Sensor Network Secure Routing Protocols - Coursework Example

Network Security Introduction This study concisely describes various types of attacks on ad hoc and wireless sensor networks namely HELLO, Sinkhole, Sybil and Wormhole attacks. Attention will also be given to the analysis of certain key routing protocols in ad hoc and wireless sensor networks like TinyOS beaconing, Directed Diffusion, Rumor and Geographic routing concerning their attacks as well as security goals. For that matter, secure routing protocols for ad hoc and wireless sensor networks will be precisely looked at considering their policies and methods geared to help them meet their security necessities. Mobile nodes or computers in ad hoc networks collaborate and send packets to each other hence having them communicate past the direct wireless communication range set for them. This study proposes a number of ad hoc network protocols that will operate during on-demand basis or situations because on-demand protocols are known to have faster reaction and lower overhead compared to other routing protocols considering proactive mechanisms. Recently, there have been many developments as concerns mounting secure routing protocols for ad hoc networks incorporating a significant number of on-demand secure routing protocols to shield a number of probable attacks. In this study, a new attack that causes denial of service when exposed to all the previous on-demand network protocols is presented; it is referred to as rushing attack. Ad hoc network protocols like AODV and DSR with all security protocols imposed on them can’t discover routes which are longer than 2 hops when subjected to this attack. This is a serious attack because it can be propagated by even relatively very weak attackers. This study pays close attention to the setbacks that previous protocols had hence failing to counter this grave attack and come up with a RAP (Rushing Attack Prevention) which is a standard protection against on-demand protocols rushing attack. This protection provides a provable security feature to weak and even the stronger rushing attackers at no cost provided the underlying protocol does not fail to identify the working route. Topic description Nowadays the WSNs or Wireless sensor networks is gaining a global interest of its usage of minimal power radio skills and microelectronic systems. Its Sensor nodes are able to use batteries as a major source of power as well as harness energy from the environment as the case of solar panels. However the wireless sensor network architecture for WSN like any other wireless technology, it is subjected to a number of security attacks because it uses broadcast way of a transmission channel. A number of limitations in including security in WSN are prevalent e.g. : communication, storage limitations, processing capabilities and computation, therefore, to plan a security protocol one has to understand all these challenges if acceptable performance is to be achieved (C?ayirci and Rong 187-202). This study will therefore, elaborate certain kinds of attacks over the ad hoc and wireless sensor networks as well as doing security analysis of the main routing protocols in these networks as pertains security goals and design. Ad hoc network can be described as a group of mobile nodes or computers that collaborate with each other by forwarding packets to each other; this enables them to extend their limited communication range for each computer’s wireless network interface. This study shall produce a number of established protocols in ad hoc networks. These networks are mostly preferred in situations where the communicating computers are mobile and wired network use is not economical or generally not present. These nodes may run applications from un-trusted sources and therefore a need of a secure routing protocol. Secure routing protocols shouldn’t only be implemented only because of known attackers but even for the unforeseen ones because it will provide resilience to misconfigured computers. Routing tables for misconfigured nodes poses a great risk of routing weaknesses. Therefore, having a secure network protocol implemented ensures that in the event a software/hardware fails it doesn’t affect the stability of the other network routing configurations hence this study proposes a number of secure ad hoc network protocols. This study pays close attention to the setbacks that previous protocols had hence failing to counter this grave attack and come up with a RAP (Rushing Attack Prevention) which is a standard protection against on-demand protocols rushing attack. Theoretic analysis Study of Routing Protocols Basically all of the existing routing protocols for sensor networks are very much susceptible to attacks. Some of these protocols are discussed below with their corresponding attacks. Directed diffusion This is a data specific protocol designed to draw information from a sensor network. A base station requests data by distributing interests; tasks requests directed to the network, these interests are propagated by the nodes in the network until the node that can fulfill the interest is reached. When the data is matched by the interest the base station identifies the path of information and retrieves it at low data speed. After the initial data flow is initiated by use of positive strengthening, other alternate routes are also established recursively to reinforce the neighbors which are not in the primary path. This exposes the protocol to the attacker who can eavesdrop the interest and replay it as a base station and thus attack data flow causing flow suppression which is an example of denial of service (Zhang, Yan, Zheng and Miao, 582-626). TinyOS beaconing In this protocol a spanning tree is built with the base station acting as a base station for all computers on that network. This base station periodically sends broadcasts of route updates to its neighbours who then also forward the same to their neighbors with all nodes marking the base station as the parent and thus rebroadcasts the update. This process repeats until every node has received the update. Routing updates are not authenticated thus any node can claim to be the parent making this protocol very susceptible to most of the attacks. Andy potential eavesdropper an mount a joint sinkhole and wormhole attack. Geographic routing This routing uses two protocols: the GPSR and GEAR which stand for; Greedy Perimeter Stateless Routing and Geographic and Energy Aware Routing respectively. These protocols both need location information exchanged amid neighbors. Location plus cost information may be misrepresented and thus attacks may be launched by adversaries by merely advertising that it has enough power/energy; e.g. In GEAR protocol attack would advertise greatest energy and thus mounting an attack called Sybil while a GPSR adversary is able to forge site advertisements in an attempt to make routing loops for data flows without necessarily having to participate actively in forwarding packets. Rumor routing This is a probabilistic protocol which matches queries to data events. It uses agents which are long lived packets used in place of interests to avoid flooding the network. As the base station sends interests in above discussed protocols, here it sends an agent which traverses the whole network propagating a query. It is dependent on those nodes that forwarding the agents correctly thus an attacker can launch a serious denial of service attack through eliminating event information propagated by the agent or alternatively failing to forward the agent complete or even modify the event in the agent. Also laptops attackers may mount a selective forwarding and Sybil attack. Sensor Network secure Routing Protocols Putting security in the current routing protocols by the use cryptography of public key mechanisms may either make them too complex or even use the resources of minute sensor devices. Due to these challenges most of the secure routing protocols are implemented by use of symmetric key cryptography mechanisms to offer security however, this defense is not absolute because they reflect on only a few design principles, e.g. SPINS as well as TinySec only focus on deterrence principle, thus providing inadequate protection when there is compromised nodes. As a defensive measure SIGF (Secure Implicit Geographic Forwarding) protocol selects a next hop vigorously and non-deterministically instead of keeping routing tables. Also, INSENS (Intrusion-Tolerant Routing protocol for Wireless Sensor Networks) protocol employs multipath method so as to create the network resilient to attacks. The above proposed symmetric key protocols, however; none of it implements all the three major design principles: Resilience, Prevention and Detection or else Recovery. So to design and build a new protocol needs to consider all the discussed requirements. A new asymmetric cryptographic method can be employed to design a secure sensor network routing protocol considering efficiency and security as the major design parameters whose overhead and complexity of cryptographic methods could be within reasonable limits. A defense mechanism to curb wormhole attacks found in wireless sensor networks could be proposed to be employed, which is very effective in preventing wormhole attacks: Defense machine Against Wormhole assaults inside Wireless Sensor Networks (DAWWSEN). A practical routing protocol founded in the building of a hierarchical tree in which the base station is the source node, while the sensor computers become the interior nodes of the tree. Each node getting an application packet puts in a fresh entry into its “application list”. Then the computer sends a counter packet while updating its “repeat table”. Then the previous two fields are put to zero. The node stays snooping to the broadcasted reply packets, and also increments the field for Num_Rep for every received packet. Now the parent node propels for every entry within its answer list an equal accept packets. The computer receiving the acknowledgement packet checks the source_ID which should correspond to the Node_ID in its repeat table. In case this does not happen, it will signify that the packet was kept by an invader and therefore be dropped. Or else, the device updates its repeat table by assigning the “Recv_accept” location to one then checks whether the “Num_reply” attribute in the acknowledgement packet is greater than “Num_Rep” by one value in the repeat counter of this device since “ Num_reply equals Num_Rep + 1 ”. If this equation is confirmed, then the device receiving the acknowledgement packet identifies the sender of the packet like its parent and then it fills in the routing table with that ID plus hop count for its parent then rebroadcasts an application packet with a hop count attribute incremented. Rushing Attack A rushing attack is new attack acting like a useful denial of service attack, attacking the entire proposed ad hoc on-demand network routing protocols, counting all the protocols that were assumed to be secure. In this protocol, a device requiring a way to a given destination distributes ROUTE REQUEST messages to the network trying to find a route to the target node. Each node usually forwards just one ROUTE REQUEST so as to minimize the overhead of messages, coming from every Route Discovery. Describing this attack in terms of the outcomes on the functioning of Route Discovery of DSR; other protocols e.g. Ariadne, SAODV, AODV and ARAN are susceptible just in the similar way. Some a Assumptions In this study several assumptions are discussed prior to engaging in the actual propositions of security measures on the routing protocols to deter the rushing attacks. Network Assumptions A common assumption is made that the majority of the network connections is bidirectional such that the network remains connected when unidirectional connections are ignored. This therefore makes the SND (Secure Neighbor Detection) protocol turns down unidirectional links, thus the fundamental routing protocols will be able to assume entire network does not have unidirectional links. In case another SND technique is applied, and that method supports unidirectional connections, then the capability of the mechanism referred to as secure route discovery used to discover as well as use unidirectional connections are incomplete merely by the fundamental routing protocol. Physical layers in wireless settings used for propagating data from one computer to another usually are susceptible to jamming. Methods like directional antennas are known to effective in advancing resistance toward physical jamming. Additionally, an effectual congestion attack typically requires extra hardware; on the contrary, rushing attack pretty much is simpler to attempt because the invader is able to use similar hardware as a legitimate node (Mastorakis, Mladenov and Kontargyri 505-515). The attacker is also able to remotely force an entry to a legitimate device and execute these attacks. Furthermore, rushing attack permits for an advanced selective denial of service making it harder to notice. Congestion attacks are virtually broader and therefore very easy to detect. The rushing attack is the commonly used security threat by intruders thus all the mechanisms explained here just take care of it and not other jamming attacks. Protocols like MAC (Medium Access Control) protocols are much vulnerable to this attack while the less sophisticated MAC protocols: Slotted ALOHA and ALOHA though not susceptible to such influences; have inferior efficiency and in that case MAC protocols are disregarded in this study. Previous works have indicated that ad hoc network routing generally does not grow well. The majority of the existing simulations for routing protocols in ad hoc networks consider situations of fifty to five hundred nodes. However, this work, focuses on medium-sized systems, and it doesn’t reflect on scalability issues; though, mechanisms like clustering, which advance the scalability in other on-demand routing protocols for ad hoc networks, are also able to improve the scalability of this approach. Security Assumptions plus Key Setup The protocols argued in this study need an instantly-verifiable transmits authentication protocol, where a digital signature is used. Nevertheless, whichever signature used must be able to match with the authentication at line pace, to shun a denial of service invasion where the intruder crushes the victim through flooding the network with fake messages. HORS protocol one time signature acts faster on many devices on a network. When this protocol is used jointly with BiBa constructions a very efficient instantly verifiable broadcast confirmation protocol is designed. HORS needs approximately 156,760 hashes/second to verify and sign the entire messages in a hundred node networks, a speed which is even attainable by PDAs. The assumption is made that the entire keys essential for broadcast verification are circulated in advance; several techniques for distributing that given information are also proposed. To avoid the circular dependence of secure routing as well as key distribution, an easy routing protocol to discover a route that links a reliable third party, this can in turn bootstrap the original keys .In this case a wormhole attack is expected to be a possible threat, and therefore a mechanism to detect tunnels vulnerable to be used by the attacker between two adjacent nodes needs to be established and in this case: TIK, RF watermarking and geographical leashes are proposed (Kumar and Bhatele 147-152). Secure Routing Necessities and Protocol A number of generic methods that jointly protect the network against the rushing attack are listed below: secure route delegation, secure route delegation and secure Neighbor Detection. A description of techniques to secure every protocol by using a protocol named on-demand Route Discovery. As it is discussed above, primitive on-demand protocols consider node B to be a neighbor of node A when it (B) receives a transmit communication from A. SND or (Secure Neighbor Detection) replaces the normal Neighbor Detection, and allows all neighbors to confirm that the other node is inside a known maximum transmission space. Once node A forwards a ROUTE REQUEST it determines that device B is its neighbor and thus signs a Route Delegation text, permitting node B to advance the ROUTE REQUEST. As well, when device B identifies that device A lies within its allowable range, it has also signed an acknowledgement Delegation message. Randomized assortment for the ROUTE REQUEST text to forward this replaces the old duplicate repression in the on-demand route establishment and thus ensures paths with low latency are slightly selected to forward requests Safe Neighbor Detection A simple example of a rushing attack happens when the attacker sends a route request past its usual radio transmission space, hence repressing subsequent REQUESTs from using this Route Discovery. This study presents a secure ND (Neighbor Detection) protocol which allows the sender and the receiver of a ROUTE REQUEST to confirm whether the other node lies within the normal wireless communication space. This functionality of ND, where two devices sense a bidirectional connection between themselves, is found in almost all routing protocols e.g. a device contributing in a intervallic protocol usually broadcasts advertisements, enabling its immediate neighbors sense it. The majority of on-demand routing procedures, conversely, do ND implicitly. These protocols consider nodes receiving a ROUTE REQUEST as its neighbor. When node transmits the REQUEST, it maintains a link among the sender plus the recipient. Unluckily, this implicit ND does not stop an attacker node from receiving a REQUEST or replaying it. Additionally, in the case address for previous-hop device is not authenticated, the attacker is able to claim to propagate a REQUEST, and the adjacent hop trusts its information a situation called the repeater attack. Necessities for Protected Neighbor Detection: Two nodes must be able to sense one another as neighbors only if they lay within a given maximum transmission range. The secure ND protocol therefore protects an attacker from: introducing 2 nodes which do not lie in the range of maximum transmission as neighbors, and those claiming to be a neighbor to another node, but it cannot hear packets send from that node. The 2nd requirement requires that if a device needs to listen to its neighbor solicitation, otherwise it would claim to be its neighbor. Lastly, the protocol ought to not set up a denial of service chance; e.g. overwhelming a node with neighbor requests hence consuming all CPU resources for that node (Weerasinghe 1-10). Our Safe Neighbor Discovery Protocol. A secure ND protocol that permits both the sender plus the responder to ensure that its neighbor lies within an utmost communication range Assuming insignificant MAC protocol delay, a simple design of 3 round joint authentication protocol which uses a tight delay program for ensuring its neighbor is in the correct communication range. Initially, the sender node sends to its Neighbor a Solicitation packet, by either unicasting the packet to an exact neighbor or by broadcasting that packet. The recipient node sends to its neighbor a reply packet. Finally, the sender propagates a Neighbor Verification, including broadcast verification of a time stamp plus the connection from the origin to the end. The calculated delay between sending the first message plus receiving the 2nd message gives an upper limit on the separation of the neighbor: This is correct if a device can swiftly process the initial message and hurriedly return the authenticated 2nd message; e.g. if HORS is utilized for authentication, the node needs only performs 1 hash function for authenticating the reply. The authentication message M2 ensures that the initiator’s response certainly originates from correct responder. Integrating On-Demand Protocol. The on-demand protocol, neighbor confirmation performs Route Discovery. Consequently, one can guard against a New Neighbor Solicitation overwhelms, by using underlying protocols to shield it from ROUTE REQUEST overwhelms; the node reacts to whichever New Neighbor Solicitation accessible using valid REQUEST. If preferred, REQUEST overwhelms deterrence can be gained by the using a hash chain, Safe Route Delegation When doing ROUTE REQUEST determination, the essence is to enable every node to authenticate all the secure ND steps performed among the adjacent couple of devices in the REQUEST, i.e. authenticate both devices of all adjacent node pairs indeed believes as its neighbor. This property via an SRD (Secure Route Delegation) mechanism uses Route Attestations to make sure that every Autonomous System (AS) planned in the BGP AS pathway is surely a suitable AS. In S-BGP, prior to distributing route information across its neighbor, the AS accepts the route verification entrusting with the right to continue propagating the updates. This mechanism is used to facilitate the nodes to authenticate that every SND protocols are executed by both neighbors and assert that they lay in the correct transmission range. Safe Route Discovery This protocol employs three techniques in performance to the rushing attack: the previous protocol, delegation approval protocol, OSPD or (our secure Route Delegation) and lastly randomized selection where ROUTE REQUEST is forwarded. The instinct following SRD or (Secure Route Discovery) is to ensure the advancement of REQUEST messages less unsurprising by buffering the initial first REQUESTs received and then randomly selecting 1 of the REQUESTs. Conversely, it is essential that the attacker is prevented from overwhelming the network with so many REQUESTs, otherwise the attacker may easily flood these REQUESTs in the network and the scheme falls into the trap of the rushing attack. To curb these requests we ensure that every legitimate node sends only one REQUEST in any discovery. Firstly, we need that each REQUEST carries a file of all the traversed nodes, then a bidirectional neighbor verification, for every link covered by the files of the nodes traversed for a collection of 2 two signed neighbor verification for every hop, to verify the node list, each node must authenticate the REQUEST it sends though it can still attach it to the neighbor verification that it signs and lastly the REQUESTs are buffered to be double-suppression unique: i.e. in case the route keeps record for whatever 2 REQUESTs containing any node A and the route prefix to A is the same. All the above requirements prevent attacks from intruding/attacking the nodes and if any of the nodes is compromised can only rush/send REQUESTs to a few nodes and to avoid replays of these messages by the old neighbor verification; every message is joined to a given Route Discovery. Basically, when a given node sends a verification to its neighbor for the link, the sender signs not only its recipient but also ties a unique that unique route identifier to its neighbor verification. For instance, in Originator IP Address, the RREQ_ID, AODV and also the RREQ form a sole identification; in DSR, the objective Address plus Identifier fields from the ROUTE REQUEST, all these with the IP source Address makes a distinct identifier. To give an address to closely distanced nodes, the identifier attributes of these nodes in the network that node may include a time out instead of every unique identifier. Also, if network devices contain more closely synchronized clocks, the device can also include a time out instead of its unique identifier. In other cases nodes lack distinct paths to the sources of the REQUEST, to enable the discovery of the route the node is allowed to forward a request In some areas of some networks, a node will not have n distinct paths to the source of the REQUEST. To enable the Discovery of routes to or through such nodes, we allow a node to forward a REQUEST after a time even when it hasn’t received any REQUEST. Fixed time outs however allows attackers to invade the network, thus to avoid this a range must set between a minimum and maximum one. Also, one can decide to do early releases when a node does many REQUESTs. Deciding, timeouts when the site information is at hand gives good properties. When the nodes chooses a timeout, randomly or according to optional information data, it chooses randomly 1 received REQUEST for sending. Other two security optimization is implemented into this scheme based on non-repudiation to distribute information about malicious hops. Foremost, every REQUEST needs to be registered by the forwarding node , when the node detects the attacker sending more REQUESTs, it can expose it by broadcasting those REQUESTs, secondly, in case the REQUESTs needs to be signed by the forwarding node, the node sensing the attacker sending more REQUESTs responds by flooding those REQUESTs to expose the attacker. Also, if the ste information is at hand and it is used to implement geographic message leases, any attacker pretending to exist in two places at the same time is blacklisted. For instance, when a REQUEST is included in the node’s list site information and its timely information for every sending node, the device can keep a database of the past site’s information and therefore find 2 locations claiming a significantly exceed the maximum rate achievable by an authentic node. The blacklist technique doesn’t require authentication as non-repudiation for conflicting information can be verified by every node. Blacklist information is usually routed by flooding: and conflicting information is just a rebroadcast by whichever node that notices the no-repudiation and it lacks that malicious device in its blacklist. This resembles the blacklist mechanism used in Ariadne. Integrating Safe Route Discovery When using our rushing attack prevention together with a secure on-demand routing protocol, a node can first attempt Route Discovery using that secure protocol. If a rushing attacker prevents the discovery of any working routes, the node can then set a flag indicating that it wants to use rushing attack prevention, though it must also authenticate that flag to prevent modification. This approach is similar to the principle of expanding ring search: first, a node uses a cheaper, but sometimes unsuccessful, search. The node only uses a more expensive search when the cheaper search does not find a route. This optimization provides benefits in two cases: first, when there are no rushing attackers, existing secure routing protocols should be able to find a route. Secondly, a rushing attacker does not have any advantage in one- and two-hop routes. Integrating Safe route Discovery by AODV In AODV and other protected protocols supported by AODV, RREP or Route Request packages do not take a node listing. On the other hand, to sieve excessive malevolent RREQs, we need every RREQ to hold a node record. As an alternative of advancing the initial RREQ established, nodes by means of our secure course finding randomly choose single from initial n RREQs which it gets and treat as the forwarded RREQ. More in particular, it spaces the inventor for the Route innovation in its direction-finding table via the preceding device for the selected RREQ s which is the next device destination. It then attaches its address plus verification information in the node listing, and then it becomes a DSR. As AODV is a protocol for distance-vector, it cannot create a multiple routes. This shows that Route Discovery is also targeted to wait for n RREQ packages before going back to solo RREP. The RREP is the target signs, and comprises the neighbor authentication RREP for all devise in the selected path. This confirmation allows the nodes to forward the conformed RREP to authenticate the entire way back to the source of the RREP. Each node authenticating this information establishes a route back to the basis of the RREP .After RREP finds the destination, it will then recognize a bidirectional way amid the inventor and aim the Route Discovery. Because AODV is not compatible to hold multiple routes, the security possessions of AODV that uses the discovery Secure Neighbor will be a bit worse than DSR properties using protected Neighbor Discovery. As we use quickening attack prevention jointly with a protected protocol which is on-demand, a node may first try Route Discovery by use of that protected protocol. If it prevents the findings of the working routes, the node may then be set as flag demonstrating that it wishes to employ rushing attack avoidance; still it must validate the flag for preventing modification. Thus the approach is related to the opinion of mounting ring search: because, a node employs a cheaper, although it might make unsuccessful, search. The node uses only an expensive search but the cheaper search may not find a route. This optimization gives advantage in two ways: first, if there was exist stance of rushing attackers, existing protected routing protocols will be in a position to get a route. Secondly, rushing attackers lack advantage in one together with two-device routes. Conclusion Having analyzed every bit of the secure routing protocols, it is now clear if the new protocols are implemented, then one can be sure that s/he safe from these network security threats. However, one needs to keep abreast with the new malicious codes because there are millions of people whose agenda is to design these codes and crash enterprise networks. The rushing attack is the newest threat which adverse effects of suppressing networks and therefore causing denial service. Information is very expensive and once lost it can’t be recovered hence it is the responsibility of the owner to secure it by all means. Works Cited C?ayirci, E, and Chunming Rong. Security in Wireless Ad Hoc and Sensor Networks. Chichester, U.K: Wiley, 2009. Internet resource. Kumar, Veerendra, and Mukta Bhatele. Proceedings of All India Seminar on Biomedical Engineering 2012 (aisobe 2012). New Delhi: Springer, 2013. Internet resource. Mastorakis, Nikos E, Valeri Mladenov, and Vassiliki T. Kontargyri. Proceedings of the European Computing Conference. New York: Springer, 2009. Internet resource. Weerasinghe, Dasun. Information Security and Digital Forensics: First International Conference ; Revised Selected Papers. Berlin: Springer, 2010. Print. Zhang, Yan, Jun Zheng, and Miao Ma. Handbook of Research on Wireless Security. Hershey, PA: Information Science Reference, 2008. Print. Read More