Name – Tanvir Ahmed Onif

Id - 3687
Batch – 54D

Security in wireless sensor networks

Introduction:
Due to significant advances in wireless and mobile communication techniques and
the broad development of potential applications, Wireless Sensor Networks
(WSNs) have attracted great attention in recent years. Nevertheless, WSNs are
formed dynamically by a number of power-limited sensor nodes and the manager
node with long-lasting power. WSNs are self-organized and autonomous systems
consisting of common sensors, manager nodes and back-end data center. Firstly,
the common sensors are responsible for transmitting the real-time sensor data of
specific monitoring environment to the intermediate collection nodes called
manager node. Finally, the back-end data center will receive the sensed data from
manager nodes to do further process and analysis. Undoubtedly, all communication
between nodes are through the wireless transmission techniques. Furthermore, due
to the property of self-organized, without support from the fixed infrastructure and
the topology of wireless sensor network changes dynamically, therefore,
broadcasting is the general way for communications in WSNs.

Wireless sensor network has been widely used in practical applications, such as
monitoring of forest fire, detection of military purpose, medical or science areas
and even in our home life. However, WSNs are easily compromised by attackers
due to wireless communications use a broadcast transmission medium and their
lack of tamper resistance. Therefore, an attacker can eavesdrop on all traffic, inject
malicious packets, replay older messages, or compromise a sensor node. Generally,
sensor nodes are most worried about two major security issues, which are privacy
preserving and node authentication. Privacy means the data confidentiality is
achieved under security mechanism, and hence it allows network communications
between sensor nodes and the manager station to proceed securely. In addition, a
well-structured authentication mechanism can ensure that no unauthorized node is
able to fraudulently participate and get sensitive information from WSNs. As a
result, several schemes have been proposed to secure communications in WSNs. In
this chapter, we classify them into three classifications based on the cryptographic
techniques: symmetric keys, asymmetric keys and one-way hashing functions.

The rest of this chapter is organized as follows: In Section 2, we introduce the

characteristics and consideration of WSNs. In Section 3, we review some security
threats and requirements in WSNs. Section 4 is for the security countermeasure
schemes and its classification. Finally, we conclude some future works for the
secure networking in WSNs.

Wireless Sensor Network

Compared with the traditional communication networks, some characteristics and
considerations for wireless sensor networks are discussed and addressed in the
design of WSNs. A wireless sensor network is a group of specialized transducers
with a communications infrastructure for monitoring and recording conditions at
diverse locations. Commonly monitored parameters are temperature, humidity,
pressure, wind direction and speed, illumination intensity, vibration intensity,
sound intensity, power-line voltage, chemical concentrations, pollutant levels and
vital body functions.

A sensor network consists of multiple detection stations called sensor nodes, each
of which is small, lightweight and portable. Every sensor node is equipped with a
transducer, microcomputer, transceiver and power source. The transducer
generates electrical signals based on sensed physical effects and phenomena. The
microcomputer processes and stores the sensor output. The transceiver receives
commands from a central computer and transmits data to that computer. The power
for each sensor node is derived from a battery.

A WSN consists of spatially distributed sensors, and one or more sink nodes (also
called base stations). Sensors monitor, in real-time, physical conditions, such as
temperature, vibration, or motion, and produce sensory data. A sensor node could
behave both as data originator and data router. A sink, on the other hand, collects
data from sensors. For example, in an event monitoring application, sensors are
required to send data to the sink(s) when they detect the occurrence of events of
interest. The sink may communicate with the end-user via direct connections, the
Internet, satellite, or any type of wireless links. 

Characteristics of WSN
 Non-centralized architecture: In WSNs, the status of every node is
identical and no one is responsible for providing normal services. It is lack
of a central administration and every node can join or disjoin the network
any time. Besides, it does not affect the whole sensor network if some node
failed and is reliable for applications with high stable requirement.
 Self-organized: Because WSNs are characterized as infrastructure-less
networks and lack of fixed infrastructure. Thus, the sensor network is fully
constructed by themselves when it is begin working with some pre-defined
layering protocols and distributed algorithms. Once sensor networks are
constructed completely, the sensor data would be collect and send to back-
end system for further processing through the networks they built.
 Multi-hop routing: The sensor range of nodes in the WSNs is assumed to
be limited, so if a node A would like to communicate with node D, which is
out of communication range of node A. The node B would be a intermediate
node and is responsible for transmitting the communication data to each
other between node A and node B. The multi-hops is illustrated as Figure 1.
 Dynamic topology: In most of sensor network architecture assume that
sensor nodes are deployed randomly and the network topology would be
changed dynamically since the sensor node might be shut down, crash,
recovery or utilize mobile sensors.
fig. Organization of WSN.

Considerations of WSN

 Hardware constraints: This part is related to physical property and many

constraints on these areas have been proposed. For example, limited energy.
In addition, due to the influence of limited volume of the sensor, some
sensor can only provide limited storage, limited bandwidth, limited energy
and limited computation ability.

 Communication: The existing communicating schemes show that there are

three main types of communications in WSNs; including direct, clustering-
based, and multi-hops communication. In direct communication, every
sensor node transmits its sensor data to a manager node and the manager
node is responsible for collecting these data to back-end data center for
further processing. In clustering communication, all sensor nodes are divided
into several groups and each cluster head node is responsible for collecting
 data within its group. Multi-hops communication is used because the
communication range of a sensor is assumed to be limited and the
neighboring sensor nodes maybe used for transmitting the communication
packets to each other on their path between the source node and the
destination node.

 Scalability: Another consideration is the scalability of sensor networks. In

this case, networking must keep on working whatever the number of sensor
nodes are placed will not be affected.

 Fault tolerance: Due to the influence of applied environment on sensors,

many exceptions have been addressed in sensor networks. For example,
sensors may crash, power failure or shut down etc. Such problems need to be
avoided by the strategies of fault tolerance to keep on networking.

 Power saving: When the sensors are distributed to monitor some

environments of interest, these sensors may work over a long span of several
weeks even for months. Therefore, how to provide a mechanism of power
saving to extend its lifespan is highly important. In general, there’s too great
a consumption of power during the transmitting message phase.

 Cost: Depending on the application of sensor network, a large number

sensors might be scattered randomly over an environment, such as weather
monitoring. If the overall cost was appropriate for sensor networks and it
will be more acceptable and successful to users which need careful
consideration.

 Mobility: In clustered (hierarchical) WSNs, sensor nodes are typically

organized into many clusters, with cluster controllers collecting sense data
from ordinary sensor nodes in the managed cluster to the back-end data
center. Furthermore, compared to mobile ad hoc networks, when sensor
nodes are randomly deployed in a designated area, they only infrequently
move from one cluster to another, and thus mobility is not a critical issue in
WSNs.

 Sleep pattern: The sleep pattern is highly necessary in WSNs to extend the
availability of the networks. For example, the manager node can set fresh
bootstrapping times for live sensors while other sensor nodes can shut down
to save power. Different sensor nodes are operated according to the
 bootstrapping times to which they belong and the lifetime of WSNs is
therefore extended in a differentiated way (23).

 Security: One of the challenges in WSNs is to provide high-security

requirements with constrained resources. The security requirements in
WSNs are comprised of node authentication, data confidentiality, anti-
compromise and resilience against traffic analysis. To identify both
trustworthy and unreliable nodes from a security standpoints, the
deployment sensors must pass an node authentication examination by their
corresponding manager nodes or cluster heads and unauthorized nodes can
be isolated from WSNs during the node authentication procedure. Similarly,
all the packets transmitted between a sensor and the manager node must be
kept secret so that eavesdroppers cannot intercept, modify and analyze, and
discover valuable information in WSNs.

Abstract
Wireless sensor network (WSN) performance is directly related to the placement of
the sensors within the region of interest. This chapter investigates the static WSN
deterministic deployment, which aims at generating a network topology that
satisfies user’s requirements. It highlights the components involved and discusses
the existing literature. Moreover, it analyzes the uncertainty-aware WSN
deployment where sensors may not always provide reliable information and shows
how the evidence theory could be exploited to design better deployment strategies.
A comprehensive methodology for deterministic deployment of WSNs is presented
and executed to deploy a simplified indoor surveillance WSN for motion detection.
Wireless sensor networks (WSNs) technology is becoming a very promising
solution to better address reliability in general, thanks to constant, accurate
environmental monitoring. After reviewing the current reliability issues of
the telecommunications sector, this chapter describes how the integration of
multiple microelectromechanical systems (MEMS) sensors on small, low-power,
low-cost WSN platforms may help answer the current and future needs of this key
industry. Finally, a miniaturized WSN environmental platform is presented as a
case study to suggest one possible fabrication methodology for the designer.
Wireless sensor network (WSN) technology refers to a group of sensors used for
monitoring and recording the physical conditions of the environment and
organizing the collected data at a central location. This sensor network can include
thousands of smart sensing nodes with processing abilities that are powered by a
dedicated battery. A WSN consists of a tiny wireless computer that communicates
environmental stimuli, including vibrations, light, and temperature. It is an integral
 part of such domains as industry, health care, infrastructure, and research and
development. As it relates to health care, a WSN can diagnose abnormal conditions
in a patient, issue alarms and alerts, and send electronic mail to healthcare
providers. This chapter is a discussion of the applications of WSNs in the
healthcare industry.

Security threats

In addition to the characteristics and considerations mentioned above, security

threats and requirements are also critical for a variety of sensor network
applications. In recent years, there are several security issues in WSNs have been
proposed. In this section, we will introduce some security threats and requirements
in WSNs.

1. Passive attacks: In passive attacks (such as eavesdropping attacks),

eavesdroppers can unobtrusively monitor on the communication channel between
two communicating nodes to collect and discover valuable information without
disturbing the communication.
2. Active attacks: active attacks (such as node replication attacks, Sybil
attacks, wormhole attacks, and compromised node attacks) can be further classified
into two categories: external attacks and internal attacks. In external attacks (such
as Sybil attacks and wormhole attacks), a node does not belong to a sensor network
and it can first eavesdrop on packets sent or received by normal participating nodes
for the eventual purpose of malicious tempering, interfering, guessing, or
spamming, and then injects invalid packets to disrupt the network functionalities.
o For Sybil attacks, a sensor node can illegitimately claim multiple IDs
by either directly forging false IDs, or else impersonating legal IDs. This
harmful attack may lead to serious threats to distributed storage, routing
algorithm and data aggregation.
o For wormhole attacks, the malicious node may be located within
transmission range of legitimate nodes while legitimate nodes are not
themselves within transmission range of each other. Thus, the malicious
node can tunnel control traffic between legitimate nodes and nonexistent
links which in fact are controlled by the malicious node. Finally, the
 malicious node can drop tunneled packet or carry out attacks on routing
protocols.

Internal attacks (such as node replication attacks and node compromised attacks)
are usually caused by compromised members who are belong to the sensor
network in question, and hence internal attacks are more difficult to safeguard
against than external attacks.

o For node replication attacks, when a sensor node is compromised by

attackers, they can directly place many replicas of this compromised node at
different areas within the networks. Thus, attackers may use these
compromised nodes to subvert the network functionalities, for example by
injecting false sense data.
o For compromised attacks, due to the lack of tamper resistance in
sensor nodes, attackers may compromise a sensor node and use it to
establish communication channels with non-compromised sensors to launch
other more serious attacks within the sensor network.

Sybil attack
Sybil Attack is a type of attack seen in peer-to-peer networks in which a node in
the network operates multiple identities actively at the same time and undermines
the authority/power in reputation systems. The main aim of this attack is to gain
the majority of influence in the network to carry out illegal (with respect to rules
and laws set in the network) actions in the system. A single entity (a computer) has
the capability to create and operate multiple identities (user accounts, IP address
based accounts). To outside observers, these multiple fake identities appear to be
real unique identities.

 Types of Sybil attack

 In a direct attack, the honest nodes are influenced directly by the Sybil
node(s).
 In an indirect attack, the honest node(s) are attacked by a node which
communicates directly with the Sybil node(s). This middle node is
compromised as it’s under malicious influence of Sybil node(s).
  Ways to prevent Sybil attack:

 Giving different power to different members – This is on the basis of

reputation systems. Members with different power levels are given different
reputation levels.

 Cost to create an identity – To prevent multiple fake identities in the

network, we can put a cost for every identity that aims to join the network. A
point to note is that it makes more sense to make it infeasible to operate
multiple fake identities at the same time rather than creating new identities.
Multiple identities can enforce security, anonymity, censorship prevention.

Validation of identities before joining the network :

 Direct validation : An already established member verifies the new

joiner of the network
 Indirect validation: An established member verifies some other
members who can, in turn, verify other new network joiners. As the members
verifying the new joiners are verified and validated by an established entity,
the new joiners are trusted to be honest.

Black hole/sink hole attack

In black hole attack, a malicious node uses its routing protocol in order to publicize
itself for having the shortest route to the destination node. This aggressive node
publicizes its availability of fresh routes regardless of checking its routing table. In
this attack, attacker node always has the accessibility in replying to the route
request so adapt the data packet and drop it (Biswas & Ali, 2007). In protocol
based on flooding, the malicious node reply will be received by the requesting
node before the reception of reply from any actual node; therefore a malicious and
faked route will create. When this route set up, now it’s depending to the node
whether to drop the packets or forward them to an unknown address (Pegueno &
Rivera, 2006). Security in mobile ad-hoc network (MANET) is the most serious
issue impacting performance of network. In general, routing methods is one of the
complicated and exciting analysis places. In black hole attack, a harmful node uses
its routing technique to be able to promote itself for having the quickest direction
to the place node or to the bundle it wants to identify. In this research, performance
of one of the most efficient solutions for preventing single black hole attack in
MANET using AODV routing protocol will be investigated in terms of packet
delivery ratio, packet loss percentage, average end-to-end delay, and route request
overhead.

Hello flood attack

Some routing protocols in WSN require nodes to broadcast hello messages to

announce themselves to their neighbors. A node which receives such a message
may assume that it is within a radio range of the sender. However in some cases
this assumption may be false; sometimes a laptop-class attacker broadcasting
routing or other information with large enough transmission power could convince
every other node in the network that the attacker is its neighbor. For example, an
adversary advertising a very high quality route to the base station could cause a
large number of nodes in the network to attempt to use this route. But those nodes
which are sufficiently far away from the adversary would be sending the packets
into oblivion. Hence the network is left in a state of confusion. Protocols which
depend on localized information exchange between neighboring nodes for
topology maintenance or flow control are mainly affected by this type of attack.
An attacker does not necessarily need to construct legitimate traffic in order to use
the hello flood attack. It can simply re-broadcast overhead packets with enough
power to be received by every other node in the network.

 Countermeasures against Hello Flood Attack

A sensor node maintains number of different secrets (keys) in a multiple tree.

Sensor node can forward its sensed data to multiple routes by using these secrets.
There are multiple base stations in the network that have control over specific
number of nodes and also, there are common means of communication among base
stations. Each base station has all the secrets that are shared by all the sensor
nodes, covered by it, according to the key assignment protocol. Given the shared
secret and the generated new key between two sensor nodes, the process of route
setup requires much processing hence is inefficient.
This protocol verifies the bi-directionality of a link with encrypted echo-back
mechanism, before taking meaningful action based on a message received over that
link. This defense mechanism becomes in effective when an attacker has a highly
sensitive receiver and a powerful transmitter. If an attacker compromises a node
before the feedback message, it can block all its downstream nodes by simply
dropping feedback messages. Thus, such an attacker can easily create a wormhole
to every node within range. Since the links between these nodes and attacker are
bidirectional, the above approach will unlikely be able to locally detect or prevent
a “hello flood”.
a compromised network scenario, when the adversary with sensitive receiver,
broadcasts a request like Hello with noticeable power, many nodes hear it at the
same time, the nodes try to reply using two way or more way handshake protocol,
to this message in order to announce their presence. However the healthy nodes
have small transmission and carrier sense ranges. So those located farther than the
carrier sense range of each other will try to send the messages back
simultaneously. The core idea is to tune the channel access and transmission
parameters so that the responses of these nodes collide with each other due to the
high density in arrival time and prevent the adversary from decoding the messages
correctly. This way the adversary will not be able to hear the victims’ replies and is
obliged to reduce his power and act just like a normal node in the ideal form. This
is like a well-known hidden node effect in wireless ad hoc networks.

Wormhole attack

In the wormhole attack, an attacker tunnels messages received in one part of the
network over a low latency link and replays them in a different part of the network.
The wormhole puts the attacker nodes in a very powerful position compared to
other nodes in the network. For instance in reactive routing protocols such as
AODV or DSR, the attackers can tunnel each route request RREQ packet to
another attacker which near to destination node of the RREQ. When the neighbors
of the destination hear this RREQ, they will rebroadcast this RREQ and then
discard all other received RREQs in the same route discovery process. Wormhole
attacks can destabilize or disable wireless sensor networks. In a typical wormhole
attack, the attacker receives packets at one point in the network, forwards them
through a wired or wireless link with less latency than the network links, and
relays them to another point in the network. This paper describes a distributed
wormhole detection algorithm for wireless sensor networks, which detects
wormholes based on the distortions they create in a network. Since wormhole
attacks are passive in nature, the algorithm uses a hop counting technique as a
probe procedure, reconstructs local maps for each node, and then uses a
“diameter” feature to detect abnormalities caused by wormholes. The main
advantage of the algorithm is that it provides the locations of wormholes, which
is useful for implementing countermeasures. Simulation results show that the
algorithm has low false detection and false toleration rates.

Traffic analysis attack

Traffic analysis is a serious threat over the network. An attacker can analyze
network traffic patterns to infer packet's content, even though it is encrypted. This
article demonstrates a traffic analysis attack that exploits vulnerabilities in
encrypted smartphone communications to infer the web pages being visited by a
user. o explore mission-critical information, an adversary using active traffic
analysis attacks injects probing traffic into the victim network and analyzes the
status of underlying payload traffic. Active traffic analysis attacks are easy to
deploy and hence become a serious threat to mission critical applications. This
paper suggests statistical pattern recognition as a fundamental technology to
evaluate effectiveness of active traffic analysis attacks and corresponding
countermeasures. Our evaluation shows that sample entropy of ping packets' round
trip time is an effective feature statistic to discover the payload traffic rate. We
propose simple countermeasures that can significantly reduce the effectiveness of
ping-based active traffic analysis attacks.

Physical Attacks

Before focusing on the physical attack, it is good to have a general overview on the
factors that create security demand in WSNs. Threats, vulnerabilities and attacks
are three crossly related entities that usually caused havoc to the security of the
information owned by others. Threat is basically an ability or intention of any
agent to adversely affect the operation, system or facility offered by that network
and can be categorized as amateur, professional and well-funded adversary.
Amateur types of attacks include denial-of-services or eavesdropping through
wireless sniffing. A professional type of adversary on the other hand, usually
launches more sophisticated attacks such as hijacking, man-in-the middle or Sybil
attack. Finally a well-funded adversary with highly sophisticated tools will launch
attacks such as node capture, wormhole or rushing attacks [32]. Subsequently,
vulnerabilities are defined as anything that leaves an information system open for
potential exploitation. The nature of WSNs itself such as physical limitation,
wireless communication and unattended nature can be said as major sources of
vulnerabilities to WSNs applications. Finally, attack is best described as an action
with an intention to bypass the security control of the system and is further
classified into passive and active attacks. The physical type of active attacks can be
performed by insiders or outsiders. Due to space limitation, the following
paragraph will only focus on physical types of attack. Relationship between
threats, vulnerabilities and attacks can be portrayed as in Fig. 1 and is explained as,
“Threats that come from various background and identities and with different
intentions will generate various types of attacks to tamper or steal the valuable
information from the valuable entity. In addition, successful attacks are very much
dependent on the vulnerabilities surrounding the valuable entity, which is referring
to the sensor node in this case”. Physical attacks can be broadly defined as attacks
that involve direct physical access by adversary to the sensor node. Usually after
capturing the node, the adversary proceeds to tamper or extract the confidential
data before redeploying the node into the network. Therefore, the effect of node
capture attack is categorized as hazardous by because it can lead to various data
exposure, clone node and other various types of attacks.

 Physical Attack Mitigation

It is believed that security chip with on-SOC memory and with extra security
features can help in lowering done the risk of exposing sensor node sensitive
credentials due to physical tampering. Among current commercially available low
energy embedded security module are the Trusted Platform Module (TPM) by
Atmel, ARM11 with Trust Zone by ARM and latest TI-M Shield by Texas
Instrument. Basically the TPM offers the foundation for a trusted platform. It can
be added to existing architecture such as Schleck sensor node, hence providing the
lowest layer for larger security architecture. TPM verifies the integrity of systems
through trusted boot, strong process isolation and remote attestation that verifies
the authenticity of the platform. On the other hand ARM1176JZF-s with Trust
Zone features consist of hardware enforced security processor providing code
isolation and two separated parallel execution world which are secure and non-
secure. In addition, it also offer basic security services such as crypto engine and
On-SoC memory for safety storage and integrity checking to help ensure device
and platform security. Another, TI M-shield, a system-level security solution
specifically designed for securing wireless mobile applications. TI M-Shield is
designed with the intention to provide hardware solution for widespread adoption
of new mobile services and the convergence between mobile and internet services.
Like the ARM1176JZF-s processor, TI M-Shield also comes with embedded
security and Trust Zone features and most importantly, the hardware security
solutions complies with basic trusted environment standard. As of now, the
successful implementation of trusted sensor node, utilizes the TPM chip as the
security chip. However, both work (Trust fleck and SEF) incorporate TPM chip
into the sensor node platform resulting in bigger sensor node size. Another, TPM
chip was basically designed for personal computer and therefore contains
superfluous commands for basic security processes which later lead to higher
energy consumption. Conversely, ARM11 and TI M-Shield although designed
with low energy consumption, the use of both processors especially in the research
area are limited due to the proprietary issue.

Node replication attack

The node replication attack is one of the notorious attacks that can be easily
launched by adversaries in wireless sensor networks. A lot of literatures have
studied mitigating the node replication attack in static wireless sensor networks.
However, it is more difficult to detect the replicas in mobile sensor networks
because of their node mobility. Considering the limitations of centralized detection
schemes for static wireless sensor networks, a few distributed solutions have been
recently proposed. Some existing schemes identified replicated attacks by sensing
mobile nodes with identical ID but different locations. To facilitate the discovery
of contradictory conflicts, we propose a hybrid local and global detection method.
The local detection is performed in a local area smaller than the whole deployed
area to improve the meeting probability of contradictory nodes, while the distant
replicated nodes in larger area can also be efficiently detected by the global
detection. The complementary two levels of detection achieve quick discovery by
searching of the replicas with reasonable overhead. he attack makes it possible for
an adversary to prepare her own low-cost sensor nodes and induce the network to
accept them as legitimate ones. To do so, the adversary only needs to physically
capture one node, reveal its secret credentials, replicate the node in large quantity,
and deploy these malicious nodes back into the network so as to subvert the
network with little effort. Recently, Ko et al. proposed a neighbor-based detection
scheme to cope with replication attacks. The scheme features distributed detection
and takes node mobility into account. It harnesses the dynamic observations of the
neighbors of a claimer node and avoids the protocol iterations typically found in
distributed detections. Unfortunately, we show that their proposal is subject to
various replication attacks that can circumvent the detection. Moreover, it is even
possible for a sophisticated adversary to exploit the protocol to revoke legitimate
nodes.

Approaches against the attacks

 o For Sybil attacks, a sensor node can illegitimately claim multiple IDs
by either directly forging false IDs, or else impersonating legal IDs. This
harmful attack may lead to serious threats to distributed storage, routing
algorithm and data aggregation.
o For wormhole attacks, the malicious node may be located within
transmission range of legitimate nodes while legitimate nodes are not
themselves within transmission range of each other. Thus, the malicious
node can tunnel control traffic between legitimate nodes and nonexistent
links which in fact are controlled by the malicious node. Finally, the
malicious node can drop tunneled packet or carry out attacks on routing
protocols.

Internal attacks (such as node replication attacks and node compromised attacks)
are usually caused by compromised members who are belong to the sensor
network in question, and hence internal attacks are more difficult to safeguard
against than external attacks.

o For node replication attacks, when a sensor node is compromised by

attackers, they can directly place many replicas of this compromised node at
different areas within the networks. Thus, attackers may use these
compromised nodes to subvert the network functionalities, for example by
injecting false sense data.
o For compromised attacks, due to the lack of tamper resistance in
sensor nodes, attackers may compromise a sensor node and use it to
establish communication channels with non-compromised sensors to launch
other more serious attacks within the sensor network.

According to the above description of the security threats, we can infer that a
secure sensor network corresponds with the following requirements.

1. Node authentication: For this requirement, a deployed sensor node proves

its validity to its neighboring sensors and the manger node. Thus, an invalid
outsider would be unable to send malevolent data into the networks and the
manager node can confirm that received sensed data has come from a valid sensor
node, not from malicious outsiders. This also implies that a sensor node joined in
WSNs has been authenticated and it has the right to access the sensor network.
2. Availability: The availability of the network should not be affected even if
sensors can only provide limited storage, limited power, and limited computational
ability. Therefore, a mechanism regulating of sleep patterns is necessary for a
sensor to extend its lifetime.
3. Location awareness: The damage cannot be spread from the victimized
area to the entire network by security attacks even if the sensor node is
compromised. A secure communication scheme must limit the damage’s scope
caused by the intruders; the mechanism of location awareness is used for this
purpose.
4. Key establishment for sensor-to-sensor key establishment, a shared key is
established by two communication nodes to protect communications. Thus, all
sensed data transmitted between participants could be verified and protected even
if an attacker eavesdrops on the communications between nodes or injects illegal
sensed data into networks, this requirement still provides an adequate level of
security.
5. No verification table: The verification tables are not required to be stored
inside the manager nodes to prevent stolen-verifier attacks.
6. Confidentiality: Path-key establishment in every session must be secure
against malicious intruders even if those attackers collect transmission packets.
7. Perfect forward secrecy: In a two-party path-key establishment, a scheme
is said to have perfect forward secrecy if revealing of the secret key to an intruder
cannot help him/her derive the session keys of past sessions.
8. Key revocation : When the back-end system or the manager node decides to
terminate a sensor utilizing task, or when a sensor is lost, the sensor must not be
allowed to make use of the credential which it stores to connect to networks.
9. Re-keying: By introducing a re-keying mechanism, a manager node can
conveniently update a sensor’s credential without the intervention of back-end
system for the purpose of reducing the communication interactions and
management burden on that back-end system.

Attackers to a network can be insiders, outsiders, or both. WSNs deployed for

security applications (such as monitoring in the battlefield) are normally equipped
with cryptography-based authentication and authorization mechanisms to prevent
outside attackers from launching eavesdropping or packet modification. Thus
outsider attacks are limited to direct physical damage of sensors or jamming the
communication channel. However, inside attackers have many advantages. First,
they are legitimate members of the network and will not be caught by
authentication or authorization. Second, inside attackers can disrupt network
operations by modifying packet information or dropping critical packets. Finally,
inside attackers can collude with outside attackers to cause more severe damage to
the network as we have described in the introduction.

Inside attackers can launch various types of attacks actively (such as

modification, packet drop, or misrouting) or passively (such as eavesdropping).
Among these, packet drop attacks not only can cause significant network
performance degradation, but also cannot be prevented by authentication and
authorization. Below are three representative types of insider packet drop
attacks.

Black hole Attacks. The black hole attacker drops all received packets. It will
cause the most serious damage to the network among all types of packet drop
attacks during the same amount of time. However, it can be easily captured by
the monitoring neighbors as it consistently drops all their packets.

On-Off Attack. When attack is on, the attacker drops all received packets, then
forwards all received packets when attack is off, and repeats this drop-forward
pattern periodically. This attacker can appear suspicious to its neighbor during
its attack period when it acts like black hole attacks and can also be detected
easily when the attack on period is long or the on-off pattern is discovered.

Selective Forwarding Attacks. As we described in the introduction, such

attackers can either drop packets randomly or selectively. It is much more
challenging to defend these attacks than black hole and on-off attacks.

Current defending approaches against selective forwarding attacks are

either detection approach or avoidance approach. The detection approaches will
fail to detect the attacker and victims in our proposed selective forwarding-based
DoS attack. The avoidance approaches will solve the problem, but it is very
expensive and may not suit for WSN applications where each sensor has limited
resource.

Most of the reported efforts focused on random selective forwarding attacks. For
example, Hai and Huh presented a neighbor-based monitoring and detection
mechanism using two-hop neighbor knowledge where each exchanges its one-
hop neighbors’ packet forwarding behavior periodically. However, this
approach introduces network overhead due to periodic information exchange
between nodes and is vulnerable to false information provided by malicious
neighbors. In the multichip acknowledgement scheme, each node in the
forwarding path is responsible for detecting attackers. Specifically, some
randomly chosen nodes (called ACK nodes) will report ACKs back to the
source node (hop by hop) using the same but reversed routing path when they
receive a packet. However, this approach has several problems. First, it is
unclear how to locate the exact attacker. Second, their detection scheme depends
on other nodes’ observations, and thus their scheme is vulnerable to false
accusation from malicious neighbors. The trust mechanisms with watchdog, as
we have discussed earlier, solve these problems by monitoring whether the next
node in the routing path forwards the packets or not. Despite its many known
limitations, the trust mechanism has been a promising solution to defend against
insider packet drop attacks.

Instead of detecting the attackers, the avoidance approaches focus on how to

deliver the packets successfully with the existence of the attackers. A popular
way to achieve this is to use multipath routing paths. K disjoint multipath
routing can completely defend against selective forwarding attacks with no more
than 𝑘−1k-1 compromised nodes. However, the multipath routing approach has
a couple of drawbacks. First, communication overhead significantly increases as
the number of paths increases, and thus it may lead to increase collision and
interference. As a result, the packet delivery performance of a routing can be
dramatically degraded. Second, since this approach cannot catch and discard the
attackers, this approach can be compromised if an adversary locates at least one
attacker in each routing path. Similarly, a multiple data flow scheme using
multiple disjoint topologies. In this scheme, a sending node sends its packets
through one or more randomly chosen topologies among the pre-established
multiple topologies to mitigate selective forwarding attacks.
 More necessary steps to prevent attacking
In order to reduce batter drainage, the sensor nodes can go into sleep mode, until
the end of the attack, but data exchange cannot take place during this prevention
method. Jamming attack can also be avoided by using different paths for routing.

i. Node tempering: It is to malfunction the sensor nodes either by accessing it

cryptographic key or by disturbing its software processing. Prevention from attack:
Use strong and lengthy encryption
Key and guard sensor programming memory.

ii. Interrogation: Attacker initiates a RTS/CTS request to victim node, victim

reply by CTS, but attacker again send a RTS. In this way, attacker keeps bust
victim and do nothing. Prevention from attack: By strong authentication of each
node in the network.

“μTESLA” sustenance broadcast authentication protocol, and resistance to

replay attacks.
iii. Denial of Sleep: To prolong the lifetime of the sensor networks nodes kept
themselves in sleep mode at regular time intervals. But the denial of sleep stop
the nodes from going into the sleep state and it will lead to short Life of
network.

iv. Collision: When attacker discovers some valid packets, it starts dispatching
signal at the same time and with the equal frequency of that of valid packet. The
valid packet can collided with the attacker’s signal.

v. Exhaustion: An intruder continuous send join request to a victim node and the
victim node keep on sending the acknowledgements and as a result its battery
drains out.

vi. Unfairness: It is not a very strong attack; it just delays the transmission of the
information.

vii. Interception Attack / Replay: It attacks the routing information in the WSN.
A packet is being modified and transmitted back in the network again. In a replay
attack same packet is transmitted in the network many times. These attacks
increase latency time of the WSN and mislead the routing protocols.

viii. IP Spoofing: The attacker pings various nodes and the source address in the
ping, contains the address of the victim node. Now all the responses get diverted to
the victim node.
ix. Homing: It aims nodes which are important and have some responsibility
in the WSN like cluster head, cryptography manager, and gateway or sink node.

Deployment and Organization of WSNs

Depending on its applications, a sensor deployment manner can be classified in

two types: scattered deployment and deployment in designated area. For scattered
deployment, in order to achieve large scale of deployment, sensor nodes can be
deployed via aerial scattering and the immediate neighboring nodes of any sensor
node are unknown in advance. On the other hand, due to the unattended nature of
WSNs, an attacker may launch various security threats such as node compromised
attacks, the damage might be spread from the compromised area to the entire
network. Therefore, many schemes deploy sensors in designated area in order to
minimize and localize its impact to a small region. Two general organizations for
distributed and hierarchical WSNs are illustrated. A distributed/hierarchical
structure of WSN consists of three types of participants, namely, a powerful back-
end data center, manager nodes and sensor nodes. Each manager node is
responsible for collecting and forwarding all sensed data of its managed area to the
back-end data center for further processing from sensor nodes under the area for
which it is responsible. In distributed WSNs, a number of sensors are uniformly
distributed into sense field and there are no specific roles for each deployment
sensor node. In hierarchical WSNs, there are two types of roles for deployment
sensors, namely: cluster head and sensor node. Based on geographical and
deployment knowledge, a manager node groups all sensors into multiple logical
groups and the grouping function is conducted through the selection of cluster head
for each group. The main objective of cluster heads are acting as aggregation nodes
and fusing the sense data collected from their nearby sensor nodes before routing
the resultant data to a manager node.

Authentication Scenarios
For authentication in WSNs, three types of scenarios for pair-wise and
group-wise authentication are illustrated. For example, a pair-wise
authentication is accomplished between node x and node y. For group-wise
authentication, we divided it into two scenarios: cluster-based
authentication and global-based authentication. A cluster authentication is
used by a cluster head and all its neighboring sensor nodes, and it is used for
securing clustered broadcast messages. Finally, this is a node authentication
verified by the manager node and all sensor nodes in the sense field. A
global authentication is done by the manager node for securing
communications that are broadcast to the entire network and prevent illegal
sensor nodes from participating the sensor networks.

fig: Authentication scenarios

Cryptographic Approaches
In order to protect privacy and secure communications, participating nodes joined
in WSNs should be authenticated and shared keys should be established between
deployed sensors and their neighboring nodes. For example, in two-party
communications, a deployed node establishes a pair-wise key with each of its
neighboring nodes. Similarly, in broadcast communications, a group-wise key
should be shared by all nodes in the network. We classify the security of node
authentication and key establishment schemes into three types of cryptography:
symmetric keys, asymmetric keys and one-way hashing functions.
Symmetric Keys
Recently, many schemes were proposed to secure communications in WSNs and
one of secure communication schemes is based on symmetric key cryptography. A
simple solution to ensure privacy would be store a single master key MK into all
deployed sensors prior to their deployment. Thus, a legal node NA can use this
master key to establish a pair-wise key K = F(MK||NA||NB) with its neighboring
node NB for securing communications that require privacy or node authentication,
where F is a pseudo-random function. However, this solution fails to prevent
security breaches and thus is impracticable for WSNs for whose sensors lack
tamper resistance and are easy for attackers to compromise, leaving all the secret in
those networks known to attackers. As a result, during initial deployment phase,
we suggest that there should be a security mechanism for erasing master key. For
example, the manager node sets a timer with reasonable time interval T for a
deployed sensor to discover its neighboring nodes. When a timer expires after T,
deployed sensor node erases MK and attackers cannot inject illegal sensed data into
networks without knowing MK.
The other extreme solution is to store a set of n − 1 key pairs in each sensor node
before deployment in such a way that it shares a unique key pair with all other
nodes in the networks, where n is the number of sensor nodes in WSNs. However,
this solution is only suitable for small networks due to it requires large memory to
store keys and becomes a serious problem when the network needs to be expanded.
Therefore, many probabilistic key pre-deployed schemes were proposed to
overcome these shortages. A large pool of P keys and their identifiers are
generated and d distinct keys are randomly drawn from P and pre-loaded into each
sensor’s key ring, where P ≫ d. This solution ensures that only a few keys need to
be stored in each sensor’s memory and two nodes share at least one key, based on a
selected probability. An extension to the basic probabilistic scheme is proposed by
Liu and Ning, called polynomial pool-based key pre-distribution scheme. This
scheme randomly selects polynomials from a polynomial pool and stores them to
each sensor instead of randomly choosing keys from a key pool.

Cryptography

Cryptography is the study of secure communications techniques that allow only the
sender and intended recipient of a message to view its contents. The term is
derived from the Greek word kryptos, which means hidden. It is closely associated
to encryption, which is the act of scrambling ordinary text into what's known as
cipher text and then back again upon arrival. In addition, cryptography also covers
the obfuscation of information in images using techniques such as microdots or
merging. Ancient Egyptians were known to use these methods in complex
hieroglyphics, and Roman Emperor Julius Caesar is credited with using one of the
first modern ciphers.

When transmitting electronic data, the most common use of cryptography is to

encrypt and decrypt email and other plain-text messages. The simplest method uses
the symmetric or "secret key" system. Here, data is encrypted using a secret key,
and then both the encoded message and secret key are sent to the recipient for
decryption. The problem? If the message is intercepted, a third party has
everything they need to decrypt and read the message. To address this issue,
cryptologists devised the asymmetric or "public key" system. In this case, every
user has two keys: one public and one private. Senders request the public key of
their intended recipient, encrypt the message and send it along. When the message
arrives, only the recipient's private key will decode it — meaning theft is of no use
without the corresponding private key.

Cryptography is an indispensable tool for protecting information in computer

systems. In this course you will learn the inner workings of cryptographic systems
and how to correctly use them in real-world applications. The course begins with a
detailed discussion of how two parties who have a shared secret key can
communicate securely when a powerful adversary eavesdrops and tampers with
traffic. We will examine many deployed protocols and analyze mistakes in existing
systems. The second half of the course discusses public-key techniques that let two
parties generate a shared secret key. Throughout the course participants will be
exposed to many exciting open problems in the field and work on fun (optional)
programming projects. In a second course (Crypto II) we will cover more advanced
cryptographic tasks such as zero-knowledge, privacy mechanisms, and other forms
of encryption.

Steganography
The word Steganography is derived from two Greek words- ‘stegos’ meaning ‘to
cover’ and ‘grayfia’, meaning ‘writing’, thus translating to ‘covered writing’, or
‘hidden writing’. Steganography is a method of hiding secret data, by embedding it
into an audio, video, image or text file. It is one of the methods employed to
protect secret or sensitive data from malicious attacks.
How is it different from cryptography?
Cryptography and steganography are both methods used to hide or protect secret
data. However, they differ in the respect that cryptography makes the data
unreadable, or hides the meaning of the data, while steganography hides
the existence of the data.
In layman’s terms, cryptography is similar to writing a letter in a secret language:
people can read it, but won’t understand what it means. However, the existence of
a (probably secret) message would be obvious to anyone who sees the letter, and if
someone either knows or figures out your secret language, then your message can
easily be read.
If you were to use steganography in the same situation, you would hide the letter
inside a pair of socks that you would be gifting the intended recipient of the letter.
To those who don’t know about the message, it would look like there was nothing
more to your gift than the socks. But the intended recipient knows what to look for,
and finds the message hidden in them.
Similarly, if two users exchanged media files over the internet, it would be more
difficult to determine whether these files contain hidden messages, than if they
were communicating using cryptography.
Cryptography is often used to supplement the security offered by steganography.
Cryptography algorithms are used to encrypt secret data before embedding it into
cover files.
Image Steganography –
As the name suggests, Image Steganography refers to the process of hiding data
within an image file. The image selected for this purpose is called the cover-
image and the image obtained after steganography is called the steno-image.
How is it done?
An image is represented as an N*M (in case of greyscale images) or N*M*3 (in
case of color images) matrix in memory, with each entry representing the intensity
value of a pixel. In image steganography, a message is embedded into an image by
altering the values of some pixels, which are chosen by an encryption algorithm.
The recipient of the image must be aware of the same algorithm in order to known
which pixels he or she must select to extract the message.
 Figure – Process of Image Steganography.

Detection of the message within the cover-image is done by the process

of steganalysis. This can be done through comparison with the cover image,
histogram plotting, or by noise detection. While efforts are being invested in
developing new algorithms with a greater degree of immunity against such attacks,
efforts are also being devoted towards improving existing algorithms for
steganalysis, to detect exchange of secret information between terrorists or
criminal elements.

References
 i. http://en.wikipedia.org/wiki/Wireless_sensor_network
ii. http://arxiv.org/abs/0712.4169
iii. http://www.cs.wayne.edu/~weisong/papers/walters05-wsn-security- survey.pdf
iv. http://www.cs.utk.edu/~saraogi/594paper.pdf
v. https://www.researchgate.net/publication/234689233_Security_in_Wireless_Se
nsor_Networks
vi. http://www.cs.binghamton.edu/~kang/teaching/cs580s/wsn-security.ppt
vii. https://www.intechopen.com/books/wireless-sensor-networks-technology-and-
protocols/overview-of-wireless-sensor-network
viii. https://www.sciencedirect.com/topics/engineering/wireless-sensor-network
ix. https://searchdatacenter.techtarget.com/definition/sensor-network
x. https://link.springer.com/chapter/10.1007/978-3-642-36511-9_7