Security Concerns in Wireless Sensor Networks

Security Concerns in Wireless Sensor Networks
Wireless Sensor Networks (WSN) have played a huge part in the facilitation of human lifestyle. WSNs are made up of a group of independent low cost, low power, and low memory nodes that also have a limited computational functionality and can communicate wirelessly utilizing low bandwidths over limited frequencies. Due to the sensing, data processing, and communication capabilities, WSNs offer an alternative to wired networks, especially in the inaccessible and unreliable environments such as war zones, etc. The sensors gather the data and transmit it to a remote server or base station. At the base station, the gathered data is subjected to analysis, online or offline, depending on the application type (Kumar and Lee, 2012).
Due to the reliability, large scale deployment and mobility of a wireless sensor, WSNs have been used extensively in many applications related to home, office, military, logistics, control and automation, security and surveillance, environmental monitoring, tourism, education, healthcare, etc. (Al Ameen, Liu and Kwak, 2012). In simple large scale or industrial application, the security of the data transmitted between the nodes is not as essential as the sensor’s power. However, in certain applications such as military and healthcare, the data gathered by the sensors is mission-critical and very private. Figure 1 shows the usage of WSNs in military and healthcare applications (Razaque and Elleithy, 2014; Al Ameen, Liu, and Kwak, 2012).

A breach of data in such applications can lead to grave consequences. Therefore, such WSN applications demand that the wirelessly transmitted data remain secure at all times (Kumar and Lee, 2012; Madhu & Sreekuma, 2014).
This paper highlights a few of the WSN limitations, the security threats WSNs face and the security measures and protocols that can be helpful in mitigating the security concerns.

(a) Military (b) Healthcare
Figure SEQ Figure * ARABIC 1 WSNs in Military and Healthcare Applications
WSNs Limitations
The security concerns of WSNs are different from the traditional wireless ad hoc networks because of WSNs been deployed on a large-scale, unexpected failures due to harsh environment conditions, continual topological changes due to mobility, limited computations, low sensor resources (power, energy, memory, communication bandwidth) and lack of global identification. Due to these limitations, sometimes even the simple routine security techniques cannot be employed which makes WSNs more vulnerable to security threats (Dener, 2014). And since the data is broadcasted publicly, without any security protocol, the data is very insecure.
Security Requirements
WSNs require a security protocol that can be implemented despite the physical limitations of WSNs and fulfill the basic security requirements. Literature identifies the five basic security requirements of WSN (in general as well as critical data applications) as confidentiality, authenticity, freshness, integrity and availability (Shahraki, Razzaque, Naraei and Farrokhtala, 2013; Kumar and Lee, 2012; Al Ameen, Lui and Kwak, 2012; Dener, 2014; Madhu and Sreekumar, 2014).
Confidentiality: For the data, shared between the nodes and the remote server, to remain private, before transmitting the data packet, the node should encrypt the packet using a key shared between the sender and receiver nodes. So when the receiver gets the data, it can decrypt it using the key. In case, the attacker accesses the data while in transmission phase, without the key, the attacker will not be able to see the contents of the packet.
Authenticity: The sensors receiving the data packets must be able to ensure that the incoming data is from the trusted sending node. Without authenticity, an attacker can block the transmitted packet and send malicious code or incorrect data to the destination node. For authenticity, some authentication code must be appended to the packet that would reveal the identity of the sender.
Integrity: The data sent between the nodes must not be altered by an attacker. To check for any alterations a cyclic redundancy checksum (CRC) or some other form of a check should be employed to see if the integrity of the data is intact.
Freshness: A sensor must transmit data as it gathers it and the receiving node must get it promptly. It could happen that an attacker, captures and resends the same or some old data packet. To detect such a case, a timestamp could be added to the packet at the sending node. By measuring the time interval at the receiving node, it can be assessed whether the data is fresh or not.
Availability: Some form of mechanism should ensure that the nodes must remain available and serve their part in the network at all times. An attacker can reduce network performance by blocking nodes through interfering with radio signals or executing tricky methods to drain out the sensors’ power, making them unavailable.
WSN Security Threats
WSNs follow the same layered architecture communication model as the wired networks. But in contrast to the other wired and wireless networks, the number of security threats in WSNs are far more. This section gives an overview of the security threats, identified in literature, that target the WSNs’ different communication layers in general and in critical data applications (Shahraki, Razzaque, Naraei and Farrokhtala, 2013; Kumar and Lee, 2012; Al Ameen, Lui and Kwak, 2012; Dener, 2014; Madhu and Sreekumar, 2014).
Physical Layer Threats
Two threats associated with the physical layer are jamming and tampering.
Jamming: This is a type of Denial of Service (DoS) attack in which the attacker interferes with the WSN radio frequencies making the communication resource unavailable to the nodes. Typical defenses against this attack are for the nodes to use variations in the communication spread-spectrum e.g. code spreading and frequency hopping.
Tampering: If an attacker comes into physical contact with the node, sensitive information such as cryptographic keys can be obtained. The attacker can also alter or replace the node with a compromised one. Typical defense against this attack is tamper-proofing the physical data packet of the node.
Data Link Layer Threats
The threats targeting the data link layer include collision, exhaustion, and unfairness.
Collision: If two sensor nodes attempt to send data at the same time using the same transmission frequency, a collision occurs, and the packets get destroyed. Use of error-correction codes can serve as a protection against the collisions.
Exhaustion: A type of DoS attack in which the attacker causes repeated collisions which eventually lead to depletion of resources i.e. unavailability of transmission frequency as well as drainage of sensor energy. A defense measure against the attack can be applied to the MAC admission control by setting up a limit to the request rates. This would ignore the repeated transmission requests.
Unfairness: A DoS attack in which instead of directly blocking a node, an attacker may degrade a node’s access while continually causing it to miss its transmission deadline and causing other nodes to take the channel every time. A potential prevention of this attack can be through the use of small sized frames. This way the time slot on the communication channel, of which the attacker may take hold of, can be decreased.
Network Layer Threats
Security threats targeting the network layer include selective forwarding, sinkhole attack, Sybil attack, wormhole attack and flooding.
Selective Forwarding: In this attack, a malicious node may drop or block the packets that are routed to it, or it may forward them along some wrong path to gather incorrect routing data in the network. The two preventive measures against the attack are either to use multiple paths for sending data and to employ a mechanism that detects the malicious node, assumes it as failed and looked for an alternative node.
Sinkhole Attack: The attacker meddles with the routing algorithm making a compromised node appear attractive to the neighboring nodes. This directs all the traffic from the neighboring nodes towards the compromised node which appears as a sinkhole in that area of the network. This attack also facilitates the selective forwarding attack.
Sybil Attack: This attack targets the fault tolerant systems such as the distributed storage, topological maintenance and multipath routing systems. In Sybil attack, a node duplicates and assumes to hold multiple identities in the network. A preventive measure for the attack is to employ some authentication and encryption scheme within the network.
Wormhole Attack: In this attack, on receiving a packet at a point in the network, the attacker tunnels that packet and sends it to a second point in the network. From this second point, the attacker then replays the packet within the network.
‘Hello’ Flooding: On receiving a ‘Hello’ radio packet, a node assumes that the sending node is within the range and is a neighbor. The attacker can exploit this mechanism and use a node to send hello packets to a large area of the network and become a neighbor of the targeted nodes. Prevention against this attack is to use cryptography.
Transport Later Threats
Security threats targeting the transport layer include the flooding and desynchronization attacks.
Flooding: In this attack, a malicious node continually sends new connection requests to the target node till all of the node’s allotted communication resources become depleted or reach the maximum assigned limit. A preventive measure against the attack is to require a node to solve a puzzle before making a new connection request.
Desynchronization: The attacker continually sends packets containing sequence numbers to both the sending and receiving nodes which eventually desynchronizes the communication between the nodes. A preventive measure against the attack is to use authenticated communication mechanism between nodes.
Proposed Security Measures for WSN
This section describes the encryption algorithms, the secure operation modes, and security protocols identified in the literature that can be employed in WSNs (Dener, 2014).
Encryption Algorithms
Confidentiality assuring encryption algorithms can either be symmetric cryptography or asymmetric where the former uses the same key for encryption and decryption while the latter uses different keys. Although the asymmetric public key encryption is more secure and robust, it is not used in WSNs because of the memory, power and computational limitations of the nodes.
Symmetric algorithms encrypt data either in block form or bit streams. The block encryption methods take in a fixed length block of data, applies the encryption algorithm forming an encrypted data block of the same size. The box encryption algorithms include the Rijndael Algorithm (AES), Data Encryption Standard (DES), Scalable Encryption Algorithm (SEA), Blowfish/Twofish, Tiny Encryption Algorithm (TEA), SkipJack, RC5, HIGHT Algorithm, etc. The bit stream encryption algorithms take in the streaming data bits and insert random non-repeating bits into the stream thus encrypting it. The algorithms included in bit-stream encryption are RC2, RC4, etc.
Since the nodes of WSNs vary in their power, memory and computation abilities as per the application area, the encryption algorithm is selected by which algorithm costs the lowest.
Operation Modes
Operation modes are used for encryption and identity authentication purposes e.g. Output Cookbook Block (OCB). In conjunction with the selected encryption algorithm, the cryptography operation modes allow the repeated usage of the single key safely through the generation of block passwords. Through operation modes, the data is divided into separate parts containing the variable length messages. A completion scheme is used to extend the last part of the block to fit in the block password. Operation mode uses an initialization vector (IV) which is randomly generated for each block. The IV specifies how each block has been encrypted (Dener, 2014).
Security Protocols
Some secure WSN communication and routing protocols have been developed that ensure a subset of the required security features i.e. data encryption, authentication of nodes, data freshness, data integrity and availability. Some of these protocols include TinySec, MiniSec, IEEE802.15.4, SPINS, Lsec, LLSP, LISA, and LISP. Table 1 provides an overview of the security requirements each protocol provides (Dener, 2014).

Table SEQ Table * ARABIC 1 Security Requirements vs. Protocols
Security Protocol Security Requirements
Confidentiality Authentication Freshness Integrity Availability
TinySec Yes Yes – Yes –
MiniSec Yes Yes Yes – –
IEEE802.15.4 Yes Yes Yes Yes –
SPINS Yes Yes Yes Yes –
Lsec Yes Yes – Yes –
LLSP Yes Yes – Yes –
LISA Yes Yes Yes – –
LISP Yes – – Yes Yes
Security Recommendations
A brief evaluation of the different security protocols concerning the required security features can be seen in Table 1. From these protocols, only TinySec and MiniSec have been implemented in WSNs so far (Dener, 2014). Some have implementations in simulations while the others are only theoretical models. Nevertheless, the data shows that none of the security protocols provide all of the essential security requirements of WSNs.
A recommendation is to use two security protocols such as LISP and MiniSec together to provide a solution that fulfills all the security requirements of a WSN. But due to the memory, energy, power and computation limitations of the sensors, it may be difficult to implement the algorithms in the existing available sensors. However, if a low-cost solution based on the two protocols can be proposed, it might serve as a key to providing secure WSNs. For the healthcare and military applications, the available sensors’ hardware could be customized to be able to execute the proposed security protocol.
Conclusion
For some simple large scale or industrial applications, the power constraint is a higher priority as compared to the security requirements. However, certain WSN applications (such as military and healthcare) deal with mission-critical, private and confidential data. A breach of data could lead to serious casualties. For these applications to be usable and successful, the data must be secure at all times. A set of five security requirements are essential in such WSN applications; confidentiality, authentication, integrity, freshness, and availability. A typical WSN is prone to a list of security threats that aim at its different communication layers. Although, some security protocols are available that provide some degree of security against the threats. But none of the proposed protocols provide all the five security requirements. A security approach needs to be developed for the critical data WSN application. And during the development, the power, memory, and processor limitations of the sensor nodes must be considered. Research should be conducted to propose a solution that delivers the highest security at the minimum cost. Furthermore, for the critical data WSN applications such as healthcare and military, a sensor containing customized hardware can be devised that can run the proposed security protocol.
References
Al Ameen, M., Liu, J., & Kwak, K. (2012). Security and Privacy Issues in Wireless Sensor Networks for Healthcare Applications. Journal of Medical Systems, 36(1), 93–101. http://doi.org/10.1007/s10916-010-9449-4Dener, M. (2014). Security Analysis in Wireless Sensor Networks. International Journal of Distributed Sensor Networks, 2014, Article ID 303501, 9 pages http://dx.doi.org/10.1155/2014/303501Kumar, P., & Lee, H.-J. (2012). Security Issues in Healthcare Applications Using Wireless Medical Sensor Networks: A Survey. Sensors (Basel, Switzerland), 12(1), 55–91. http://doi.org/10.3390/s120100055Madhu, A. & Sreekuma, A. (2014). Wireless Sensor Network Security in Military Application using Unmanned Vehicle. IOSR Journal of Electronics and Communication Engineering, e-ISSN: 2278-2834, p-ISSN: 2278-8735. 51-58
Razaque, A. & Elleithy, K.M. (2014). Energy-Efficient Boarder Node Medium Access Control Protocol for Wireless Sensor Networks. Sensors 2014, 14(3), 5074-5117; http://doi.org/10.3390/s140305074
Shahraki, A.S., Razzaque, M.A., Naraei, P. & Farrokhtala, A. (2013). Security in wireless sensor networks: issues and challenges. In 2013 IEEE International Conference on Space Science and Communication, Malaysia. http://dx.doi.org/10.1109/IconSpace.2013.6599495