DESIGN AND IMPLEMENTATION OF A SYSTEM FOR DETECTION

AND PREVENTION OF DENIAL OF SLEEP ATTACKS IN WIRELESS

SENSOR NETWORKS

A PROJECT PROPOSAL

PRESENTED

BY
ELIZABETH ENEWA PATRICK
PSP/SICT/CSC/ND/21/0404

A PROJECT PROPOSAL SUBMITTED TO THE DEPARTMENT

COMPUTER SCIENCE, SCHOOL OF INFORMATION COMMUNICATION
TECHNOLOGY, PLATEAU STATE POLYTECHNIC, BARKIN LADI IN
PARTIAL FULFILMENT FOR THE REQUIREMENT LEADING TO THE
AWARD OF NATIONAL DIPLOMA IN COMPUTER SCIENCE

MR. WONGDEM ALBERT NGOM

SUPERVISOR

OCTOBER, 2024
 CHAPTER ONE

1.0 INTRODUCTION

1.1 Background of the study

Denial of Sleep attacks are classified as a subset of Denial of Service
attacks that allow for nuanced effects within sensor networks, but
have only recently become an area of interest in the research
community. Targeted attacks in WSNs allow malicious users to alter
routing, create blind spots in the sensing network; but there are many
methods for eliminating that node.

In recent years, Wireless Sensor Networks (WSNs) have gained

significant traction across various applications, including
environmental monitoring, healthcare, and military operations.
However, they are vulnerable to various attacks, one of the most
concerning being Denial of Sleep (DoS) attacks. These attacks target
the energy-efficient protocols of WSNs, causing nodes to remain
awake and drain their batteries, thus leading to network failure. This
proposal presents a comprehensive plan to design and implement a
system for the detection and prevention of Denial of Sleep attacks in
WSNs.

Wireless Sensor Networks (WSNs) have emerged as a critical

technology for various applications such as environmental monitoring,
healthcare, and smart cities. However, the security of these networks
is a significant concern due to their vulnerability to various attacks,
including Denial of Sleep (DoS) attacks. DoS attacks disrupt the
normal operation of sensor nodes by preventing them from entering
sleep mode, leading to battery depletion and ultimately network
failure. This literature review explores the current research and
methodologies employed in the detection and prevention of DoS
attacks in WSNs.

Denial of Sleep Attacks in WSNs

DoS attacks in WSNs, specifically Denial of Sleep attacks, target the

energy management strategies of sensor nodes. According to studies
by Zhang et al. (2014), attackers exploit the inability of sensor nodes
to enter sleep mode, which is crucial for conserving energy. The
attackers send specific messages that cause nodes to stay active
indefinitely, draining their batteries. This issue has been addressed in
various research works emphasizing understanding the attack
mechanisms and their implications on network longevity and
performance.

Detection Techniques

Anomaly Detection Algorithms: Research by Liu et al. (2016) outlines

the use of anomaly detection to identify unusual patterns in nodes’
operational behavior, indicating potential DoS attacks. Techniques
such as statistical analysis and machine learning algorithms have
been employed to detect deviations from normal energy consumption
patterns.

Threshold-based Monitoring: Gupta and Kumar (2017) proposed a

threshold-based monitoring approach, where nodes actively monitor
their energy levels and communication patterns. When energy
consumption exceeds a predefined threshold, an alert is generated to
prompt further investigation.

Data Redundancy and Correlation: In their work, Ahmad et al. (2018)

explore the use of data redundancy and correlation checks among
neighboring nodes to identify and isolate compromised nodes that
exhibit abnormal activity patterns, including excessive wakefulness.

Prevention Techniques

Sleep Scheduling Protocols: To mitigate the effects of Denial of Sleep

attacks, various sleep scheduling protocols have been introduced.
Research by Yang et al. (2015) proposed dynamic sleep scheduling
mechanisms that adaptively adjust sleep intervals based on network
traffic and energy levels.

Node Authentication and Access Control: Ensuring authenticated

node communication is vital for preventing unauthorized messages
that trigger sleep denial. Wang et al. (2019) developed a lightweight
authentication protocol that minimizes computational overhead while
securing communication among nodes, thus preventing DoS attacks.

Sybil Attack Mitigation: A significant concern linked to DoS is the

potential for Sybil attacks, where a single node presents multiple
identities. Zheng and Zhao (2020) introduced a consensus-based
approach to identify and manage the presence of multiple identities
within the network, which can contribute to the prevention of DoS
attacks.

Hybrid Approaches

Recent studies have shown the effectiveness of hybrid approaches,

combining multiple detection and prevention techniques. For
instance, a study by Ramesh et al. (2021) illustrates an integrated
framework that combines anomaly detection with proactive response
mechanisms. The framework dynamically adjusts node sleep
schedules based on detected anomalies, significantly reducing the
likelihood of successful DoS attacks.
 While the Denial of Sleep (DoSL) concept in wireless sensor
networks is a relatively new concept as a discrete goal, several of the
methods and implementations rise from past concepts in wireless
sensor network security and Denial of Service (DoS) attacks. In the
past, the distinction between DoS and DoSL has largely been moot-
popular sensor network protocols such as SMAC and TEEN are
designed to allow for large nets of low power nodes to efficiently
exchange information but still assume nodes with batteries and
processing capabilities orders of magnitude higher than those found
in a typical modern PAN. Many years back shows a style toward an
idea much wide of Wireless Sensor Networks (WSN), the Internet of
Things (IoT).

PROBLEM STATEMENT

Development in researches on Daniel of Sleep Attacks are unknown,

unpopular or very minimal recorded awareness was achieved. The
relatively large number of options for eliminating a node, coupled with
the assumption of a large batteries, means that DoSL attacks have
largely been ignored in the literature.

1. RESEARCH MOTIVATION

The need for a system that will detect and prevent Denial sleep
attacks in Wireless Sensor Networks is a pointer and a reason that
encouraged the need for this research.

2. AIM AND OBJECTIVES

The aim of this study is to design and implement a system for
detection and prevention a Denial of Sleep Attacks in Wireless
Sensor Networks

The research will be guided by the following objectives:

 1. To identify factors responsible for Denial of Sleep Denial Sleep
Attacks in Wireless Sensor Network.

2. To identify implementable design system for detecting and preventing

Denial of a Sleep Attacks in Wireless Networks.

3. To identify method or methods aim at designing and implementing a

system for detecting and preventing Denial of a Sleep Attacks in
Wireless Networks.

4. To access extend to which the design system for detecting and

preventing Denial of a Sleep Attacks in Wireless Networks can be
implemented.

5. RESEARCH METHODOLOGY

The methods to be used in conducting the study will be under the following sub-
sections:

i. Research design
ii. Area of Study
iii. Sample
iv. Sampling technique
v. Instrument for Data Collection
vi. Procedure of data collection
vii. Validation and reliability of instrument
viii. Administration of Instruments
ix. Method of Data Presentation and Analyses.
 CHAPTER TWO
2.0 LITERATURE REVIEW

Denial of Sleep attacks are classified as a subset of Denial of Service

attacks that allow for nuanced effects within sensor networks, but have
only recently become an area of interest in the research community.
Targeted attacks in WSNs allow malicious users to alter routing, create
blind spots in the sensing network; but there are many methods for
eliminating that node. In this section we present a summary of the previous
work specifically focused on DoSL attacks, including the methodology and
achievable effects. Brownfield provides a good introduction to the DoSL
attack and an overview of potential weaknesses in the popular media
access control (MAC) protocols of the era This work is built on, providing a
strong basis to build DoSL attacks by identifying the potential sources of
energy consumption in the various functions that a MAC protocol must
perform (channel assessment, collision detection, etc). Both and
demonstrate an effective method of denying sleep to a full network when
the S-MAC protocol is utilized, but these schemes focus on large,
interconnected sensor networks and make it difficult to selectively target
individual nodes. In addition, the attacks are resource intensive in that they
require the attacker to be constantly monitoring the channel and rely on
strict packet timing to achieve results. In contrast, attacks may be
extremely simple to implement, such as in. In this scheme, the node is kept
alive by repeatedly sending a request to send (RTS) message, which
keeps all the nodes within range of the attacker listening for new
messages. While this method can be effective, it is also extremely simple
to detect and mitigate, as the authors show in. In addition to being easily
defeated, this attack shares the same drawback as the majority of DoSL
attacks in the literature: all nodes are equally affected. Overall, the bulk of
DoSL attacks in the literature target the traditional sensor network model
based on the assumption of central controllers and routers with large
power sources. With new models for extremely low power, high latency IoT
devices added to the infrastructure, new models for DoSL attacks will have
to be considered. Within these new models, the potential for DoSL attacks
will be significantly higher, and demonstrated in Section V.

Brief Protocol Overview

The Bluetooth Low Energy protocol uses master/slave roles to control how
the BLE radio connection is managed. In this setup any device can be
either the master or the slave depending on initiator contact and vendor
implementation. The master device can connect up to seven slave devices
to form what is referred to as BLE piconet. Slaved devices can connect to
one master device at a time but they are allowed to switch between master
devices to form ad-hoc interconnected piconets which

are referred to as BLE scatter nets. A master device can poll any of the
slave sensor devices for sensor data but the slave can only communicate
to the master when initiated by the master device. The protocol is built for
ultra-low power consumption and an extended range when compared to
traditional Bluetooth by utilizing 40 of the 80 channels at the 2.4GHz ISM
band using a GFSK modulation with 0.5 index. The 2 MHz guard intervals
and the allocation of 3 advertising channels when compared to traditional
Bluetooth offer faster connection times and lower power consumption. BLE
devices access data through the use of profiles, services, and
characteristics that are derived from the General Attribute Profile (GATT) in
an object oriented and server based structure. Profiles are definitions of
possible applications and they can specify general behavior. The GATT
profile utilizes a client/server which specifies storage and data flow. In
order to share application specific data BLE devices must conform to the
same profiles that can be generic and proprietary. A service is a collection
of data and behavior that represents a specific function or aspect. Services
are defined and accessed by either a 16 or 128 bit unique UUID. The
collection of data in a service is represented by characteristics.
Characteristics contain a single labelled, defined, and discrete value that
represents a specific attribute of the sensor, e.g. temperature, step count,
or battery life. Although the characteristic is a single value it can be made
up of several sensor data points. For example, data from the
accelerometer x, y, and z dimensions can form a single velocity value.
Characteristics have a behavior component that states how the information
can be accessed, i.e. read, read write no-response, read write-response,
and notify. The standard defines several profiles, but also allows vendors
to define proprietary functions. Each characteristic is defined and accessed
by either a 16 or 128 bit unique

Uuid. Iv. Power drain analysis

Based on the analysis from denial of sleep attacks can be modeled

effectively by utilizing a basic average of the power draw during different
operating states of the nodes.

i. In this model, the total sensor life, is the sum of the charge drawn by
each of the N operating modes of the sensor. This draw is calculated by
multiplying the power draw of each state, Pn by the amount of time that
state is active, Tn. In the simplest case, and that analyzed in, is the
case where there are only two modes: processing and sleeping. In this
case, the characterization of Tlife can be reduced to a single dependent
variable based on the amount of time the sensor spends sleeping (Ts)
and active (Ta).
ii. This reduces our model for the total sensor life to Milcom 2016 Track 3
- Cyber Security and Trusted Computing
iii. While this model would be considered low fidelity for most WSNs, it fits
perfectly for a protocol such as BLE for two primary reasons. First, the
design of the BLE protocol closely matches this model in that there are
really only two modes of operation: actively sensing and reporting or
asleep. Second, due to the relative efficiency of modern ASICs,
transmit and receive functionalities in BLE consume similar amounts of
current. When nodes are receiving commands, processing data, or
 actively transmitting they consume approximately the same amount of
current making the concept of a single Pactive very realistic. If we
assume that a sensor is reading in sufficient intervals then the ratio of
sleep and active time will remain constant, we can rearrange equation 3
and take the derivative to find the consumption over time.
iv. With this discharge rate, we can find the estimated battery capacity at
time t as Cbat(t) = Cbatt=0 − RsPs +(1 − Rs)Pa (6)
v. Finally, because BLE requests allow for simultaneous read and write
requests on different hopsets, equation 6 can be modified to allow for
Nc simultaneous commands. In this case, the amount of power drawn
while actively decoding commands is increased linearly with Nc, as
shown in Cbat(t) = Cbatt=0 − RsPs +(1 v. − Rs)(PaNc) This final
equation will provide us with an estimate of the battery at any time t
within the discharge cycle of the node. Section VII demonstrates the
efficacy of this predictor with respect to measured data during the
attack.

Experimental Attack

Implementation of an experimental basic Denial of Sleep exploits the

ubiquitous connection methods utilized by BLE devices. These methods
allow BLE devices to connect to other, unknown devices without proper
verification even when proper BLE authentication is otherwise utilized.
Because sensor node BLE devices operate in a ZeroInteraction
Authentication (ZIA) and are strictly M2M connections, it is very difficult
to determine if the interacting device is friend or foe. This ZIA model
vulnerability is exacerbated by the ad-hoc meshes, star piconets, and
scatternet networks implemented by BLE WSNs. While these network
models allow for robustness, flexibility and power savings, while also
simultaneously providing fast connection times with multiple master
devices they lack sufficient authentication
procedures to prevent malicious data requests. During the creation and
operation of massive BLE WSNs, BLE sensor devices could potentially
have to connect to hundreds of different nodes in order to extend the
sensor network, especially in a mobility application. The lack of proper
device identification can lead to unwanted connections that drain the
power resources of nodes by making multiple fast connections which
can drain resources not considered in the original network’s power
budget. This type of repeated connection attack can be multiplied by
several orders of magnitude by utilizing resources on the BLE target
sensor node. The resources available on BLE sensor nodes can be
transmission and reception of BLE sensor information by accessing the
BLE services and characteristics that are available. These attributes of
the sensor node can have read, write and notify behaviors that all have
valuable resource utilization processing. By manipulating these
attributes of the BLE sensor node a maximum power drain can be
established and used against all sensor node devices. These services
and characteristics can be characterized by monitoring or sniffing the
WSN interconnections. This type of passive collection will not only allow
the characterization of vendor specific proprietary BLE profiles but will
also provide multiple BLE sensor MAC addresses and connection
intervals. Once the system has been characterized a simple attack can
be programmed and orchestrated using open source BLE stack code
that is widely available for Linux and which can be distributed on
portable cheap disposable hardware platforms that require low power
use.

Attack Implementation

The Fitbit Charge HR was chosen as the target BLE sensor node for
this test because of its new release and 120-hour extended operation.
This device was a good candidate because it collects sensor data and
periodically communicates the eHealth metrics to the master device via
BLE. The system was modeled to collect data for an average person
 and periodically pass that data when polled at deterministic intervals
from the master device so as to have the battery last 120 hours before
recharge. The first step was to characterize the Fitbit Charge HR
system in a normal working environment. This was completed using an
Ellisys Bluetooth Explorer which passively sniffs all traffic for Bluetooth
and BLE.

REFERENCES
A. Manjeshwar and D. P. Agrawal, “Teen: a routing protocol for
enhanced efficiency in wireless sensor networks,” in null. IEEE, 2001,
p. 30189a.
C. Chen, L. Hui, Q. Pei, L. Ning, and P. Qingquan, “An effective scheme
for defending denial-of-sleep attack in wireless sensor networks,” in
Information Assurance and Security, 2009. IAS’09. Fifth International
Conference on, vol. 2. IEEE, 2009, pp. 446–449.
D. R. Raymond, R. C. Marchany, M. I. Brownfield, and S. F. Midkiff,
“Effects of denial-of-sleep attacks on wireless sensor network mac
protocols,” Vehicular Technology, IEEE Transactions on, vol. 58, no.
1, pp. 367–380, 2009.
D. R. Raymond and S. F. Midkiff, “Clustered adaptive rate limiting:
Defeating denial-of-sleep attacks in wireless sensor networks,” in
Military Communications Conference, 2007. MILCOM 2007. IEEE.
IEEE, 2007, pp. 1–7.
I. T. Union, “Future technology trends of terrestrial imt systems,” ITU
M.2320-0, 2014.
K. Nair, J. Kulkarni, M. Warde, Z. Dave, V. Rawalgaonkar, G. Gore, and
J. Joshi, “Optimizing power consumption in iot based wireless sensor
networks using bluetooth low energy,” in Green Computing and
Internet of Things (ICGCIoT), 2015 International Conference on.
IEEE, 2015, pp. 589–593
M. Brownfield, Y. Gupta, and N. Davis IV, “Wireless sensor network
denial of sleep attack,” in Information Assurance Workshop, 2005.
IAW’05. Proceedings from the Sixth Annual IEEE SMC. IEEE, 2005,
pp. 356–364.
M. Patel and J. Wang, “Applications, challenges, and prospective in
emerging body area networking technologies,” IEEE Wireless
Communications Magazine, vol. 17, no. 1, pp. 80–88, 2010.
P. Bellavista, G. Cardone, A. Corradi, and L. Foschini, “Convergence
of manet and wsn in iot urban scenarios,” Sensors Journal, IEEE, vol.
13, no. 10, pp. 3558–3567, 2013.
 Y. W. Law, P. Hartel, J. D. Hartog, and P. Havinga, “Link-layer jamming
attacks on s-mac,” in Wireless Sensor Networks, 2005. Proceeedings
of the Second European Workshop on. IEEE, 2005, pp. 217–225.
T. Bhattasali and R. Chaki, “Amc model for denial of sleep attack
detection,” arXiv preprint arXiv:1203.1777, 2012.
W. Ye, J. Heidemann, and D. Estrin, “An energy-efficient mac protocol
for wireless sensor networks,” in INFOCOM 2002. Twenty-First
Annual Joint Conference of the IEEE Computer and Communications
Societies. Proceedings. IEEE, vol. 3. IEEE, 2002, pp. 1567–1576.