This document provides an overview of sensor network security. It begins with objectives to learn about ad hoc and sensor network security aspects, attacks, and transport layer security issues. It then covers topics like security requirements, challenges in provisioning security, network security attacks categorized by layer (physical, data link, network, transport, application), and possible solutions for jamming, tampering, black hole attacks, and flooding attacks. The document also discusses key distribution, management techniques and procedures, and secure routing protocols like SPINS.
3. SENSOR NETWORK SECURITY
• Learn Ad hoc network and Sensor Network Security
• Understand the different security aspects
• Have an in-depth knowledge on sensor network attacks and its issues related to
network security
• Understand the transport layer and security issues possible in Ad hoc and Sensor
networks
OBJECTIVES:
We should be made to,
4. TOPICS
• Network Security Requirements,
• Issues and Challenges in Security Provisioning,
• Network Security Attacks,
• Layer wise attacks in wireless sensor networks,
• Possible solutions for
– Jamming,
– Tampering,
– Black Hole Attack,
– Flooding Attack.
• Key Distribution and Management,
• Secure Routing – SPINS,
• Reliability Requirements in Sensor Networks.
5. NETWORK SECURITY REQUIREMENTS
• A security protocol for ad hoc wireless networks should satisfy the
following requirements.
Confidentiality
Integrity
Availability
Non-repudiation
6. ISSUES IN SECURITY PROVISIONING
• In this section, some of the issues to be considered while designing a
security concern for ad hoc wireless networks are discussed.
Induced traffic
Induced throughput unfairness
Separation of congestion control, reliability, and flow
control
Power and bandwidth constraints
Misinterpretation of congestion
Completely decoupled transport layer
Dynamic topology
7. CHALLENGES IN SECURITY PROVISIONING
The following are the Challenges to be met while make a security for ad
hoc wireless networks:
Throughput maximization
Minimum connection setup and connection
maintenance overheads
Congestion control and flow control
8. CHALLENGES IN SECURITY
PROVISIONING
Reliable and unreliable connections
Protocol
Bandwidth availability
Effective, scalable, and protocol-independent
interaction
End-to-end semantics
9. ISSUES AND CHALLENGES IN
SECURITY PROVISIONING
A detailed discussion on how each of the above mentioned characteristics causes
difficulty in providing security in ad hoc wireless networks is given below.
Shared broadcast radio channel
Insecure operational environment
Lack of central authority
Lack of association
Limited resource availability
Physical vulnerability
10. NETWORK SECURITY ATTACKS
Core Reason for Network Security Attacks
Misinterpretation of packet loss
Frequent path breaks
Effect of path length
Misinterpretation of congestion window
Asymmetric link behaviour
14. PASSIVE ATTACK
• In a passive attack the attack monitors the transmissions to obtain
message content or monitors traffic flows, but does not modify the
message
• There are many types of passive attacks:
– Eavesdropping (tapping)
– Traffic Analysis
– Sniffing and snooping
– Spoofing
– Monitoring
15. ACTIVE ATTACKS
• In an active attack the network exploit in which a hacker attempts to
make changes to data on the target or data route to the target. And also
attacker acquires the message and modifies the contents of the
message to obtain unauthorized effects
16. DIFFERENCE BETWEEN ACTIVE
ATTACK AND PASSIVE ATTACK
Active Attacks:
The attacker efforts to change or
modify the content of messages.
Active Attack is danger for Integrity as
well as availability. Due to active
attack system is always damaged and
System resources can be changed.
The most important thing is that, In
active attack, Victim gets informed
about the attack.
Passive Attacks:
The attacker observes the content of
messages or copy the content of
messages. It is danger for
Confidentiality. Due to passive attack,
there is no any harm to the system.
The most important thing is that In
passive attack, Victim does not get
informed about the attack.
17. DIFFERENCE BETWEEN ACTIVE
ATTACK AND PASSIVE ATTACK
Active Attack Passive Attack
Modification in Information Does Not
Integrity & Availability Confidentiality
Attention is on Detection Attention is on prevention
System is Always Damaged No any Harm to the System
Victim gets Informed Victim does not get informed
System resources can be change Not change
Influence the services Information and messages in the system or
network are acquire
Information collected and used during executing Information like passwords, messages by itself
Restrict from entering systems Easy to prohibited
18. TYPES OF ACTIVE ATTACKS
-LAYER BASED
• Layer Attacks on WSN Securing wireless ad-hoc networks is
a highly challenging issue.
• Attacks can occur in different layers of the network protocol
stack.
• Layer based Types of active attacks definitions
–Attacks at Physical Layer
–Attacks at Data Link Layer
–Attacks at Network Layer
–Attacks at Transport Layer
–Attacks at Application Layer
19. ENHANCING SECURITY VIA PHYSICAL
LAYER
• The classic hierarchical structure of communication protocol stack and the examples of
security mechanisms deployed at each layer.
20. ATTACKS AT PHYSICAL LAYER
Some of Attacks occurs at Physical Layer
– Timing attack
– Eavesdropping,
– Interference and Jamming
Solutions:
Access Restriction
Encryption.
21. ATTACKS AT DATA LINK LAYER
Some of the Attacks occurs at Data Link Layer
• Flooding Attacks
• Topology Engagement Attacks
Solutions:
Misbehavior Detection.
Identity Protection
22. ATTACKS AT NETWORK LAYER
• The attacks of the network layer are:
– IP spoofing,
– Hijacking,
– Smurf,
– Wormhole,
– Blackhole,
– Sybil and sinkhole
• It was observed that are many other attacks that effectives physical layer
– Eavesdropping,
– Jamming
– Network Injection.
IP spoofing
Hijacking
Smurf attack
Solutions:
Routing Access Restriction.
False Routing Information Detection.
23. ATTACKS AT TRANSPORT LAYER
• The attacks of the transport layer are
• TCP Attacks
• UDP Attacks
Solutions:
Limit number of connections from a
particular node.
Header or full packet authentication
24. ATTACKS AT APPLICATION LAYER
• Application Layer Attacks, also known as Layer 7 Attacks after the OSI model,
– BGP Hijacking
– Slowloris, Slow Post, Slow Read
– HTTP(/s) Flooding
– Low and Slow Attack
– Large Payload POST
– Mimicked User Browsing
Solutions:
Data Integrity Protection.
Data Confidentiality Protection.
25. POSSIBLE SOLUTIONS FOR JAMMING
ATTACK
To address jamming problem
• Localization
• Detection
• Countermeasure mechanisms
26. TAMPERING
• TAMPERING
– Tampering means changing or deleting a resource without authorization.
– Data tampering or data manipulation is a way that a hacker or a malicious
user gets into a web site and changes, deletes or to access unauthorized
files.
– Data tampering indirectly by using a script exploit to mask itself as a user
input from a page.
– Data tampering through;
• Cookie tampering,
• HTML form field tampering
• URL query string tampering
• Password cracking tampering
27. POSSIBLE SOLUTIONS FOR DATA
TAMPERING
Data tampering could become the greatest cybersecurity threat
organizations face
• Data tampering
– Anti-Tamper
• Copy-On-Write (COW)
Data tampering or data manipulation can usually be done through the following ways
– Cookies
– HTML Form Fields
– URL Query Strings
– HTTP Headers and
– Password Cracking
28. PREVENTION AND COUNTER-MEASURES
• To use a firewall and windows security
• Guarding against script exploits
• Appropriate and safe steps against malicious executable code.
• Counter-Measures to prevent data tampering
– Data signing and harsing
• using digital signatures,
• using strong authorization,
• using tamper resistant protocols
• using secure communication links
• using strong and powerful firewalls
• using complicated passwords and
• blocking IP addresses for failed login attempts
• Using access controls to protect data
• Using role based security
29. BLACK HOLE ATTACK
• Blackhole attack is a type of denial-of-service attack
• Black hole attack is one of the possible attacks in WSN.
• The attacker drops packets selectively
• Intermediate malicious node will suffer from partial or total data loss.
30. POSSIBLE SOLUTIONS FOR BLACK
HOLE ATTACK
• Routing Protocol Enhancements
• Safe Route
• Find and Secure Alternate Route
• Neighboring Nodes Maintenance
• Malicious Paths Identification
• Timely Data Transmission
• Link Break Detection
31. FLOODING ATTACK
• Flooding attack involves the generation of spurious messages to increase traffic on
the network for consuming server’s or network’s resources
• DoS and DDoS attacks can be divided into three types:
– Volume Based Attacks
• UDP floods,
• ICMP floods, and
• spoofed-packet floods
– Protocol Attacks
• SYN floods
• fragmented packet attacks
• Ping of Death
• Smurf DDoS
– Application Layer Attacks
32. POSSIBLE SOLUTIONS FOR JAMMING,
TAMPERING, BLACK HOLE ATTACK,
FLOODING ATTACK
•Volume Based Attacks
•Protocol Attacks
•Application Layer Attacks
33. KEY DISTRIBUTION AND
MANAGEMENT
The objective of key management is to maintain keying relationships and keying material
in a manner that counters relevant threats. In practice an additional objective is
conformance to a relevant security policy
• Delivers a key to two parties
• Sort of mechanism or protocol need for security
• Sort of mechanism or protocol
34. KEY MANAGEMENT
• Key management is the set of techniques and procedures supporting
the establishment and maintenance of keying relationships between
authorized parties.
• A keying relationship is the state wherein communicating entities share
common data(keying material) to facilitate cryptography techniques.
This data may include public or secret keys, initialization values, and
additional non-secret parameters
35. KEY MANAGEMENT TECHNIQUES AND
PROCEDURES
• Initialization
• Generation, Distribution, and Installation
• Controlling
• Update, Revocation, and Destruction
• Storage, Backup/Recovery, and Archive
36. SECURITY POLICY & THREATS
• Security policy explicitly or implicitly defines the threats a system is intended to
address Security policy may affect the stringency of cryptographic requirements,
depending on the susceptibility of the environment in questions to various types of
attack.
• Threats
– Compromise of confidentiality of secret keys
– Compromise of authenticity of secret or public keys.
– Unauthorized use of public or secret keys
37. KEY MANAGEMENT TECHNIQUES
• Public-key techniques
–Simplified key management
–On-line trusted server not required
–Enhanced functionality
42. SIMPLE SECRET KEY DISTRIBUTION
Fig 1. Simple Secret Key Distribution
Fig 2. Secret Key Distribution with Confidentiality and
Authentication
43. DISTRIBUTION OF PUBLIC KEYS
• Distribution of Public Keys can be considered as using one of:
–Public Announcement
–Publicly Available Directory
–Public-key Authority
–Public-key Certificates