Literature Review Example
3. Encryption
Introductory remarks here ...
3.1 Shared Keys
One method of protecting any network against outsider
attacks is to apply a
simple key infrastructure. However, it is known that global keys provide no network
resilience and pairwise keys are not a scalable solution. A more intuitive solution is
needed here for WSNs. TinySec [25] was developed as a first attempt to
introduce security to the link layer of the TinyOS suite. This was done by
incorporating
software-based symmetric keying with low overhead requirements. Unfortunately, not
all
vulnerabilities of TinySec have been addressed, i.e., how to avoid insider attacks. In constrast, Zigbee or the 802.15.4 standard [26]
has introduced
hardware-based symmetric keying with success. Much work however needs to be done to
this standard before all the security measures it applies can actually be considered
secure.
Some researchers are investigating the possible use of
public cryptography to
create secure keys during network deployment and maintenance phases [27]. This
concept has opened an unchartered territory for the sensor network cryptographic
infrastructure. Extensive research is also being conducted on topics
such as
key storage & key distribution [28], key maintenance [29] and shared key pools [30].
3.2 Secure Groups
Since sensor nodes are required to group themselves in order to fulfil a
particular task, it is necessary that the group members communicate securing between
each other, despite the fact that global security may also be in use. Sadly, secure
grouping has not been intensively researched in the past and only a few resource
intensive solutions exist. Exceptions are the solutions where more powerful nodes are
in charge of protecting the members of static groups [31], [32]. Such solutions would
nicely compliment the dominance of cluster based protocols such as LEACH [12],PEGASIS
[33] and BCDCP [34].
3.3 Data Aggregation
In order to reduce
overhead costs and network traffic, sensor nodes aggregate measurements before
sending them to the base station. Such data is particularly enticing to an attacker.
An adversary with control over an aggregating node can choose to ignore reports or
produce false reports, affecting the credibility of the generated data and hence the
network as a whole. The main aim in this area is to use resilient functions, that will
be able to discover and report forged reports through demonstrating the authenticity
of the data somehow. Wagner [35] established a technique in which the
aggregator
uses Merkle hash trees to create proof of its neighbours data, which in turn is used to
verify the purity of the collected data to the base station. Another approach [36]
takes advantage of the network density by using the aggregators neighbours as
witnesses. It is also possible to reduce the amount of traffic
heading to the base
station by using bloom filters to filter out the false aggregations [37].
Improvements
still need to be made in this area, such as minimising the amount of negotiation data
generated by interactive algorithms.
3.4 Secure Protocols
The main challenge in this
area of research, is to discover new protection techniques that can be applied to
existing routing protocols, without forfeiting connectivity, coverage or
scalability. Perrig et al [38] made the first attempt to
design a secure protocols
for sensor networks. This protocol also known as SPINS: (Security protocols in Sensor
Networks) provides data authentication, replay protection, semantic security and low
overhead. This work has in turn been used to secure cluster based protocols such as
LEACH [39]. Karlof and Wagner [15] have provided an extensive
analysis on the
routing vulnerabilities of WSNs and possible countermeasures (see Sections 1.5 - 1.6).
According to their study, common sensor network protocols are vulnerable due to their
simplicity and hence security should be built into these protocols during design time.
In particular, their study targets TinyOs beaconing, directed diffusion and
geographic routing. Although this study is the basis for much of the research to
follow, the attacks they focus on are still theoretical and have not been implemented
practically on any type of hardware. This research has been furthered by Mun and
Shin [40], who suggest countermeasures for routing attacks that establish trust
relationships between nodes and authenticate sent packets whilst checking node
bidirectionality. Other researchers have focused on developing techniques
that target specific attacks such as DoS [2] and the Sybil attack [41]. In contrast,
Undercoffer et al [42] moved away from routing information and looked at the
application layer in order to detect and correct aberrant node behaviour.
3.5 Intrusion Detection Systems
Intrusion Detection Systems (IDSs) are auditory systems,
that are able to
query the status of the network by receiving information about internal events. They
operate by gathering and analysing audit data in order to detect attacks and apply the
correct countermeasures, thus constituting a second line of defense. In contrast to the
techniques presented above, IDSs are
able to identify both insider attacks and outsiderattacks occurring on a network (see
Section 1.7.1). Brutch and Ko [43] have surveyed the challenges in
intrusion
detection for wireless ad hoc networks and have proposed watchdog, control messages,
neighbourhood watch and anomaly detection as possible solutions to dynamic source
routing attacks. It would be interesting to see how these techniques would perform on
the further resource restricted WSNs. Since it is impossible for every node to have a
full powered IDS agent due to resource limitations, the basic problem in this area is
how to distribute the intrusion detection agents and their tasks in the network. Anjum
et al [44] have used graph theory in order to optimally place the intrusion detection
modules around the sensor network. Agah et al [45] proved that game theory
techniques
[23] can be applied as a defense technique which will outperform intrusion detection
techniques based on intuitive metrics, i.e., traffic loads and Markov
decision processes. Anjum, Subhadrabandhu and Sarkar [46] have focused on
signature
based intrusion detection techniques and found that this technique generates better
results when coupled with proactive routing algorithms rather than reactive ones. Loo
et al [47] have focused on using clustering algorithms and anomaly detection to detect
aberrant behaviour. Su et al [32] have researched how to apply intrusion detection
techniques in clusterbased networks, by making nodes aware of packet forwarding
misbehaviour of their neighbours and by collectively monitoring the cluster heads. In a
totally different perspective from the intrusion detection norm that is
being established in this field, Doumit and Agrawal [48] experimented with using
trends in the aggregated data and letting the sensor network adapt to the norm of the
dynamics in its natural environment. In a similar fashion, the literature includes
partial solutions that check the integrity of the nodes such as code attestation [49]
and health monitor-ing [50]. Finally, Kreibich and Crowroft [51] have described a
system for automating attack signature generation that eliminates the costly procedure
of audit data analysis on wired networks. On the same note, Han et al [52] discuss
using data mining aided methods to to generate Signature Discovery systems. These
techniques may be extended to provide efficient misuse detection on WSNs. Interesting
results in terms of energy efficiency and detection accuracy may well be produced by
combining some of the above aforementioned techniques into hybrid entities. The
point to remember here is that intrusion detection solutions based on commercial IDSs
will not be effective for pure WSNs.
Extract from Security Models for
Wireless Sensor Networks