research-article

Public Access

A System for Response and Prevention of Security Incidents in Wireless Sensor Networks

Authors:

Salmin Sultana,

Elisa BertinoAuthors Info & Claims

ACM Transactions on Sensor Networks (TOSN), Volume 13, Issue 1

Article No.: 1, Pages 1 - 38

https://doi.org/10.1145/2996195

Published: 19 December 2016 Publication History

Abstract

Resource constraints, unattended operating environments, and communication phenomena make Wireless Sensor Networks (WSNs) susceptible to operational failures and security attacks. However, applications often impose stringent requirements on data reliability and service availability, due to the deployment of sensor networks in various critical infrastructures. Given the failure- and attack-prone nature of sensor networks, enabling sensor networks to continuously provide their services as well as to effectively recover from attacks is a crucial requirement. We present Kinesis, a security incident response system designed to keep WSNs functional despite anomalies or attacks and to recover from attacks without significant interruption. Kinesis is quick and effective in responding to incidents, distributed in nature, dynamic in selecting response actions based on the context, and lightweight in terms of response policy specification, communication, and energy overhead. A per-node single timer-based distributed strategy to select the most effective response executor in a neighborhood makes the system simple and scalable, while achieving load balancing and redundant action optimization. We implement Kinesis in TinyOS and measure its performance for various application and network layer incidents. Extensive TOSSIM simulations and testbed experiments show that Kinesis successfully counteracts anomalies/attacks and behaves consistently under various attack scenarios and rates.

References

[1]

Ameer Abbasi and Mohamed Younis. 2007. A survey on clustering algorithms for wireless sensor networks. Comput. Commun. 30, 14--15 (2007), 2826--2841.

Digital Library

[2]

William Alexander. 2013. Barnaby Jack Could Hack Your Pacemaker and Make Your Heart Explode. Retrieved from http://www.vice.com/en_ca/read/i-worked-out-how-to-remotely-weaponise-a-pacemaker.

[3]

Muhammad Asim, Hala Mokhtar, and Madjid Merabti. 2010. A self-managing fault management mechanism for wireless sensor networks. CoRR abs/1011.5072 (2010).

[4]

Sonja Buchegger and Jean-Yves Boudec. 2002. Performance analysis of the CONFIDANT protocol. In ACM International Symposium on Mobile Ad Hoc Networking (MobiHoc). 226--236.

Digital Library

[5]

Ayon Chakraborty and Preethi Banala. 2011. An Experimental Study of Jamming IEEE 802.15.4 compliant Sensor Networks (Progress Tracking). Retrieved from http://www.cs.sunysb.edu/&sim;aychakrabort/courses/cse570/.

[6]

Octav Chipara, Chenyang Lu, Thomas C. Bailey, and Gruia-Catalin Roman. 2010. Reliable clinical monitoring using wireless sensor networks: Experiences in a step-down hospital unit. In ACM Conference on Embedded Networked Sensor Systems. 155--168.

Digital Library

[7]

K. Daabaj, M. Dixon, and T. Koziniec. 2010. Traffic eavesdropping based scheme to deliver time-sensitive data in sensor networks. In IEEE International Performance Computing and Communications Conference (IPCCC).

[8]

Nicodemos Damianou, Naranker Dulay, Emil Lupu, and Morris Sloman. 2001. The ponder policy specification language. In International Workshop on Policies for Distributed Systems and Networks (POLICY).

Digital Library

[9]

Umeshwar Dayal. 1994. Active Database Systems: Triggers and Rules for Advanced Database Processing. Morgan Kaufmann.

Digital Library

[10]

Wei Dong, Yunhao Liu, Yuan He, Tong Zhu, and Chun Chen. 2014. Measurement and analysis on the packet delivery performance in a large-scale sensor network. IEEE/ACM Trans. Netw. 22, 6 (Dec. 2014), 1952--1963.

Digital Library

[11]

R. Falcon, A. Nayak, and R. Abielmona. 2011. An evolving risk management framework for wireless sensor networks. In Conf. on Computational Intelligence for Measurement Systems and Applications.

[12]

Emad Felemban. 2013. Advanced border intrusion detection and surveillance using wireless sensor network technology. Int. J. Commun. Netw. Syst. Sci. 6, 5 (2013), 251.

[13]

Tia Gao, C. Pesto, L. Selavo, Yin Chen, JeongGil Ko, Jong Hyun Lim, A. Terzis, A. Watt, J. Jeng, Bor rong Chen, K. Lorincz, and M. Welsh. 2008. Wireless medical sensor networks in emergency response: Implementation and pilot results. In IEEE Conference on Technology for Homeland Security.

[14]

H. Garcia-Molina. 1982. Elections in a distributed computing system. IEEE Trans. Comput. C-31 (Jan. 1982).

Digital Library

[15]

Ahmed Hasswa, Mohammad Zulkernine, and Hossam Hassanein. 2005. Routeguard: An intrusion detection and response system for mobile ad hoc networks. In IEEE WiMob.

[16]

Tian He, Sudha Krishnamurthy, John A. Stankovic, Tarek Abdelzaher, Liqian Luo, Radu Stoleru, Ting Yan, Lin Gu, Jonathan Hui, and Bruce Krogh. 2004. Energy-efficient surveillance system using wireless sensor networks. In ACM International Conference on Mobile Systems, Applications, and Services.

Digital Library

[17]

Meng-Yen Hsieh, Yueh-Min Huang, and Han-Chieh Chao. 2007. Adaptive security design with malicious node detection in cluster-based sensor networks. Comput. Commun. 30, 11--12 (2007).

Digital Library

[18]

Sangwon Hyun, Peng Ning, An Liu, and Wenliang Du. 2008. Seluge: Secure and DoS-resistant code dissemination in wireless sensor networks. In International Conference on Information Processing in Sensor Networks.

Digital Library

[19]

ITU. Accessed: June 2015. Internet of Things Global Standards Initiative. Retrieved from http://www.itu.int/en/ITU-T/gsi/iot/Pages/default.aspx.

[20]

Chris Karlof, Naveen Sastry, and David Wagner. 2004. TinySec: A link layer security architecture for wireless sensor networks. In ACM SenSys.

Digital Library

[21]

JeongGil Ko, Chenyang Lu, M. B. Srivastava, J. A. Stankovic, A. Terzis, and M. Welsh. 2010. Wireless sensor networks for healthcare. Proc. IEEE 98, 11 (2010), 1947--1960.

[22]

Sudha Krishnamurthy, Geethapriya Thamilarasu, and Christian Bauckhage. 2009. MALADY: A machine learning-based autonomous decision-making system for sensor networks. In International Conference on Computational Science and Engineering, Volume 02. 93--100.

Digital Library

[23]

Ioannis Krontiris, Thanassis Giannetsos, and Tassos Dimitriou. 2008. LIDeA: A distributed lightweight intrusion detection architecture for sensor networks. In International Conference on Security and Privacy in Communication Networks (SecureComm). 20:1--20:10.

Digital Library

[24]

P. Levis. 2006. Collection. Retrieved from http://www.tinyos.net/tinyos-2.x/doc/html/tep119.html.

[25]

Libelium. Official website. Retrieved April 2016 from http://www.libelium.com/.

[26]

Konrad Lorincz, David J. Malan, Thaddeus R. F. Fulford-Jones, Alan Nawoj, Antony Clavel, Victor Shnayder, Geoffrey Mainland, Matt Welsh, and Steve Moulton. 2004. Sensor networks for emergency response: Challenges and opportunities. IEEE Pervasive Computing (2004).

Digital Library

[27]

Jianqing Ma, Shiyong Zhang, Yiping Zhong, and Xiaowen Tong. 2007. SAID: A self-adaptive intrusion detection system in wireless sensor networks. In International Conference on Information Security Applications.

Digital Library

[28]

Mohammad Mamun, A. Kabir, Md. Hossen, and Razib Khan. 2012. Policy based intrusion detection and response system in hierarchical WSN architecture. CoRR abs/1209.1678 (2012).

[29]

Sergio Marti, T. J. Giuli, Kevin Lai, and Mary Baker. 2000. Mitigating routing misbehavior in mobile ad hoc networks. In International Conference on Mobile Computing and Networking (MobiCom). 255--265.

Digital Library

[30]

Peter Mell, Karen Scarfone, and Sasha Romanosky. 2007. CVSS: A Complete Guide to the Common Vulnerability Scoring System Version 2.0.

[31]

Daniele Midi and Elisa Bertino. 2016. Node or link? Fine-grained analysis of packet loss attacks in wireless sensor networks. ACM Transactions on Sensor Networks 12, 2 (May 2016), 8:1--8:30.

Digital Library

[32]

OASIS. 2005. OASIS Extensible Access Control Markup Language (XACML). (2005).

[33]

Ertan Onur, Cem Ersoy, Hakan Deliç, and Lale Akarun. 2007. Surveillance wireless sensor networks: Deployment quality analysis. IEEE Netw. 21, 6 (2007), 48--53.

Digital Library

[34]

Enrico Perla, Art Ó Catháin, Ricardo Simon Carbajo, Meriel Huggard, and Ciarán Mc Goldrick. 2008. PowerTOSSIM Z: Realistic energy modelling for wireless sensor network environments. In ACM Workshop on Performance Monitoring and Measurement of Heterogeneous Wireless and Wired Networks. 35--42.

Digital Library

[35]

C. Pham and P. Cousin. 2013. Streaming the sound of smart cities: Experimentations on the SmartSantander test-bed. In IEEE GreenCom and IEE International Conference on Internet of Things and Cyber, Physical and Social Computing.

Digital Library

[36]

Joseph Polastre, Jason Hill, and David Culler. 2004. Versatile low power media access for wireless sensor networks. In ACM SenSys. 95--107.

Digital Library

[37]

Y. Ponomarchuk and Dae-Wha Seo. 2010. Intrusion detection based on traffic analysis in wireless sensor networks. In Annual Wireless and Optical Communications Conference. 1--7.

[38]

S. Saha and S. Neogy. 2014. A case study on smart surveillance application system using WSN and IP webcam. In Applications and Innovations in Mobile Computing (AIMoC), 2014.

[39]

Luis Sanchez, Luis Muoz, Jose Antonio Galache, Pablo Sotres, Juan R. Santana, Veronica Gutierrez, Rajiv Ramdhany, Alex Gluhak, Srdjan Krco, Evangelos Theodoridis, and Dennis Pfisterer. 2014. SmartSantander: IoT experimentation over a smart city testbed. Computer Networks.

[40]

S. Sultana, G. Ghinita, E. Bertino, and M. Shehab. 2014a. A lightweight secure scheme for detecting provenance forgery and packet drop attacks in wireless sensor networks. IEEE TDSC (2014).

[41]

Salmin Sultana, Daniele Midi, and Elisa Bertino. 2014b. Kinesis: A security incident response and prevention system for wireless sensor networks. In ACM SenSys.

Digital Library

[42]

Vinaitheerthan Sundaram, Patrick Eugster, and Xiangyu Zhang. 2012. Prius: Generic hybrid trace compression for wireless sensor networks. In ACM SenSys.

Digital Library

[43]

A. V. Taddeo, L. Micconi, and Alberto Ferrante. 2010. Gradual adaptation of security for sensor networks. In IEEE International Symposium on a World of Wireless Mobile and Multimedia Networks (WoWMoM).

Digital Library

[44]

Sudarshan Vasudevan, Jim Kurose, and Don Towsley. 2004. Design and analysis of a leader election algorithm for mobile ad hoc networks. In IEEE International Conference on Network Protocols (ICNP).

Digital Library

[45]

G. Virone, A. Wood, L. Selavo, Q. Cao, L. Fang, T. Doan, Z. He, R. Stoleru, S. Lin, and J. A. Stankovic. 2006. An advanced wireless sensor network for health monitoring. In Transdisciplinary Conference on Distributed Diagnosis and Home Healthcare. 2--5.

[46]

W3C. 2002. A p3p Preference Exchange Language 1.0 (appel1.0). Retrieved from http://www.w3.org/TR/P3P-preferences/.

[47]

M. Younis, N. Krajewski, and O. Farrag. 2009. Adaptive security provision for increased energy efficiency in wireless sensor networks. In IEEE Conference on Local Computer Networks. 999--1005.

[48]

Yongguang Zhang and Wenke Lee. 2000. Intrusion detection in wireless ad-hoc networks. In International Conference on Mobile Computing and Networking (MobiCom). 275--283.

Digital Library

Cited By

Dong JWang CGuo GRen TSun H(2024)Application of IoT technology in cyber security prevention systemApplied Mathematics and Nonlinear Sciences10.2478/amns-2024-22669:1Online publication date: 3-Sep-2024
https://doi.org/10.2478/amns-2024-2266
Bertino EBrancik K(2021)Services for Zero Trust Architectures - A Research Roadmap2021 IEEE International Conference on Web Services (ICWS)10.1109/ICWS53863.2021.00016(14-20)Online publication date: Sep-2021
https://doi.org/10.1109/ICWS53863.2021.00016
Bertino E(2019)IoT Security A Comprehensive Life Cycle Framework2019 IEEE 5th International Conference on Collaboration and Internet Computing (CIC)10.1109/CIC48465.2019.00033(196-203)Online publication date: Dec-2019
https://doi.org/10.1109/CIC48465.2019.00033
Show More Cited By

Recommendations

Kinesis: a security incident response and prevention system for wireless sensor networks
SenSys '14: Proceedings of the 12th ACM Conference on Embedded Network Sensor Systems

This paper presents Kinesis, a security incident response and prevention system for wireless sensor networks, designed to keep the network functional despite anomalies or attacks and to recover from attacks without significant interruption. Due to the ...
Defending against false-endorsement-based dos attacks in wireless sensor networks
WiSec '08: Proceedings of the first ACM conference on Wireless network security

Node compromise is a serious threat in wireless sensor networks. An adversary can use compromised sensor nodes to inject false data to deceive the base station or he can try to deplete the energy resources of the sensor nodes. One approach to mitigate ...
Prevention of Wormhole Attacks in Wireless Sensor Networks
AIMS '14: Proceedings of the 2014 2nd International Conference on Artificial Intelligence, Modelling and Simulation

Security of deployed wireless sensor networks (WSNs) has become a crucial task as the deployment of WSN'S grows. This paper proposes a novel way and develops a mechanism to prevent wormhole attacks by an algorithm to manage a large number of nodes using ...

Comments

Information & Contributors

Information

Published In

cover image ACM Transactions on Sensor Networks

ACM Transactions on Sensor Networks Volume 13, Issue 1

February 2017

242 pages

ISSN:1550-4859

EISSN:1550-4867

DOI:10.1145/3027492

Editor:
Chenyang Lu
Department of Computer Science and Engineering / School of Engineering and Applied Sciences / Washington University / 1 Brookings Drive / St. Louis, MO 63130

Issue’s Table of Contents

Copyright © 2016 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Journal Family

ACM Journals for the Design of Smart and Connected Systems

Publication History

Published: 19 December 2016

Accepted: 01 September 2016

Revised: 01 August 2016

Received: 01 October 2015

Published in TOSN Volume 13, Issue 1

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed

Funding Sources

U.S. National Science Foundation

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

5
Total Citations
View Citations
764
Total Downloads

Downloads (Last 12 months)90
Downloads (Last 6 weeks)10

Reflects downloads up to 09 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Dong JWang CGuo GRen TSun H(2024)Application of IoT technology in cyber security prevention systemApplied Mathematics and Nonlinear Sciences10.2478/amns-2024-22669:1Online publication date: 3-Sep-2024
https://doi.org/10.2478/amns-2024-2266
Bertino EBrancik K(2021)Services for Zero Trust Architectures - A Research Roadmap2021 IEEE International Conference on Web Services (ICWS)10.1109/ICWS53863.2021.00016(14-20)Online publication date: Sep-2021
https://doi.org/10.1109/ICWS53863.2021.00016
Bertino E(2019)IoT Security A Comprehensive Life Cycle Framework2019 IEEE 5th International Conference on Collaboration and Internet Computing (CIC)10.1109/CIC48465.2019.00033(196-203)Online publication date: Dec-2019
https://doi.org/10.1109/CIC48465.2019.00033
Han LZhou MJia WDalil ZXu X(2019)Intrusion detection model of wireless sensor networks based on game theory and an autoregressive modelInformation Sciences10.1016/j.ins.2018.06.017476(491-504)Online publication date: Feb-2019
https://doi.org/10.1016/j.ins.2018.06.017
Karande JJoshi S(2018)Comprehensive Assessment of Security Attack Detection Algorithms in Internet of Things2018 Fourth International Conference on Computing Communication Control and Automation (ICCUBEA)10.1109/ICCUBEA.2018.8697406(1-6)Online publication date: Aug-2018
https://doi.org/10.1109/ICCUBEA.2018.8697406

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Media

Figures

Other

Tables

View Issue’s Table of Contents