Security Threats in Wireless Sensor Networks: Implementation of Attacks & Defense Mechanisms

Publikation: Bog/antologi/afhandling/rapportPh.d.-afhandling

Abstract

Over the last few years, technological advances in the design of processors, memory, and radio communications have propelled an active interest in the area of distributed sensor networking, in which a number of independent, self-sustainable nodes collaborate to perform a large sensing task. Security and privacy are rapidly replacing performance as the first and foremost concern in many sensor networking scenarios. While security prevention is important, it cannot guarantee that attacks will not be launched and that, once launched, they will not be successful. Therefore, detection of malicious intrusions forms an important part of an integrated approach to network security.

In this work, we start by considering the problem of cooperative intrusion detection in WSNs and develop a lightweight ID system, called LIDeA, which follows an intelligent agent-based architecture. We show how such a system can be implemented, which components and interfaces are needed, and what is the resulting overhead imposed. We then expand this ID framework with algorithms that incorporate both classes of intrusion detection techniques, i.e., misuse detection and anomaly detection. We investigate in depth some of the most severe routing attacks against sensor networks, namely the sinkhole and wormhole attacks, and we emphasize on strategies that an attacker can follow to successfully launch them. Then we propose novel localized countermeasures that can make legitimate nodes become aware of the threat, while the attack is still taking place. Detailed theoretical analysis and simulation results confirm that the proposed algorithms can always thwart these kinds of attacks. Also, by providing an implementation on real sensor devices, we demonstrate their practicality and efficiency in terms of memory requirements and processing overhead.

However, one of the reasons that the research of intrusion detection has not advanced significantly is that the concept of intrusion is not clear in these networks. Little work has been done to demonstrate how vulnerable, in terms of data confidentiality and network availability, sensor networks are. Motivated by this unexplored security aspect, we investigate a new set of memory related vulnerabilities for sensor embedded devices that, if exploited, can lead to the execution of software-based attacks. We demonstrate how to execute malware on wireless sensor nodes that are based on the Von Neumann architecture. Then we proceed to show how the malware can be crafted to become a self-replicating worm that broadcasts itself and infects the network in a hop-by-hop manner. While such attacks are extremely dangerous, there has been very little research in this area. This new threat model sets the scene for the development of sophisticated attack tools (SenSys and SpySense) capable of launching various kinds of attacks for compromising the network's functionality. They can be useful not only in revealing all the weaknesses that make sensor networks susceptible to various kinds of threats but also in studying the effects of such exploits on the network itself.
Luk

Detaljer

Over the last few years, technological advances in the design of processors, memory, and radio communications have propelled an active interest in the area of distributed sensor networking, in which a number of independent, self-sustainable nodes collaborate to perform a large sensing task. Security and privacy are rapidly replacing performance as the first and foremost concern in many sensor networking scenarios. While security prevention is important, it cannot guarantee that attacks will not be launched and that, once launched, they will not be successful. Therefore, detection of malicious intrusions forms an important part of an integrated approach to network security.

In this work, we start by considering the problem of cooperative intrusion detection in WSNs and develop a lightweight ID system, called LIDeA, which follows an intelligent agent-based architecture. We show how such a system can be implemented, which components and interfaces are needed, and what is the resulting overhead imposed. We then expand this ID framework with algorithms that incorporate both classes of intrusion detection techniques, i.e., misuse detection and anomaly detection. We investigate in depth some of the most severe routing attacks against sensor networks, namely the sinkhole and wormhole attacks, and we emphasize on strategies that an attacker can follow to successfully launch them. Then we propose novel localized countermeasures that can make legitimate nodes become aware of the threat, while the attack is still taking place. Detailed theoretical analysis and simulation results confirm that the proposed algorithms can always thwart these kinds of attacks. Also, by providing an implementation on real sensor devices, we demonstrate their practicality and efficiency in terms of memory requirements and processing overhead.

However, one of the reasons that the research of intrusion detection has not advanced significantly is that the concept of intrusion is not clear in these networks. Little work has been done to demonstrate how vulnerable, in terms of data confidentiality and network availability, sensor networks are. Motivated by this unexplored security aspect, we investigate a new set of memory related vulnerabilities for sensor embedded devices that, if exploited, can lead to the execution of software-based attacks. We demonstrate how to execute malware on wireless sensor nodes that are based on the Von Neumann architecture. Then we proceed to show how the malware can be crafted to become a self-replicating worm that broadcasts itself and infects the network in a hop-by-hop manner. While such attacks are extremely dangerous, there has been very little research in this area. This new threat model sets the scene for the development of sophisticated attack tools (SenSys and SpySense) capable of launching various kinds of attacks for compromising the network's functionality. They can be useful not only in revealing all the weaknesses that make sensor networks susceptible to various kinds of threats but also in studying the effects of such exploits on the network itself.
OriginalsprogEngelsk
Antal sider207
StatusUdgivet - 10 nov. 2011
PublikationsartForskning

Download-statistik

Ingen data tilgængelig
ID: 57870672