A Distributed Security Framework for
Heterogeneous Wireless Sensor Networks
Presented by Drew Wichmann
Paper by Himali Saxena, Chunyu Ai, Marco Valero,
Yingshu Li, Raheem Beyah
1
Wireless Sensor Network (WSN) Security
• Applications
• Attacks– Sinkhole– Wormhole– DoS– Jamming– Sybil– Hello Flood
• Defense Mechanisms2
Memory Constraints
• Mica2 mote– 4KB RAM– 128KB program memory
• 60KB for Operating System• 45.26KB Code Dissemination Tool• 7.2KB Link Layer Security
• 88% of memory consumed
3
Proposal
• Distributed Security Framework (DSF) which can detect and defend against all known attacks efficiently
• A warning mechanism can inform other clusters to install defense mechanisms for potential attacks in advance, thus reducing the impact caused by attacks
• The security framework is modular and scalable, thus defense mechanisms for new or future attacks can be easily added
4
Assumptions
• Base station and Gateway nodes tamper proof
• Attacker has regular node capabilities
• Those within transmission range are at higher risk
• Gateway Nodes have enough memory to store all defense schemes
• No false positives
5
Network Model
• Heterogeneous Network– Gateway Nodes– Regular Nodes
• Divide into clusters
• Communication– Gateway nodes
require only single hop
– Regular nodes use multi-hop to communicate with gateway nodes
6
Threat Model
• Two scenarios for attack
– Single cluster
– Multiple clusters
• The attacker can change position
• A compromised node has all material available
7
Problem Definition
• Goal– Significantly reduce an attack’s effectiveness
• There are a set of attacks, A = {A1 , A2 , … , An }• For every attack Ai , there exists a defense scheme Di• For every defense scheme Di , the program size is Pi• Each regular node has an available program memory of
– Can only store a subset S of D8
n
iiR PP
1
Problem Definition (continued)
• Assign weight Wji to an attack Ai for a gateway node Gj• Wji represents the possibility of the attack Ai occurring in Gj• Knapsack Problem:
9
DSwherePPtoSubject
W
RSDi
Sji
i
,
MaximizeiD
DSF ARCHITECTURE
The security framework to efficiently defend against all known attacks
10
Routing Protocol
• Gateway nodes calculate routes for each pair
• Regular nodes periodically send current state
• If reports are not received on time, then the regular node is assumed dead
• Gateway level uses Destination Sequenced Distance Vector (DSDV)
11
Choosing the Defense Mechanism Subset
12
DSwherePPtoSubject
W
RSDi
Sji
i
,
MaximizeiD
Warning Messages
• When an attack is detected, send a warning Wk• Wk = { Ai , Gs , WWk , Tk }• Each gateway node maintains a received warning list Lj• Keeps one entry per (Ai , Gs)• Then the likelihood of each attack is calculated
13
ijk ALW kcjs
kji TTGGD
WWW
isattack and ,
Propagate the subset
• Solve:
• Send the new defense mechanism images for S• Use Seluge to transmit the images
• Protects this cluster from new attacks
• With the warning system, can enable defense of future attacks in other clusters
14
DSwherePPtoSubject
W
RSDi
Sji
i
,
MaximizeiD
Security Framework Workings
15
Performance Analysis
• Parameters:
• Metrics– Success Rate– Energy Consumption
16
Performance Analysis
• Three schemes– Distributed Security Framework (DSF)– One Security Scheme (OSS)– Multiple Security Schemes (MSS)
17
Success Rate
18
Success Rate
19
Energy Use
20
Energy Use
21
Effect of Mobile Attacker Speed
22
Conclusion
• Dynamically use available memory to provide security from multiple attacks
• Warning scheme can enable prevention of future attacks
• Simulation results confirm DSF performs well
• Future work– Individual sensor subsets– Gateway node compromising– False positives and negatives– Implementation on real sensors– Thrashing Attacks
23
Questions?