attainableattainable
– Instead of complete compromise of the network, it is expected to have Instead of complete compromise of the network, it is expected to have
graceful degradationgraceful degradation at best at best
– The degradation should be no faster than a rate approximately The degradation should be no faster than a rate approximately
proportional to the ratio of compromised nodes to total nodes proportional to the ratio of compromised nodes to total nodes
Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures [Karlof+ 2003]
Attacks on Sensor Network Routing
A. Spoofed, altered, or replayed routing information
– This is the most direct attack against a routing protocolThis is the most direct attack against a routing protocol
– Adversaries may be able to create routing loops, attract or repel network Adversaries may be able to create routing loops, attract or repel network
traffic, extend or shorten source routes, generate false error messages, traffic, extend or shorten source routes, generate false error messages,
partition the network, increase end-to-end delay latencypartition the network, increase end-to-end delay latency
B. Selective Forwarding
– Malicious nodes may refuse to forward certain messages, drop them, Malicious nodes may refuse to forward certain messages, drop them,
ensuring that they are not propagated any furtherensuring that they are not propagated any further
– In order not get noticed by the neighboring nodes by not forwarding the In order not get noticed by the neighboring nodes by not forwarding the
packets, the adversary may selectively forwards the packets packets, the adversary may selectively forwards the packets
Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures [Karlof+ 2003]
Attacks on Sensor Network Routing
B. Selective Forwarding
– It is most effective when the attacker is explicitly included on the path It is most effective when the attacker is explicitly included on the path
of a data flow of a data flow
– An adversary overhearing a flow passing through neighboring nodes An adversary overhearing a flow passing through neighboring nodes
might be able to emulate selective forwarding by jamming or causing a might be able to emulate selective forwarding by jamming or causing a
collision on each forwarded packet of interestcollision on each forwarded packet of interest
C. Sinkhole Attacks
– Adversary tries to lure all the traffic from a particular area through a Adversary tries to lure all the traffic from a particular area through a
compromised node, creating a metaphorical sinkhole with the adversary compromised node, creating a metaphorical sinkhole with the adversary
at the centerat the center
Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures [Karlof+ 2003]
Attacks on Sensor Network Routing
C. Sinkhole Attacks
– Typically works by making a compromised node look attractive to Typically works by making a compromised node look attractive to
surrounding nodes with respect to the routing algorithmsurrounding nodes with respect to the routing algorithm
– The adversary could spoof or replay an advertisement for high quality The adversary could spoof or replay an advertisement for high quality
route to a base stationroute to a base station
– Due to either real or imagine high quality route through compromised Due to either real or imagine high quality route through compromised
node, each neighboring node of the adversary will forward packets node, each neighboring node of the adversary will forward packets
destined for a base station through the adversarydestined for a base station through the adversary
– Since all packets share the same destination (the only base station), a Since all packets share the same destination (the only base station), a
compromised node needs only to provide a single high quality route to compromised node needs only to provide a single high quality route to
the base station to influence a large number of nodesthe base station to influence a large number of nodes
Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures [Karlof+ 2003]
Attacks on Sensor Network Routing
D. The Sybil Attack
– A single node presents multiple identities to other nodes in the networkA single node presents multiple identities to other nodes in the network
– This type of attack can reduce the effectiveness of fault-tolerant schemes This type of attack can reduce the effectiveness of fault-tolerant schemes
and pose a threat to geographic routing protocolsand pose a threat to geographic routing protocols
– Adversary can be in more than one place at once by using this attackAdversary can be in more than one place at once by using this attack
E. Wormholes
– An adversary tunnels messages received one part of the network over a An adversary tunnels messages received one part of the network over a
low latency link and replays them in a different partlow latency link and replays them in a different part
– Wormhole attacks generally involve two distant malicious nodes colluding Wormhole attacks generally involve two distant malicious nodes colluding
to understand their distance from each other by relaying packets along an to understand their distance from each other by relaying packets along an
out-of-bound channel available only to the attackerout-of-bound channel available only to the attacker
Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures [Karlof+ 2003]
Attacks on Sensor Network Routing
E. Wormholes
– An adversary can convince nodes who are multiple hops away from the An adversary can convince nodes who are multiple hops away from the
base station to believe that they are only one or two hops away via the base station to believe that they are only one or two hops away via the
wormhole – this creates a sinkholewormhole – this creates a sinkhole
– Wormholes can be used to convince two distant nodes that they are Wormholes can be used to convince two distant nodes that they are
neighbors by relaying packets between the two of themneighbors by relaying packets between the two of them
– This attacks can be combined with selective forwarding or eavesdroppingThis attacks can be combined with selective forwarding or eavesdropping
F. HELLO Flood Attack
– A laptop-class attacker broadcasting routing or other information with A laptop-class attacker broadcasting routing or other information with
large enough transmission power could convince every node in the large enough transmission power could convince every node in the
network that the adversary is its neighbornetwork that the adversary is its neighbor
Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures [Karlof+ 2003]
Attacks on Sensor Network Routing
F. HELLO Flood Attack
– An adversary advertising a high quality route to the base station to every An adversary advertising a high quality route to the base station to every
node in the network can cause large number of nodes to use this route, node in the network can cause large number of nodes to use this route,
leaving the network in the state of confusionleaving the network in the state of confusion
– An adversary can re-broadcast overhead packets with enough power to An adversary can re-broadcast overhead packets with enough power to
be received by every nodebe received by every node
– HELLO floods can be considered as one-way broadcast wormholes and HELLO floods can be considered as one-way broadcast wormholes and
uses a single hop broadcast to transmit a message to a large number of uses a single hop broadcast to transmit a message to a large number of
nodes unlike the traditional definition of flooding denoting epidemic-like nodes unlike the traditional definition of flooding denoting epidemic-like
propagation of a message to every node in the networkpropagation of a message to every node in the network
Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures [Karlof+ 2003]
Attacks on Sensor Network Routing
G. Acknowledgement Spoofing
– An adversary can spoof link layer acknowledgements for An adversary can spoof link layer acknowledgements for overheadoverhead
packets addressed to the neighboring nodespackets addressed to the neighboring nodes
– A sender can be convinced that a weak link is strong or a dead node is A sender can be convinced that a weak link is strong or a dead node is
alive since packets sent along weak or dead links are lostalive since packets sent along weak or dead links are lost
– An adversary can mount a selective forwarding attack using An adversary can mount a selective forwarding attack using
acknowledgment spoofing by encouraging the target node to transmit acknowledgment spoofing by encouraging the target node to transmit
packets on those weak linkspackets on those weak links
Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures [Karlof+ 2003]
Advantages:Advantages:
– The authors outline a number of attacks that are possible on a sensor The authors outline a number of attacks that are possible on a sensor
network. They introduce two new kinds of attacks that are specific to network. They introduce two new kinds of attacks that are specific to
sensor networkssensor networks
– The authors present the drawbacks of the existing protocols to overcome The authors present the drawbacks of the existing protocols to overcome
these threats these threats
– It is reported that the majority of outsider attacks against sensor network It is reported that the majority of outsider attacks against sensor network
routing protocols can be prevented by simple link layer encryption and routing protocols can be prevented by simple link layer encryption and
authentication using globally shared keyauthentication using globally shared key
– The analysis of various possible attacks on WSN give insight into the sorts The analysis of various possible attacks on WSN give insight into the sorts
of countermeasures required for security in WSNof countermeasures required for security in WSN
Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures [Karlof+ 2003]
Disadvantages:Disadvantages:
– Energy requirements and overheads of implementing the countermeasures Energy requirements and overheads of implementing the countermeasures
are not presentedare not presented
– The authors have not simulated or provided any platform to show that the The authors have not simulated or provided any platform to show that the
countermeasure actually workscountermeasure actually works
– The use of geographical information for security carries heavy overheadThe use of geographical information for security carries heavy overhead
Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures [Karlof+ 2003]
Suggestions/Improvements/Future Work:Suggestions/Improvements/Future Work:
– Multipath routing to multiple destination base stations can be as a strategy Multipath routing to multiple destination base stations can be as a strategy
to provide tolerance against individual base station attacks and/or to provide tolerance against individual base station attacks and/or
compromisecompromise
– Relocation of the base station in the network topology can be studied as a Relocation of the base station in the network topology can be studied as a
means of enhancing resiliency and mitigating the scope of damagemeans of enhancing resiliency and mitigating the scope of damage
– Develop application specific security schemes and counter measures for Develop application specific security schemes and counter measures for
given attacksgiven attacks
Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures [Karlof+ 2003]
[Deng+ 2003] J. Deng, R. Han, and S. Mishra, A Performance Evaluation of Intrusion-Tolerant Routing in Wireless Sensor Networks, Proceedings of IPSN 2003.
[Karlof+ 2003] C. Karlof and D. Wagner, Secure Routing in Sensor Networks: Attacks and Countermeasures, Proceedings of SNPA 2003.
[Perrig+ 2001] A. Perrig, R. Szewczyk, V. Wen, D. Culler, and J. Tygar , SPINS: Security Suite for Sensor Networks, MobiCom 2001, Rome, Italy, pp. 189-199.
References