• No results found

SECURE ROUTING AND DATA VERIFICATION UNDER WIRELESS SENSOR NETWORKS

N/A
N/A
Info
Download
Protected

Academic year: 2020

Share "SECURE ROUTING AND DATA VERIFICATION UNDER WIRELESS SENSOR NETWORKS"

Copied!
7
0
0

Loading.... (view fulltext now)

Download now ( 7 Page )

Full text

(1)

44

SECURE ROUTING AND DATA VERIFICATION UNDER

WIRELESS SENSOR NETWORKS

Mr. Manuel George 1, Dr. T. Senthil Prakash2, Mr. M. Rajesh3, Mr. C.P. Abdul Jabbar 4 II Year M.E(CSE)1 , Professor & HOD2, Assistant Professor3, II Year M.E(CSE)4

Shree Venkateshwara Hi-Tech Engg. College, Gobi, Tamilnadu, India 1,2,3,4 [email protected] 1, [email protected], [email protected] 4

Abstract

Sensor devices are small devices used to capture information from environment. Capture, store and transmission are the main operations of sensor devices. Temperature, humidity, density of carbon dioxide and pressure details are captured by sensor devices. Battery power and bandwidth are the main limitation of sensor devices. The intrusion detection system identifies the legitimate and attackers in the network area. In Wireless Sensor Networks (WSN) decision making is carried out under the Base Station (BS). Malicious sensor nodes initiates the packet loses attacks. WSN security schemes are constructed with authentication, confidentiality and integrity tasks. Sensor data are streamed from multiple sources through intermediate processing nodes. Data provenance is applied to evaluate the trustworthiness of sensor data. Low energy and bandwidth consumption, efficient storage and secure transmission factors are considered in provenance management. Secure provenance verification scheme is used to authorize sensor data packets. In packet Bloom filters (iBF) are used to encode provenance. Provenance verification and reconstruction tasks are carried out under the base station. Secure provenance scheme is extended with functionality to detect packet drop attacks. Provenance collection algorithm and provenance verification algorithm are used in the data verification process.

1. Introduction

Wireless sensor networks (WSNs) are wireless networks that comprise a large number of spatially distributed small autonomous devices cooperatively monitoring environmental conditions and sending the collected data to a command center using wireless channels. This small device, called a sensor node, consists of processing capability, may contain multiple types of memory has a RF transceiver and accommodate various sensors and actuators. WSNs have been widely recognized as a promising technology that can enhance various aspects of today’s electric power systems [4], monitoring [5] mobile healthcare system and intelligent transportation systems. The dense and ad hoc deployment in hazardous environment and unattended nature of WSNs make it difficult to change or recharge the node batteries. The crucial question is “how to prolong the network lifetime to such a long time?” Maximizing the lifetime of the

network through minimizing the energy is an important challenge in WSNs.

Experimental measurements have shown that generally data transmission is very expensive in terms of energy consumption (EC), while data processing consumes significantly less. Thus, a practical way to prolong the WSN lifetime is to reduce the sensor energy consumption in data transmissions.

Data aggregation is an efficient way to minimize energy consumption on sensors, but it also creates new security challenges. A homomorphic encryption (HE) scheme provides a solution to secure data aggregation. It makes it possible to aggregate n cipher texts into a single cipher text

without using any secret keys preserving

fundamental arithmetic operations and

(2)

45

monitor and inject false data into the network. In hop-by-hop encrypted data aggregations (EDAs), an intermediate aggregator possessing the keys of all associated sensor nodes decrypts received encrypted values, aggregates all the decrypted values, and encrypts the result for transmission to a base station (BS). This approach requires that intermediate aggregators store keys for decryption in which a captured aggregator would reveal these secret information. Another approach is end-to-end EDAs in which the aggregators can directly aggregate the encrypted data without decrypting the data. The problem of aggregating encrypted data in WSNs was introduced by Girao et al. They proposed a concealed data aggregation (CDA) using Domingo-Ferrer’s HE scheme is both additively and

multiplicatively homomorphic. Wagner that

Domingo-Ferrer’s scheme is insecure against chosen plaintext attacks. Castelluccia et al. proposed a CDA based on key-stream based HE scheme which requires a shared secret key between a node and the BS. Mykletun et al. provided recommendations for selecting the most suitable asymmetric HE scheme for different topologies and WSN scenarios. These schemes adopting only HE schemes provide only confidentiality, but data integrity and source authentication are not supported. Later, to provide authentication and integrity, secure data aggregation (SDA) schemes [9] based on HE schemes and signature schemes were proposed. Recently, Chen et a [8] proposed two recoverable CDA schemes, RCDA-HOMO and RCDA-HETE, for homogeneous and heterogeneous WSNs, respectively, in which the BS can recover each sensing data generated by all sensors and aggregated by cluster heads (CHs). With these individual data, the BS can verify their integrity and authenticity. Lu et al. [11] proposed an efficient privacy-preserving aggregation (EPPA) scheme for secure smart grid communications based on Paillier’s homomorphic encryption scheme for secure data aggregation, the BLS signature scheme for authentication, batch verification for efficient signature verifications, and the broadcast encryption

scheme for confidentiality between OA and users. In EPPA, data aggregation is performed directly on cipher texts at local gateways without decryption, and the aggregation result of the original data can be obtained at the operation center. The scheme has different security requirements and applications, but it suffers from the same problems of the RCDA-schemes such as the identification problem of invalid signatures in batch verification and heavy computational cost due to expensive pairing operations. Here, we point out security weaknesses of RCDA-schemes.

2. Related Work

Routing is a challenging task in WSNs due to the limited resources. Geographic routing has been widely viewed as one of the most promising approaches for WSNs. Geographic routing protocols utilize the geographic location information to route data packets hop-by-hop from the source to the destination [2]. The source chooses the immediate neighboring node to forward the message based on either the direction or the distance. The distance between the neighboring nodes can be estimated or acquired by signal strengths or using GPS equipments. The relative location information of neighbor nodes can be exchanged between neighboring nodes.

(3)

46

distance to the destination and the remaining energy of the sensor nodes. The learning cost provides the updating information to deal with the local minimum problem.

While geographic routing algorithms have the advantages that each node only needs to maintain its neighboring information, and provide a higher efficiency and a better scalability for large scale WSNs, these algorithms may reach their local minimum, which can result in dead end or loops. To solve the local minimum problem, some variations of these basic routing algorithms were proposed including GEDIR, MFR and compass routing algorithm. The delivery ratio can be improved if each node is aware of its two-hop neighbors. There are a few papers [12] discussed combining greedy and face routing to solve the local minimum problem. The basic idea is to set the local topology of the network as a planar graph, and then the relay nodes try to forward messages along one or possibly a sequence of adjacent faces toward the destination.

Lifetime is another area that has been extensively studied in WSNs. A routing scheme was proposed to find the sub-optimal path that can extend the lifetime of the WSNs instead of always selecting the lowest energy path. In the proposed scheme, multiple routing paths is set ahead by a reactive protocol such as AODV or directed diffusion. Then, the routing scheme will choose a path based on a probabilistic method according to the remaining energy. Chang and Tassiulas assumed that the transmitter power level can be adjusted according to the distance between the transmitter and the receiver. Routing was formulated as a linear programming problem of neighboring node selection to maximize the network lifetime. Then Zhang and

Shen investigated the unbalanced energy

consumption for uniformly deployed data gathering sensor networks.

In this paper, the network is divided into multiple corona zones and each node can perform data aggregation. A localized zone-based routing

scheme was proposed to balance energy

consumption among nodes within each corona. Liu et al. in [6] formulated the integrated design of route selection, traffic load allocation, and sleep scheduling to maximize the network lifetime. Based on the concept of opportunistic routing, [7] developed a routing metric to address both link reliability and node residual energy.

The sensor node computes the optimal metric value in a localized area to achieve both reliability and lifetime maximization. In addition, exposure of routing information presents significant security threats to sensor networks. By acquisition of the location and routing information, the adversaries may be able to trace back to the source node easily. To solve this problem, several schemes have been proposed to provide source-location privacy through secure routing protocol design [10].

Source-location privacy is provided through broadcasting that mixes valid messages with dummy messages. The main idea is that each node needs to transmit messages consistently. Whenever there is no valid message to transmit, the node transmits dummy messages. The transmission of dummy messages not only consumes significant amount of sensor energy, but also increases the network collisions and decreases the packet delivery ratio. In phantom routing protocol, each message is routed from the actual source to a phantom source along a designed directed walk through either sector-based approach or hop based approach.

(4)

47

We developed a two-phase routing

algorithm to provide both content confidentiality and source location privacy. The message is first transmitted to a randomly selected intermediate node in the sensor domain before the message is being forwarded to a network mixing ring where the messages from different directions are mixed. Then the message is forwarded from the ring to the sink node. In [1], we developed criteria to quantitatively measure source-location information leakage for routing based schemes through source-location disclosure index (SDI) and source-location space index (SSI). To the best of our knowledge, none of these schemes have considered privacy from a cost-aware perspective.

In this paper, for the first time, we propose a secure and efficient Cost Aware SEcure Routing (CASER) protocol that can address energy balance and routing security concurrently in WSNs. In CASER protocol, each sensor node needs to maintain the energy levels of its immediate adjacent neighboring grids in addition to their relative locations.

Using this information, each sensor node can create varying filters based on the expected design tradeoff between security and efficiency. The quantitative security analysis demonstrates the proposed algorithm can protect the source location information from the adversaries. Our extensive OPNET simulation results show that CASER can provide excellent energy balance and routing security. It is also demonstrated that the proposed secure routing can increase the message delivery ratio due to reduced dead ends and loops in message forward.

3. Detecting Provenance Forgery and Packet Drop Attacks in Wireless Sensor Networks

Sensor networks are used in numerous

application domains, such as cyber physical infrastructure systems, environmental monitoring, power grids, etc. Data are produced at a large number of sensor node sources and processed

in-network at intermediate hops on their way to a base station (BS) that performs decision-making. The diversity of data sources creates the need to assure the trustworthiness of data, such that only trustworthy information is considered in the decision process.

Data provenance is an effective method to assess data trustworthiness, since it summarizes the history of ownership and the actions performed on the data. Recent research highlighted the key contribution of provenance in systems where the use of untrustworthy data may lead to catastrophic failures. Although provenance modeling, collection, and querying have been studied extensively for workflows and curated databases, provenance in sensor networks has not been properly addressed.

We investigate the problem of secure and efficient provenance transmission and processing for sensor networks, and we use provenance to detect packet loss attacks staged by malicious sensor nodes. In a multi-hop sensor network, data provenance allows the BS to trace the source and forwarding path of an individual data packet. Provenance must be recorded for each packet, but important challenges arise due to the tight storage, energy and bandwidth constraints of sensor nodes.

Therefore, it is necessary to devise a light-weight provenance solution with low overhead. Furthermore, sensors often operate in an untrusted environment, where they may be subject to attacks. It is necessary to address security requirements such as confidentiality, integrity and freshness of provenance. Our goal is to design a provenance encoding and decoding mechanism that satisfies such security and performance needs. We propose a provenance encoding strategy whereby each node on the path of a data packet securely embeds provenance information within a Bloom filter (BF) that is transmitted along with the data.

(5)

48

scheme that allows the BS to detect if a packet drop attack was staged by a malicious node.

As opposed to existing research that employs separate transmission channels for data and provenance, we only require a single channel for both. Traditional provenance security solutions use intensively cryptography and digital signatures and they employ append-based data structures to store provenance, leading to prohibitive costs.

In contrast, we use only fast message authentication code (MAC) schemes and Bloom filters, which are fixed-size data structures that compactly represent provenance. Bloom filters make efficient usage of bandwidth, and they yield low error rates in practice. Our specific contributions are:

 We formulate the problem of secure provenance transmission in sensor networks, and identify the challenges specific to this context.

 We propose an in-packet Bloom filter (iBF) provenance- encoding scheme.

 We design efficient techniques for provenance decoding and verification at the base station.

 We extend the secure provenance encoding scheme and devise a mechanism that detects packet drop attacks staged by malicious forwarding sensor nodes.

 We perform a detailed security analysis and performance evaluation of the proposed provenance encoding scheme and packet loss detection mechanism.

4. Problem Statement

Sensor data are streamed from multiple sources through intermediate processing nodes. Data provenance is applied to evaluate the trustworthiness of sensor data. Low energy and bandwidth

consumption, efficient storage and secure

transmission factors are considered in provenance

management. Secure provenance verification

scheme is used to authorize sensor data packets. In packet Bloom Filters (iBF) are used to encode

provenance. Provenance verification and

reconstruction tasks are carried out under the base

station. Secure provenance scheme is extended with functionality to detect packet drop attacks. Provenance collection algorithm and provenance verification algorithm are used in the data verification process. The following problems are identified from the existing system.

• Multiple consecutive malicious sensor nodes based attacks are not handled

• Packet lose detection accuracy is low

• Node level trust factors are not considered

• Time bounded provenance verification is not supported

5. Secure Routing and Data Verification Scheme

The data security is the main requirement in the wireless sensor network data query process. The node and data verification operations are the tasks are carried out under the sensor environment. Base station issues the certificates for the data transmission process. Node authentication is carried out using the certificates issued by the base station. Authentication, confidentiality and integrity tasks are adapted in the security process. Node trust factors are also used in the security process. Pack dropping attacks are also carried out with the verification method. The verification methods are also handles the malicious and anonymous data packet attacks.

The secure provenance verification scheme is enhanced to handle consecutive malicious node attacks. Efficient Distributed Trust Model (EDTM) is improved with security features. Integrated verification scheme is designed to authorize the node and data. Coordinated trust model is constructed

with communication, energy, data and

recommendation trust values.

(6)

49

They are Base Station, Provenance

Management and Data Verification. The base station is deployed to manage the wireless sensor network. Provenance management module handles the

provenance release operations. Provenance

verification is carried out under the data verification process.

5.1. Base Station

The base station manages the sensor nodes in WSN. Sensor nodes and their properties are maintained under the base station. Authentication and verification operations are carried out under base station. Data request operations are initiated from the base station.

5.2. Provenance Management

The base station releases the provenance for each node. Sensor data trust is ensured with data provenance. Provenance is encoded with In packet Bloom filters (iBF) data structures. Provenance graph is constructed with node information.

5.3. Data Verification

Secure provenance verification scheme is adapted to carry out the data verification process, Provenance collection algorithm is used to identify the presence of a node in provenance graph, Provenance and its integrity are checked using the provenance verification algorithm, The provenance verification process is enhanced with time bounded model.

6. Conclusion

Sensor node data values are transferred through multi hop data transmission models. Secure provenance verification schemes are used to authorize the data packets. Efficient Distributed Trust Model (EDTM) is integrated with provenance verification scheme for node and data level trust analysis. Packet drop attack detection process is

improved with time bounded verification

mechanism. The sensor node and data packet

verification tasks are integrated in the security scheme. Anonymous and malicious attacks are controlled with enhanced provenance verification mechanism. The response time is minimized in the data transmission process. Data reliability is achieved with multi path routing suggestions.

REFERENCES

[1] Y. Li, J. Ren and J. Wu, “Quantitative Measurement And Design Of Source-Location Privacy Schemes For Wireless Sensor Networks,” IEEE Trans. Parallel Distrib. Syst., vol. 23, no. 7, pp. 1302–1311, Jul. 2012.

[2] Y. Li, J. Li, J. Ren and J. Wu, “Providing Hop-By-Hop Authentication And Source Privacy In Wireless Sensor Networks,” in Proc. IEEE Conf. Comput. Commun. Mini-Conf., Orlando, FL, USA, Mar. 2012, pp. 3071–3075.

[3] Di Tang, Tongtong Li, Jian Ren and Jie Wu, “Cost-Aware SEcure Routing (CASER) Protocol Design for Wireless Sensor Networks”, IEEE Transactions On Parallel And Distributed Systems, Vol. 26, No. 4, April 2015.

[4] V. C. Gungor, B. Lu and G. P. Hancke, “Opportunities and Challenges Of Wireless Sensor Networks In Smart Grid,” IEEE Trans. Ind. Electron., vol. 57, no. 10, pp. 3557–3564, Oct. 2010. [5] D. Li, M. Shen, H. Jiangtao, J. Long and R. Lixin, “Wireless Sensing System-On-Chip For Near-Field Monitoring Of Analog And Switch Quantities,” IEEE Trans. Ind. Electron., vol. 59, no. 2, pp. 1288–1299, Feb. 2012.

[6] F. Liu, C.-Y. Tsui and Y. J. Zhang, “Joint Routing And Sleep Scheduling For Lifetime Maximization Of Wireless Sensor Networks,” IEEE Trans. Wireless Commun., vol. 9, no. 7, pp. 2258– 2267, Jul. 2010.

(7)

50

[8] C.-M. Chen, Y.-H. Lin, Y.-C. Lin and H.-M. Sun, “RCDA: Recoverable Concealed Data Aggregation For Data Integrity In Wireless Sensor Networks,” IEEE Trans. Parallel Distrib. Syst., vol. 23, no. 4, pp. 727–734, Apr. 2012.

[9] S. K. Madria, “Secure Data Aggregation And Collaboration In Wireless Sensor Networks,” in Proc. Int. Conf. Collab. Technol. Syst., 2011.

[10] Y. Li and J. Ren, “Source-Location Privacy Through Dynamic Routing In Wireless Sensor Networks,” in Proc. IEEE INFOCOM 2010, San Diego, CA, USA., Mar. 15–19, 2010. pp. 1–9. [11] R. Lu, X. Liang, X. Li, X. Lin and X. Shen, “EPPA: An Efficient And Privacy-Preserving Aggregation Scheme For Secure Smart Grid Communications,” IEEE Trans. Parallel Distrib. Syst., vol. 23, no. 9, Sep. 2012.

[12] Y. Li, Y. Yang and X. Lu, “Rules Of Designing Routing Metrics For Greedy, Face, And Combined

Greedy-Face Routing,” IEEE Trans. Mobile

References

Download now ( PDF - 7 Page - 545.73 KB )

Related documents

Factors shaping political priorities for violence against women-mitigation policies in Sri Lanka

While the core elements in Shiffman and Smith ’ s frame- work (actor power, ideas, issue characteristics and political context) are not new and appear in multiple frameworks used

Early nasogastric tube feeding in optimising treatment for hyperemesis gravidarum: the MOTHER randomised controlled trial (Maternal and Offspring outcomes after Treatment of HyperEmesis by Refeeding)

Early nasogastric tube feeding in optimising treatment for hyperemesis gravidarum the MOTHER randomised controlled trial (Maternal and Offspring outcomes after Treatment of HyperEmesis

A recent survey of self-embedding fragile watermarking scheme for image authentication with recovery capability

In the self-embedding watermarking system, in addition to the authentication process, the watermark component is selected based on the need for digital image recovery at the

A proposed solution to a urological tightrope walk: The challenge of transition of spina bifida patients from pediatric to adult care in Ontario

CUAJ ? September October 2016 ? Volume 10, Issues 9 10 ? 2016 Canadian Urological Association 306 review Cite as Can Urol Assoc J 2016;10(9 10) 306 10 http //dx doi org/10 5489/cuaj

An Investigation on Gesture Analysis and Geometric Features Extraction

This paper present a study of hand gesture recognition systems by investigating different algorithms, and tools used for adopting hand gesture recognition system in various

Impact of Climate Change and Resultant Urban Flooding in Alipurduar Town, West Bengal - Its Vulnerability and Mitigation

The Long profile was carried out one side of the river parallel to the banks. Figure 3 depicts that the profile appears to be less undulating than the cross profile. Two Cross

Movement and Dissipation of Toxicants and Water in Natural Soil Environments

The purpose of this research was to holistically characterize the movement and dissipation of physicochemically different toxicants and water in natural cores of a

A genetic analysis of hermaphrodite, a pleiotropic sex determination gene in Drosophila melanogaster.

Thus, the effects of her' on female sexual development are attributable to a partial loss of her+ function, thereby revealing a wild-type function of her and