UNIT II

SENSOR NETWORK SECURITY

Network Security Requirements, Issues and Challenges in Security Provisioning, Network

Security Attacks, Layer wise attacks in wireless sensor networks, possible solutions for
jamming, tampering, black hole attack, flooding attack. Key Distribution and Management,
Secure Routing – SPINS, reliability requirements in sensor networks.

NETWORK SECURITY REQUIREMENTS:

A security protocol for ad hoc wireless networks should satisfy the following requirements.

• Confidentiality

• Integrity

• Availability

• Non-repudiation

Confidentiality:

• The data sent by the sender (source node) must be understandable only to the
intended receiver (destination node).

• If there is any intruder, it must not be able to derive any useful information out
of the data.

• For ensuring confidentiality, data encryption is used.

Integrity:

• The data sent by the source node should reach the destination node without
alteration

• Any other node in the network should not interfere with the data during
transmission.

Availability:

• The network should remain operational all the time.

• Able to tolerate link failures and also be capable of surviving various attacks

• Able to provide the guaranteed services for authorized user

Non-repudiation:

• The sender and the receiver of a message cannot later deny the message
 • Digital signatures are used as unique identifiers for each user

ISSUES AND CHALLENGES IN SECURITY PROVISIONING:

The following characteristics causes difficulty in providing security in ad hoc wireless

networks

o Shared broadcast radio channel

o Insecure operating environment

o Lack of central authority

o Lack of association among nodes

o Limited availability of resources

o Physical vulnerability

Shared broadcast radio channel:

• The radio channel used for communication in adhoc wireless networks is broadcast in
nature & is shared by all nodes within its direct transmission range.

• Data transmitted by a node is received by all nodes within its direct transmission range.

• So a intruder node could easily obtain data being transmitted in the network.

• This problem can be minimized by using directional antennas.

Insecure operational environment:

• The operating environments of ad hoc wireless networks are not always be secure.

• In battlefield applications, nodes may move in and out of hostile and insecure enemy
territory

• It would be highly in danger to security attacks.

Lack of central authority:

 In Wired networks and infrastructure-based wireless networks :

o The traffic can be monitored through certain important central

points (such as routers, base stations, and access points)

o Security mechanisms can also be implemented at such points.

 In ad hoc wireless networks :

o These mechanisms cannot be applied as there is no central points.

Lack of association:

• Ad-Hoc networks are dynamic in nature

• So a node can join or leave the network at any point of the time

• There is no proper authentication mechanism used for associating nodes with a network

• Hence an intruder would be able to join into the network quite easily and carry out their
attacks.

Limited resource availability:

• Limited Resources such as bandwidth, battery power, and computational power in ad hoc
wireless networks.

• Hence, it is difficult to implement complex cryptography- based security mechanisms in

such networks.

Physical vulnerability:
• Compact nodes and hand-held in nature.

• They could get damaged easily and are also in danger to theft.

NETWORK SECURITY ATTACKS:

Attacks on ad hoc wireless networks can be classified into two broad categories,
(i)Passive attacks
(ii)Active attacks
Passive Attack:
o A passive attack does not disrupt the operation of the network
o The opponent intrudes the data exchanged in the network without altering it.
o Here, the requirement of confidentiality is violated
 Drawback:
o Detection of passive attacks is very difficult since the operation of the network
itself does not get affected.
 Solution:
o Use powerful encryption mechanisms to encrypt the data being transmitted and it
is impossible for eavesdroppers to obtain any useful information from the data
overheard.
Active Attack:
o An active attack attempts to alter or destroy the data being exchanged in the
network
o It disrupts the normal functioning of the network.
o Active Attacks can be classified further into two categories,
(i)External attacks
(ii)Internal attacks.
 External attacks :
 o They are carried out by nodes that do not belong to the network.
o These attacks can be prevented by using standard security mechanisms such as
encryption techniques and firewalls.
 Internal attacks :
o They are the nodes that belongs to the network.
o So internal attacks are more severe and difficult to detect when compared to
external attacks.
CLASSIFICATIONS OF ATTACKS:

NETWORK LAYER ATTACKS:

Wormhole attack:

 In this attack, an attacker receives packets at one location in the network and tunnels
them to another location in the Network

 Then the packets are resent into the network .

  This tunnel between two colluding attackers is referred to as a wormhole.

 It could be established through a single long-range wireless link or even through a

wired link between the two colluding attackers.

 Due to the broadcast nature of the radio channel, the attacker can create a wormhole
even for packets not addressed to itself.

 Though no harm is done if the wormhole is used properly for efficient relaying of
packets, it puts the attacker in a powerful position compared to other nodes in the
network

Effects:

 Due to wormhole attacks, most of the existing routing protocols for ad hoc wireless
networks may fail to find valid routes.

Blackhole attack:

 In this attack, a malicious node falsely advertises good paths (e.g., shortest path or
most stable path) to the destination node

 This happens during the path-finding process (in on-demand routing protocols) or in
the route update messages (in table-driven routing protocols).

Effects:

 Hinder(delay) to the path-finding process

 Interrupt all data packets being sent to the destination node concerned.

For Example:

o Node A needs to transmit

packets to the node E.

o It sends a route request packet

to all the nodes.

o The Malicious node M give

false reply to node A fastly.

o The node A now sends the data

to the M node.

o The packets are dropped now.

Information disclosure:

 A compromised node may leak confidential or important information to unauthorized

nodes in the network

 Such information may include information such as

o Network topology

o Geographic location of nodes

o Optimal routes to authorized nodes in the network

Resource consumption attack:

 In this attack, a malicious node tries to consume/waste away resources of other nodes
present in the network.

 The limited resources that are targeted are

o Battery power

o Bandwidth

o Computational power

 The attacks could be in the form of unnecessary requests for routes, very frequent
generation of beacon packets, or forwarding of stale(old) packets to nodes.

Sleep deprivation attack:

 The battery power of another node is used by keeping that node always busy by
continuously pumping packets to that node

 This is known as a sleep deprivation attack.

Routing attacks:
The various attacks on the routing protocol are
o Routing table overflow
o Routing table poisoning
o Packet replication
o Route cache poisoning
o Rushing attack

Routing table overflow:

 Attack aims to cause an overflow of the routing tables.
 In this type of attack, an adversary node broadcasts the routes of non-existent nodes to
the authorized nodes present in the network.
  This in turn prevent the creation of entries corresponding to new routes to authorized
nodes.

Routing table poisoning:

 The compromised nodes in the networks send false routing updates or modify genuine
route update packets sent to other uncompromised nodes.
 Routing table poisoning may result in
o Sub-optimal Routing
o Congestion in portions of the network
o Some parts of the network are inaccessible.

Packet replication:
 In this attack, an adversary node replicates stale packets.
 This consumes additional bandwidth and battery power resources available to the
nodes
 This also causes unnecessary confusion in the routing process.

Route cache poisoning:

 In the case of on-demand routing protocols (AODV protocol ),each node maintains a
route cache
 This cache holds information regarding routes that have become known to the node in
the recent past.
 An adversary can also alter the route cache.

Rushing attack:
 For example, Consider source node is sending RouteRequestpacket to all the
neighboring nodes in the network.
 An adversary node which receives a RouteRequestpacket from the source node floods
the packet quickly throughout the network
 If the neighboring nodes receives the RouteRequestpacket at first from the adversary
Nodes, then it discard the original RouteRequestpacket from source node as duplicate
packet.
 Any route discovered by the source node would contain the adversary node as one of
the intermediate nodes.
 Hence, the source node would not be able to find secure routes .It is extremely
difficult to detect such attacks in ad hoc wireless networks.

Transport Layer Attacks:

Session hijacking:
  This attack is specific to the transport layer in the network protocol stack

 Here, an adversary takes control over a session between two nodes.

 The most authentication processes are carried out only at the start of a session

 Once the session between two nodes gets established, the adversary node tricks as one
of the end nodes of the session and hijacks the session.

Flooding

 Sometime, the malicious node can cause immense traffic of useless messages on the
network. This is known as the flooding. Sometimes, malicious nodes replay some
actual broadcast messages, and hence generating useless traffic on the network. This
can cause congestion, and may eventually lead to the exhaustion of complete nodes.
This is a form of Denial of Service attack.

Application Layer Attacks:

Repudiation:

 This flaw is associated with the application layer in the network protocol stack.

 In simple terms, repudiation refers to the denial or attempted denial by a node

involved in a all part of communication

OTHER ATTACKS:
 These security attacks cannot strictly be associated with any specific layer in the
network protocol stack.
Multi-layer Attacks
• Multi-layer attacks are those that could occur in any layer of the network protocol
stack.
Device Tampering
• Ad hoc wireless networks are usually compact, soft, and hand- held in nature.
• They could get damaged or stolen easily.
Some of the multi-layer attacks in ad hoc wireless networks are
1. Denial of Service:
– Jamming:
– SYN flooding
– Distributed DoS attack

2. Impersonation

1.Denial of Service:
  In this type of attack, an adversary attempts to prevent legitimate and
authorized users to access the network services.
 A denial of service (DoS) attack can be carried out in many ways.
Attack I:
 The classic way is to flood packets to any centralized resource (e.g.,an access
point) used in the network so that the resource is no longer available to nodes
in the network
 This results in the network no longer operating in the regular manner
 This may lead to a failure in the delivery of guaranteed services to the end
users.
Attack II:
 On the physical and MAC layers, an adversary could employ jamming signals
which disrupt the on-going transmissions on the wireless channel.
Attack III:
 On the higher layers, an adversary could bring down critical services such as
the key management service
 Some of the DoS attacks are described below.
Denial of Service:
– Jamming:
– SYN flooding
– Distributed DoS attack

SYN flooding:
 The adversary node sends a large number of SYN packets to a victim node
 This adversary node give fake return addresses in the SYN packets.
 On receiving the SYN packets, the victim node sends back acknowledgment
(SYN-ACK) packets to that address.
 However, the victim node would not receive any ACK packet in return.
 In effect, a half-open connection gets created.
 The victim node builds up a table/data structure for holding information
regarding all pending connections.
 The increasing number of half-open connections results in an overflow in the
table.
 Because of the table overflow, the victim node would be forced to reject the
call request from a legitimate node

Distributed DoS attack:

 This attack is severe

 In this attack, several adversaries that are distributed throughout the network
collude and prevent legitimate users from accessing the services offered by the
network.
 Impersonation:
 In impersonation attacks, an adversary assumes the identity and privileges of
an authorized node,
 It makes the network resources that may not be available to authorized node
under normal circumstances
 It also disrupts the normal functioning of the network by injecting false
routing information into the network.
 An adversary node could by chance guess the identity and authentication
details of the authorized node (target node), or
 The adversary node could spy for information regarding the identity and
authentication of the target node from a previous Communication.
 It could avoid or disable the authentication mechanism at the target node.
 A man-in-the-middle attack is another type of impersonation attack.
 Here, the adversary reads and possibly modifies, messages between two end
nodes without letting either of them know that they have been attacked.
 Suppose two nodes X and Y are communicating with each other
 The adversary impersonates node Y with respect to node X and impersonates
node X with respect to node Y

Possible Solutions for Jamming

 Jammers are malicious wireless nodes planted by an attacker to cause intentional
interference in a wireless network Jamming in wireless networks is defined as the
disruption of existing wireless communications by decreasing the signal-to-noise ratio
at receiver sides through the transmission of interfering wireless signals.

 Jamming can be done at different levels, from hindering transmission to distorting

packets in legitimate communications.

 Jamming makes use of intentional radio interferences to harm wireless

communications by keeping communicating medium busy, causing a transmitter to
back-off whenever it senses busy wireless medium, or corrupted signal received at
receivers. Jamming mostly targets attacks at the physical layer but sometimes cross-
layer attacks are possible too

Types of Jammers
 A jammer may jams a network in various ways to make the jamming as effective as
possible. Basically, a jammer can be either Proactive and Reactive.

 Proactive jammer
Proactive jammer transmits jamming (interfering) signals whether or not there is data
communication in a network. It sends packets or random bits on the channel it is
operating on, putting all the others nodes on that channel in non-operating modes.
However, it does not switch channels and operates on only one channel until its
energy is exhausted.
 There are three basic types of proactive jammers:
(i)Constant
(ii)Deceptive
(ii)Random

Constant jammer, emits continuous, random bits without following the CSMA protocol. A
constant jammer prevents legitimate nodes from communicating with each other by causing
the wireless media to be constantly busy. This type of attack is energy inefficient and easy to
detect but is very easy to launch and can damage network communications.

Deceptive jammer, sends a constant stream of bytes into the network to make it look like
legitimate traffic.

Random jammer, intermittently transmits either random bits or regular packets into
networks. It continuously switches between two states: sleep phase and jamming phase. It
sleeps for a certain time of period and then becomes active for jamming before returning back
to a sleep state.

Reactive Jammer
Reactive jammer starts jamming only when it observes a network activity occurs on a certain
channel. As a result, a reactive jammer targets on compromising the reception of a message.
It can disrupt both small and large sized packets.

Since it has to constantly monitor the network, reactive jammer is less energy efficient than
random jammer. However, it is much more difficult to detect a reactive jammer than a
proactive jammer because the Packet Delivery Ratio (PDR) cannot be determined accurately
in practice.

Countermeasures for Proactive Jammer

In proactive jamming, the jammer chokes the bandwidth so that a transmitter is unable to
transmit. Therefore, carrier-sensing thresholds can be used to detect such type of jammers.
When jamming is detected, nodes in the network can map the jammed area and re-route
traffic, switch channel, or perform spatial retreat to counteract this jamming act.

Countermeasures for Reactive Jammer

Reactive Jamming detection using BER. It is used to detect jamming using the bit error rate
(BER) for reactive jammers that keep the received signal strength (RSS) low while
introducing disruption in a packet.

By looking at the RSS of each bit during the reception, it identifies the cause of bit errors for
individual packet using predetermined knowledge, error correcting codes (ECC), or wired
node chain systems. If the error is due to weak signal, the RSS should be low.

If the RSS value is high for a bit error, there are external interference or jamming. Assuming
nodes can assess the expected local interference, the sequential jamming probability test
calculates the marginal likelihood of errors due to 10 unintentional collisions. If this value is
less than the log of the ratio of targeted probability for a missed alarm to the targeted
probability, then there is jamming and an alarm is raised.

If the marginal likelihood is less than the ratio, there is no jamming and the sequence is reset.
There is also a possibility that no conclusion is made until there are more conclusive
evidences for jamming.

Tampering Attack and its Countermeasures

An attacker can damage or replace sensor and computation hardware and the program codes
or remove sensitive materials like cryptographic keys to allow unrestricted access to higher
levels of communication (Figure4.1). Thereby these tampering nodes interfere in the physical
access of sensor nodes.

Figure Tampering Attack

Countermeasures
Some attacks in the physical layer are quite hard to cope with. For example, after sensors are
deployed in the field, it is difficult or infeasible to prevent every single sensor from device
tampering. Therefore, although there are some mechanisms that attempt to reduce the
occurrences of attacks, more of them focus on protecting information from divulgence.
Access Restriction
Obviously, restricting adversaries from physically accessing or getting close to sensors is
effective on tampering attacks. It is good to have such restrictions if we can, but
unfortunately, they are either difficult or infeasible in most cases. Therefore, we usually have
to fall back on another type of restrictions: com

A few techniques exist nowadays that prevent attackers from accessing the wireless medium

This technique uses either analog schemes where the frequency variation is continuous, or

By this way, attackers cannot easily locate the communication channel, and are thus
restrained from attacking. The spread spectrum communications are not yet feasible for
WSNs that are usually constrained in resources. Directional antenna is another technique for
access restriction. By confining the directions of the signal propagation, it reduces the
chances of adversaries accessing the communication channel.

Encryption
In general, cryptography is the all-purpose solution to achieve security goals in WSNs. To
protect data confidentiality, cryptography is indispensable.
Cryptography can be applied to the data stored on sensors. Once data are encrypted, even if
the sensors are captured, it is difficult for the adversaries to obtain useful information. A
more costly encryption can yield higher strength, but it also drains the limited precious
energy faster and needs more memory. More often, cryptography is applied to the data in
transmission.
There are basically two categories of cryptographic mechanisms: asymmetric and symmetric.
In asymmetric mechanisms (e.g. RSA), the keys used for encryption and decryption are
different, allowing for easier key distribution. It usually requires a third trusted party called
Certificate Authority (CA) to distribute and check certificates so that the identity of the users
using a certain key can be verified. However, due to the lack of a priori trust relationship and
infrastructure support, it is infeasible to have CAs in WSNs.
Furthermore, asymmetric cryptography usually consumes more resources such as
computation and memory.
In comparison, symmetric mechanisms are more economical in terms of resource
consumption. As long as two nodes share a key, they can use this key to encrypt and decrypt

Black Hole Attack and its Countermeasures :

Black Hole attack occurs under Dos (Denial of service) attack in the network layer of OSI
Model. In this kind of attacks the malicious node forgery other nodes by announcing a
shortest false route to the destination then attracts additional traffic and drops continually the
packets. This happens during the path-finding process (in on-demand routing protocols) or in
the route update messages (in table-driven routing protocols).

During data transmission the source node sends a Route REQuest (RREQ) message to all the
nodes including malicious node. Given that a malicious node may become active by receiving
RREQ message and replies using Route REPly (RREP) message.

It attracts additional traffic by falsely claiming the shortest route to the destination. This
causes blocking and increasing the energy consumption in each node, leading to the
formation of routing holes which disturb or stop the network functionality.

Effects:

 Hinder(delay) to the path-finding process

 Interrupt all data packets being sent to the destination node concerned.

For Example:
 o Node A needs to transmit
packets to the node E.

o It sends a route request packet

to all the nodes.

o The Malicious node M give

false reply to node A fastly.

o The node A now sends the data

to the M node.

o The packets are dropped now.

Countermeasures

Routing Access Restriction

Routing may be one of the most attractive attack targets in WSNs. If we can exclude
attackers from participating in the routing process, i.e. restrict them from accessing routing, a
large number of attacks in the network layer will be prevented or alleviated.

Multi-path routing is one of the methods to reduce the effectiveness of attacks launched by
attackers on routing paths. In these schemes, packets are routed through multiple paths. Even
if the attacker on one of the paths breaks down the path, the routing is not necessarily broken
as other paths still exist.

This alleviates the impact of routing attacks, although does not prevent these attacks. A
general way is to use authentication methods. With authentication, it can be easily determined
whether a sensor can participate in routing or not.

Authentication can be either end-to-end or hop-to-hop. In end-to-end authentication, the

source and destination share some secret and can thus verify each other. When a node
receives a routing update, it always verify the sender of the update before accepting the
update.

In hop-to-hop authentication, each message in transmission is authenticated hop by hop.

Therefore, the trust between the source and the destination is built upon the trust on all the
intermediate nodes in the path.

Flooding Attack and its Countermeasures

Many protocols require nodes to broadcast HELLO packets to announce themselves to their
neighbors, and a node receiving such a packet may assume that it is within (normal) radio
range of the sender (Figure 4.4).
This assumption may be false: a laptop-class attacker broadcasting routing or other
information with large enough transmission power could convince every node in the network
that the adversary is its neighbour.

For example, an adversary advertising a very high-quality route to the base station to every
node in the network could cause a large number of nodes to attempt to use this route, but
those nodes sufficiently far away from the adversary would be sending packets into oblivion.
The network is left in a state of confusion.

Figure Flooding Attacks

Countermeasures
Using Secret Keys Method
In multi-path multi-base station data forwarding technique, each sensor node maintains
number of different secrets (keys) in a multiple tree.

Sensor node can forward its sensed data to multiple routes by using these secrets. There are
multiple base stations in the network that have control over specific number of nodes and
also, there are common means of communication among base stations.

Each base station has all the secrets that are shared by all the sensor nodes, covered by it,
according to the key assignment protocol.

Using Threshold Method

A threshold based solution is used to defend against flooding attacks in WSN.

The mobile nodes use a threshold value to check whether its neighbors are intruders or not.

When the number of route request packets broadcasted by a node exceeds the predefined
threshold value, it

KEY MANAGEMENT:

Cryptography:

o Cryptography is one of the most common and reliable means to overcome the
attacks and to ensure security.
 o It is not specific to ad hoc wireless networks.

o It can be applied to any communication network.

o It is the study of the principles, techniques, and algorithms by which

information is transformed into a disguised version.

o Hence no unauthorized person can read, but which can be recovered in its
original form by an intended recipient.

o The original information to be sent from one person to another is called

plaintext.

o This plaintext is converted into ciphertext by the process of encryption

algorithms or functions.

o An authentic receiver can decrypt/decode the ciphertext back into

plaintext by the process of decryption.

 The processes of encryption and decryption are governed by keys-a small

amount of information
 When the key is to be kept secret to ensure the security of the system, it is
called a secret key.
 The secure administration of cryptographic keys is called key management
 Four main goals of cryptography are

(i)Confidentiality (ii)Integrity (iii) Non-Repudiation

(iv)Authentication -The receiver should be able to identify the Sender

There are two major kinds of cryptographic algorithms

(i) Symmetric key algorithms-Use the same key for encryption and decryption
(ii)Asymmetric key algorithms-Use two different keys for encryption and decryption
Symmetric key algorithms:
 Faster to execute electronically
 It requires a secret key to be shared between the sender and receiver.
 When communication needs to be established among a group of nodes, each
sender-receiver pair should share a key
 This makes the system non scalable.
 If the same key is used among more than two parties, a breach of security at
any one point makes the whole system in danger.

Asymmetric key algorithms:

 They are based on some mathematical principles which make it impossible to

obtain one key from another
 Therefore, one of the keys can be made public while the other is kept secret
(private).
 This is called public key cryptography.
 The network would be open to attacks once the underlying mathematical
problem is solved.

Symmetric Key Algorithms:

There are two kinds of symmetric key algorithms
(i)Using block ciphers
(ii)Using stream ciphers.

Using Block ciphers:

 A block cipher is an encryption scheme in which the plaintext is broken into

fixed-length segments called blocks

 The blocks are encrypted one at a time.

 The simplest examples include substitution and transposition.

Symmetric Key Algorithms-Substitution:

Step I:
The table mapping ie the original and the substituted alphabet should be available at
both the sender and receiver.
Step II:
The text is broken into fixed blocks. The block length used is five
Step III:
Each alphabet of the plaintext is substituted by another in the Ciphertext
Using Stream ciphers

 A stream cipher has block length of one.• Eg:Vernam cipher, which uses a key
of the same length as the plaintext for encryption.
 The key is randomly chosen and transported securely to the receiver and used
for only one communication
 This forms the one-time pad which has proven to be the most secure of all
cryptographic systems.
 The only bottleneck here is to be able to securely send the key to the receiver.

• For example, consider a binary sting

Plaintext -1 0 0 1 0 1 0 0
Key -0 1 0 1 1 0 0 1

XOR of the plaintext and key -1 1 0 0 1 1 0 1.

• The plaintext is again recovered by XORing the ciphertext with the same key.
Asymmetric Key Algorithms

 Asymmetric key (or public key) algorithms use different keys at the sender
and receiver ends for encryption and decryption
 Let the encryption process be represented by a function E, and decryption by
D.
 The key E is made public, while D is private, known only to the intended
receiver
 Then the plaintext m is transformed into the ciphertext c as c = E(m).
 The receiver then decodes c by applying D.
 Hence, D is such that m = D(c) = D(E(m)).
 Anyone who wishes to send a message to this receiver encrypts it using E.
 Though c can be overheard by adversaries, the function E is based on a
computationally difficult mathematical problem, such as the factorization of
large prime numbers.
 Hence,it is not possible for adversaries to derive D given E.
 Only the receiver can decrypt c using the private key D.Example of public key
cryptography. RSA system-based on the integer factorization problem.

Asymmetric Key Algorithms-Digital Signature:

Example

 Digital signatures schemes are also based on public key encryption.

 In these schemes, the functions E and D are chosen such that
 D(E(m)) = E(D(m)) = m for any message m.
 These are called reversible public key systems.
 In this case, the person who wishes to sign a document encrypts it using
his/her private key E, which is known only to him/her.
 Anybody who has his/her public key D can decrypt it and obtain the original
document, if it has been signed by the corresponding sender.
 In practice, a trusted third party (TTP) is agreed upon in advance, who is
responsible for issuing these digital signatures (D and E pairs) and for
resolving any disputes
 regarding the signatures.
 This is usually a governmental or business organization.

KEY MANAGEMENT APPROACHES:

Goal of Key Management:

 To share a secret (some information) among a specified set of participants.
 It requires some varying amounts of initial configuration, communication, and
computation.
  More methods are available
The main approaches to key management are
(i)Key Predistribution
(ii)Key Transport
(iii)Key Arbitration
(iv)Key Agreement

Key Predistribution:
Function of Key predistribution:
 To distribute the keys to all interested parties before the start of
communication.
 All participants must be known a priori, during the initial configuration.
 There is no mechanism to include new members in the group or to change the
key.
 Sub-groups may be formed and it is also an a priori decision with no flexibility
during the operation.
Advantages:
 This method involves much less communication and computation.

Key Transport:

 The communicating entity generates keys and transports them to the other
members.
 The key is shared among the participating members.
 This prior shared key is used to encrypt a new key and is transmitted to all
corresponding nodes.
 Only those nodes which have the prior shared key can decrypt it.
 This is called the key encrypting key (KEK) method.

 In public key infrastructure (PKI), the key can be encrypted with each
recipient’s(alice) public key and transported to it.
  While decrypting ,recipient should use their private key to get the message
This assumes the existence of a TTP, which may not be available for ad hoc
wireless networks

 Key transport without prior shared keys is the Shamir's three-pass protocol .
 The scheme is based on a special type of encryption called commutative
encryption schemes which are reversible and composable.
 Consider two nodes Alice and Bob wish to communicate.
 Node Alice selects a Key m which it wants to use in its communication with
node Bob.
 It then generates another random key EA, using which it encrypts m to get
EA(m) , and sends to node Bob.
 Node Bob encrypts this with a random key EB, and sends it back to node
Alice EB(EA(m)).
 Now, node Alice decrypts this message with its key and get EB(m)
 Finally, node BOB decrypts to get Key m.

Shamir's three-pass protocol:

Key Arbitration:
 Key arbitration schemes use a central arbitrator to create and distribute keys
among all participants.
 Hence, they are a class of key transport schemes.
 Networks which have a fixed infrastructure use the AP as an arbitrator, since it
does not have stringent power or computation constraints.
 In ad hoc wireless networks, the problem is that the arbitrator has to be
powered on at all times to be accessible to all nodes.
 This leads to a power drain on that particular node.
An alternate method:
 To make the keying service distributed
 The simple replication of the arbitration at different nodes would be expensive
for resource-constrained devices
 This would offer many attacks.
 If any one of the replicated arbitrators is attacked, the security of the whole
system breaks down.

Key Agreement:

 Most key agreement schemes are based on asymmetric key algorithms.

 They are used when two or more people want to agree upon a secret key,
which will then be used for further communication.
 Key agreement protocols are used to establish a secure context with many
parties who wish to communicate and an insecure channel.
 In group key agreement schemes, each participant contributes a part to the
secret key.
 These need the least amount of preconfiguration and high computational
complexity

 Diffie-Hellman exchange- An asymmetric key algorithm based on discrete

logarithms for Two party Key agreement.


 Key Management in Ad Hoc Wireless Networks:

Ad hoc wireless networks pose certain specific challenges in key management due to
the lack of infrastructure.

Three types of infrastructure are missing in ad hoc wireless networks. They are

1.Network infrastructure such as dedicated routers and stable links

2.Services such as name resolution, directory, and TTPs.
3.Administrative support of certifying authorities.

Password-Based Group Systems :

 A long string is given as the password for users for one session.
 However, human beings tend to favour natural language phrases as passwords,
over randomly generated strings.
 Such passwords, if used as keys directly during a session, are very week &
open to attack directly during a high redundancy, & the possibility of reuse
over different sessions.
 Hence, protocols have been proposed to derive a strong key (not vulnerable to
attacks).
 This password-based system could be two-party, with a separate exchange
between any 2 participants, or it could be for the whole group, with a leader
being elected to preside over the session.
 The protocol used is as follows:
o Each participant generates a random number, & sends it to all
others
o When every node has received the random number of every other
node, a common pre-decided function is applied on all the numbers
to calculate a reference value.
o The nodes are ordered based on the difference between their
random number & the reference value
Threshold Cryptography :
 Public Key Infrastructure(PKI) enables the easy distribution of keys & is a scalable
method. Each node has a public/private key pair.
 A certifying authority(CA) can bind the keys to a particular node.
 But CA has to be present at all times, which may not be feasible in Adhoc networks.
 A scheme based on threshold cryptography has been proposed by which n servers
exist in an adhoc network, out of which any (t+1) servers can jointly perform
arbitration or authorization successfully, but t servers cannot perform the same. This
is called an (n, t+1) configuration, where n >= 3t +1.
 To sign a certificate, each server generates a partial signature using its private key &
submits it to a combiner. The combiner can be any one of the servers.
 Using t+1 partial signatures, the combiner computes a signature & verifies its validity
using a public key.
  If verification fails, it means that at least one of the t+1 keys is not valid, so another
subset of t+1 partial signature is tried. If combiner itself is malicious, it cannot get a
valid key, because partial key itself is always invalid.

Self-Organized Public Key Management for Mobile Adhoc Networks :

 This makes use of absolutely no infrastructure.

 The users in the adhoc network issue certificates to each other based on personal
acquaintance.
 A certificate is binding between a node & its public-key.  The certificates are stored
& distributed by the users themselves.
 Certificates are issued only for specific period of time, before it expires; the certificate
is updated by the user who had issued the certificate.
 Each certificate is initially stored twice, by the issuer & by the person for whom it is
issued.
 If any of the certificates are conflicting (e.g: the same public key to different users, or
the same user having different pubic keys), it is possible that a malicious-node has
issued a false certificate.
 A node then enables such certificates as conflicting & tries to resolve the conflict.  If
the certificates issued by some node are found to be wrong, then that node may be
assumed to be malicious.
 A certificate graph is a graph whose vertices are public keys of some nodes and
whose edges are public key certificates issued by users.

SECURE ROUTING IN AD HOC WIRELESS NETWORKS:

The security becomes a challenging task in ad –hoc networks due to

(i)No Dedicated routers
(ii)Mobility of nodes
(iii)Multiple mode of operation
(iv)Limited processing power,
(v)Limited availability of resources such as battery power,bandwidth, and memory

Requirements of a Secure Routing Protocol for Ad Hoc Wireless Networks:

The fundamental requisites of a secure routing protocol for adhoc wireless networks
are listed as follows:

o Detection of malicious nodes

o Guarantee of correct route discovery
o Confidentiality of network topology
o Stability against attacks
 Detection of malicious nodes:
 A secure routing protocol should be able to
(i)Detect the presence of malicious nodes in the network
(ii)Avoid the participation of such nodes in the routing process.
 But if participated ,the routing protocol should choose paths that do not include
malicious nodes.

Guarantee of correct route discovery:

 The routing protocol should be able to find the existing routes

 It should also ensure the correctness of the selected route

Confidentiality of network topology:

 The malicious nodes able to know the network topology by an information

disclosure attack
 Then the attacker fined the traffic pattern in the network.
 If some of the nodes are found to be more active compared to others, the
attacker may try to mount (e.g., DoS) attacks on such bottleneck nodes.
 This may ultimately affect the on-going routing process.
 Hence, the confidentiality of the network topology is an important requirement
to be met by the secure routing protocols.

Stability against attacks

 The routing protocol should be able to revert to its normal operating state
within a finite amount of time after attack.
 The attacks should not permanently disrupt the routing process.
 The protocol must also ensure Byzantine robustness, that is, the protocol
should be able to find the nodes becoming malicious after some time

SECURITY PROTOCOLS FOR SENSOR NETWORKS (SPINS) :

Security protocols for sensor networks (SPINS) consists of a suite of security protocols
that are optimized for highly resource-constrained sensor networks.

SPINS consists of two main modules:

(i) Sensor Network Encryption Protocol (SNEP)

(ii) Micro-version of Timed Efficient Stream Loss-Tolerant Authentication protocol

(μTESLA)

The SNEP protocol offers the following nice properties:

  Semantic security: An adversary cannot get any idea about the plaintext even by
seeing multiple encrypted versions of the same plaintext. Encryption of the
plaintext uses a shared counter (shared between sender and receiver). Since the
counter value is incremented after each message, the same message is encrypted
differently each time

 Data authentication: Message integrity and confidentiality are maintained using

a Message Authentication Code (MAC). The message can be decrypted only if
the same shared key is present.

 Replay protection: The counter value in the MAC prevents replaying old
messages. Note that if the counter were not present in the MAC, an adversary
could easily replay messages.

 Low communication overhead: SNEP has low communication overhead since it

only adds 8 bytes per message. The counter state is kept at each end point and
does not need to be sent in each message

Key Generation /Setup

 Nodes and arbitrator share a master key pre-deployment


 Other keys are bootstrapped from the master key:
 Encryption key
 Message Authentication code key
 Random number generator key

Figure: SNEP Key Generation

Authentication, Confidentiality

The two communicating parties A and B share a master secret key XAB, and they derive
independent keys using the pseudorandom function F: encryption keys KAB = FX (1) and
KBA = FX (3) for each direction of communication, and MAC keys K’AB = FX (2) and
K’BA = FX (4) for each direction of communication.

The encrypted data has the following format: E = {M} (K, C), where M is the data, the
encryption key is K, and the counter is C. The MAC is M = MAC (K’, C||E). The complete
message that A sends to B is

A → B: {M} (KAB, CA), MAC ( K’AB CA || {M} (KAB,CA)

Figure SNEP Authentication, Confidentiality

Micro Timed Efficient Stream Loss-tolerant Authentication (μTESLA) :

Micro Timed Efficient Stream Loss-tolerant Authentication delivers broadcast

authentication.
Authentication:
To send an authenticated packet, the base station simply computes a MAC on the packet
with a key that is secret at that point in time.

The receiving node stores the packet in a buffer. At the time of key disclosure, the base
station broadcasts the verification key to all receivers. When a node receives the disclosed
key, it can easily verify the correctness of the key. If the key is correct, the node can now use
it to authenticate the packet stored in its buffer

Key Setup
 The MAC keys are derived from a chain of keys,obtained by applying a one-way
function F (a one-way function is one whose inverse is not easily computable). All nodes
have an initial key K0 , which is some key in the key-chain. The relationship between keys
proceeds as K0 = F(K1 ), K1 = F(K2 ), and, in general, Ki = F(Ki+ 1 ). Given K0 , K1 , ..., Ki
, it is not possible to compute Ki+ 1 .

For example, Figure shows an example of μTESLA. Each key of the key chain
corresponds to a time interval and all packets sent within one time interval are authenticated
with the same key. The time until keys of a particular interval are disclosed is 2 time intervals
in this example.



Figure Key setup
 The key to be used changes periodically, and since nodes are synchronized to a
common time within a bounded error, they can detect which key is to be used to
encrypt/decrypt a packet at any time instant. The BS periodically discloses the next
verification key to all the nodes and this period is known to all nodes. When the BS transmits
a packet, it uses a MAC key which is still secret (not yet disclosed). The nodes which receive
this packet buffer it until the appropriate verification key is disclosed. The packets are
decrypted once the key-disclosure packet is received from the BS. If one of the key-
disclosure packets is missed, the data packets are buffered till the next time interval, and then
authenticated.

Assume that the receiver node is loosely time synchronized and knows K0 (a
commitment to the key chain) in an authenticated way. Packets P1 and P2 sent in interval 1
contain a MAC with key K1. Packet P3 has a MAC using key K2. So far, the receiver cannot
authenticate any packets yet. Let us assume that packets P4, P5, and P6 are all lost, as well as
the packet that discloses key K1, so the receiver can still not authenticate P1, P2, or P3. In
interval 4 the base station broadcasts key K2, which the node authenticates by verifying K0 =
F (F (K2)), and hence knows also K1 = F (K2), so it can authenticate packets P1, P2 with K1,
and P3 with K2.

RELIABILITY REQUIREMENTS IN SENSOR NETWORKS

The sensor networks are not designed with the goal of transporting multiple independent
data streams. Sensor networks are data-centric and rely on in-network processing. The
reliability requirements are pretty much application specific and the protocols can take
advantage of this;

Single packet versus block versus stream delivery
The cases of delivering only a single packet on the one hand and of delivering a number
or even an infinite stream of packets on the other hand differ substantially in the protocol
mechanisms usable in either case.

In the single packet delivery problem, a single packet must be reliably transported
between two nodes.

In the block delivery problem, a finite data block comprising multiple packets must be
delivered to a sensor or a set of sensors.

In the stream delivery problem, a theoretically unbounded number of packets has to be
transported between two nodes.

Sink-to-sensors versus sensors-to-sink versus local sensor-to-sensor
It can be assumed that most communications in sensor networks are not between
arbitrary peer nodes, but information flows either from sensor nodes towards a single or a few
sink/gateway nodes or in critical environments such as military applications, it is necessary
that the sink is able to transmit the data to the sensors in the least possible time.
In the case of sensor to sensor communications, the sensors monitor a region and
transmit the collected data packets through routes (intermediate sensor nodes) to the sinks.

Guaranteed versus stochastic delivery
In the case of guaranteed delivery, it is expected that all transmitted packets reach the
destination; anything else is considered a failure. In general, guaranteed delivery is
challenging and costly in terms of energy and bandwidth expenditure, specifically over links
with sometimes high error rates like wireless ones.

The concept of stochastic delivery guarantees allows a limited amount of losses. There
are several ways to specify stochastic guarantees. For example, one might specify that for
periodic data delivery within every k subsequent packets at least m packets must reach the
destination; any number below m is considered a failure.