Literature Survey Example

3. Encryption

Introductory remarks here ...

3.1 Shared Keys

One method of protecting any network against outsider attacks is to apply a simple key infrastructure. However, it is known that global keys provide no network resilience and pairwise keys are not a scalable solution. A more intuitive solution is needed here for WSNs. TinySec [25] was developed as a first attempt to introduce security to the link layer of the TinyOS suite. This was done by incorporating software-based symmetric keying with low overhead requirements. Unfortunately, not all vulnerabilities of TinySec have been addressed, i.e., how to avoid insider attacks. In constrast, Zigbee or the 802.15.4 standard [26] has introduced hardware-based symmetric keying with success. Much work however needs to be done to this standard before all the security measures it applies can actually be considered secure. Some researchers are investigating the possible use of public cryptography to create secure keys during network deployment and maintenance phases [27]. This concept has opened an unchartered territory for the sensor network cryptographic infrastructure. Extensive research is also being conducted on topics such as key storage & key distribution [28], key maintenance [29] and shared key pools [30].

3.2 Secure Groups

Since sensor nodes are required to group themselves in order to fulfil a particular task, it is necessary that the group members communicate securing between each other, despite the fact that global security may also be in use. Sadly, secure grouping has not been intensively researched in the past and only a few resource intensive solutions exist. Exceptions are the solutions where more powerful nodes are in charge of protecting the members of static groups [31], [32]. Such solutions would nicely compliment the dominance of cluster based protocols such as LEACH [12],PEGASIS [33] and BCDCP [34].

3.3 Data Aggregation

In order to reduce overhead costs and network traffic, sensor nodes aggregate measurements before sending them to the base station. Such data is particularly enticing to an attacker. An adversary with control over an aggregating node can choose to ignore reports or produce false reports, affecting the credibility of the generated data and hence the network as a whole. The main aim in this area is to use resilient functions, that will be able to discover and report forged reports through demonstrating the authenticity of the data somehow. Wagner [35] established a technique in which the aggregator uses Merkle hash trees to create proof of its neighbours data, which in turn is used to verify the purity of the collected data to the base station. Another approach [36] takes advantage of the network density by using the aggregators neighbours as witnesses. It is also possible to reduce the amount of traffic heading to the base station by using bloom filters to filter out the false aggregations [37]. Improvements still need to be made in this area, such as minimising the amount of negotiation data generated by interactive algorithms.

3.4 Secure Protocols

The main challenge in this area of research, is to discover new protection techniques that can be applied to existing routing protocols, without forfeiting connectivity, coverage or scalability. Perrig et al [38] made the first attempt to design a secure protocols for sensor networks. This protocol also known as SPINS: (Security protocols in Sensor Networks) provides data authentication, replay protection, semantic security and low overhead. This work has in turn been used to secure cluster based protocols such as LEACH [39]. Karlof and Wagner [15] have provided an extensive analysis on the routing vulnerabilities of WSNs and possible countermeasures (see Sections 1.5 - 1.6). According to their study, common sensor network protocols are vulnerable due to their simplicity and hence security should be built into these protocols during design time. In particular, their study targets TinyOs beaconing, directed diffusion and geographic routing. Although this study is the basis for much of the research to follow, the attacks they focus on are still theoretical and have not been implemented practically on any type of hardware. This research has been furthered by Mun and Shin [40], who suggest countermeasures for routing attacks that establish trust relationships between nodes and authenticate sent packets whilst checking node bidirectionality. Other researchers have focused on developing techniques that target specific attacks such as DoS [2] and the Sybil attack [41]. In contrast, Undercoffer et al [42] moved away from routing information and looked at the application layer in order to detect and correct aberrant node behaviour.

3.5 Intrusion Detection Systems

Intrusion Detection Systems (IDSs) are auditory systems, that are able to query the status of the network by receiving information about internal events. They operate by gathering and analysing audit data in order to detect attacks and apply the correct countermeasures, thus constituting a second line of defense. In contrast to the techniques presented above, IDSs are able to identify both insider attacks and outsiderattacks occurring on a network (see Section 1.7.1). Brutch and Ko [43] have surveyed the challenges in intrusion detection for wireless ad hoc networks and have proposed watchdog, control messages, neighbourhood watch and anomaly detection as possible solutions to dynamic source routing attacks. It would be interesting to see how these techniques would perform on the further resource restricted WSNs. Since it is impossible for every node to have a full powered IDS agent due to resource limitations, the basic problem in this area is how to distribute the intrusion detection agents and their tasks in the network. Anjum et al [44] have used graph theory in order to optimally place the intrusion detection modules around the sensor network. Agah et al [45] proved that game theory techniques [23] can be applied as a defense technique which will outperform intrusion detection techniques based on intuitive metrics, i.e., traffic loads and Markov decision processes. Anjum, Subhadrabandhu and Sarkar [46] have focused on signature based intrusion detection techniques and found that this technique generates better results when coupled with proactive routing algorithms rather than reactive ones. Loo et al [47] have focused on using clustering algorithms and anomaly detection to detect aberrant behaviour. Su et al [32] have researched how to apply intrusion detection techniques in clusterbased networks, by making nodes aware of packet forwarding misbehaviour of their neighbours and by collectively monitoring the cluster heads. In a totally different perspective from the intrusion detection norm that is being established in this field, Doumit and Agrawal [48] experimented with using trends in the aggregated data and letting the sensor network adapt to the norm of the dynamics in its natural environment. In a similar fashion, the literature includes partial solutions that check the integrity of the nodes such as code attestation [49] and health monitor-ing [50]. Finally, Kreibich and Crowroft [51] have described a system for automating attack signature generation that eliminates the costly procedure of audit data analysis on wired networks. On the same note, Han et al [52] discuss using data mining aided methods to to generate Signature Discovery systems. These techniques may be extended to provide efficient misuse detection on WSNs. Interesting results in terms of energy efficiency and detection accuracy may well be produced by combining some of the above aforementioned techniques into hybrid entities. The point to remember here is that intrusion detection solutions based on commercial IDSs will not be effective for pure WSNs.

Extract from Security Models for Wireless Sensor Networks