Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Patterns in Wireless Sensor Networks By Y. Serge Joseph October 8 th, 2009 Part I.

Published bySharon Caldwell Modified over 8 years ago

Similar presentations

Presentation on theme: "Security Patterns in Wireless Sensor Networks By Y. Serge Joseph October 8 th, 2009 Part I."— Presentation transcript:

1 Security Patterns in Wireless Sensor Networks By Y. Serge Joseph October 8 th, 2009 Part I

2 Introduction Wireless sensor networks provide ideal and low cost solution to real life application. But their limitations in term of hardware, low energy and processing power make it difficult to implement a security layer using the traditional computer security model. In this presentation, we describe the security architecture of a sensor node, the topology of a model sensor network, and propose the appropriate security patterns.

3 Introduction (continued) Today we mainly focus on paterns for network based Intrusion Detection System (IDS) and Denial of Service attack of which we provide the appropriate defense mechanism to protect the system. In a future presentation we will create patterns for additional components of wireless sensor networks.

4 A Wireless Sensor Consists of a microcontroller, a dual power source, a microcontroller, a Digital to analog controller, a transmitter (transmit/receive). Power Source (1) microcontroller DAC Transmitter Sensor Power Source (2)

5 The Wireless Sensor network The wireless sensor network we are using to build the security patterns Consists of the following: --- Two gateway nodes to route data to the access points. In the event that one gateway fails the other takes over. --- The member stations belong to the same network --- A repository of data at the base station to store the collected data. --- Two Access Points (AP) for redundancy. The APs collects the incoming data from the gateway nodes. The related network diagram is shown in the next slide:

6 A wireless sensor network

7 Area of Security Concern in the Network The wireless sensor nodes The two Gateway nodes The two access points Incoming broadcast messages from the Local Area Network of the based station The physical protection of the sensors out in the field Before we proceed we are looking at the constraints of a wireless sensor network in the next few slides.

8 constraints Limitation of memory storage space and CPU processing power. This is a challenge to programmers and developers. The code must be customized for the sensor node while taking into consideration the resources available. Limited energy requirement - Battery life may need the life of the sensor. - Physical presence to recharge battery and perform maintenance as necessary - Example: Deploying a sensor network on enemy territory. It is a challenge to visit the site and recharge the battery.

9 Constraints Additional intelligence such as cryptographic algorithm requires more energy consumption. It adds more load to the CPU. Thus the lack of planning in Energy can be a security threat

10 Constraints The nodes are using a broadcast transmission medium which is prone to conflict, collision, signal attenuation to remote node and low transfer rate. Another challenge is latency to achieve synchronization among nodes based on the density of the network.

11 Constraints sensor network is prone to physical attack There is also the notion of remote management and physical maintenance. You upgrade the firmware, but you need to upgrade the batteries nodes located behind enemy lines. - Next Slide: Denial of Service (DOS) and defensive measures.

12 Denial of Service Attack and defense Context -Each node in the network above broadcast insecure or secure packets to the gateway nodes.

13 Problem The physical of the Sensor can be jammed The data link layer can experience collision The network layer may route data to the wrong node The transport layer may be overflowed with packets Resolving all the Denial of Service at each layer is costly in term of CPU clock cycles and energy requirement. We are seeking a partial solution at the key layers.

14 Solution Since we are dealing with limited resources, three layers can be secured in the network: physical, network and transport. Design efficient algorithm to protect the physical layer. Jammed nodes should flag the rest of the network to find alternate routes. Since the node is unusable, they can go to sleep if they identify the foreign nodes as an attacker. Encrypt the data and perform error correction at the network layer for each node. Authenticate incoming node before accepting packet

15 Example The two nodes in the incoming class diagram create a secure channel before using the broadcasting transmission medium

16 Class diagram

17 Sequence Diagram for DOS Attack and Defense

18 Intrusion Detection and Prevention Context Local nodes exchange data using the broadcasting transmission medium

19 Problem A foreign node can infiltrate the network, pretending to be a local node The Sensor nodes don’t have enough resources to implement a host based IDS system The traditional network based IDS does not apply. Its algorithm is inefficient

20 Solution Implement a Local IDS (LIDS) system on each sensor node Each node has the ability to learn about its local network, and upon detection of a foreign node infiltration, notifies the rest of the sensor network Provide an efficient algorithm that requires minimal processing power [1,3,4].

21 Class Diagram for Intrusion Detection and Defense

22 Sequence Diagram for IDS and Defense

23 Gateway Nodes Context Two Gateway Nodes collect data from the network for delivery to Access Points which in turn pass it to the base station.

24 Problem Gateway nodes may be congested and overloaded with packets Occurrence of low Data transfer rate is a threat, for all the nodes traffic in our example go to the Gateway nodes Keep only one Gateway sensor node active while the other is asleep to conserve energy Wake up (wake on LAN) the backup Gateway sensor node upon failure of the primary node.

25 Solution to IDS at the Gateway The Gateway nodes have more processing power, and higher transfer rate. In the event that the active gateway is down, the sending node can wake up the sleeping node to become a receiving node.

26 Securing the access point Context The access points are the middlemen between the Gateway node and the base station located in the Local Area Network. They receive packets which they forward to the base station

27 Problem Access point configuration is not predefined Attacker may be intercept packets posing to be a sensor node Security protocol in the access point must be compatible with the Gateway sensor node so they can create a secure channel Access point may allow garbage data from the Local Area Network in the base station to the sensor network.

28 Solution Define a configuration mechanism for each access point. Access Points Should have good defense for IDS and DOS Gateway sensor node and access point should create a secure channel as shown in the DOS sequence diagram above broadcast data should be blocked so it does not overflow the gateway sensor node

29 Conclusion We create a security patterns for a denial of service and Intrusion detection attack and we apply a defense mechanism for each attack. We focus on the sensor node, the two gateway nodes and the two access points. We also create a redundant network which can add a cost to the wireless sensor network.

30 Reference 1. Security in Distributed, Grid, and Pervasive Computing Yang Xiao,(Eds.) pp. 2006 Auerbach Publications, CRC Press 2. P. Albers and O. Camp. Security in ad hoc networks: A general intrusion detection architecture enhancing trust based approaches. In First International Workshop on Wireless Information Systems, 4th International Conference on Enterprise Information Systems, 2002. 3. P. Brutch and C. Ko. Challenges in intrusion detection for wireless ad-hoc networks. In 2003 Symposium on Applications and the Internet Workshops (SAINT’03 Workshops), 2003

31 Reference (Continued) 4 http://security.ceecs.fau.edu/wp- content/uploads/2009/09/DissertationProp osal042805.ppthttp://security.ceecs.fau.edu/wp- content/uploads/2009/09/DissertationProp osal042805.ppt 5. http://security.ceecs.fau.edu/wp- content/uploads/2009/09/WSN- Presentation-1.ppt

Download ppt "Security Patterns in Wireless Sensor Networks By Y. Serge Joseph October 8 th, 2009 Part I."

Similar presentations

Energy-efficient distributed algorithms for wireless ad hoc networks Ramki Gummadi (MIT)

Energy-efficient distributed algorithms for wireless ad hoc networks Ramki Gummadi (MIT)
Chris Karlof and David Wagner

Chris Karlof and David Wagner
Security in Mobile Ad Hoc Networks

Security in Mobile Ad Hoc Networks
Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
SELF-ORGANIZING MEDIA ACCESS MECHANISM OF A WIRELESS SENSOR NETWORK AHM QUAMRUZZAMAN.

SELF-ORGANIZING MEDIA ACCESS MECHANISM OF A WIRELESS SENSOR NETWORK AHM QUAMRUZZAMAN.
Denial of Service in Sensor Networks Szymon Olesiak.

Denial of Service in Sensor Networks Szymon Olesiak.
Decentralized Reactive Clustering in Sensor Networks Yingyue Xu April 26, 2015.

Decentralized Reactive Clustering in Sensor Networks Yingyue Xu April 26, 2015.
DENIAL OF SERVICE IN SENSOR NETWORKS Pratik Zirpe Instructor – Dr. T. Andrew Yang.

DENIAL OF SERVICE IN SENSOR NETWORKS Pratik Zirpe Instructor – Dr. T. Andrew Yang.
A Distributed Security Framework for Heterogeneous Wireless Sensor Networks Presented by Drew Wichmann Paper by Himali Saxena, Chunyu Ai, Marco Valero,

A Distributed Security Framework for Heterogeneous Wireless Sensor Networks Presented by Drew Wichmann Paper by Himali Saxena, Chunyu Ai, Marco Valero,
Introduction to Wireless Sensor Networks

Introduction to Wireless Sensor Networks
S-MAC Sensor Medium Access Control Protocol An Energy Efficient MAC protocol for Wireless Sensor Networks.

S-MAC Sensor Medium Access Control Protocol An Energy Efficient MAC protocol for Wireless Sensor Networks.
Improving TCP Performance over Mobile Ad Hoc Networks by Exploiting Cross- Layer Information Awareness Xin Yu Department Of Computer Science New York University,

Improving TCP Performance over Mobile Ad Hoc Networks by Exploiting Cross- Layer Information Awareness Xin Yu Department Of Computer Science New York University,
Introduction to Sensor Networks Rabie A. Ramadan, PhD Cairo University 4.

Introduction to Sensor Networks Rabie A. Ramadan, PhD Cairo University 4.
Chapter 1 – Introduction

Chapter 1 – Introduction
1-1 CMPE 259 Sensor Networks Katia Obraczka Winter 2005 Security.

1-1 CMPE 259 Sensor Networks Katia Obraczka Winter 2005 Security.
Security Issues In Sensor Networks By Priya Palanivelu.

Security Issues In Sensor Networks By Priya Palanivelu.
Adaptive Security for Wireless Sensor Networks Master Thesis – June 2006.

Adaptive Security for Wireless Sensor Networks Master Thesis – June 2006.
Design of Efficient and Secure Multiple Wireless Mesh Network Speaker: Hsien-Pang Tsai Teacher: Kai-Wei Ke Date: 2005/06/28.

Design of Efficient and Secure Multiple Wireless Mesh Network Speaker: Hsien-Pang Tsai Teacher: Kai-Wei Ke Date: 2005/06/28.
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.

Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.
Delay Tolerant Networking Gareth Ferneyhough UNR CSE Department 4-19-2010.

Delay Tolerant Networking Gareth Ferneyhough UNR CSE Department

Similar presentations

Ads by Google