Research Interest in WSN Security

In the previous subsections, we mentioned that WSNs are vulnerable to numer- ous security threats due to their deployment environments. And due to resource constraints of sensor nodes, traditional security mechanisms with large overheads of computation and communication are infeasible in WSNs. Moreover the use of WSNs must ensure that the network is protected from unauthorized access and ad- versarial attacks. Security in WSNs is, therefore, a particularly challenging task and attracts great interest from world-wide researchers . In this subsection, we review the current popular research interest in WSN security. It is important to note that we list the current hot research topics in the field of WSN security and highlight the importance of key management in the whole security framework, rather than giving a comprehensive coverage of existing security techniques being researched.

Key management

Key management is one of the important security aspects of WSNs as it is crucial for providing data authentication, confidentiality and integrity and almost all WSN security mechanisms rely on solid encryption. Even though key management has been intensively studied in broadcast communication and is not a unique issue to wireless sensor networks, traditional key management techniques cannot be used for WSNs directly or even with minor revision due to the constraints of sensor nodes and application environments.

Symmetric Key Cryptography based techniques are attractive for WSN appli- cation because they are energy-efficient. Symmetric keys are predistributed to sen- sors before network deployment. After deployment, sensors perform operations of neighbors discovery and shared key establishment to establish secure communica- tions between them. However, due to the limited memory of sensor nodes, these Symmetric Key Cryptography based techniques are not able to achieve both perfect connectivity and perfect resilience for large-scale WSNs. Instead, the use of Public Key Cryptography (PKC) would eliminate the above problem. Due to their asym- metric property, sensors do not need to carry the predistributed keys. Any two sen- sors can establish a secure communication channel between themselves. Because of the key independence of each other’s public key, the capture of some sensors will not affect the security of others. However, it is universally acknowledged that the essential cryptographic primitives for WSN are Symmetric Key Cryptography (e.g. RC5, RC6, AES), Message Authentication Code (MAC), and hash function (e.g. MD5, SHA-1). Public Key Cryptography has long been considered infeasible in WSNs due to resource constraints of sensor nodes. There is almost no quantita- tive analysis that supports this widely accepted conclusion [19]. To the best of our knowledge, the first challenge on common perception is the literature [27] which proposed a hybrid authentication key establishment scheme based on Elliptic Curve Cryptography (ECC).

Authentication

Authentication guarantees that the entities with whom one communicates are the expected ones and the received data is the original one sent by the counterparts.

Generally speaking, an asymmetric key mechanism is required to authenticate mes- sages. However, due to the resource constraints at sensor nodes, solutions based on Public Key Cryptography (e.g. RSA) have intolerable storage and computa- tion overheads on WSNs. Current research on authentication in WSNs focuses on broadcast authentication.

Local broadcast is an essential service in HWSNs because the networks are de- coupled into small clusters and each cluster has a high degree of autonomy. In an HWSN, the base station or cluster heads broadcast commands and data within the cluster. The authenticity of such commands and data is critical for the normal oper- ation of WSNs [28]. In a hostile environment, if sensor nodes are convinced by the forged or modified commands, they may operate in an inverse way, and cannot fulfill the intended target of the network. However, providing broadcast authentication in hierarchical WSNs is by no means a trivial task. On the one hand, PKC-based digi- tal signatures consume too much energy to be practical in WSNs. On the other hand, secret key cryptography based mechanisms cannot be directly applied to broadcast authentication, since otherwise a compromised receiver can easily forge any mes- sages from the sender [28]. Perrig et al. [2] proposed a broadcast authentication mechanism named µTESLA. Many techniques are used to extend the capabilities of µTESLA in [28,29,30]. The scheme in [29] talked about how to tailor µTESLA to local broadcast authentication. The scheme in [28] overcomes the length limit of the hash chain. The scheme in [30] extends µTESLA to support a multicast scenario.

Secure routing

Routing protocols, to some extent, have received maximum attention from the re- searchers both in wired networks and wireless networks. Therefore, most current research primarily focuses on providing the most energy efficient routing scheme. In WSNs, the in-network processing characteristic is one of the challenges of de- signing a routing protocol. Intermediate nodes have access to the data. Once one of these intermediate nodes is compromised, it can eavesdrop and even modify the data, thus threatening the entire network. Another challenge is that it is very easy for a single node to disrupt the entire routing protocol by simply disrupting the route discovery process [20]. So, the routing protocols in WSNs should provide not only

reliable delivery, but also security services.

The routing security in WSNs summarizes attacks against the current proposed routing protocols and discusses countermeasures and design considerations for se- cure routing protocols. The attacks can be classified into two categories: (1) Those that try to manipulate user data directly or (2) Those that try to affect the underlying routing topology. Both kinds of attacks can consume valuable resources to cause a DoS attack. The author claimed that it is unlikely to find effective countermeasures against those attacks after the design of a protocol has been completed. So, it is crucial to consider security issues at the beginning of routing protocol design [24]. Intrusion detection

Traditional intrusion detection methods fall into two main categories: Anomaly- based Intrusion Detection (AID) and Misuse Intrusion Detection (MID). The AID technique assumes that intruders will demonstrate unusual system behavior com- pared to the legitimate nodes and any unusual network behavior is an indication of an attack. With that in mind, a profile of the system in normal use is developed and used to evaluate the system when intruders emerge. The advantage of the AID system is that it is able to detect previously unknown attacks. However, the AID system has two obvious disadvantages. Firstly, it is susceptible to false positives since it is difficult to define normal system behavior. Secondly, the AID system has high computational cost when comparing the current system activity to the base profile. Such high computation cost can severely impact upon the longevity of the network.

The MID technique maintains a database of intrusion signatures. Using these signatures, the system can easily detect intrusions on the network. This approach is less prone to false positives but is unable to detect unknown attacks. The advantage of this technique is that it requires less computation in order to identify intruders as the comparison of network events with the available signatures is relatively low cost [31].

Even though effective intrusion detection systems are essential for WSN secu- rity, a perfect solution has not yet been devised.

Secure data aggregation

As WSNs continue to grow in size, so does the amount of data that the WSNs are capable of sensing. This data is collected by individual sensor nodes that have limited storage and sensing capabilities. In order to obtain meaningful information from this data, the raw stream of data must be securely processed first. This is typically done using a series of aggregators which are responsible for collecting the raw data from a subset of nodes and processing/aggregating the raw data from the nodes into more usable data. However, these aggregators are a single point of failure. In the event that an aggregation node is compromised, then all of the data delivered from the WSN to the control server may be forged. The end user may make an incorrect decision based on the forged data. Therefore, secure data aggregation techniques should be developed for WSNs.

Wagner analyzes the resilience of existing aggregation techniques in [32], and argues that current aggregation schemes were designed without consideration of se- curity and that there are easy attacks against them. To date, a great number of secure data aggregation protocols have been proposed for WSNs. Wang et al. in [26] pre- sented a taxonomy of secure data aggregation protocols, plaintext-based protocols and ciphertext-based data aggregation protocols. A conflict in data confidentiality and data aggregation exists in almost all of literature. Confidentiality requires the data to be transmitted after encryption, whereas data aggregation is usually done af- ter decryption. Frequent encryption and decryption operations involve unacceptable computation overhead. An alternative method is to aggregate concealed data. Secure localization

The location information of nodes in WSNs plays a important role in understand- ing the application environment. There are three visible advantages of knowing the location of sensor nodes [33]. First, location information is needed to identify the location of an event of interest, such as the location of an intruder. Second, location awareness facilitates numerous application services. Third, location information can assist in various system functionalities, such as geographical routing. Due to these advantages and specific characteristics of WSNs, it is natural that secure lo- calization in WSNs has become a major focus of research in recent years.

Time synchronization

Time synchronization is an important component in all distributed systems, and WSNs are no exception. With the proliferation of WSNs, time synchronization in WSNs has attracted increasing attention in the last few years. In order to conserve power, an individual sensor’s radio may be turned off for periods of time. Further- more, sensors may wish to compute the end-to-end delay of a packet as it travels between two pairwise sensors. A more collaborative sensor network may require group synchronization for tracking applications, etc.

The authors in [34] presented an overview of the time synchronization problem in WSNs, defining the requirements, and various issues for designing synchroniza- tion algorithms for wireless sensor networks. The authors argue that time synchro- nization should be multi-modal, tiered, and tunable, so that it can satisfy the diverse needs of various sensor network applications.

Trust management

Trust management can solve some problems in WSNs that traditional cryptographic security mechanisms cannot deal with. For example, Trust mechanisms are effec- tive in judging the quality and reliability of sensor nodes and wireless links, data aggregation reliability and correctness of aggregator nodes. However, it is not easy to build a good trust model within a sensor network given the resource constraints [20]. Many existing security mechanisms assume that a trust relationship between nodes exists in advance. This assumption ignores the independence of sensor nodes. Trust establishment techniques in wireless networks even in ad hoc networks are not fresh. However these techniques cannot be applied directly to WSNs due to the capacity of sensor nodes. The specific techniques for trust management in sensor networks were proposed only recently. Ganeriwal et al. proposed a reputation- based framework for a high integrity sensor network in [35]. A beta reputation system is employed in this framework for reputation representation, updates, and integration. The trust model in [36] presents a method of location-centric isolation of nodes exhibiting misbehavior and trust-based routing in WSNs. The trust value is a function of the capacity of the cryptographic suite being used. If the trust value falls below a specific trust threshold, then the location of the node is considered

insecure and the node is avoided when forwarding packets.

Trust management usually involves high computation overhead, so that building an efficient scheme for resource-constrained sensor network is a very challenging task.