Security Patterns in Wireless Sensor Networks By Y. Serge Joseph October 8 th, 2009 Part I

Introduction Wireless sensor networks provide ideal and low cost solution to real life application. But their limitations in term of hardware, low energy and processing power make it difficult to implement a security layer using the traditional computer security model. In this presentation, we describe the security architecture of a sensor node, the topology of a model sensor network, and propose the appropriate security patterns.

Introduction (continued) Today we mainly focus on paterns for network based Intrusion Detection System (IDS) and Denial of Service attack of which we provide the appropriate defense mechanism to protect the system. In a future presentation we will create patterns for additional components of wireless sensor networks.

A Wireless Sensor Consists of a microcontroller, a dual power source, a microcontroller, a Digital to analog controller, a transmitter (transmit/receive). Power Source (1) microcontroller DAC Transmitter Sensor Power Source (2)

The Wireless Sensor network The wireless sensor network we are using to build the security patterns Consists of the following: --- Two gateway nodes to route data to the access points. In the event that one gateway fails the other takes over. --- The member stations belong to the same network --- A repository of data at the base station to store the collected data. --- Two Access Points (AP) for redundancy. The APs collects the incoming data from the gateway nodes. The related network diagram is shown in the next slide:

A wireless sensor network

Area of Security Concern in the Network The wireless sensor nodes The two Gateway nodes The two access points Incoming broadcast messages from the Local Area Network of the based station The physical protection of the sensors out in the field Before we proceed we are looking at the constraints of a wireless sensor network in the next few slides.

constraints Limitation of memory storage space and CPU processing power. This is a challenge to programmers and developers. The code must be customized for the sensor node while taking into consideration the resources available. Limited energy requirement - Battery life may need the life of the sensor. - Physical presence to recharge battery and perform maintenance as necessary - Example: Deploying a sensor network on enemy territory. It is a challenge to visit the site and recharge the battery.

Constraints Additional intelligence such as cryptographic algorithm requires more energy consumption. It adds more load to the CPU. Thus the lack of planning in Energy can be a security threat

Constraints The nodes are using a broadcast transmission medium which is prone to conflict, collision, signal attenuation to remote node and low transfer rate. Another challenge is latency to achieve synchronization among nodes based on the density of the network.

Constraints sensor network is prone to physical attack There is also the notion of remote management and physical maintenance. You upgrade the firmware, but you need to upgrade the batteries nodes located behind enemy lines. - Next Slide: Denial of Service (DOS) and defensive measures.

Denial of Service Attack and defense Context -Each node in the network above broadcast insecure or secure packets to the gateway nodes.

Problem The physical of the Sensor can be jammed The data link layer can experience collision The network layer may route data to the wrong node The transport layer may be overflowed with packets Resolving all the Denial of Service at each layer is costly in term of CPU clock cycles and energy requirement. We are seeking a partial solution at the key layers.

Solution Since we are dealing with limited resources, three layers can be secured in the network: physical, network and transport. Design efficient algorithm to protect the physical layer. Jammed nodes should flag the rest of the network to find alternate routes. Since the node is unusable, they can go to sleep if they identify the foreign nodes as an attacker. Encrypt the data and perform error correction at the network layer for each node. Authenticate incoming node before accepting packet

Example The two nodes in the incoming class diagram create a secure channel before using the broadcasting transmission medium

Class diagram

Sequence Diagram for DOS Attack and Defense

Intrusion Detection and Prevention Context Local nodes exchange data using the broadcasting transmission medium

Problem A foreign node can infiltrate the network, pretending to be a local node The Sensor nodes don’t have enough resources to implement a host based IDS system The traditional network based IDS does not apply. Its algorithm is inefficient

Solution Implement a Local IDS (LIDS) system on each sensor node Each node has the ability to learn about its local network, and upon detection of a foreign node infiltration, notifies the rest of the sensor network Provide an efficient algorithm that requires minimal processing power [1,3,4].

Class Diagram for Intrusion Detection and Defense

Sequence Diagram for IDS and Defense

Gateway Nodes Context Two Gateway Nodes collect data from the network for delivery to Access Points which in turn pass it to the base station.

Problem Gateway nodes may be congested and overloaded with packets Occurrence of low Data transfer rate is a threat, for all the nodes traffic in our example go to the Gateway nodes Keep only one Gateway sensor node active while the other is asleep to conserve energy Wake up (wake on LAN) the backup Gateway sensor node upon failure of the primary node.

Solution to IDS at the Gateway The Gateway nodes have more processing power, and higher transfer rate. In the event that the active gateway is down, the sending node can wake up the sleeping node to become a receiving node.

Securing the access point Context The access points are the middlemen between the Gateway node and the base station located in the Local Area Network. They receive packets which they forward to the base station

Problem Access point configuration is not predefined Attacker may be intercept packets posing to be a sensor node Security protocol in the access point must be compatible with the Gateway sensor node so they can create a secure channel Access point may allow garbage data from the Local Area Network in the base station to the sensor network.

Solution Define a configuration mechanism for each access point. Access Points Should have good defense for IDS and DOS Gateway sensor node and access point should create a secure channel as shown in the DOS sequence diagram above broadcast data should be blocked so it does not overflow the gateway sensor node

Conclusion We create a security patterns for a denial of service and Intrusion detection attack and we apply a defense mechanism for each attack. We focus on the sensor node, the two gateway nodes and the two access points. We also create a redundant network which can add a cost to the wireless sensor network.

Reference 1. Security in Distributed, Grid, and Pervasive Computing Yang Xiao,(Eds.) pp Auerbach Publications, CRC Press 2. P. Albers and O. Camp. Security in ad hoc networks: A general intrusion detection architecture enhancing trust based approaches. In First International Workshop on Wireless Information Systems, 4th International Conference on Enterprise Information Systems, P. Brutch and C. Ko. Challenges in intrusion detection for wireless ad-hoc networks. In 2003 Symposium on Applications and the Internet Workshops (SAINT’03 Workshops), 2003

Reference (Continued) 4 content/uploads/2009/09/DissertationProp osal ppthttp://security.ceecs.fau.edu/wp- content/uploads/2009/09/DissertationProp osal ppt 5. content/uploads/2009/09/WSN- Presentation-1.ppt