Securing Topology Maintenance Protocols for Sensor Networks: Attacks and Countermeasures

We analyze the security vulnerabilities of PEAS, AS- CENT, and CCP, three well-known topology maintenance protocols for sensor networks. These protocols aim to in- crease the lifetime of the sensor network by maintaining only a subset of nodes in an active or awake state. The design of these protocols assumes that the sensor nodes will be deployed in a trusted non-adversarial environment, and does not take into account the impact of attacks launched by malicious insider and outsider nodes. We describe three at- tacks against these protocols that can be used to reduce the lifetime of the sensor network, or to degrade the functional- ity of the sensor application by reducing the network con- nectivity and sensing coverage that can be achieved. Fur- ther, we describe counter-measures that can be used to in- crease the robustness of the protocols and make them re- silient to such attacks. nectivity and the application's coverage requirements in a configurable fashion. All these protocols involve some form of coordination and message exchanges between neighboring nodes in order to elect coordinators and determine sleep schedules. These protocols were designed assuming a non-adversarial trusted environment. Consequently, they are vulnerable to secu- rity attacks in which malicious nodes send spoofed or false messages to their neighbors with the goal of defeating the objectives of the protocol. Attacks on the topology maintenance protocols can be performed either by entities external to the network (out- sider attacks) or by compromised nodes (insider attacks). Insider attacks are a particularly challenging problem for sensor networks because many sensor applications involve deploying nodes in an unattended environment, thus leav- ing them vulnerable to capture and compromise by an ad- versary. Unlike outsider attacks, insider attacks cannot be prevented by authentication mechanisms since the adver- sary knows all the keying material possessed by the com- promised nodes. In this paper, we analyze the security vulnerabilities of three well-known topology maintenance protocols (PEAS, CCP, and ASCENT). We describe three types of attacks that can be launched against these protocols: sleep depriva- tion attacks that increase the energy expenditure of sensor nodes and thus reduce the lifetime of the sensor network, snooze attacks that result in inadequate sensing coverage or network connectivity, and network substitution attacks in which multiple attackers collude to take control of part of the sensor network. Further, we describe counter-measures that can be used to increase the robustness of the protocols and make them resilient to such attacks. The proposed counter-measures include authentication mechanisms that can be used to pre- vent outsider attacks and certain insider attacks (such as im- personation attacks). However, for all these protocols, we

[1]  Robert Tappan Morris,et al.  Span: An Energy-Efficient Coordination Algorithm for Topology Maintenance in Ad Hoc Wireless Networks , 2001, MobiCom '01.

[2]  Deborah Estrin,et al.  Energy conservation by adaptive clustering for ad-hoc networks , 2002 .

[3]  David A. Wagner,et al.  Secure routing in wireless sensor networks: attacks and countermeasures , 2003, Ad Hoc Networks.

[4]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.

[5]  Deborah Estrin,et al.  ASCENT: adaptive self-configuring sensor networks topologies , 2004, IEEE Transactions on Mobile Computing.

[6]  Roberto Di Pietro,et al.  Energy efficient node-to-node authentication and communication confidentiality in wireless sensor networks , 2006, Wirel. Networks.

[7]  Songwu Lu,et al.  PEAS: a robust energy conserving protocol for long-lived sensor networks , 2002, 10th IEEE International Conference on Network Protocols, 2002. Proceedings..

[8]  Guoliang Xing,et al.  Integrated coverage and connectivity configuration in wireless sensor networks , 2003, SenSys '03.

[9]  David A. Wagner,et al.  TinySec: a link layer security architecture for wireless sensor networks , 2004, SenSys '04.

[10]  Sasikanth Avancha,et al.  Security for Sensor Networks , 2004 .

[11]  Deborah Estrin,et al.  Adaptive Energy-Conserving Routing for Multihop Ad Hoc Networks , 2000 .

[12]  Frank Stajano,et al.  The Resurrecting Duckling: Security Issues for Ad-hoc Wireless Networks , 1999, Security Protocols Workshop.

[13]  Deborah Estrin,et al.  Geography-informed energy conservation for Ad Hoc routing , 2001, MobiCom '01.