As the costs decrease and the capabilities increase, radio frequency identification (RFID) devices are becoming more and more prolific. These miniature devices are being used to develop wireless sensor networks to track and report a wide variety of information types. RFID based sensor networks are a technology with the potential to greatly increase efficiencies across many industries. For example, a March 2005 Federal Trade Commission workshop report described the following potential uses for RFID sensor networks:
“In a clothing store, each particular suit jacket, including its style, color, and size, can be identified electronically. In a pharmacy, a druggist can fill a prescription from a bottle bearing an RFID- chipped label confirming the authenticity of its contents. On the highway, cars with RFID tags on their windshields can move swiftly through highway tollbooths, saving time and reducing traffic congestion. At home, pets can be implanted with chips so that lost animals can be identified and returned to their owners more readily.” (Radio Frequency Identification: Applications and Implications for Consumers, 2005)
However, there are also important security concerns associated with the deployment of wireless sensor networks and the transmission of data. Due to their broadcast nature, wireless networks are susceptible to a wider range of attacks than wired networks. (Law, et al., 2009) In addition, wireless sensor networks have limited resources that make them vulnerable to attacks that seek to deplete the sensor’s power supply (usually a battery). (Pietro, Mancini, & Mei, 2006)
Background on Wireless Sensor Networks
Wireless sensor networks are comprised of several components. The primary component is the sensor, which is a self-contained, miniature device that is capable of participating in self-organizing, ad-hoc wireless networks. Sensors may incorporate various sensing devices such as humidity, temperature, or shock detectors. Sensors are capable of running small programs and storing data. Periodically, sensors will transmit collected information to a data sink, also known as a sink. The sink is a device that aggregates data from many sensors. Sinks may participate in separate ad-hoc or structured networks and will typically transmit the aggregate information to computers where the information is processed and analyzed. (Mahdy, 2008)
Threats and Vulnerabilities
A wireless network is, by its nature, a broadcast medium. Wireless networks are vulnerable to a broader range of security threats than networks with physical media. Jamming attacks are a significant threat to wireless sensor networks. (Law, et al., 2009) In the case of wireless sensor networks, where the sensors are randomly distributed and often unattended and unsecured, additional physical threats to the individual sensors and the network become apparent. The insertion of false nodes and injection of spurious data is another area of significant threat to wireless sensor networks. (Zhang, Yu, & Ning, 2008)
Denial of service and jamming
In the 2005 article, “The Feasibility of Launching and Detecting Jamming Attacks in Wireless Networks,” Xu et al describe four models for jamming attacks: the constant, deceptive, random, and reactive. (Xu, Trappe, Zhang, & Wood, 2005) The constant jammer “continually emits a radio signal.” (Xu, et al., 2005) Unlike the constant jammer, who continuously transmits, the deceptive jammer carefully crafts the transmission to keep the victim in a receive state. (Xu, et al., 2005) The random jammer alternates between jamming and sleeping to try to balance the attack and energy consumption. (Xu, et al., 2005) The final attack mode described by Xu et al is the reactive jammer, who attempts to disrupt communication channels only when they are needed by the sensors. (Xu, et al., 2005) Xu et al also describe techniques for detecting jamming attacks.
Law et al extend the analysis performed by Xu et al by further investigating and developing the random jammer attack model. (Law, et al., 2009) The constant, deceptive, and reactive jammers are effective attackers, in that they can reduce a network’s available channels to nearly zero bandwidth. (Law, et al., 2009) However, these attack modes are highly energy inefficient. Law et al explore methods for making the random attack mode energy efficient. (Law, et al., 2009) The authors evaluate the refined jamming attack by simulating with three different, common media access control (MAC) protocols. Law et al conclude that all three protocols are susceptible to the refined attack strategy and infer that most MAC protocols would be vulnerable. (Law, et al., 2009)
False data injection and false sensor insertion
Wireless sensor networks are typically deployed unattended and unsecured. For example, Kong et al describe networks distributed at sea to detect submarines. (Kong, et al., 2005) One can envision a submarine seeking to evade detection by these networks capturing, compromising, and redeploying sensors to cause confusion or deploying hostile sensors that inject false data. Zhang et al describe the potential for captured or malicious nodes to present a challenge to wireless sensor network implementation and management. (Zhang, et al., 2008)
Securing Wireless Sensor Networks
Jamming and denial of service attacks are a serious threat to wireless sensor networks. As shown by Law et al and Xu et al, attackers with ample energy resources have a strong likelihood for harming the utility of the network. (Law, et al., 2009; Xu, et al., 2005) Capture and compromise of valid sensor nodes or insertion of malicious nodes also pose a serious threat to wireless sensor networks’ functionality. (Zhang, et al., 2008) Authentication, encryption, and intrusion detection schemes exist that help mitigate the threats and vulnerabilities associated with wireless sensor networks. Roman and his co-authors present a survey of security primitives and their usability with leading sensor node implementations. (Roman, Alcaraz, & Lopez, 2007)
Requiring sensors to authenticate prior to participating in the network is a fundamental method for protecting against false data injection and fraudulent sensor nodes. As Perrig et al describe in their 2004 review of wireless sensor network security challenges, current systems employ some form of key based authentication scheme. (Perrig, Stankovic, & Wagner, 2004) Perrig and his co-authors indicate that current research demonstrates that secure authentication can be performed without sacrificing the efficiencies required for sensors to operate on limited resources. (Perrig, et al., 2004)
Chang and Shin’s proposal for a distributed authentication system includes provisions for sensor nodes to evict network participants that are identified as malicious. (Chang & Shin, 2008) Chang and Shin’s work to incorporate a distributed authentication system extends upon previous work by Park and Shin to implement a secure authentication system for wireless sensor networks that includes the ability to detect software tampering. (Chang & Shin, 2008)
Encryption, aggregation, and routing
Authentication helps ensure only authorized sensors communicate using the network’s channels. Encryption, aggregation, and secure routing help protect against eavesdropping and misdirection based attacks. As a general design principle, an individual sensor’s data is not essential, as neighbor sensors can provide supplementary data in cases of tampering or other damage. Due to this design principle, aggregation of data can be used to make transmission more efficient. However, aggregation enables a greater susceptibility to falsified data being injected. (Chang & Shin, 2008) Chang and Shin’s 2008 article proposes a secure, hop-by-hop aggregation and encryption protocol to prevent and detect false data injection. (Chang & Shin, 2008)
Castelluccia et al propose an alternate encryption and aggregation scheme that ensures that a sensor’s data is encrypted and unreadable by other sensor’s, which differs from the hop-by-hop encryption. (Castelluccia, Chan, Mykletun, & Tsudik, 2009)
With aggregated data transmission, an attacker may disrupt the transmission of sensor data to the sink by interfering with the routes travelled amongst the networked nodes. Yu and Guan propose a method for filtering data transmissions en-route to facilitate identifying data that has been tampered with and eliminate said data from the network. (Yu & Guan, 2005) The article, “Countering DoS Attacks with Stateless Multipath Overlays,” by Stavrou and Keromytis proposes a “stateless spread-spectrum paradigm to create per- packet path diversity between each pair of end-nodes.” (Stavrou & Keromytis, 2005) With a diversified path, the network is less vulnerable. Mahdy suggests that a clustering architecture may provide protection for route-based attacks. (Mahdy, 2008)
The ability to detect tampering or insertion of malicious nodes is clearly important for wireless sensor networks due to their ad-hoc, unattended deployments. Law et al identify intrusion detection as a major area needing further research. (Law, et al., 2009) In the 2009 article by Chen et al, the authors propose an intrusion detection system that utilizes a separate system that collaborates with the wireless sensor network. The authors demonstrate through simulation and prototyping the feasibility of the intrusion detection system. (Chen, Hsieh, & Huang, 2009) However, the proposal would only be feasible with wireless sensor networks that were relatively fixed. There is some difficulty envisioning an intrusion detection system as proposed by Chen et al being used to monitor a wireless sensor network like the submarine hunting deployment described by Kong et al. (Chen, et al., 2009; Kong, et al., 2005)
Zhang, Yu, and Ning propose a framework for identifying sensor nodes that are compromised. (Zhang, et al., 2008) Chandola et al introduce the results of a survey on classifying anomalies and discuss a variety of detection techniques that rely on the classification of the anomaly. (Chandola, Banerjee, & Kumar, 2009)
Wireless sensor networks are an increasingly important and prevalent technology across many industries and disciplines, including military, supply-chain logistics, and retail. As these information systems become more prevalent, it is important to understand that there are significant security challenges to be resolved. Designing and implementing wireless sensor networks are further complicated by requirements to minimize cost, size, and power consumption. There are significant research opportunities in the field of wireless sensor network security, especially with regards to intrusion and cost-effective tamper detection.
Castelluccia, C., Chan, A. C.-F., Mykletun, E., & Tsudik, G. (2009). Efficient and provably secure aggregation of encrypted data in wireless sensor networks. ACM Trans. Sen. Netw., 5(3), 1-36.
Chandola, V., Banerjee, A., & Kumar, V. (2009). Anomaly detection: A survey. ACM Comput. Surv., 41(3), 1-58.
Chang, K., & Shin, K. G. (2008). Distributed Authentication of Program Integrity Verification in Wireless Sensor Networks. ACM Trans. Inf. Syst. Secur., 11(3), 1-35.
Chen, R.-C., Hsieh, C.-F., & Huang, Y.-F. (2009). A new method for intrusion detection on hierarchical wireless sensor networks. Paper presented at the Proceedings of the 3rd International Conference on Ubiquitous Information Management and Communication.
Kong, J., Ji, Z., Wang, W., Gerla, M., Bagrodia, R., & Bhargava, B. (2005). Low-cost attacks against packet delivery, localization and time synchronization services in under-water sensor networks. Paper presented at the Proceedings of the 4th ACM workshop on Wireless security.
Law, Y. W., Palaniswami, M., Hoesel, L. V., Doumen, J., Hartel, P., & Havinga, P. (2009). Energy-efficient link-layer jamming attacks against wireless sensor network MAC protocols. ACM Trans. Sen. Netw., 5(1), 1-38.
Mahdy, A. (2008). A perspective on marine wireless sensor networks. J. Comput. Small Coll., 23(6), 89-96.
Perrig, A., Stankovic, J., & Wagner, D. (2004). Security in wireless sensor networks. Commun. ACM, 47(6), 53-57.
Pietro, R. D., Mancini, L. V., & Mei, A. (2006). Energy efficient node-to-node authentication and communication confidentiality in wireless sensor networks. Wirel. Netw., 12(6), 709-721.
Radio Frequency Identification: Applications and Implications for Consumers. (2005). Federal Trade Commission.
Roman, R., Alcaraz, C., & Lopez, J. (2007). A survey of cryptographic primitives and implementations for hardware-constrained sensor network nodes. Mob. Netw. Appl., 12(4), 231-244.
Stavrou, A., & Keromytis, A. D. (2005). Countering DoS attacks with stateless multipath overlays. Paper presented at the Proceedings of the 12th ACM conference on Computer and communications security.
Xu, W., Trappe, W., Zhang, Y., & Wood, T. (2005). The feasibility of launching and detecting jamming attacks in wireless networks. Paper presented at the Proceedings of the 6th ACM international symposium on Mobile ad hoc networking and computing.
Yu, Z., & Guan, Y. (2005). A dynamic en-route scheme for filtering false data injection in wireless sensor networks. Paper presented at the Proceedings of the 3rd international conference on Embedded networked sensor systems.
Zhang, Q., Yu, T., & Ning, P. (2008). A Framework for Identifying Compromised Nodes in Wireless Sensor Networks. ACM Trans. Inf. Syst. Secur., 11(3), 1-37.