a distributed security framework for heterogeneous wireless sensor networks
DESCRIPTION
A Distributed Security Framework for Heterogeneous Wireless Sensor Networks. Presented by Drew Wichmann Paper by Himali Saxena, Chunyu Ai, Marco Valero, Yingshu Li, Raheem Beyah. Wireless Sensor Network (WSN) Security. Applications Attacks Sinkhole Wormhole DoS Jamming Sybil Hello Flood - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: A Distributed Security Framework for Heterogeneous Wireless Sensor Networks](https://reader037.vdocuments.net/reader037/viewer/2022110213/56814e91550346895dbc3a27/html5/thumbnails/1.jpg)
A Distributed Security Framework for
Heterogeneous Wireless Sensor Networks
Presented by Drew Wichmann
Paper by Himali Saxena, Chunyu Ai, Marco Valero,
Yingshu Li, Raheem Beyah
1
![Page 2: A Distributed Security Framework for Heterogeneous Wireless Sensor Networks](https://reader037.vdocuments.net/reader037/viewer/2022110213/56814e91550346895dbc3a27/html5/thumbnails/2.jpg)
Wireless Sensor Network (WSN) Security
• Applications
• Attacks– Sinkhole– Wormhole– DoS– Jamming– Sybil– Hello Flood
• Defense Mechanisms2
![Page 3: A Distributed Security Framework for Heterogeneous Wireless Sensor Networks](https://reader037.vdocuments.net/reader037/viewer/2022110213/56814e91550346895dbc3a27/html5/thumbnails/3.jpg)
Memory Constraints
• Mica2 mote– 4KB RAM– 128KB program memory
• 60KB for Operating System• 45.26KB Code Dissemination Tool• 7.2KB Link Layer Security
• 88% of memory consumed
3
![Page 4: A Distributed Security Framework for Heterogeneous Wireless Sensor Networks](https://reader037.vdocuments.net/reader037/viewer/2022110213/56814e91550346895dbc3a27/html5/thumbnails/4.jpg)
Proposal
• Distributed Security Framework (DSF) which can detect and defend against all known attacks efficiently
• A warning mechanism can inform other clusters to install defense mechanisms for potential attacks in advance, thus reducing the impact caused by attacks
• The security framework is modular and scalable, thus defense mechanisms for new or future attacks can be easily added
4
![Page 5: A Distributed Security Framework for Heterogeneous Wireless Sensor Networks](https://reader037.vdocuments.net/reader037/viewer/2022110213/56814e91550346895dbc3a27/html5/thumbnails/5.jpg)
Assumptions
• Base station and Gateway nodes tamper proof
• Attacker has regular node capabilities
• Those within transmission range are at higher risk
• Gateway Nodes have enough memory to store all defense schemes
• No false positives
5
![Page 6: A Distributed Security Framework for Heterogeneous Wireless Sensor Networks](https://reader037.vdocuments.net/reader037/viewer/2022110213/56814e91550346895dbc3a27/html5/thumbnails/6.jpg)
Network Model
• Heterogeneous Network– Gateway Nodes– Regular Nodes
• Divide into clusters
• Communication– Gateway nodes
require only single hop
– Regular nodes use multi-hop to communicate with gateway nodes
6
![Page 7: A Distributed Security Framework for Heterogeneous Wireless Sensor Networks](https://reader037.vdocuments.net/reader037/viewer/2022110213/56814e91550346895dbc3a27/html5/thumbnails/7.jpg)
Threat Model
• Two scenarios for attack
– Single cluster
– Multiple clusters
• The attacker can change position
• A compromised node has all material available
7
![Page 8: A Distributed Security Framework for Heterogeneous Wireless Sensor Networks](https://reader037.vdocuments.net/reader037/viewer/2022110213/56814e91550346895dbc3a27/html5/thumbnails/8.jpg)
Problem Definition
• Goal– Significantly reduce an attack’s effectiveness
• There are a set of attacks, A = {A1 , A2 , … , An }• For every attack Ai , there exists a defense scheme Di• For every defense scheme Di , the program size is Pi• Each regular node has an available program memory of
– Can only store a subset S of D8
n
iiR PP
1
![Page 9: A Distributed Security Framework for Heterogeneous Wireless Sensor Networks](https://reader037.vdocuments.net/reader037/viewer/2022110213/56814e91550346895dbc3a27/html5/thumbnails/9.jpg)
Problem Definition (continued)
• Assign weight Wji to an attack Ai for a gateway node Gj• Wji represents the possibility of the attack Ai occurring in Gj• Knapsack Problem:
9
DSwherePPtoSubject
W
RSDi
Sji
i
,
MaximizeiD
![Page 10: A Distributed Security Framework for Heterogeneous Wireless Sensor Networks](https://reader037.vdocuments.net/reader037/viewer/2022110213/56814e91550346895dbc3a27/html5/thumbnails/10.jpg)
DSF ARCHITECTURE
The security framework to efficiently defend against all known attacks
10
![Page 11: A Distributed Security Framework for Heterogeneous Wireless Sensor Networks](https://reader037.vdocuments.net/reader037/viewer/2022110213/56814e91550346895dbc3a27/html5/thumbnails/11.jpg)
Routing Protocol
• Gateway nodes calculate routes for each pair
• Regular nodes periodically send current state
• If reports are not received on time, then the regular node is assumed dead
• Gateway level uses Destination Sequenced Distance Vector (DSDV)
11
![Page 12: A Distributed Security Framework for Heterogeneous Wireless Sensor Networks](https://reader037.vdocuments.net/reader037/viewer/2022110213/56814e91550346895dbc3a27/html5/thumbnails/12.jpg)
Choosing the Defense Mechanism Subset
12
DSwherePPtoSubject
W
RSDi
Sji
i
,
MaximizeiD
![Page 13: A Distributed Security Framework for Heterogeneous Wireless Sensor Networks](https://reader037.vdocuments.net/reader037/viewer/2022110213/56814e91550346895dbc3a27/html5/thumbnails/13.jpg)
Warning Messages
• When an attack is detected, send a warning Wk• Wk = { Ai , Gs , WWk , Tk }• Each gateway node maintains a received warning list Lj• Keeps one entry per (Ai , Gs)• Then the likelihood of each attack is calculated
13
ijk ALW kcjs
kji TTGGD
WWW
isattack and ,
![Page 14: A Distributed Security Framework for Heterogeneous Wireless Sensor Networks](https://reader037.vdocuments.net/reader037/viewer/2022110213/56814e91550346895dbc3a27/html5/thumbnails/14.jpg)
Propagate the subset
• Solve:
• Send the new defense mechanism images for S• Use Seluge to transmit the images
• Protects this cluster from new attacks
• With the warning system, can enable defense of future attacks in other clusters
14
DSwherePPtoSubject
W
RSDi
Sji
i
,
MaximizeiD
![Page 15: A Distributed Security Framework for Heterogeneous Wireless Sensor Networks](https://reader037.vdocuments.net/reader037/viewer/2022110213/56814e91550346895dbc3a27/html5/thumbnails/15.jpg)
Security Framework Workings
15
![Page 16: A Distributed Security Framework for Heterogeneous Wireless Sensor Networks](https://reader037.vdocuments.net/reader037/viewer/2022110213/56814e91550346895dbc3a27/html5/thumbnails/16.jpg)
Performance Analysis
• Parameters:
• Metrics– Success Rate– Energy Consumption
16
![Page 17: A Distributed Security Framework for Heterogeneous Wireless Sensor Networks](https://reader037.vdocuments.net/reader037/viewer/2022110213/56814e91550346895dbc3a27/html5/thumbnails/17.jpg)
Performance Analysis
• Three schemes– Distributed Security Framework (DSF)– One Security Scheme (OSS)– Multiple Security Schemes (MSS)
17
![Page 18: A Distributed Security Framework for Heterogeneous Wireless Sensor Networks](https://reader037.vdocuments.net/reader037/viewer/2022110213/56814e91550346895dbc3a27/html5/thumbnails/18.jpg)
Success Rate
18
![Page 19: A Distributed Security Framework for Heterogeneous Wireless Sensor Networks](https://reader037.vdocuments.net/reader037/viewer/2022110213/56814e91550346895dbc3a27/html5/thumbnails/19.jpg)
Success Rate
19
![Page 20: A Distributed Security Framework for Heterogeneous Wireless Sensor Networks](https://reader037.vdocuments.net/reader037/viewer/2022110213/56814e91550346895dbc3a27/html5/thumbnails/20.jpg)
Energy Use
20
![Page 21: A Distributed Security Framework for Heterogeneous Wireless Sensor Networks](https://reader037.vdocuments.net/reader037/viewer/2022110213/56814e91550346895dbc3a27/html5/thumbnails/21.jpg)
Energy Use
21
![Page 22: A Distributed Security Framework for Heterogeneous Wireless Sensor Networks](https://reader037.vdocuments.net/reader037/viewer/2022110213/56814e91550346895dbc3a27/html5/thumbnails/22.jpg)
Effect of Mobile Attacker Speed
22
![Page 23: A Distributed Security Framework for Heterogeneous Wireless Sensor Networks](https://reader037.vdocuments.net/reader037/viewer/2022110213/56814e91550346895dbc3a27/html5/thumbnails/23.jpg)
Conclusion
• Dynamically use available memory to provide security from multiple attacks
• Warning scheme can enable prevention of future attacks
• Simulation results confirm DSF performs well
• Future work– Individual sensor subsets– Gateway node compromising– False positives and negatives– Implementation on real sensors– Thrashing Attacks
23
![Page 24: A Distributed Security Framework for Heterogeneous Wireless Sensor Networks](https://reader037.vdocuments.net/reader037/viewer/2022110213/56814e91550346895dbc3a27/html5/thumbnails/24.jpg)
Questions?