Analysis of Data Security in Wireless Networks
Disclaimer: This dissertation has been submitted by a student. This is not an example of the work written by our professional dissertation writers. You can view samples of our professional work here.
Any opinions, findings, conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of UK Essays.
Chapter 1: Introduction
Research is defined as search for new knowledge or an art of scientific and careful investigation of new facts. Research method is referred as a systematic methodology of defining and re-defining the problems, suggest solutions, formulate hypothesis, evaluate the data, make deductions and then reach conclusions. At last, test the conclusions to determine whether they are suitable for the formulating hypothesis or not (KOTHARI, C. R., 2005). The research method chosen for the present study are case studies. Case study research is used because of its capability to bring a clear idea on any complicated issue and thereby strengthening the previously developed research works. A key characteristic of case study research method is its ability to provide multiple sources of evidence each with its strengths and weaknesses (Bill Gillham, 2000).
The steps involved in case study research method are as follows:
Getting Started - The research work started with the collection of data on Wireless Sensor Networks. Sensor networks are referred as secured networks if they can provide end to end security with authenticity and confidentiality. The present research work emphasizes the importance of providing data security in sensor networks through Location-Aware End-to-end Data Security system.
Selecting Cases - Selection of cases is an important aspect of building theory from case studies. The earlier stages of the research work focused on various security systems and then identified Location-Aware End-to-end Data Security system for providing data security in sensor networks. Literature review section of this research work will explain all these aspects very clearly. Case study research method is quiet difficult as it provides multiple sources of evidence in its research. So to develop this research work, data was collected from various sources like books, journals, articles and online websites.
Crafting Instruments and Protocols - After the collection of data related to sensor networks and its importance in the field of providing security for networks it was analyzed that efficient steps must be followed by the organizations to provide security for sensor networks. In order to provide an efficient data security system for sensor networks, the research work was customized a number of times. All the design principles were considered for improving the security in sensor networks so to implement better communication networks.
Entering the field - After gathering the information related to wireless sensor networks from various sources like websites, journals, articles and books. The information gathered gave a better understanding on Location-Aware End-to-end Data Security system for providing data security in sensor networks.
Analyzing data - The case study research method primarily concentrated on Location-Aware End-to-end Data Security system for providing data security in sensor networks. The data collected for this research work was analyzed using various methods and techniques. This analysis helps to find the link between the research objects and outcomes with respect to the present study thereby providing an opportunity to strengthen the research findings and conclusions.
Shaping hypotheses - The task of shaping hypotheses is mainly applied for the alteration or modification of models applied for the research work previously. The new models applied in the research depend upon the data analysis.
Enfolding literature - After the analysis stage which was helpful in assessing the proposed solutions related to the problems occurred by disasters then a detailed critical analysis will be presented in literature review section that will evaluate the existing security designs so as to improve the performance of sensor networks.
Reaching closure - From the start of the research work to the analysis stage it was analyzed that providing efficient security for sensor networks is very important as it increases the life of networks and improves the efficiency of networks.
Background study of Wireless Sensor Networks
Wireless Sensor networks will fall under the category of modern networking systems. It has emerged in the past and caters the needs of real world applications. These networks are the preferred choice for the design and development of monitoring and control systems. In the year of 1940's and 50's wireless sensing technology was developed. To discover and chase enemy craft this was used by military (Shimmer, 2006). The technology formulated to let in radio frequency identification and real time location system but the real force behind wireless sensor network was the power to place detectors in remote or in the environment without wired lines. This allows in turn for capture and analysis of information to transmit warnings and to identify the approaching phenomenon. The quality of life by allowing real time information was developed by WSN's. WSN's supply real world information in a perceive manner rather than a virtual world (Shimmer, 2006). As the health of the people is becoming worse and the global population is getting older, with the ability to sense and perform direct measurements biometric solutions can be created which will improve the healthcare and improves the quality of life. As one of the key drivers for wireless sensor networks data will be captured and analyzed for detecting and predicting the phenomena like falls and warnings to develop intelligent solutions for industry.
Chapter 2: Literature Review
Providing security for data in Wireless Sensor Networks (WSNs) is a difficult task because of complexity in managing the critical resource. Data security in sensor networks can be achieved by Location-Aware End-to-end Data Security system. A sensor network can called as secured if it can provide end-to-end security through data confidentiality, authenticity and availability. Applications like wildlife monitoring, manufacturing performance monitoring and military operations use wireless sensor networks. Security is the most important requirement for all these WSNs applications. Providing security in wireless sensor networks is different from traditional approaches because of resource limitations and computation restrictions. Node compromise attacks, DoS attacks and resource consumption attacks are the most general attacks in the wireless sensor networks while providing security to the data. This research concentrates on wireless sensor networks, data security in sensor networks, Location-Aware End-to-end Data Security (LEDS) systems and its performance in providing data security.
2.2 Wireless Sensor Network
Wireless Sensor Network is a fast growing technology and has exciting research area. Military and civilian activities can be operated successfully using this network. Interconnection between thousands of sensor nodes in large sensor networks can create technical issues (LEWIS, F. L., 2004). To offer a high quality sensing in terms of space and time the sensing nodes are closely arranged and are made to work together. This technology is responsible for sensing and also for the first stages of the processing hierarchy. Computations, communication capacities, memory, low cost devices which have limited energy resources are included in the network. One of the major applications of sensor networks is actuators. This type of sensor networks is widely used in many sectors like military applications, environmental applications and commercial applications (RAGHAVENDRA, C. S., Krishna M. Sivalingam and Taieb F. Znati, 2004). Networks can be organized in multi-hop wireless paths and large landscapes in order to recognize the events of interest. Industries attain security and safety by making use of wireless sensor networks. This network uses sensors for the detection of toxic, harmful and unsafe materials and also provides a way for the identification of leakages which may cause dangerous results. These networks are best suitable for monitoring and help in controlling rotations in moving machinery (Edgar h. Callaway, 2003). Wide usage of sensor networks in large applications forces the network to provide security for data in order to operate the applications effectively. Security is the major issue faced by wireless sensor networks. The main reason for security problems in sensor networks is hold of data by attackers.
If number of nodes increased in communication then there may be chance for tampering the data which may create the problem of data loss (CHAN, H. and PERRIG, A., 2003). This sensor network helps in expanding the internet into physical space. Compared to customary approaches wireless sensor networks provide many advantages. Information in sensors networks is available only at runtime. Sensors networking is done by contribution from signal processing, database and information management, embedded systems and architecture and distributed algorithms. Much number of sensors is already in use for monitoring the traffic in networks (Feng Zhao and leonidas J. Guibas, 2004) The organization growth reduces internally by loss of important data and due to false data introduced by hackers in network.However, the lack of end-to-end security guarantee makes the WSN weak due to the attacks. Functions in the networks are injured by internal attacks which lead to breakdown of mission-critical appliances (Elaine Shi and PERRIG, A., 2004). Hence from the above discussion it can be understood that wireless networks leads to a new trend as the way of interchanging of data through internet service like e-mail and data file transfers is increasing tremendously. WSN is used in many martial appliances. As these networks provide many benefit for organizations and users it lacks in providing security to data while transferring. Wireless sensor networks play a vital role in transferring the data from one network to another without any delays or disturbances. The functionality and behavior of the WSN are completely dissimilar from the other wireless network devices present in WSN.WSN are not assured by the users. In terms of battery and power these devices are much more restrained. The WSN can be separated into two parts Data acquisition and data dissemination network. Data acquisition network consists of sensor nodes and base stations. Sensor nodes are the accumulation of small devices with the charge of assessing the physical information of its setting, and base stations are influential devices in case of gathering information of its surroundings. Sensor networks are mainly projected for real-time collection and analysis of low level data in aggressive environments (Javier Lopez and Jianying Zhou, 2008). For this reason they are well fitted to a significant amount of monitoring and observation applications. Famous wireless sensor network applications involve wildlife monitoring, bushfire response, military command, intelligent communications, industrial quality control, infrastructures, smart buildings, traffic monitoring and examining human heart rates etc. greater part of the sensor network are spread in aggressive environments with active intelligent resistance (Feng Zhao and Leonidas J. Guibas, 2004). Hence security is a crucial issue. One obvious example is battlefield applications where there is a pressing need for secrecy of location and resistance to subversion and destruction of the network.
2.3. Evaluating the existing security designs in WSNs
Evaluation of existing systems can be done with the help of data security requirements like data authentication, availability and authentication. Security is not provided efficiently by the existing systems due to weak security strengths and is exposed to many different attacks. Security authentication tools such as authentication and key management. These tools provide various security mechanisms for sensor network. Routing and localization are supports sensor network
(Donggang Liu and Peng Ning, 2007). Similar to the traditional networks most of the sensor network applications need security against introduction, and modification of packets. Cryptography is the standard defense. Interesting system tradeoffs grow while comparing cryptography into sensor networks. For point-to-point communication, continues cryptography attains a high level of protection but involves those keys to be set up among all end points and be in companionable with passive participation and local broadcast (C. S. Ragahavendhra, Krishna M. Sivalingam, Taieb F. znati, 2004). Link layer cryptography with a network wide shared key simplifies key setup and supports passive participation and local broadcast but intermediate nodes might alter messages. The earliest sensor networks are likely to use link layer cryptography because this approach supplies the greatest ease of deployment among presently available network cryptographic approaches. Subsequent systems may react to demand for more security with more advanced use of cryptography. Cryptography implies a performance cost for extra computation that frequently gains packet size. Cryptographic hardware support increases efficiency and also increases the financial cost of implementing a network.
Limitations of existing key management schemes
From many past years many different pre-distribution schemes have been proposed. Hop-by-hop is one of the techniques which don't provide end-to-end security in a proper manner. This hop-by-hop not only involves the end points but also have the intermediate components for data forwarding. Hop-by-hop header carries information which should be examined by each and every node along the packet path. As this technique involves each node referencing and processing it becomes complex in analysis of networks (Alberto Leon Garcia and Indra Widjaja, 2004). Data authentication and confidentiality is very much vulnerable to inside attacks and the multi hopping makes a worse while transmitting the messages. The problem of distributing and updating cryptographic is to valid member is known as Key Management. The key management is one of the most important tasks in the cryptographic mechanisms for networks. However the sensor networks, the key management is one of the more challenging network because there may be no central authority, trusted third party, or server to manage security keys. The key management performed in the distributed way. The self organization scheme to distribute and manage the security keys proposed (Yang Xiao, 2006). This system certificates are stored and distributed to the user by themselves.
False data filtering and their analysis
This helps in protecting data from validation in WSNs. Data that is not authorized will be filtered out by the transitional nodes. Location Based Resilient Secrecy (LBRS) is the proposed scheme that identifies the problems and errors in Statistical En-route Filtering (SEF) and Interleaved Hop-by–Hop Authentication (IHA). All these methods are highly exposed to interference attacks and selective forwarding attacks (kui Ren, Wenjing Lou and Yanchao Zhang, 2008). SEF helps in detecting and dropping the false reports during the forwarding process that contains Message Authentication Codes (MAC) generated by multiple nodes (Anne-Marie Kermarrec, Luc Bouge and Thierry Priol, 2007). IHA identifies the fake reports by using interleaved authentication
2.4. Data Security Requirements in Wireless Sensor Networks (WSNs)
As wireless sensor networks usage is increasing in organizations, security should be provided for data in order operate organizations successfully. Data security in wireless sensor networks includes data authentication, data availability and data confidentiality. Data should be available for authenticated users only in order to provide security. Various data security requirements for wireless sensor networks are (Kui Ren, Wenjing Lou and Yanchao Zhang, 2008):
- Data availability
- Data Confidentiality
- Data authentication
- Data integrity
- Time synchronization
- Secure Localization
Data availability – To ensure availability of message protection in sensor network it should protect the resources or sensor nodes. Nodes in sensor networks should be guarded from unnecessary processing of messages. Avoiding unnecessary processing can reduce the energy usage so that the life time of sensor network increases. Wireless sensors are influenced by many factors like limited communication capabilities and computation. Wireless sensor networks are vulnerable to various attacks like Denial of Service attacks, node compromise attack and resource consumption attack (Shinqun Li, Tieyan Li and Xinkai Wang, 2002). Hence, in order to provide availability and security resources should be maintained effectively.
Data Confidentiality – In wireless sensor networks confidentiality can be achieved by allowing only authenticated users to access the data. In sensor networks data can be secured by using cryptographic methods. Using encryption and decryption for data allows only authenticated users to access the data. Unauthorized or third parties cannot read the original data if confidentiality is provided effectively (Chris Karlof, Naveen sastry and David Wagner, 2004). Hence to have confidentiality for data wireless sensor networks should make of encryption methods.
Data authentication – Authentication is necessary for controlling the sensor networks effectively. Data authentication in sensor networks allows the users to verify whether the data is sent from authorized resources or not. It also protects the original data from alterations. Digital signatures can be used for authentication in sensor networks (Mona Sharifnejad, Mohsen Sharifi and Mansoureh, 2007). Hence, authentication in sensor networks can be achieved with digital signature which helps in authenticating the senders.
Hence from the discussion it can be given in order to provide security data availability, authentication and confidentiality should be sustained in sensor networks.
Data integrity in sensor networks is required to check the dependability of the information and concerns to the capability, to support that message has not been corrupted, altered or changed. Even if the network has confidentiality measures, there is still a possibility that the data integrity has been compromised by alterations (Richard Zurawski, 2006). The integrity of the network will be in trouble when the malicious node present in the network throws fake data. Wireless channel cause damage or loss of data due to unstable conditions. Hence from the above it can be given the information provided by the sensor network is easily corrupted which can leads to loss of data.
Most of the sensor network applications trust on some form of time synchronization. Moreover, sensors may wish to calculate the continuous delay of a packet as it moves among two pair wise sensors. For tracking the applications a more collaborative sensor network may involve group synchronization.
The usefulness of a sensor network will trust on its ability of each sensor to accurately and mechanically locate in the network (G. Padmavathi and D. Shanmugapriya, 2009). A sensor network planned to locate faults and it need accurate fixed information in order to identify the location of a fault. In this an attacker can easily misrepresent non secured location information by giving false signal strengths and playing back signals. Hence from the above content it has discussed about the security goals that are widely available for wireless sensor networks.
2.5. Proposing Location-Aware End-to-end Data Security (LEDS)
LEDS helps in providing safety to data in a well-organized way. Security to data is provided through confidentiality, authentication and availability in LEDS. This mechanism has the ability to provide en-route filtering and end to end authentication. It makes use of key management for achieving data security. LEDS can be used either in small networks or large networks (Ed Dawson and Duncan S. Wong, 2007). LEDS splits the whole network into small cell regions and sends keys for each cell in order to provide security. Cell size of LEDS depends on the number of keys distribute and it does not support dynamic topology. Sensors helps in finding events that are occurring in network. Encryption of events is happened in networks by sensor nodes which are participating in the network. In order to encrypt the events LEDS uses the pre distributed cell keys (Abu Shohel Ahmed, 2009). Sensor nodes calculates unique share key for sensors after encrypting the data, where this is demonstrated using different sinks. Sensor nodes use authentication keys for calculating MACs. To avoid duplicate reporting each and every report is given with different MACs. A report or data validity will be checked at each and every node while broadcasting through networks in order to provide data security (Fan Ye, Hao Yang and Starsky H.Y. Wong, 2006). Hence from the above discussion it can be understood that, LEDS mechanism helps wireless sensor networks in providing end to end security. This mechanism makes use of key management in order to provide data authentication, confidentiality and availability.
The main aim of designing LEDS is to provide end to end data security through data confidentiality, authenticity and availability. LEDS has the capability of preventing false data report attacks. Brief description of the goals of designing LEDS:
Provide end-to-end data confidentiality and authenticity:
Event reports in wireless sensor networks can maintain authenticity and confidentiality if the sending nodes themselves are not compromised for data corruption. Compromised nodes may affect the neighbor node performance. Cryptographic methods are used to protect data from attackers which is collected from compromised nodes. Key management assists in providing data authenticity and confidentiality by LEDS (Jun Luo, Panos Papadimitratos and Jean-Pierre Hubaux, 2007). In LEDS key management mechanism the nodes use keys for applying cryptographic methods on data in order to provide security.
Achieve high level of assurance on data availability:
If any attack occurs on data in wireless sensor network, then it should be flexible in selecting alternative ways for forwarding the data. In order to ensure availability, networks should be able to detect and drop the duplicate reports in an efficient and deterministic manner (Kui Ren, Wenjing Lou and Yanchao Zhang, 2008). LEDS assures data availability in the networks by identifying the duplicate reports early in the networks.
Hence from the discussion it can be understood that, LEDS was designed for providing security in the wireless sensor networks. False information reports can be eliminated by using some LEDS mechanisms in networks.
2.6. Components of Location-Aware End-to-end Data Security
To provide data security, LEDS makes use of two major components:
- Location-aware key management framework.
- End-to-end data security mechanism.
LEDS provides end to end security by providing data authentication, confidentiality and availability.
2.6.1. Location-aware key management framework
As wireless sensor networks are used in wide range of applications it should be deployed correctly in order to collect data. Network planners should give a framework before organizing in order to have security to data. LEDS makes use of key management in providing framework for the sensor networks. Using Key management in LEDS exploits the static and location-aware nature of wireless sensor networks (Reihanah Safavi Naini, 2008). Key management adopts a grid structure for redistributing and examining specific properties related to designing process. For providing a light-weight and robust location aware key management framework for sensor nodes in network preloaded keys are distributed in networks. This framework can be understood through embedding location information into the keys. Framework using key management should be derived in such a way that it should provide data authentication, confidentiality and availability (Yan Zhang, Honglin Hu and Masayuki Fujise, 2006). In LEDS every sensor node computes three different types of location-aware keys for distributing purpose. A sensor node computes two unique secret keys which can be shared between a node and sink. These keys help in providing node to sink authentication. A cell key will be distributed between two nodes in the same cell. Confidentiality to data in Wireless Sensor Networks is given by distribution cell keys among network elements. A set of authentication keys can be distributed among the nodes in the network in order to provide authentication to the nodes. This distributing of keys can help sensor networks in data filtering. A Sensor node in the network computes the location-aware key independently. Key management provides basis for end to end data security (Kui Ren, Wenjing Lou and Yanchao Zhang, 2008). Key management strategies for wireless sensor network have proposed recently existing keys which are based on pre-distribution where a probabilistic access for fixing up session keys among adjacent nodes. Random key Pre-distribution schemes are dangerous to selective nodes and node replication attacks. These frequent attacks can be prohibited by the location aware key management. More challenges are to be taken by the location aware key management such as connectivity within the groups, deployment flexibility and security resilience (Xiaofang Zhou, 2006). Existing strategies need the deployment data as a priority before the deployment. This makes it very hard in major applications. Hence from the above discussion it can be concluded that, for developing a structure for WSN LEDS uses the key management technique. In this framework the safety to data is given by the distribution of keys between sensor nodes. Different location-aware keys computed from sensor nodes can provide data confidentiality, authentication and data filtering.
2.6.2 End-to-end data security mechanism
Security is the main issue in transformation of data over internet or any wired or wireless communication. Several encryption methods are implemented and deployed in organization for providing security to data. Network smart cards supports networking mainstream standards and secured protocols. Private data can be sent from smart cards to remote server by establishing a secured connection between network smart cards and trusted remote internet server. This mechanism helps in avoiding manual type for confidential information. End-to-end mechanism struggle in identifying threat mechanism that will capture the data before it is encrypted (Yuliang Zhenq, 2004). Specificdevices and protocols can be installed at the end point connection for offering end to end security. Hyper text Transfer Protocol (HTTP) connection is an example of end-to-end connection to web server where an IP security is used as end-to-end security. There is an opinion that end-to-end security mechanism provides solutions in providing security to network based systems. Wireless sensor networks usually consist of a prominent number of resource constraint sensor nodes which are distributed in neglected uncongenial surroundings, and therefore are displayed to more characters of serious insider approaches due to node cooperation. Existing security designs generally supply a step by step security prototype and are exposed to such attacks (Claude Castelluccia, 2005). Moreover, existing security designs are also exposed to several DOS attacks such as report disruption attacks and selective forwarding attacks and thus put information accessibility at stake. To overcome these exposures for major static WSNs come up with a location-aware end-to-end security framework in which secret keys are bound to geographic locations (frank Stajano , Catherine Meadows, Srdjan Capkun and Tyler more, 2007). This location alert property successfully limits the impact of settled nodes only to their locality without involving end-to-end data security. The suggested multi functional key management framework checks both node to sink and node to node authentication along with the report forwarding routes and the suggested data delivery access assures effective en-route fake data filtering, and is highly influential against DOS attacks. In end-to-end security the end points refers to connection between client and server. Providing security is the major constraint for transferring data in a secured manner. For providing end-to-end secure communication constrains components like (Michael H. Behringer, 2009)
- Identity- which helps in identification of entities at both the ends
- Protocols- to provide required security functions protocols are implemented with the help of algorithms.
- Security- the end points used by network should be provided with secured protocols and the operations implemented on the end points should be in a secured manner.
Thus from the above context it can be given that networks which uses end-to-end security mechanism provides a great security. In spite of having some potential problems end –to-end security many of the organizations are deploying this type of mechanism. End-to-end security protocols and their clarification acts as keystone in having security for the networks.
2.7. Security and performance analysis of LEDS
Location aware End to end Data security design (LEDS) function is to anticipate the security and analyze in diverse etiquette. Digital systems afford the sanctuary by means of sundry techniques. In providing the security features researchers generate innovative services for improving the recital and trustworthiness of single technique algorithm (Sam Brown, 2002). Along with security the performance, hardware and software implementations are focused, transparency of the requirements as well as performance and productivity. The factors that involves in escalating this technology are Viability, power consumption, area, complexity, Flexibility. Security analysis can be explained in three dissimilar ways (Kui Ren, Wenjing Lou and Yanchao Zhang, 2008):
- Data Confidentiality as the security strength
- Data Authenticity
- Data Availability
Data Confidentiality as the security strength:
The requirement of provide data confidentiality within the internal network can be met using the same deployment and management approaches used. Using of the data encryption standard the confidentiality of encryption could be obtained. Data Confidentiality is also used in the Marketing and Sales (John W. Ritting House and James F. Ransome, 2004). In LEDS every report is encrypted by the corresponding cell key and therefore no nodes out of the event cell could obtain its content. Node from the event cell is compromised as the attacker obtains the contents of the corresponding reports because of the data confidentiality. Scheming total network cells number of compromised nodes and portion of compromised cell were utilized. There are two ways for calculating they are Random node capture attack and selective node capture attack.
The above figure shows the data confidentiality in LEDS. One has to be clear that in compromising 40% of total cells at least 5% of the total nodes are to be compromised. Along with random node capture attacks accessible defense designs in which compromising a few hundred nodes usually compromise even in all the network communication, which specifies the dominance of the altitude in litheness.
By using diverse online techniques authenticity of data is accomplished. Significance of the data generation determines the position of the obligation (Chris Mann and Fiona Stewart, 2000). Security strength of LEDS regarding the data Authenticity is obtained by the content of legitimate reports. Attackers Tries to produce the false reports which makes the non existing event to sink. In LEDS for passing out the fake reports en-route filtering and sink verification is processed by the attacker (Paul R. Prucnal, 2005). For this the attacker has to follow the t node of event cell because of the data authenticity.
Number of the compromised nodes is increased by the effect of the data authenticity which is represented in the figure. Percentage of the compromised nodes increases with the increase of compromised nodes. As the number of compromised nodes increases quick increase in the percentage of the affected cells is also observed (Kui Ren, Wenjing Lou and Yanchao Zhang, 2008). Compromised nodes from one cell in LEDS can't be used to compromise data authenticity of other cells. Hence LEDS make increase in cost for the attacker so one has to think of the expenses in the launching attacks (Peter Stavroulakis, 2007). By being more flexible to such attacks LEDS make a momentous enhancement in stipulations of data availability, this could be obtained by the endorsement mechanism and its forwarding mechanism.
Integration of all the enforcement and monitoring data facility which is a beginning to make facility level data freely available to the public is specified as Data Availability. Data compliance and enforcement are often impossible to obtain (Henk Folmer and Tom Tietenberg, 2000). The data availability in WSN is severely affected mainly by two methods like disruption attack and selective forwarding. Security designs are highly susceptible for attacks.
Other existing security designs which compares the data availability protection is explained in the above figure about LEDS. This shows about the stretchiness of LEDS in dislocation of attacks. A compromised node can always drop all the reports going through itself in existing security designs (Kui Ren, Wenjing Lou and Yanchao Zhang, 2008). Data availability can also is explained in other terms like LEDS under selective forwarding attack and Data availability against selective forwarding attack. In LEDS it is impossible in compromising the node in preventing the report from being forwarded since every report in LEDS is forwarded to all nodes in the next cell, as they function in the same manner (Peter Stavroulakis, 2007). Hence the proposed one-to-many forwarding approach in LEDS greatly enhances data availability.
LEDS Performance analysis
Performance analysis of LEDS is evaluated by the proposed terms of storage overhead and computation and communication over heads. The systems features are divided into two categories like high performance functions and low performance functions. This evaluation makes out the best performances which are preferable (Marina Gavrilova, Edward David Moreno and C.J. Kenneth Tan, 2009).The performance analysis is divided into two types they are:
- Key storage overhead
- Computation and Communication Overheads
Key storage overhead:
Each node is stored in the form of a unique secret key which are recognized by it; as one cell key shared with all other nodes in its home cell in LEDS. Since both keys are identified by the sink, further nodes stores authentication key for each of its report auth cell (Ritu Chadha and Latha Kant, 2007). From this it could be defined that any node upstream report-auth area is a subset of the two cell wide band area. In this two cell wide band area all the possible routes extending monotonically toward the sink have at most two different choices at each step.
Computation and Communication Overheads:
During the bootstrapping period the key establishment involved efficient hash operations. The authentication keys share in cell to cell manner they will be reused for en-route filtering during the whole network. Because of restitution feature it saves superfluous working out (Kui Ren, Wenjing Lou and Yanchao Zhang, 2008). Hence it can be understood that the multi functional key management framework ensures both node to sink and node to node authentication along with report forwarding routes. By this data delivery approach guarantees efficient en-route bogus data filtering and is highly robust against DoS attacks. So by this one can estimate the LEDS Performance and security analysis by the detailed study of its procedures. Wireless sensor networks encompass edgy lot of consideration lately due to their wide applications in both military and civilian operations. WSN usually consists of a large number of ultra small but of lower cost devices. Thus they have a limited energy resources, computation, memory and communication capacities. Most security threats in this are by the sensor nodes. Attacker has to conciliation with multiple nodes to obtain their carried keying materials. Hence this type of attacks leads to severe data confidentiality compromise of WSN's.
Wireless Sensor Networks uses large number of sensors for providing security to data in the networks. These networks are very much used in many social and military applications. Wireless networks consist of small and inexpensive sensors with limited resources. Providing data confidentiality, availability and authentication helps in providing security to data. In wireless sensor networks providing end-to-end data security is very difficult task as there are different constraints for sensor networks. LEDS can offer efficient security for the networks. Problems with are identified in the traditional schemes Statistical En-route Filtering (SEF) and Interleaved Hop-by-hop Authentication (IHA) can be solved by using LEDS. LEDS is one of the major improvements over SEF and IHA. This LEDS is almost divided into several cells with the help of the concept called virtual geographic grid. By this multiple cells can efficiently connects the cell information of different sensors into all kind of symmetric secret keys possessed by the node. LEDS is very effective in providing data confidentiality and encryption. It provides a high degree of security in expense of communication and computational cost. In this project the static and location-aware nature of WSNs is exploited and LEDS framework is given to deal with vulnerabilities in existing security design. LEDS deals with end points security without disturbing the elements in network. Thus, it can be given that by using LEDS in wireless sensors network provides an efficient end-to-end data security without disturbing the other elements in the network.
Java is an object oriented programming language that allows the language designers to make the java language more powerful. It is not an operating system but java language provides APIs (Application Programming Interfaces) in depth those defined by an operating system (David Flanagan, 2005). Whenever a java program or an application is complied, it is converted into byte code which is the portable machine language of a CPU (Central Processing Unit) architecture referred as Java Virtual Machine (JVM). JVM is implemented usually in the form of software program that will interpret and execute byte codes. Java platform is a predefined set of java classes that will exist on every java installation and these classes will be available for use by all the java programs (James Gosling and Bill Joy, 2000). Hence from the above it can be stated that java platform is referred as java run time environment or core java APIs which can be further extended with optional packages called as standard extensions. Java is a portable, platform independent and interpreted language that runs almost as fast as non portable C and C++ programs. It is a robust language with built-in exception handling, strong type checking and memory management handled by JVM.
Java programmers feel that java is efficiently useful for deploying applications in java because of its features like ease of programming, built in network awareness and cross platform nature. Java's cross platform capabilities deliver audio to java enabled browsers without making use of any additional plug-in. Java based software suite brings legacy applications and information to the world wide web instead of building web integration into the existing applications and legacy systems (David Flanagan,2005). Hence it can be stated that the most important reason to use java is that most of the programmers feel it is an elegant language that is combined with well designed Application Programming Interfaces and most of the programmers enjoy programming with java. Applications in java platform can be written efficiently without sacrificing the advanced features that are useful for the programmers to write native applications that are targeted on a particular underlying operating system (Alliance, 1997). Java is widely used since the applications written in java platform can be run on any operating system that supports java platform. The java language reduces the burden for programmers relying on a particular operating system and thereby allows the programs to run on top of any operating system (James Gosling and Bill Joy, 2000). Java language allows the programmers to download the un-trusted code over the network and then run it in a secure manner so that the un-trusted code does not infect the host system with a virus and cannot read or write the files from the hard drive thereby making the java platform unique (Sun Developer Network, 2005). Hence from the above it can be understood that java programming language is a general purpose, concurrent and object oriented language that is simply designed so that most of the programmers can achieve fluency in this language. Java programming language is strongly typed and this specification will clearly distinguish compile time errors detected at compile time and those that occur at run time. It is a relatively high level language that includes automatic storage management by making use of a garbage collector for avoiding the safety problems like explicit de-allocation. Java language does not include any unsafe constructs like array accesses without index checking because such unsafe constructs will make the programs behave in an unspecified way (James Gosling and Bill Joy, 2000). Thus, it can be stated that features like platform independent, strongly typed language, monitoring and management make java a powerful tool for programming. To make the java platform more observable and supportable developers are focusing on improving the interfaces that are required by the development time tools such as debuggers and profilers as well as the interfaces that are required for production time instrumentation and monitoring (James Gosling and Bill Joy, 2000). Cross platform compatibility feature is the major part of java's appeal and this language is widely accepted since it makes the programming easier and safer. Java will squash many bugs before they occur and also languages like C# will borrow the safety features of java related to memory management (John Phillips, 2001). The features like eliminating memory pointers and checking the array limits will be essentially helpful in removing the program bugs. Garbage collector feature will relieve the programmers from maintaining the memory management and many other features will speed up the programming in java when compared to C or C++ programming (Java, 2003). Thus it can be analyzed from the above discussion that Java is essentially designed with networking in mind that comes out with many classes for developing sophisticated internet communications. Java's extensible features make java great as a language and platform.
Chapter 3 [System Requirement]
Security Using Wireless Sensor Networks
The wireless sensor network is a technology which is made from wireless communication and embedded micro-sensing technologies. This network will have many inexpensive wireless nodes, each capable of collecting, storing and processing environmental information and also communicating with the neighboring nodes. The actual wireless sensor network combines sensors, radios, and CPU's which is requires a detailed understanding of the both capabilities. The individual node must be designed to provide the set of primitives necessary to synthesize the interconnected web that will emerge as they are deployed, while meeting strict requirements of size, cost and power consumption. To map the overall system requirements down to individual device capabilities, requirements and actions this system can be used (Raghavendra C. S., Krishna M. Sivalingam and Taieb F. Znati, 2004). To make the wireless sensor network vision a reality, architecture must be developed that synthesizes the envisioned applications out of the underlying hardware capabilities.
Security needs to be critical for networks which are deployed in hostile environments, and security concerns remain a serious hurdle to widespread acceptance of these wireless networks. The wireless mobile ad hoc networks are a topology which is used in the wireless sensor networks. In mobile ad hoc networks the security issues are more challenging than those in traditional wired computer networks and the Internet. Providing security in sensor networks is even more difficult than in mobile ad hoc networks due to the resource limitations of sensor nodes (Donggang Liu and Peng Ning, 2007). The sensor networks will monitor its surrounding actives, and it is often easy to assume information other than the data monitored. Such unwanted information leakage often results in privacy breaches of the people in the environment. The wireless communication which is employed by sensor networks facilitates eavesdropping and packet injection by a challenger. These factors which demands security for sensor networks at design time to ensure operation safety, secrecy of sensitive data, and privacy for people in sensor environments (Claude Castelluccia, 2005). Security is a major aspect which needs to be discussed in a wireless sensor network. The wireless sensor networks are more susceptible to a variety of attacks, which will include node capture, physical tampering and denial of services which will report a range of fundamental challenges.
The security of the Wireless Sensor networks is vulnerable to an attack which is due to the broadcast nature of the transmission medium. The nodes are often placed in a hostile or dangerous environment where the nodes are not physically protected. Basically attacks are classified as active attacks and passive attacks which respect to the transmission medium.
Passive A ttacks
The unauthorized attackers will be monitoring and listening to the communication channel, these types of attacks are passive in nature so they are called as passive attack. These attacks are called passive because the data will only be monitored but not changed (Dr. G. Padmavathi, 2009). The one and only attack in passive attacks is attacks against privacy. In this attack the information from the sensor networks would probably be collected through direct site surveillance. The sensor networks will intensify the privacy problem because they make large volumes of data which can be easily available through remote access.
In this type of attack the unauthorized attacker will monitor, listen to and also modify the data streams in the communication channel (Yang Xiao, 2007). These attacks are more harmful then that of the passive attacks. The following are the attacks which are active in nature Routing Attacks in Sensor Networks, Denial of Service Attacks, Node Subversion, Node Malfunction, Node Outage, Physical Attacks, Message Corruption, False Node, Node Replication Attacks and Passive Information Gathering.
Routing Attacks in Sensor Network
The attacks which will affect the network layer are called as routing attacks. The routing attacks are spoofed altered and replayed routing information, selective forwarding, sinkhole attacks, Sybil attacks, wormholes attacks, and hello flood attacks. Spoofed altered and replayed routing information is an attack in which every node will act as a router which directly affects the routing information. Selective forwarding is attack in which the malicious nodes can drop selectively only certain packets. Sinkhole attack is an attack in which the traffic will be attracted to one particular node (Sophia Kaplantzis, Alistair Shilton, Nallasamy Mani and Y. Ahmet Sekercio glu, 2007). Hello flood attacks in this an attacker will send or replays a routing protocol's HELLO packets from one node to another. The most common attack that can be found in wireless sensor network is impersonation attack, in this attack the malicious node impersonates a genuine node and its identity is used for mounting the active attack such as Sybil or node replication. In this attack a single node will take multiple identities to deceive other nodes. As sensor nodes will tend to be physically unprotected, it is feasible for an attacker to capture replication and insert duplicate nodes back into selected region of the network (RocÄ±o Arroyo-Valles, Antonio G. Marques and Jesus Cid-Sueiro, 2007).
Denial of Service
Denial of service will be produced by the unintentional failure of nodes. This type of attacks is meant not only for the adversary's the attempts to subvert, disrupt or destroy the network and will also diminishes any event which will have the capability to provide a service. The physical layer denial of service will also attack jamming and tampering (Anthony D. Wood and John A. Stankovic, 2002). Whereas at link layer, collision, exhaustion and unfairness, at network layer, neglect and greed, homing, misdirection, black holes and at transport layer this attack could be performed by malicious flooding and de-synchronization.
The nodes with advanced anti-jamming techniques such as frequency- hopping spread spectrum and physical tamper proofing of nodes are generally impossible in a sensor network due to the requirements of greater design complexity and higher energy consumption. The node will generate an immense amount of data which will be inside the sensor network. Amount of raw data product of those measurements will be useful at the base station. This data is called as an aggregated data which can be attacked easily by the malevolent adversary (Chi-Fu Huang, Yu-Chee Tseng, 2003). The use of radio transmission, along with the constraints of small size, low cost, and limited energy, make WSNs more susceptible to denial-of-service attacks. Ad-hoc networking topology of WSN facilitates attackers for different types of link attacks ranging from passive eavesdropping to active interfering. Attacks on a WSN can come from all directions and target at any node leading to leaking of secret information, interfering message, impersonating nodes etc.
This attack will capture the node and information is tampered disclosure of also cryptographic keys and also will compromise the whole sensor networks. One node can be captured and all the information in that node can be obtained.
A sensor node is considered as being compromised when an attacker will attack the network by various means, gains control or access to the sensor node itself after it has been deployed. The attacks can be of two types invasive and non-invasive. The invasive is the attack will be defined as an attack where the attacker physically breaks into hardware by modifying the structure. A non-invasive attack will be defined as an attack in which the data is taken from the hardware devices itself (Javier Lopez, 2008). Complex attacks can be easily lunched from compromised nodes; this is because the subverted node is the full-fledged member of the network.
In this type of attack a situation is created that will stop the functioning of the node. In this the cluster leader will stop the functioning which will affect the sensor network protocols.
This attack will make the node generate inaccurate data that will expose the integrity of the sensor.
The sensor network will mainly work on the hostile outdoor environment in this a small from factor of the sensor will coupled with the unattended and distributed nature of the deployment. The sensor nodes are at risk by the physical capture because the communication at the node the communication is wireless, that will particularly easy to snoop on. The data at the nodes can easily be acquired by the attracters. At the nodes the attackers can easily inject the malicious messages into wireless network (Kazem Sohraby, Daniel Minoli and Taieb F. Znati, 2007). This attack will permanently destroy the network.
The content of a message will be modified by an attacker compromises its integrity.
A false node will involve the addition of a node by an adversary and causes the injection of malicious data. This might add a node to the system that feeds false data or prevents the passage of true data.
Node Replication Attacks
In this attack the attacker will add a node to an existing sensor network by copying the nodeID of an already existing node.
Passive Information Gathering
An adversary with powerful resources can collect information from the sensor networks if it is not encrypted (Fernando Boavida, Edmundo Monteiro, Saverio Mascolo and Yevgeni Kouch, 2007). An intruder with an appropriately powerful receiver and well-designed antenna can easily pick off the data stream.
Hence from the above context it can be understood that the security issues in the wireless sensor networks are due the attacks on the network. They are mainly two types of attacks passive and active attacks. The passive attack is in which the data will not change, where as in active attack the data in the network will change. The active attacks are more harmful then the passive attacks.
The securities mechanisms will actually used to detect, prevent and recover from the attacks which are caused. To solve both energy problem and security of wireless sensor network, some energy efficiency security methods have been proposed: Energy Efficient Security Protocol and Energy-Efficient Secure Pattern Based Data Aggregation. Both methods can reduce amount of energy consumption, but, energy consumption is still large because they still use cryptography methods. Thus, this paper presents energy efficient security method to solve the problems without any cryptography method. The security in the network can be provided if the system is protected from the attackers. Mainly the network system should be protected from the active attacks which will cause damage to the network (Karlof C. and D. Wagner, 2005). The damage can be limited by distinct approaches. First is by using tamper-resistant unit, in this unit each node is equipped with a tamper-resistant component which can store key data in it. By doing this the damage of capture of nodes can be limited. Second approach is aiming probabilistic security. In this approach the setting is not assume that sensor nodes are tamper resistant but will limit what an attacker gains after reading data from capturing sensor nodes. Because of the high cost, the first option will be restricted to application domains that are critical enough to be more expensive more requiring few sensors. If devices cannot be made tamper- resistant, then aim at probabilistic security (Drik Westhoff, Joao Giroa and Amardeo Samrma. 2006). In this approach, the term limited gain expresses that the attacker receives only a well-defined subset of knowledge from the wireless sensor network.
The routing attacks are an attack which will affect the network layer. The solution for routing attacks is to improve secure ad-hoc routing algorithm. A security enhanced version of Ad hoc On-demand Distance Vector protocol which is called as security-aware Ad hoc On-demand Distance Vector protocol. This is a protocol which will give satisfactory performance. This is an approach which will depend on the user-defined, application-dependent parameters which will evaluate the trust levels. The other approaches which will help in route redundancy are a property that will take the advantage. The approach which is discussed is the most applicable to general ad hoc network (Fei Hu, Jim Ziobro, Jason Tillett and Neeraj K. Sharma, 2003). Some of the features of this approach are security protocols for sensor network, Ariadne, intrusion tolerant routing protocol for wireless sensors.
In the link layer the encryption and authentication with a common symmetric key prevents most outsider attacks: adversary cannot join the topology. By using counters the replay attacks can be prevented. The attackers can forward the packets without altering encryption can make selective forwarding difficult but does nothing to a black hole attack. Each sensor node needs to efficiently authenticate its received code image before using and propagating it. Public key schemes based on elliptic curve cryptography are feasible in wireless sensor network. A hybrid mechanism that combines the speedy verification of hash schemes with the strong authenticity of public key schemes (Yang Xiao, 2006). A hash tree is computed from packetized code and its root is signed by the public key of the base station. Each sensor node can quickly authenticate the data packet as soon as it is received. They also show by simulation that the proposed secure reprogramming scheme adds only a modest amount of overhead to a conventional non-secure reprogramming scheme, Deluge, and is therefore feasible and practical in a wireless sensor network.
Some key management schemes that can be partially used for securing WSN environments even though most of those schemes are proposed for general ad hoc networks. Hybrid key-based protocols: An obvious conclusion from current research results is that a single keying protocol will not be optimal for all sensor network topologies, densities, sizes, and scenarios (Osvaldo Gervasi, 2005). Protocols such as Identity-Based Symmetric Keying and Rich Uncle have limited application until the network's routing infrastructure has been sufficiently well established. Individually other protocols such as the public-key group and pair wise keying protocols consume too much energy. For significant sensor networks, a mix of public key-based protocols, including pair wise, group keying, and distribution keying, provide an energy efficiency superior to using just a single protocol. Threshold cryptography: A solution to deal with key management in general ad hoc networks is proposed by Zhou and Hass in  and may be borrowed to WSN environments. It uses a (k, n) threshold scheme to distribute the services of the certificate authority to a set of specialized server nodes (Levente Buttyán, Virgil D. Gligor and Dirk Westhoff, 2006). Each of these nodes is capable of generating a partial certificate using their share of the certificate signing key skCA, but only by combining k such partial certificates can a valid certificate be obtained. The solution is suitable for planned, long-term ad hoc networks. However, it may not be applicable for WSN because sensor networks can lose some nodes whose energy is run out of. In addition, is based on public key encryption and thus requires that the all the nodes are capable of performing the necessary computations, which may not be feasible for energy-limited sensor nodes. Certificate repository: Hubaux et al go a step further than, by requiring each node to maintain its own certificate repository. These repositories store the public certificates that the node themselves issue, and a selected set of certificates issued by the others (John Viega, 2005).The performance is defined by the probability that any node can obtain and verify the public key of any other user, using only the local certificate repositories of the two users. The dilemma is: too many certificates in a sensor node would easily exceed their capacity, yet too few might greatly impact the performance (as previously defined) of the entire network. Fully Distributed Certificate Authority Fully Distributed Certificate Authority is first described by Luo and Lu in and later analyzed by Luo et al in Its uses a (k, n) threshold scheme to distribute an RSA certificate signing key to all nodes in the network. It also uses verifiable and proactive secret sharing mechanisms to protect against denial of service attacks and compromise of the certificate signing key. Since the service is distributed among all the nodes when they join the network, there is no need to elect or choose any specialized server nodes. Similar to the solution presented in , this solution is aimed towards planned, long-term ad hoc networks with nodes capable of public key encryption and thus could not adapt the routing changing of sensor networks.
Pebblenets: Secure Pebblenets is a distributed key management system based on symmetric encryption. The solution provides group authentication, message integrity and confidentiality. This solution is suitable for planned and distributed, that this solution can provide more practical security scheme for sensor networks. Pebblenets use only symmetric cryptography. The disadvantage is that once a node is compromised, forward secrecy is broken; therefore tamper- resistance becomes crucial. ofthreshold cryptography (Steven M. Bellovin, 2002) In addition, in pebblenets a key management server not only has to store its own key pair, but also the public keys of all the nodes in the network. The difficulty includes the storage requirement exerted on the servers which must potentially be specialized nodes in the network, and the overhead in signing and verifying routing message both in terms of computation and of communication.
Design of Security System
Wireless sensor networking is one of the most exciting and challenging research domains of this time. As technology progresses, so do the capabilities of sensor networks. Limited only by what can be technologically sensed, it is envisaged that wireless sensor networks will play an important part in our daily lives in the foreseeable future. Privy to many types of sensitive information, both sensed and distributed, there is a critical need for security in a number of applications related to this technology (David Boyle, 2008). Resulting from the continuous debate over the most effective means of securing wireless sensor networks, by considering a number of the security architectures employed, and proposed, for the security. They are presented such that the various characteristics of each protocol are easily identifiable to potential network designers, allowing a more informed decision to be made when implementing a security protocol for their intended application. Authentication is the primary focus, as the most malicious attacks on a network are the work of imposters, such as DOS attacks, packet insertion etc. Authentication can be defined as a security mechanism, whereby, the identity of a node in the network can be identified as a valid node of the network. Subsequently, data accuracy can be achieved, once the integrity of the message sender or receiver has been established then the data can be secured. Consider the current security architecture for WSNs and this is based on the principal of centralized data (Raghavendra, C. S., Krishna M. Sivalingam and Taieb F. Znati, 2004). In this Wireless Sensors Networks architecture, the measurement nodes are deployed to acquire measurements the presence of common attackers, Denial of service attacks, node compromise, impersonation attacks, and protocols specific attacks. The nodes are part of a wireless network administered by the gateway, which governs network aspects such as client authentication and data security (WSN, 2009, p.1). The gateway collects the measurement data from each node and sends it over a wired connection, typically Ethernet, to a host controller.
A Wireless Sensor Networks measurement node contains several components including the radio, battery, microcontroller, analog circuit, and sensor interface. In battery powered systems, this must make important trade-offs because higher data rates and more frequent radio use consume more power. Today, battery and power management technologies
Cite This Dissertation
To export a reference to this article please select a referencing stye below: