Vampire attack
-
Upload
maregowda-r-byalachinta -
Category
Engineering
-
view
89 -
download
3
Transcript of Vampire attack
Page 1
CHAPTER 1
PREAMBLE
1.1 Introduction
Wireless Sensor Network (WSN) consists of spatially distributed autonomous sensors
to co-operatively monitor physical or environmental conditions such as temperature,
sound, vibration, pressure, motion or pollutants.
As WSNs have widely being used due to their breadth of applications by
military, exploration teams, researchers and so on, it is very much necessary to
provide security for the data against intruders.
Preventing hacking of data in Wireless Sensor Networks from intruders or
attackers can be accomplished by key management where the technique reduces the
number of malicious links and further security of data can be given by encrypting the
data so that attacker fails to get the original plain text.
Key management technique for a secure application in Wireless Sensor
Network must minimally incorporate the following features.
• Authenticity: The key establishment technique should guarantee that the
communication nodes in the network have a way for verifying the authenticity
of the other nodes involved in a communication, i.e., the receiver node should
recognize the assigned ID of the sender node.
• Confidentiality: key management technique should control the un-authorized
links to the nodes.
• Integrity: Integrity means no data falsification during transmissions. Here in
terms of key establishment techniques, the meanings are explained as - only
the nodes in the network should have access to the keys and this would
effectively prevent unauthorized nodes from obtaining knowledge about the
keys used, also preclude updates from external sources.
• Scalability: Efficiency demands that sensor networks utilize a scalable key
establishment technique to allow for the variations in size typical of such a
network. Key establishment techniques employed should provide high-
security features for small networks, but also maintain these characteristics
when applied to larger ones.
Page 2
• Flexibility: Key establishment techniques should be able to function well in
any kind of environments and support dynamic deployment of nodes, i.e., a
key establishment technique should be useful in multiple applications and
allow for adding nodes at any time.
• Memory: Memory availability of sensor nodes is usually 6-8 Kbps, half of
which is occupied by a typical sensor network operating system, like TinyOS.
Key establishment techniques must use the remaining limited storage space
efficiently by storing keys in memory, buffering stored messages, etc.
• Prior Deployment Knowledge: As the nodes in sensor networks are deployed
randomly and dynamically, it is not possible to maintain knowledge of every
placement. A key establishment technique should not, therefore, be aware of
where nodes are deployed when initializing keys in the network. Another
important method by which the data in Wireless Sensor Networks could be
secured by encryption techniques where in the original message or plain text is
converted to another (non readable) form so that when its hacked by intruder it
becomes difficult to get back the original plaintext. Some of the features that
the encryption technique should incorporate are as follows
• Confidentiality: Confidentiality ensures that the exchanged data is kept secret
from any unauthorized entities over the network.
• Integrity: Integrityimplies that the message should be un-altered during its
transmission from a source to destination by any intermediate sensor or
malicious node.
• Authentication:It the process of identification that a receiving entity is sure
that the message it receives comes from a legitimate source.
1.2 Organization of Report
With this brief introduction, next Chapter 2 covers with Literature Survey, where all
the findings and observation, which is conducted as feasibility study before the actual
development of the project and finally concludes with the gaps that were found in the
study. Chapter 3 deals with the problem statement, which is going to be addressed in
this project work and also state the solution strategy. Chapter 4 deals with basics of
Wireless Sensor Network. Chapter 5 deals with regard tosecurity in Wireless Sensor
Networks, where it defines and describes some of the concepts of Key management
technique and also some schemes of encryption. Chapter 6 deals with system design
Page 3
where the entire flow of the project is represented by professional flow charts.
Chapter 7 deals with implementation where the steps involved in the creation of the
project work are discussed. It is defined with the assistant of code explanation for the
ease of reader. Chapter 8 mainly deals with the graphical user interface of the project
to show the output of the application. Further, by presenting the conclusion of the
work and the directions for future work are described in chapter 9.
Page 4
CHAPTER 2
LITERATURE REVIEW
The study of JinatRehana[1] on security of wireless sensor network discusses the
security problems of WSN based on its resource restricted design and deployment
characteristics and the security requirements for designing a secure WSN. Also, his
study documents the well-known attacks at the different layers of WSN and some
counter measures against those attacks. Finally, he discusses on some defensive
measures of WSN giving focus on the key management, link layer and routing
security.
A full approach for intrusion detection in wireless sensor network proposed by
Andreas A.Strikos[ 2] discusses the major threats that WSNs have to deal with when
WSN is used in some critical applications like defense, area monitoring etc.
Additionally he has mentioned existing countermeasures to deal with threats that arise
in WSN, but he focuses on intrusion detection where he combined the existing IDS
approaches and proposes the steps to build IDS for WSNs.
Wenliang Du, Jing Deng, Yunghsiang S. Han, Shigang Chen, and Pramod
K. Varshney[3] propose a key management scheme for wireless sensor networks
using deployment knowledge where a novel random key pre-distribution scheme that
exploits deployment knowledge and avoids unnecessary key assignments. Further it
has been proved the performance (including connectivity, memory usage, and
network resilience against node capture) of sensor networks can be substantially
improved with the use of their proposed scheme and discusses the shortcomings of
Diffie-Hellman and public-key based schemes.
The study made by Wenliang Du, Jing Deng Yunghsiang, S. Han Pramod
and K. Varshney[4] on key management in wireless sensor networks extended
abstract discuss on the properties of sensor nodes, components and its function. They
also discuss the various critical application where the wireless sensor networks are
used and also the security problems that arises in wireless sensor network like
attackers trying to get the information in WSN, trying to add some misleading
information to the original messages, listening to the traffic or impersonate one of the
network nodes. They also discuss the problem of how to distribute keys for secure
communication.
Page 5
Loukaslazos and RadhaPoovendran[5] propose a scheme for SeRLoc:
Robust Localization for wireless sensor networks where a novel range-independent
localization algorithm called SeRLoc that is well suited to a resource constrained
environment such as a WSN is proposed. SeRLoc is a distributed algorithm based on
a two-tier network architecture that allows sensors to passively determine their
location without interacting with other sensors. They show that SeRLoc is robust
against known attacks on WSNs such as the wormhole attack, the Sybil attack, and
compromise of network entitiesand analytically compute the probability of success for
each attack. They also compare the performance of SeRLoc with state-of-the-art
range-independent localization schemes and show that SeRLoc has better
performance.
DebarghAcharya and Vijay Kumar [6] propose a scheme for location aware
pair-wise key generation for wireless sensor networks where in they investigate the
key distribution problem in large wireless sensor networks and present one of two
secure communication schemes. Unlike others, their schemes do not store a key chain
in the memory from a universal key space and eliminate key broadcast. They have
made the key generation phase relatively more secured with the use of location
information. Authentication of sensor nodes is also an important issue and has been
taken into consideration in there schemes. Simulation of their schemes illustrate that
they outperform some existing key schemes and incurs less transmission and storage
cost.
A key management scheme in distributed sensor networks using attack
probabilities proposed by Siu-Ping Chan, RadhaPoovendran and Ming-Ting
Sun[7]make use of the a priori probability to design a variant of random key pre-
distribution method that improves the resilience and hence the fraction of
compromised communications compared to seminal works. They further relate the
key ring size of the subgroup node to the probability of node compromise, and design
an effective scalable security mechanism that increases the resilience to the attacks for
the sensor subgroups. Simulation results show that by using their scheme, the
performance can be substantially improved in the sensor network (including the
resilience and the fraction of compromised communications) that only sacrifices a
small extent in the probability of a shared key exists between two nodes, compared to
those of the prior results.
Page 6
A study on evaluation of overheads in security mechanisms in wireless sensor
networks by Tanveer Zia, Albert Zomaya and NedalAbabneh [8] reveals some of
the applications of wireless sensor networks to collect real time and event driven data.
In this study they have discussed three recently introduced security mechanisms (1)
TinySec (2) MiniSec and (3) TripleKeys. They have studied these security
mechanisms in terms of packet overheads and compared the packet transmission time,
average latency and energy consumption and the comparisions made by them shows
that the packet overheads in TripleKeys are lesser compared to other two schemes.
They have then used the 38 bytes packet size of TripleKeys for further analysis and
calculated the packet delivery ratio, latency and energy consumption. They have
observed that packet delivery ratio decreases when they increase the number of nodes
while latency and energy increases.
The study of secure wireless sensor networks: problems and solutions made
byFei Hu, Jim Ziobro, Jason Tillett and Neeraj K. Sharma [9]analyzes security
challenges in wireless sensor networks and summarizes key issues that should be
solved for achieving the ad hoc security. They give an overview of the current state of
solutions on such key issues as secure routing, prevention of denial-of-service and key
management service and also present some secure methods to achieve security in
wireless sensor networks. Finally they present integrated approach to securing sensor
networks.
S. Padma Priya and Mr. JayaramPradhan [10] propose a scheme foran
efficient security framework for detection and isolation of attackers in low rate
wireless personal area networks where they provide an efficient scheme for provide
an Efficient Security Framework (ESF) that protects both routing and data forwarding
operations. Their framework involves (i) Detection of malicious nodes by the
modified AODV protocol. (ii) Isolation of malicious nodes by using Multi-Signature
based tickets. Through by both analysis and simulation results, they demonstrate the
effectiveness of the framework in a highly mobile and hostile environment.
2.1 Gaps / Further enhancement found in the literature
survey
After reviewing several literatures, in WSN area, it has been noticed that (1) There is
limited research work done on key management scheme which takes the location of
sensor nodes into consideration while deciding the keys to be deployed on each node.
Page 7
(2) Combining of encryption with key management for securing data in Wireless
Sensor Network.
Page 8
CHAPTER 3
PROBLEM DEFINATION
3.1 Problem Statement
Since wireless sensor networks have been evolved, its major application find in the
field of military where securing the data from intruders or attackers is one of the most
important issues
3.2 Objectives of Project
The main objectives of the project work are as followings:
• To reduce the malicious links from attackers to the sensor nodes in WSN and
thus by providing secure communication link between nodes.
• To prevent the data from hacking by intruders/attackers.
3.3 Solution Strategy
Solution to the above problem is developing a key management system to secure
communication link between the nodes in Wireless Sensor Network by reducing the
attempt of attackers to establish malicious links to the sensor nodes and further
security for the data is provided by encryption schemes.
Fig 3.1 Problem domain and proposed solution
Wireless
SensorNetwork
To prevent malicious link and
to protect data.
Key management scheme to prevent malicious links and
encryption to protect data
Challenging
Issues
Solution
Strategy
Page 9
Chapter 4
Wireless Sensor Networks
Recent advances in MicroElectroMechanical systems(MEMS) technology, wireless
communications, and digital electronics have enabled the development of low-cost,
low-power, multifunctional sensor nodes that are small in size and communicate
untethered in short distances. These tiny sensor nodes, which consist of sensing, data
processing, and communicating components, leverage the idea of sensor networks
based on collaborative effort of a large number of nodes. Sensor networks represent a
significant improvement over traditional sensors, which are deployed in the following
two ways:
• Sensors can be positioned far from the actual phenomenon, i.e., something
known by sense perception. In this approach, large sensors that use some
complex techniques to distinguish the targets from environmental noise are
required.
• Several sensors that perform only sensing can be deployed. The position of the
sensors and communications topology is carefully engineered. They transmit
time series of the sensed phenomenon to the central nodes where computations
are performed and data are fused.
A sensor network is composed of a large number of sensor nodes, which are
densely deployed either inside the phenomenon or very close to it. The position of
sensor nodes need not be engineered or pre-determined. This allows random
deployment in inaccessible terrains or disaster relief operations. On the other hand,
this also means that sensor network protocols and algorithms must possess self-
organizing capabilities. Another unique feature of sensor networks is the cooperative
effort of sensor nodes. Sensor nodes are fitted with an on-board processor. Instead of
sending the raw data to the nodes responsible for the fusion, sensor nodes use their
processing abilities to locally carry out simple computations and transmit only the
required and partially processed data.
The above described features ensure a wide range of applications for sensor
networks. Some of the application areas are health, military, and security. For
example, the physiological data about a patient can be monitored remotely by a
doctor. While this is more convenient for the patient, it also allows the doctor to better
Page 10
understand the patient’s current condition. Sensor networks can also be used to detect
foreign chemical agents in theair andthe water. They can help to identify the type,
concentration, and location of pollutants. In essence, sensor networks will provide the
end user with intelligence and a better understanding of the environment.
Realization of these and other sensor network applications require wireless ad
hoc networking techniques. Although many protocols and algorithms have been
proposed for traditional wireless ad hoc networks, they are not well suited for the
unique features and application requirements of sensor networks. To illustrate this
point, the differences between sensor networks and ad hoc networks are outlined
below:
• The number of sensor nodes in a sensor network can be several orders of
magnitude higher than the nodes in an ad hoc network.
• Sensor nodes are densely deployed.
• Sensor nodes are prone to failures.
• The topology of a sensor network changes very frequently.
• Sensor nodes mainly use broadcast communication paradigm whereas most ad
hoc networks are based on point-to-point communications.
• Sensor nodes are limited in power, computational capacities, and memory.
• Sensor nodes may not have global identification (ID) because of the large
amount of overhead and large number of sensors.
4.1Sensor Networks Applications
Sensor networks may consist of many differenttypes of sensors such as seismic, low
sampling ratemagnetic, thermal, visual, infrared, and acoustic andradar, which are
able to monitor a wide variety ofambient conditions that include the following:
• temperature,
• humidity,
• vehicular movement,
• lightning condition,
• pressure,
• soil makeup,
• noise levels,
• the presence or absence of certain kinds of objects,
Page 11
• mechanical stress levels on attached objects, and
• the current characteristics such as speed, direction, and size of an object.
Sensor nodes can be used for continuous sensing, event detection, event ID,
location sensing,and local control of actuators. The concept ofmicro-sensing and
wireless connection of thesenodes promises many new application areas. Applications
of WSN can be categorized into military, environment, health, home and other
commercial areas. Itis possible to expand this classification with morecategories such
as space exploration, chemicalprocessing and disaster relief.
4.1.1 Military Applications
Wireless sensor networks can be an integral part of military command, control,
communications, computing, intelligence, surveillance, reconnaissance
andtargeting(C4ISRT) systems. The rapid deployment, self-organization and fault
tolerance characteristics of sensor networks make them a very promising sensing
technique for military C4ISRT. Since sensor networks are based on the dense
deployment of disposable and low-cost sensor nodes, destruction of some nodes by
hostile actions does not affect a military operation as much as the destruction of a
traditional sensor, which makes sensor networks concept a better approach for
battlefields. Some of the military applications of sensor networks are monitoring
friendly forces, equipment and ammunition; battlefield surveillance; reconnaissance
of opposing forces and terrain; targeting; battle damage assessment; and nuclear,
biological and chemical (NBC) attack detection and reconnaissance.
Monitoring friendly forces, equipment and ammunition: Leaders and
commanders can constantly monitor the status of friendly troops, the condition and
the availability of the equipment and the ammunition in a battlefield by the use of
sensor networks. Every troop, vehicle, equipment and critical ammunition can be
attached with small sensors that report the status. These reports are gathered in sink
nodes and sent to the troop leaders. The data can also be forwarded to the upper levels
of the command hierarchy while being aggregated with the data from other units at
each level.
Nuclear, biological and chemical attack detection and reconnaissance: In
chemical and biological warfare, being close to ground zero is important for timely
and accurate detection of the agents. Sensor networks deployed in the friendly region
Page 12
and used as a chemical or biological warning system can provide the friendly forces
with critical reaction time, which drops casualties drastically.
4.1.2 Environmental Applications
Some environmental applications of sensor networks include tracking the movements
of birds small animals, and insects; monitoring environmental conditions that affect
crops and livestock; irrigation;macro instrumentsfor large-scale Earth monitoring
and planetary exploration; chemical/biological detection; precision agriculture;
biologcal, Earth, and environmental monitoring in marine, soil, and atmospheric
contexts; forest firedetection; meteorological or geophysical research; flood detection;
bio-complexity mapping of the environment; and pollution study.
Forest fire detection: Since sensor nodes may be strategically, randomly, and densely
deployed in a forest, sensor nodes can relay the exact origin of the fire to the end users
before the fire is spread uncontrollable. Millions of sensor nodes can be deployed and
integrated using radio frequencies/ optical systems. Also, they may be equipped with
effective power scavenging methods, such as solar cells, because the sensors may be
left unattended for months and even years. The sensor nodes will collaborate with
each other to perform distributed sensing and overcome obstacles, such as trees and
rocks, that block wired sensor’s line of sight.
Flood detection: An example of a flood detection is the ALERT system deployed in
the US. Several types of sensors deployed in the ALERT system are rainfall, water
level and weather sensors. These sensors supply information to the centralized
database system in a pre-defined way. Research projects, such as the COUGAR
Device Database Project at Cornell University and the Data Space project at Rutgers,
are investigating distributed approaches in interacting with sensor nodes in the sensor
field to provide snapshot and long-running queries.
4.1.3 Home Applications
Some of the health applications for sensor networks are providing interfaces for the
disabled;integrated patient monitoring; diagnostics; drug administration in hospitals;
monitoring the movements and internal processes of insects or othersmall animals;
telemonitoring of human physiological data; and tracking and monitoring doctorsand
patients inside a hospital.
Page 13
Tracking and monitoring doctors and patientsinside a hospital: Each patient
has small and lightweight sensor nodes attached to them. Each sensor node has its
specific task. For example, one sensornode may be detecting the heart rate while
another is detecting the blood pressure. Doctors may alsocarry a sensor node, which
allows other doctors tolocate them within the hospital. Drug administration in
hospitals: If sensor nodescan be attached to medications, the chance ofgetting and
prescribing the wrong medication topatients can be minimized. Because, patients
willhave sensor nodes that identify their allergies andrequired
medications.Computerized systems asdescribed in have shown that they can
helpminimize adverse drug events.
4.1.4Health Applications
Home automation: As technology advances,smart sensor nodes and actuators can be
buried inappliances, such as vacuum cleaners, micro-wave ovens, refrigerators, and
VCRs. These sensornodes inside the domestic devices can interact witheach other
andwith the external network via theInternet or Satellite. They allow end users
tomanage home devices locally and remotely moreeasily.
4.1.5 Other Commercial Applications
Some of the commercial applications are monitoring material fatigue; building virtual
keyboards; managing inventory; monitoring product quality; constructing smart office
spaces; environmental control in office buildings; robot control and guidance in
automatic manufacturing environments; interactive toys; interactive museums; factory
process control and automation; monitoring disaster area; smart structures with sensor
nodes embedded inside; machine diagnosis; transportation; factory instrumentation;
local control of actuators; detecting and monitoring car thefts; vehicle tracking and
detection; and instrumentation of semiconductor processing chambers, rotating
machinery, wind tunnels, and anechoic chambers.
Environmental control in office buildings: The air conditioning and heat of
most buildings are centrally controlled. Therefore, the temperature inside a room can
vary by few degrees; one side might be warmer than the other because there is only
one control in the room and the air flow from the central system is not evenly
distributed. A distributed wireless sensor network system can be installed to control
the air flow and temperature in different parts of the room. It is estimated that such
distributed technology can reduce energy consumption by two quadrillion British
Thermal Units (BTUs) in the US, which amounts to saving of $55 billi
reducing 35 million metric tons of carbon emissions.
Detecting and monitoring car thefts: Sensor nodes are being deployed to detect
and identify threats within a geographic region and report these threats to remote end
users by the Internet for analysis.
4.2 Sensor Networks Communication Architecture
The sensor nodes are usually scattered in
these scattered sensor nodes has the capabilities to collect data and route data back to
the sink and the end
multihopinfrastructureless architecture th
may communicate with the task manager node via Internet or Satellite.
Fig 4.1:
The power management plane manages how a sensor node uses its power. For
example, the sensor node may turn o
of its neighbors. This is to avoid getting duplicated messages. Also, when the power
level of the sensor node is low, the sensor node broadcasts to its neighbors that it is
low in power and cannot participate in routing messages. The remaining power is
reserved for sensing. The mobility management plane detects and registers the
movement of sensor nodes, so a route back to the user is always maintained, and the
sensor nodes can keep track of who are their neighbor sensor nodes. By knowing who
the neighbor sensor nodes are
usage. The task management pla
a specific region. Not all sensor nodes in that region are required to perform the
distributed technology can reduce energy consumption by two quadrillion British
Thermal Units (BTUs) in the US, which amounts to saving of $55 billion per year and
reducing 35 million metric tons of carbon emissions.
Detecting and monitoring car thefts: Sensor nodes are being deployed to detect
and identify threats within a geographic region and report these threats to remote end
for analysis.
Networks Communication Architecture
are usually scattered in a sensor field as shown in Fig 4.1
these scattered sensor nodes has the capabilities to collect data and route data back to
users. Data are routed back to the end user by a
multihopinfrastructureless architecture through the sink as shown in Fig.4.1
may communicate with the task manager node via Internet or Satellite.
Fig 4.1: Sensor nodes scattered in a sensor field.
The power management plane manages how a sensor node uses its power. For
example, the sensor node may turn offits receiverafter receiving a message from one
of its neighbors. This is to avoid getting duplicated messages. Also, when the power
sensor node is low, the sensor node broadcasts to its neighbors that it is
low in power and cannot participate in routing messages. The remaining power is
reserved for sensing. The mobility management plane detects and registers the
movement of sensor nodes, so a route back to the user is always maintained, and the
sensor nodes can keep track of who are their neighbor sensor nodes. By knowing who
the neighbor sensor nodes are, the sensor nodes can balance their power and task
usage. The task management plane balances and schedules the sensing tasks given to
fic region. Not all sensor nodes in that region are required to perform the
Page 14
distributed technology can reduce energy consumption by two quadrillion British
on per year and
Detecting and monitoring car thefts: Sensor nodes are being deployed to detect
and identify threats within a geographic region and report these threats to remote end
field as shown in Fig 4.1. Each of
these scattered sensor nodes has the capabilities to collect data and route data back to
users. Data are routed back to the end user by a
rough the sink as shown in Fig.4.1. The sink
The power management plane manages how a sensor node uses its power. For
a message from one
of its neighbors. This is to avoid getting duplicated messages. Also, when the power
sensor node is low, the sensor node broadcasts to its neighbors that it is
low in power and cannot participate in routing messages. The remaining power is
reserved for sensing. The mobility management plane detects and registers the
es, so a route back to the user is always maintained, and the
sensor nodes can keep track of who are their neighbor sensor nodes. By knowing who
, the sensor nodes can balance their power and task
ne balances and schedules the sensing tasks given to
fic region. Not all sensor nodes in that region are required to perform the
sensing task at the same time. As a result, some sensor nodes perform the task more
than the others depending on
These management planes are needed, so that sensor nodes can work together
in a power efficient way, route data in a mobile sensor network, and share resources
between sensor nodes. Without them, each sensor node will just work individ
From the whole sensor network standpoint, it is more e
collaborate with each other, so the lifetime of the sensor netwo
Before discussing the need for the protocol layers and managemen
networks, mapping three existing work to the
Fig 4.2
The so-called WINS is developed in
access is provided to the sen
nodes are in large number,
between sensor nodes to
powerconsumption. The way in which data is routed bac
networks follows the arc
node, detects the environmental data, and
WINS nodes until it reac
sensor nodes A, B, C,D, and E accordi
The WINS gateway communicates with the userthrough conventional network
services, such as theInternet. The protocol stack of a WINS networkconsists of the
application layer, network layer,MAC layer, and physical layer. Also, it is explicitly
pointed out in that a low
sensing task at the same time. As a result, some sensor nodes perform the task more
than the others depending on their power level.
These management planes are needed, so that sensor nodes can work together
cient way, route data in a mobile sensor network, and share resources
between sensor nodes. Without them, each sensor node will just work individ
From the whole sensor network standpoint, it is more efficient if sensor nodes can
collaborate with each other, so the lifetime of the sensor networks can be prolonged.
the need for the protocol layers and management planes in sensor
three existing work to the protocol stack is done as shown in
Fig.4.2. The sensor networks protocol stack.
called WINS is developed in, wheredistributed network and Internet
ided to the sensor nodes, controls, and processors. Since the sensor
nodes are in large number, the WINS networks take advantage of this short
between sensor nodes to provide multihopcommunicationand minimize
. The way in which data is routed back to the user in the WINS
networks follows the architecture specified in Fig 4.1. The sensor node, i.e., aWINS
node, detects the environmental data, and the data is routed hop by hop through the
odes until it reaches the sink, i.e., a WINS gateway. So the WINS nodes are
D, and E according to the architecture in Fig 4.1.
The WINS gateway communicates with the userthrough conventional network
services, such as theInternet. The protocol stack of a WINS networkconsists of the
on layer, network layer,MAC layer, and physical layer. Also, it is explicitly
that a low-power protocol suitethat addresses the constraints of the
Page 15
sensing task at the same time. As a result, some sensor nodes perform the task more
These management planes are needed, so that sensor nodes can work together
cient way, route data in a mobile sensor network, and share resources
between sensor nodes. Without them, each sensor node will just work individually.
cient if sensor nodes can
rks can be prolonged.
t planes in sensor
as shown in
work and Internet
. Since the sensor
he WINS networks take advantage of this short distance
multihopcommunicationand minimize
he user in the WINS
. The sensor node, i.e., aWINS
he data is routed hop by hop through the
the WINS nodes are
The WINS gateway communicates with the userthrough conventional network
services, such as theInternet. The protocol stack of a WINS networkconsists of the
on layer, network layer,MAC layer, and physical layer. Also, it is explicitly
e constraints of the
Page 16
sensor networks should be developed.Different typesof sensornodes deployed alsolead
to different types of sensor networks.
4.3Application Layer
Although many application areas for sensor networks are definedand proposed,
potential application layer protocols for sensor networks remains a largely unexplored
region. There are three possible application layer protocolsi.e., sensormanagement
protocol (SMP), task assignment anddata advertisement protocol (TADAP), and
sensorquery and data dissemination protocol (SQDDP),needed for sensor networks
based on the proposedschemes related to the other layers and sensornetwork
application areas. All of these applicationlayer protocols are open research issues.
4.3.1 Sensor Management Protocol
Designing an application layer management protocol has several advantages. Sensor
networks have many different application areas, and accessing them through networks
such as Internet isaimed in some current projects. An application layer management
protocol makes the hardware and softwaresof the lower layers transparent to the
sensor network management applications.
System administrators interact with sensor networks by using SMP. Unlike
many other networks, sensornetworks consistof nodesthat donot have global IDs, and
they are usually infratructureless. Therefore, SMP needs to access the nodes by using
attribute-based naming and location-based addressing. SMP is a management protocol
that provides the softwareoperations needed to performthe followingadministrative
tasks:
• introducing the rules related to data aggregation, attribute-based naming and
clustering tothe sensor nodes,
• exchanging data related to the location findingalgorithms,
• time synchronization of the sensor nodes,
• moving sensor nodes,
• turning sensor nodes on and off,
• querying the sensor network configuration and the status of nodes, and
configuring the sensor network, and
• Authentication, key distribution and security in data communications.
Page 17
4.3.2 Task Assignment and Data AdvertisementProtocol
Another important operation in the sensor networks is interest dissemination. Users
send theirinterest to a sensor node, a subset of the nodes orwhole network. This
interest may be about a certain attribute of the phenomenon or a triggeringevent.
Another approach is the advertisement ofavailable data in which the sensor nodes
advertise the available data to the users, and the users querythe data which they are
interested in. An application layer protocol that provides the user softwarewith
efficient interfaces for interest disseminationis useful for lower layer operations, such
as routing.
4.3.3 Sensor Query and Data Dissemination Protocol
SQDDP provides user applications with interfaces to issuequeries, respond to
queries and collect incoming replies. Note that these queries are generally not issued
to particular nodes. Instead, attribute-based or location-based naming is preferred. For
instance, ‘‘the locations of the nodes that sense temperature higher than 70 °F’’ is an
attribute-based query. Similarly, ‘‘temperatures read by the nodes in region A’’ is an
example for location-based naming.
Sensor query and tasking language (SQTL) is proposed as an application that
provides evena larger setof services. SQTL supports three types of events, which are
defined by keywords receive, every, and expire. Receive keyword defines events
generated by a sensor node when the sensor node receives a message, every keyword
defines events occurred periodically due to a timer time-out and expire keyword
defines the events occurred when a timer is expired. If a sensor node receives a
message that is intended for it and contains a script, the sensor node then executes the
script. Although SQTL is proposed, different types of SQDDP can be developed for
various applications. The use of SQDDPs may be unique to each application.
4.4 TransportLayer
Transport layer is especially needed when the system is planned to be
accessedthrough Internet or other external networks. However, to the best of the
knowledge there has notbeen any attempt so far to propose a scheme orto discuss the
Page 18
issues related to the transport layerof a sensor network in literature. TCP with
itscurrent transmission window mechanisms doesmatchto the extreme characteristics
of the sensornetwork environment. An approach such as TCP splitting may be needed
to make sensor networks interact with other networks such as Internet. In this
approach, TCP connections are ended at sink nodes, and a special transport layer
protocol can handle the communications between the sink node and sensor nodes. As
a result, the communication between the user and the sink node is by UDP or TCP via
the Internet or Satellite. On the other hand, the communication between the sink and
sensor nodes may be purely by UDP type protocols, because each sensor node has
limited memory.
4.5 Network Layer
Sensor nodes are scattered densely in a fieldeither close to or inside the phenomenon
as shown in Fig 4.1. Special multihop wireless routing protocols between the sensor
nodes and the sink node are needed. The adhoc routing techniques do not usually fit
the requirements of the sensor networks. The networking layer of sensor networks is
usually designed according to the following principles:
• Power efficiency is always an important consideration.
• Sensor networks are mostly data centric.
• Data aggregation is useful only when it does not hinder the collaborative effort
of the sensor nodes.
• An ideal sensor network has attribute-based addressing and location
awareness.
4.6 Data Link Layer
The data link layer is responsible for the multiplexing of data streams, data frame
detection,medium access and error control. It ensures reliable point-to-point and
point-to-multipoint connections in a communication network. In the following two
subsections, we discusssome of the medium access and error control strategies
forsensor networks.
4.6.1 Medium Access Control
The MAC protocol in a wireless multihop self-organizing sensor network must
achieve two goals.The first is the creation of the network infrastructure. Since
Page 19
thousands of sensor nodes aredensely scattered in a sensor field, theMAC schememust
establish communication links for data transfer. This forms the basic infrastructure
needed forwireless communication hop by hop and givesthe sensor network self-
organizing ability. Thesecond objective is to fairly and efficiently
sharecommunication resources between sensor nodes.Traditional MAC schemes can
all be categorizedbased on their resource sharing mechanisms.
4.7 Physical Layer
The physical layer is responsible for frequencyselection, carrier frequency generation,
signal detection, modulation and data encryption. Frequency generation and signal
detection have more to do with the underlyinghardware and transceiver design and
hence arebeyond the scope of this report.
.
Page 20
Chapter 5
SECURITY IN WIRELESS SENSOR NETWORK
Security is a very important issue when designing or deploying any network or
protocol. However the recently developed networks as the wireless ones have not
given the necessary attention to security of data against intruders .
Security to the data in Wireless Sensor Network can be provided in two ways
5.1 Encryption
It is the process of transforming information(message) using an algorithm (called
cipher) and key (secret informatiom) to make it unreadable to any unauthorized
attacker .
5.1.1 Security services
• Confidentiality:Confidentialityensures that the exchanged data is kept secret
from any unauthorized entities over the network. It is usually achieved using
symmetric encryption which is more efficient concerning its consumption of
devices resources..
• Integrity:implies that the message should be un-altered during its transmission
from a source to destination by any intermediate sensor or malicious node. This
is usually done in conventional network using MAC (Message Authentication
Code) or digital signatures.
• Authentication:is the process of identification that a receiving entity is sure
that the message it receives comes from a legitimate source, this is ensured
using Public Key Infrastructure. However in WSN is usually done by pre-
distributing some bootstrapping information used after to authenticate sensors
by the base station.
5.1.2 Types of Encryption algorithms
Page 21
• Symmetric Encryption: It is a type of encryption method where in only one
key is used both for encryption and decryption..The use of single key makes
decryption process a simple reversal of encryption process. Examples for
symmetric encryption include AES, DES etc.
• Asymmetric Encryption: Asymmetric encryption uses two keys for both
encryption and decryption. In the way that any message encrypted with one of
the keys can only be decrypted with the other key. One of the keys is called
private key which is kept secret by it holder, and the second one is publicly
known by each entity in a given community, using these two keys, the
asymmetric encryption technique can ensure both confidentiality, integrity and
authentication. Often the management of generation, distribution, renewal and
publication of these keys is achieved by a trust party called Certificate authority
(CA) which composes what we call public key infrastructure (PKI) which is
recognized as the most efficient and powerful tool to ensure key management
in conventional networks. However PKI is omitted from the use in WSN,
because of its great consumption of energy and bandwidth which are very
crucial in sensor network, and all the most known solution given in literature is
the use of symmetric encryption which is more power saving. Example for
symmetric encryption includes RSA, Eliptic curve etc .
5.2 Key Management
5.2.1 Security Services
• Scalability:. Key management mechanism must support large networks, and
must be flexible against substantial increase in the size of the network even
after deployment,
• Efficiency: storage, processing and communication limitations on sensor
nodes must be considered while key management.,
• Key connectivity (probability of key-share): probability that two (or more)
sensor nodes store the same key or keying material. Enough key connectivity
must be provided for a WSN to perform its intended functionality by key
management.
• Resilience: key management should be effective against node capture.
Compromise of security credentials, information which are stored on a sensor
Page 22
node or exchanged over radio links, should not reveal information about
security of any other links in the WSN.
5.2.2 Key Management techniques
In literature exist several key management schemes trying to solve the problem of
security in WSN by taking into consideration the limitations of sensors (bandwidth and
energy), the majority of them are based on symmetric key encryption and some others
are based on asymmetric encryption:
Symmetric encryption based key management schemes
• Shared key: this solution is the simplest way for securing WSN, it uses a
single shared key to encrypt traffic over the network, and this key may be
periodically updated to ensure more security against eavesdropping. As any
other scheme based on single key, this scheme is vulnerable against capture
attack which is more possible in sensor network, since the capture of only one
sensor can compromise the shared key and then the whole network.
• Pre-distributed keys: these solutions assume the existence of an off-line
dealer which distributes a set of symmetric keys to sensors before their
deployment, for example the authors in [11] proposed a random key pre-
distribution scheme for WSN in which sensor obtains a subset of symmetric
keys from a large key pool. After deployment, each sensor tries to find a shared
key with each of its neighbors to secure the links with them. Other works have
been proposed under on the same idea in [ 12, 13,14] trying to solve the
problem of scalability and the manner of obtaining the session key between
sensors and the base station.
• Tinysec: is a link layer security protocol based on symmetric key encryption,
TinySec [15] supports two different security options: authenticated encryption
(TinySec-AE) and authentication only (TinySec-Auth). The use of MAC layer
security instead of end to end security may avoid denial of service attacks,
however this scheme still vulnerable to lot of attacks as capture attacks. In
Page 23
other hands, this protocol can be used by any other key management scheme as
an underlying tool for encryption.
• SPINS:Perrig and al. proposed SPINS, a suite of security protocols optimized
for sensor networks [16]. SPINS has two secure blocks, namely Secure
Network Encryption Protocol (SNEP) and µTESLA, which can be run over the
TinyOS operating system. SNEP is used to provide confidentiality through
encryption and authentication; while µTESLA is used to provide authentication
for broadcasted data.
• Cluster based protocols: these protocols are based on clustering, which mean
that the whole network is divided into clusters [17,18], then a set of symmetric
keys are used to ensure intra and inter cluster communication as well as
integrity, confidentiality and authentication over each cluster and therefore over
the whole network.
Public key based key management schemes
• Simplified SSL handshake: In [19], the authors give the energy cost analysis
of a simplified version SSL [20] applied to WSN, which reduces the amount of
exchanged data between any pair of nodes to save energy and bandwidth.
in the network as the one in SSL [20].
• TinyPK: The TinyPK system described in [21] is designed specifically to
allow authentication and key agreement between resource constrained sensors.
The protocol is designed to be used in conjunction with other symmetric
encryption based protocols as TinySec [15], in order to deliver secret key to
that underlying protocol. To do this, they implement the Diffie-Hellman key
exchange algorithm.
As said above using a session key between each pair of sensors is not
efficient andit consumes lot of energy and network bandwidth for the setup of
the session key beyond of the energy consumed by the encryption algorithms.
Using this scheme as an end-to-end security mechanism may be energy
efficient however Diffie-Hellman key agreement is very sensitive to man in
the middle attacks which can be easily performed in such situation.
Page 24
• Simplified Kerberos protocol: The authors in [22] proposed an adapted
version of Kerberos for WSN in order to setup a session key between each
communicating pair of sensors by contacting a trusted third party which may
be the base station or a cluster head in a hierarchical network. They assume
that a long term key is shared between each node and the trusted authority
which is responsible of the generation of the secret key for each pair of
sensors.
CHAPTER 6
SYSTEM DESIGN
The purpose of design is to plan the solution for a problem specified by the
requirements document. This phase is the first step in moving from problem domain
to the solution domain. In other words, starting with what is needed, design takes us to
work how to satisfy the needs. The design of the system is perhaps the most critical
factor affecting the quality of the software. System design aims to identify the
modules that should be in the system, the specifications of these modules and
specifies interaction with each other to produce the desired results.
6.1Functional requirements
The proposed system is expected to provide the following functionalities:
• The system should be able to reduce the malicious links from the attacker to
the nodes in the Wireless Sensor Network .
• The system should be able to minimize the hacking of data.
6.2 Non Functional requirements
Following are the non-functional requirements expected from the system
• The system must take into consideration the storage limitations of sensor
nodes for storing keys during key management and encryption schemes.
• System should be available round the clock except the time required for the
backup of data.
• This project work is open for any future modification and hence the work
could be defined as the one of the extensible work.
Page 25
• The system must be easy to use.
6.3 Design requirements
Design goals are used to identify the expected qualities from the system.Most of the
design goals of the system are inferred fromnon-functional requirements and the
application domain will follow the same set of criteria.
Sensor nodes in Wireless Sensor Networks usually suffer from limitation of
memory and battery life of sensor nodes .In order to meet the desired goal, memory of
sensor nodes and its battery or energy lifetime should be considered.So the issues that
need to be considered carefully while designing the system are:
Design issue 1: Constrained Memory Size
Design issue 2: Constrained Computational Capability
Design issue 3: Constrained battery life of sensor node.
6.4 Architecture of the System
The proposed architecture in Fig 6.1 shows different layers where system
initialization is the first layer in which sensor network boundary is initialized, sensor
nodes are deployed in the network boundary and each sensor nodes isassigned with
IDs. The next layer is the key management layer where in Location dependent key
management technique has been designed to reduce the malicious links to the sensor
nodes. In the next layer security to the data is provided by encrypting the data so that
it will be difficult for the attackers to get the original plain text even though some
malicious links have been established. In this layer three encryption systems namely
Domingo-Ferrer, Elliptic Curve Naccache-Stern(EC-NS), Elliptic Curve
ElGamal(EC-EG) has been designed and in the last layer performance of Location
dependent key management system along with these three encryptions are observed
independently.
These layering give us insight on how to decompose the system into
subsystems. In order to reduce the complexity and improve the quality of the system,
decomposing the system into loosely coupled subsystems is one of the known
approaches. The proposed system is decomposed into functional modules which
consists of key management technique and different encryption systems.. This is also
called a pipeline approach. A flow chart model may be used when decomposing a
system into subsystems, next section describes about flow charts.
Page 26
6.5Detailed Design
Detailed design for the proposed system consists of design features of each layer of
the proposed system.
6.5.1 Design of Key management phase
In key management phase Location dependent key management scheme is designed
where this scheme takes the location of sensor nodes into consideration while
deciding the keys to be deployed on each node. As a result, this approach reduces the
number of keys that have to be stored on each sensor node. This approach does not
require any knowledge about the deployment of sensor nodes.
Fig 6.1. Overall Architecture of the proposed system
The implemented scheme starts off with loading a single key on each sensor node
prior to deployment. The actual keys are then derived from this single key once the
sensor nodes are deployed.
Fig 6.2 shows Location dependent key management system. It can be
explained briefly as below.
Generate anchor node and initialize its range. Move the anchor node from
(xmin, ymin) to (xmax, ymax) at each instant with the incremental index so that it covers
entire network boundary. Initialize common key by using random number and
Page 27
transmit it to all nodes including anchor node. Define a set of key pool and check
whether common key is a member of key pool. If it is a member, then define another
key pool or else define a set of key ring from the existing key pool and assign them to
each sensor node. Generate power keys and assign it to anchor node. Encrypt those
power keys with common key using an efficient encryption algorithm. Range of
anchor node defines different power level represented by circles with reference to
anchor node. Draw trajectory to the sensor nods falling in different power levels
andtransmit encrypted keys in anchor node to different power levels based on the
criteria that all the power keys will be transmitted to the sensor nodes which belong to
highestpower level region and one less key to sensor nodes at next region and so on
and move anchor node as per incremental index.. Decrypt the encrypted keys at
sensor
No NN N
Yes
Start
Generate anchor node and set its
range
Define pause
time
Iterate anchor node from
(xmin,ymin) to
(xmax,ymax) of
network
boundary
Provide incremental
index
Initialize common
key(ck)
Transmit key ring to all
nodes
Generate key
pool
Generate power keys and assign
to anchor nodes
Encrypt power keys using ck
Compute radius of each power
level
Divide power levels
Transmit encrypted keys to nodes and move anchor
nodes acording to incremental
index
Draw trajectory for nodes on
different power
levels
Hash with
common keys
Obtain the
derived keys
Attacker generates
random keys
Attacker try to find the
common keys with sensor
nodes
If common keys are above
threshold
Page 28
Yes No
No
Fig 6.2: Location dependent key management system
nodes and hash them along with common key and call it as derived key. Attacker also
generates his own random set of keys and tries to establish the connection with sensor
nodes by finding the number of common keys between them. If the number of
common keys is more than threshold then it establishes the connection with sensor
nodes.
6.5.2 Design of Encryption Phase
In Encryption phase different encryption techniques are used to prevent the attacker
from getting original plain text.
6.5.2.1 Domingo FerrerEncryption algorithm
This is an symmetric encryption algorithm where in the length of plain text and
ciphertext are same. In this algorithm keys k and m are initialized and ciphertext is
calculated by taking mod (k+m, M) where ‘M’ is the original plaintext that needs to
be encrypted.
Is ck member of
key pool
Generate key
ring
Decrypt the keys at each sensor nodes
and add each of these keys with
key ring
Set up communication
link
Stop
Input plaintext
(M)
Start
Initialize k, m
Ciphertext=
mod (k+m,M);
Page 29
Fig 6.3: Domingo-Ferror Encryption algorithm
6.5.2.2 Elliptic Curve ElGamal (EC-EG) Encryptionalgorithm
Elliptical curve Elgamal (EC-EG) encryption is an asymmetric type of encryption
where the length of plain text and ciphertext are different .In this algorithm keys K, E,
P, G, X are initialized. Key Y is calculated by multiplying with keys X and Y.Key R
is calculated by multiplying with keys K and G .Key S is calculated by adding
plaintext with product of keys K and Y and then ciphertextis calculated by taking
matrix of R and S.
Stop
Start
Input plaintext
(M)
Initialize
K,E,P,G,X
Y=X*G
R=K*G
S=M+K*Y
Ciphertext= [ R S]
Stop
Page 30
Fig 6.4: Elliptic Curve ElGamal (EC-EG) Encryption algorithm
6.5.2.3 Elliptic Curve Naccache-Stern (EC-NS) Encryption algorithm
Elliptic Curve Naccache-Stern (EC-NS) algorithm is also an asymmetric type of
encryption algorithm where the length of plaintext is not same as the length of
ciphertext.
In this algorithm keys P, Q, B, Sigma, G and R are initialized. Key N is calculated by
multiplying keys P and Q.Key mu is calculated by taking lcm of keys P+1,Q+1 and
then ciphertext is calculated by taking the product of (M+sigma *R) and G where M
is the original plaintext which need to be encrypted.
Fig 6.5 : Elliptic Curve Naccache-Stern (EC-NS) Encryption algorithm
6.5.3 Security Analysis
Security analysis is done to find the probability of actual data (plaintext) that the
attacker is successful in hacking.
Start
Input plaintext
(M)
Initialize P, Q, B,
Sigma, G, R
N=P*Q
mu = lcm(P+1,Q+1)
C = (M+sigma*r)*G
Stop
Page 31
Attacker after succeeding in getting some of the malicious link to the sensor
nodes, gets the ciphertext from those nodes and tries to decrypt that ciphertext by
assuming the keys that are used in that encryption algorithm.
If the attacker succeeds in breaking the algorithm, he gets the actual data or
else he doesn’t get the data.
CHAPTER 7
IMPLEMENTATION
7.1 Introduction
The implementation phase of any project is the most important phase as it yields the
final solution, which solves the problem at hand. The implementation phase involves
the actual materialization of the ideas, which are expressed in the analysis document
and developed in the design phase. Implementation should be perfect mapping of the
design document in a suitable programming language in order to achieve the
necessary final product. Often the product is ruined due to incorrect programming
language chosen for implementation or unsuitable method of programming. It is better
for the coding phase to be directly linked to the design phase in the sense if the design
is in terms of object oriented terms then implementation should be preferably carried
out in a object oriented way. The factors concerning the programming language and
platform chosen are described in the next couple of sections.
The implementation stage in a system project involves
• Careful planning
• Investigation of the current system and the constraints on
implementation.
• Training of staff in the newly developed system.
Page 32
7.2 Selection of the platform
Windows XP provides the most dependable version of Windows ever with the best
security and privacy featuresWindows has ever provided. Overall, security has been
improved in Windows XP have a safe, secure, and private computing experience.
Windows XP is available in two editions—Windows XP Home Edition for home use,
and Windows XP Professional for businesses of all sizes. Security features in
Windows XP Home Edition make it even safer to shop and browse on the Internet.
Windows XP Home Editioncomes with built-in Internet Connection Firewall software
that provides you with a resilient defense to security threats when you're connected to
the Internet, particularly if you use always-on connections such as cable modems and
DSL. Windows XP Professional includes all of the security capabilities of Windows
XP Home Edition, plus other security management features. These important new
security features will reduce the IT costs and enhance the security of the business
systems. Windows XP Home Edition security services have been designed to be
flexible, and take into account a wide variety of security and privacy situations that
will be facedfor home users. If security model in Microsoft® Windows NT version
4.0 and Microsoft® Windows® 2000 are familiar and well known ,then many of the
security features in Windows XP Home Edition may be witnessed. At the same time
number of familiar features that have changed significantly, along with new features
that will improve the ability to manage system securitycan be witnessed. For example,
ife Internet is used to chat online or to send and receive e-mail, It may be vulnerable
to attacks. To protect from these threats, Windows XP has incorporated enhanced
security features that make online experience even safer. Let's take a look at the
important security and privacy features in Windows XP Home Edition that make the
information more secure while having the most productive Windows user experience
ever. Windows XP Professional includes a number of features that businesses can use
to protect selected files, applications, and other resources. These features include
access control lists (ACLs), security groups, and Group Policy—in addition to the
tools that allow businesses to configure and manage these features. Together they
provide a powerful, yet flexible, access control infrastructure for business networks.
Windows XP offers thousands of security-related settings that can be implemented
individually. The Windows XP operating system also includes predefined security
templates, which businesses can implement without modifications or use as the basis
Page 33
for a more customized security configuration. Businesses can apply these security
templates when they:
• Create a resource, such as a folder or file share, and either accept the default
access.
• Control list settings or implement custom access control list settings.
• Place users in the standard security groups, such as Users, Power Users, and
Administrators, and accept the default ACL settings that apply to those
security groups.
• Use the Basic, Compatible, Secure, and Highly Secure Group Policy templates
that have been provided with the operating system.
Each of the Windows XP security features—ACLS, security groups, and Group
Policy—have default settings that can be modified to suit a particular organization.
Businesses can also make use of relevant tools to implement and modify access
control. Many of these tools, such as the Microsoft Management Console snap-ins,
are components of Windows XP Professional. Other tools are included with the
Windows XP Professional Resource Kit.
7.3 Selection of Language
For the implementation of this project there is a need for flexible systems
implementation language. Compilation should be relatively straightforward. Compiler
should provide low-level access to memory, provide language constructs that map
efficiently to machine instructions and require minimal run-time support. Program
should be compiled for a very wide variety of computer platforms and operating
systems with minimal change to its source code. For Graphical User Interface
programming, language chosen must be simple to uses, secure, architecture neutral
and portable. Additional requirements of GUI are: 1) User interface management:
Windows, menus, toolbars and other presentation components be supported by the
language.2) Data and presentation management: language must contains a rich toolset
for presenting data to the user and manipulating that data. 3) The Editor: The
language should have a editor, a powerful and extensible toolset for building custom
editors. 4) The Wizard framework: A toolset for easily building extensible, user-
friendly Wizards to guide users through more complex tasks. 5) Configuration
management: Rather than tediously writing code to access remote data and manage
Page 34
and save user-configurable settings, etc., all of this is can be well handled by Matlab
Programming Language. Therefore Matlab is chosen for the GUI development.
7.4 Algorithm Description
7.4.1 Location dependent key management system
Location dependent key management system is used to prevent the malicious links by
attackers to the sensor nodes. Algorithm for Location dependent key management
system is given below.
Start
// Number of Sensor nodes
// Area length of sensor boundary
// Area width of sensor boundary
// Maximum range of then sensor node
// power levels for anchor nodes
// maximum radius anchor node
// Threshold for setting up link
// Common Key
Step 1:
Create coordinates for anchor node
Step 2:
Set anchor path so that each part of area is covered
Step 3:
Common key is given to all sensor nodes and anchor node
Step 4:
Generate random number till 10000
Step 5:
Take set of 2000 random numbers and assign as Key pool
Step 6:
If Common key is a member of Key pool
Go to Step 5
Page 35
Else
Continue
Step 7:
Take set of 100 random numbers from step 5, assign as Key ring and
give to each sensor nodes
Step 8:
Generate random number till 90
Step 9:
Generate five random keys from Step 8 and assign as Power keys
Step 10:
Take one by one Power key and encrypt it using Common key
Start
Encrypt (Power key, Common key)
1. Convert Power key to binary and store it in variable A
If mod common key, 7=0
A = [A (end); A (1: end-1)]
End
r =rem(commonkey.length (A))
Encrypted message = [A(r+1: end); A (1: r)]
2. Apply binarytomsg function for encrypted message.
Stop
Step 11:
Divide power levels between 0 and maximum radius to determine the
radius of different power levels
Step 12: Assign each power levels with different colors
1. 1st Power level with white color.
2. 2nd Power level with green color
3. 3rd Power level with blue color
4. 4th Power level with red color
5. 5thPower level with yellow color
Step 13:
Read one by one mobile anchor position and take the readings of the
movement.
Page 36
Step 14:
Draw the trajectory for each node who receives the encrypted Power
keys from anchor node
Step 15:
Each sensor nodes receives the encrypted Power keys by anchor node
based on the Power level to which they fall
If sensor nodes lie in the region of 1st Power level
Transmit all five encrypted Power keys to that node
Else If sensor nodes lie in the region of 2nd Power level
Transmit four encrypted Power keys to that node
Else If sensor nodes lie in the region of 3rd Power level
Transmit three encrypted Power keys to that node
Else If sensor nodes lie in the region of 4th Power level
Transmit two encrypted Power keys to that node
Else if sensor nodes lie in the region of 5th Power level
Transmit only one encrypted Power keys to that node
Step 16:
Decrypt the encrypted Power keys using common key
Step 17:
Perform hashing on Power key
Start
K= key hashing (power keys)
L= length(power keys)
// multi = 1
// sum1 = 0
For i=1: L
multi=power key{i}*multi
sum1 = sum1 + power key{i}
K= (multi-sum1)
Stop
Step 18:
Hashed power keys are appended with original Key ring to get Derived
keys.
Step 19:
Page 37
Distributeattackers in the region
Step 20:
Assume some random keys by attacker
Step 21:
Ifnumber of random keys between the attacker and sensor node
>=Threshold for setting up link
Set up malicious communication link between the two nodes
Else
Do not set up malicious communication link between the two
nodes
Step 22:
Find the probability of setting up communication link by the attacker
Stop
7.4.2 Encryption Algorithms
Encryption algorithms are used to protect data from attackers who have established
malicious link to sensor nods .Three different encryption algorithm have been
discussed below
7.4.2.1 Domingo-ferrer Algorithm
Start
// M=Message
// k
Step 1:
Generate matrix of uniformly distributed random integers
Step 2:
Encrypted Message = mod (k+m,M)
Stop
7.4.2.2 Elliptic Curve Naccache-Stern (EC-NS) Encryption Algorithm
Start
// p, q, b, g, sigma, r
// M= Message.
Step 1:
Page 38
Calculate ‘n’ by multiplying ‘p’ and ‘q’
Step 2:
Encrypted Message = (M+sigma*r)*G;
Stop
7.4.2.3 Elliptic Curve ElGamal (EC-EG) Encryption Algorithm
Start
// e, p, g, x, k.
//M= Message
Step 1:
Calculate’ Y’ by multiplying ‘X’ with ‘G’.
Step 2:
Calculate’ R’ by multiplying ‘K’ with ‘G’
Step 3:
Calculate S = M + k*Y
Step 4:
Encrypted Message = [R S]
Stop
7.4.3 Security Analysis
Security analysis is used to check the probability of hacking of data by attackers so
that we can come to a conclusion of what‘s the probability of securing data in wireless
sensor network? .The steps are shown below
Start
Step 1:
Attacker who has succeeded in establishing the malicious link with the
sensor node tries to decrypt the message.
Step 2:
Page 39
Attacker assumes keys of encryption algorithm.
Step 3:
If he is successful in breaking the encryption algorithm he will get the
original plaintext
else
He will not be successful in getting original plaintext.
Step 4: Calculate the probability of attacker succeeded in getting original
plaintext.
Stop
CHAPTER 8
RESULTS AND ANALYSIS
8.1 Introduction
This chapter presents the results of simulated outputs with respect to probability of
hacking data for Location dependent key management technique,Location dependent
key management techniquewith Domingo-ferrer encryption algorithm, Location
dependent key management techniquewith Elliptic Curve Naccache-Stern (EC-
NS)encryption algorithm,Location dependent key management techniquewith Elliptic
Curve ElGamal (EC-EG) encryption algorithm. The observations are made for
Location dependent key management techniquewith Domingo-ferrer encryption
algorithm, Location dependent key management techniquewith Elliptic Curve
Naccache-Stern (EC-NS)encryption algorithm,Location dependent key management
techniquewith Elliptic Curve ElGamal (EC-EG) encryption algorithm.with respect to
the probability of hacking data by increasing the number of rounds of execution and
finally suggesting the best one .
8.2 Snapshots
Below are some of the snapshots of different phases of the proposed system.
Page 40
Fig 8.1 :Initial window showing the sensor boundary with sensor nods deployed
Fig 8.2: Communication in Sensor network without key management and encryption
Fig 8.2 represents communication in sensor network without key management and encryption
where the attackers succeed in establishing malicious links with all the neighboring
nodes(probability of malicious /compromised links to the neighboring nodes is 1) and as
encryption is not applied to data in sensor nodes all the data in sensor nodes are easily hacked
.
Page 41
Fig 8.3 : A phase of Location dependent key management technique showing position of
anchor node at an instant of time
Fig 8.4: A phase of Location dependent key management technique showing different
power levels
Fig 8.4 shows different power levels where power keys are transmitted to the sensor
nodes based on the power level to which each sensor nodes belongs.
Page 42
Fig 8.5: Location dependent key management technique in Sensor networks
Fig 8.5 represents communication link set up stage where Location dependent key
management technique is used and the number of malicious links to the sensor nodes by
attacker is reduced.
(Probability of malicious/compromised links is 0.31 where the percentage decrease of
malicious link from the scheme where no key management and encryption are used as shown
in Fig 8.2 is nearly 70 %) .
Page 43
Fig8.6: Location dependent key management Scheme along with EC-NS encryption
Fig 8.6 represents communication phase. Attacker is shown by red nodes and the the
number of malicious links of him which are successful in getting data is shown by red
links .As there are no red link none of the data is being hackedand the probability of
hacking data is 0. Percentage of hacking data compared to scheme where no key
management and encryption are used as shown in fig 8.2 is reduced by 100% and
percentage of hacking data from scheme which uses only key management as shown
in Fig 8.5 is reduced by nearly 30%.
Fig 8.7: Location dependent key management Scheme along with EC-EG encryption
Fig 8.7 represents communication phase. Attacker is shown by red nodes and the the
number of malicious links of him which are successful in getting data is shown by red
links .As there are no red link none of the data is being hackedand the probability of
hacking data is 0. Percentage of hacking data compared to scheme where no key
management and encryption are used as shown in fig 8.2 is reduced by 100% and
percentage of hacking data from scheme which uses only key management as shown
in Fig 8.4 is reduced by nearly 30%.
Page 44
Fig 8.8: Location dependent key management Scheme along with Domingo-Ferrer
encryption
Fig 8.8 shows communication phase. Attacker is shown by red nodes and the the
number of malicious links of him which are successful in getting data is shown by red
links .As there are no red link none of the data is being hackedand the probability of
hacking data is 0.013. Percentage of hacking data compared to scheme where no key
management and encryption are used as shown in fig 8.2 is reduced by 99.087% and
percentage of hacking data from scheme which uses only key management as shown
in fig 8.5 is reduced by nearly 29 %.
8.3 Analysis
All proposed strategies have been implemented and compared on Matlab. All the
proposed strategies are analysed for the probability of hacking data/links by
increasing the number of rounds of execution.
Fig 8.9 shows the graph where Location dependent key management with
Domingo ferrerencryption,Location dependent key management with EC-NS and
Location dependent key management wih that EC-EG are compared by running the
algorithms number of times against the probability of hacking data and have found
that Location dependent key management with EC-NS givs better result.
Page 45
Fig 8.9: Graph showing the comparison of location dependent key management with all
the three encryption schemes .
CHAPTER 9
Page 46
CONCLUSION AND FUTURE ENHANSEMENT
9.1 Conclusion Since Wireless Sensor Networks (WSN) has been evolved, they are used in many
critical applications like military and so on . So there is need for securing data in
Wireless Sensor Networks.
In this project work, keeping in mind the major problem of securing data in
Wireless Sensor Networks, a system which is a combination of Key Management
technique along with encryption schemes have been developed. In this project work a
key management schemecalled Location dependent key Management technique
(LDK) for sensor networks along with Domingo ferrer encryption algorithm,Elliptic
CurveNaccache-Stern (EC-NS) Encryption Algorithm,Elliptic Curve ElGamal (EC-
EG) encryption algorithms have been developed. Comparison of these three
encryption system along with Location dependent key management technique has also
been shown.
9.2 Future Enhancement
Due to limitation of time and constraint of resource, the current project work is
restricted to specific functionality only. But in case if such obstruction are conquered,
then the current project work could be extended to following future enhancement.
• The existing project work could be enhanced to design a group key
management scheme for simultaneous multiple groups with overlapped
membership, where the idea is to develop an efficient secure multiple
groupskeymanagement scheme with overlapping membership based on Key-
User Tree structure with following properties. a) Scheme handling multiple
groups simultaneously. b) Group members within a group can communicate
securely. c) Group members of one group can communicate with other group
members securely. This future idea will be expected to accomplish significant
reduction in rekeying cost, storage and scales well in comparison.
• Another feasibility of future modification for the current research work will be
to design a key management technique for static sensor networks so that the
probability of hacking the links still decreases compared to the one that is
proposed.
Page 47
• Another feasibility of future modification for the current research work will be
to design encryption schemes to be stronger than the encryption schemes those
have been proposed.
REFERENCES
Page 48
[1] JinatRehana. “Security in Wireless Sensor Network”. Helsinki University of
Technology, April 2009.
[2] Andreas A. Strikos.” A full approach for Intrusion Detection in Wireless
Sensor Networks”.School of Information and Communication Technology,
KTH Stockholm, Sweden, March 2007.
[3] Wenliang Du, Jing Deng, Yunghsiang S. Han, Shigang Chen, and Pramod
K.”A keymanagement scheme for wireless sensor networks using deployment
knowledge”, April 2004.
[4] Wenliang Du, Jing Deng Yunghsiang, S. Han Pramod and K. Varshney,”key
management in wireless sensor networks extended abstract”, Department of
Electrical Engineering and Computer Science, Syracuse University, Syracuse,
USA.
[5] Loukaslazos and RadhaPoovendran,“SeRLoc: Robust Localization for
Wireless Sensor Networks”,ACM Transactions on Sensor Networks, Vol. 1,
No. 1,pp. 73-100, August2005.
[6] DebarghAcharya and Vijay Kumar,”Location Aware Pair-wise Key
GenerationSchemesfor Wireless Sensor Networks”, SCE, Computer Science,
University of Missouri-Kansas City USA,2004.
[7] Siu-Ping Chan, RadhaPoovendran and Ming-Ting Sun,”A Key Management
Scheme in Distributed Sensor Networks Using Attack
Probabilities”.Department of ElectricalEngineering,University of Washington,
Seattle, Washington, USA,2005.
[8] Tanveer Zia, Albert Zomaya and NedalAbabneh,”Evaluation of overhead in
security mechanism in wireless sensor network” In proceedings
ofInternational Conference on SensoTechnologie andApplications
(SENSORCOMM 2007), October 14-20, 2007, Valencia,Spain.
[9] Fei Hu, Jim Ziobro, Jason Tillett and Neeraj K. Sharma,”Secure Wireless
Sensor Networks Problems and Solutions”,2005.
[10] S. Padma Priya and Mr. JayaramPradhan,” efficient security framework for
detection and isolation of attackers in low rate wireless personal area
network”,IJCSNS International Journal of Computer Science and Network
224 Security, VOL.8 No.7, July 2008.
Page 49
[11] X. Wang, W. Gu, K. Schosek, S. Chellappan, and D. Xuan,”Sensor network
configuration under physical attacks”,Dept. of Computer Science and
Engineering, The Ohio-State University, July 2004.
[12] X. Wang, W. Gu, S. Chellappan, D. Xuan, and T. H. Laii,“Search-based
physical attacks in sensor networks: Modeling and defense”,Dept. of
Computer Science and Engineering, The Ohio-State University, Feb. 2005
[13] C. Hartung, J. Balasalle, and R. Han,“Node compromise in sensor networks:
The need for secure systems”.Department of Computer Science, University of
Colorado at Boulder, 2004.
[14] R. Anderson and M. Kuhn, “Tamper resistance - a cautionary note”,In
proceedings ofThe Second USENIX Workshop on Electronic Commerce, 1996.
[15] R. Anderson and M. Kuhn,”Low cost attacks on tamper resistant devices”, In
proceedings of IWSP: International Workshop on Security Protocols, LNCS,
1997.
[16] O. K¨omerling and M. G. Kuhn,”Design principles for tamperresistant
smartcard processors” In proceedings of USENIX Workshop on
SmartcardTechnology , May 1999.
[17] J. Deng, R. Han, and S. Mishra,"Security, privacy, and fault tolerance in
wireless sensor networks”, Aug. 2005.
[18] N. Sastry, U. Shankar, and D. Wagner,”Secure verification of location
claims.” In proceedings of ACM Workshop on Wireless Security, Sept. 2003.
[19] A.Perrig,J.Stankovic and D.Wagner,”Security in wireless sensor
networks”,Commun. ACM 47(6):53–57, 2004.
[20] L. Hu and D. Evans,”Using directional antennas to prevent wormhole attacks”.
In proceedings of 11th Annual Network and Distributed System Security
Symposium, Feb. 2004.
[21] X. Wang, W. Gu, S. Chellappan, K.Schoseck, and D. Xuan,”Lifetime
optimization of sensor networks under physical attacks”,In proceedings of
IEEEInternationl Conference on Communications, May 2005.
[22] A. Seshadri, A. Perrig, L. van Doorn, and P. Khosla.”Swatt: Software-based
attestation for embedded devices”, In proceedings of IEEE Symposium on
Security and Privacy, May 2004.
Page 50
APPENDIX
1. Code of Location dependentKey Management
1.1 Predeployment phase
Page 51
% Common key
% Common key is given to all sensor nodes and anchor node
K = 1345; % Take any random number
% Original key ring is given to only sensor nodes
P_size=2000; % Size of original key pool
R_size=100; % Size of original key ring
% Define key pool
A=randperm(10000); % Generate random number till 10000
key_pool = A(1:P_size); % Take random numbers
P=key_pool; % Key pool
% Check whether the common key is a member of Key pool?
Kset=0;
whileKset==0
ifismember(K,P)
K = randint(1,1,1000);
else
Kset=1;
end
end
% Generate the original key ring
R=struct;
for i=1:node_num
% Take randomly the set of R
R_idx=randperm(length(key_pool)); R(i).Okey=P(R_idx(1:R_size));
R(i).commonkey=K;
R(i).Dkey = [];
end
1.2 Initialization Phase
% Decide the becons from sensor nodes
% Generate five random keys.
A=randperm(90); % Generate random number till 90
power_keys = A(1:powerlevels); % Take random numbers
% Encrypt the keys using the common key K
Page 52
% Take one by one key and encrypt it
PowerCy_text=cell(1,length(power_keys));
for i=1:length(power_keys)
Pkey=power_keys(i);
Pstr=['P' num2str(Pkey)];
PowerCy_text{i}=encrypt(Pstr,K);
end
% Determine the radius of different powerlevels based on number of
% powerlevels and maximum radius of the anchor node power.
% Divide power levels between 0 and maximum radius
Rp=linspace(0,rad_anchor,powerlevels+1);
% Delete first element which is zero
Rp(1)=[];
% Read one by one mobile anchor position and take the readings of the
% movement. Make the trajectory set of each node who receives the beacon
% from anchor node.
Ai=cell(1,node_num);
nodeids=cell(1,idx-1);
colors = {'w','g','b','r','y'};
for i=1:anchor_num
% Take X position
Ax = anchor_x(i);
% Take Y position
Ay = anchor_y(i);
% Plot network trajectory
plot(node_x,node_y,'.');
hold on
% Plot anchor node
plot(Ax,Ay,'r*')
axis([-rad_anchorwidth+rad_anchor -rad_anchor length1+rad_anchor])
% draw_circle1(Ax,Ay,rad_anchor,'r')
% Calculate nodes which receives the beacon from the anchor node
node_ids=[];
forkk=1:node_num % For all node
Page 53
Nx = node_x(kk);
Ny = node_y(kk);
d= calc_dist([Ax,Ay],[Nx,Ny]);
% if the distance is within range of each power level
for pp = 1 : powerlevels
draw_circle1(Ax,Ay,Rp(pp),colors{pp} )
if d<=Rp(pp)
line([Ax Nx],[Ay Ny],'color','r')
% Calculate Determined key ring
rec_cy=PowerCy_text{pp};
Okey = R(kk).Okey; % Take original keyring of the node
Ck = R(kk).commonkey; % Common key
rand_no=decrypt(rec_cy,Ck); %Decrypt the cypertext using common key
% Remove P charcter and covert to double
rand_no=str2double(rand_no(2:end));
% hashing
fornn= 1:length(Okey)
Hkey(nn) = key_hashing(rand_no,Okey(nn));
end
% Append keys
R(kk).Dkey = [R(kk).DkeyHkey];
node_ids=[node_idskk]
Aids=[Ax; Ay];
Ai{1,kk}=[Ai{1,kk} Aids];
end
end
end
nodeids{1,i}=node_ids;
title('Initialization phase');
hold off
pause(0.0001)
% pause;
End
Page 54
1.3 Attacker trying to set up link
% Distribut attackers in the region
[Ax,Ay]=creatnode(Nattack,length1,width);%· Create coordinates
% Plot attackers
plot(Ax,Ay,'rs','Markerfacecolor','r','markersize',8)
hold on
% Try to set up communication link with other nodes
pause(0.1)
% Plot network trajectory
plot(node_x,node_y,'.');
hold on
comm_link = [];
txt = 'hello';
M = double(txt);
pause(0.1)
count1 =0;
for i=1:Nattack
fprintf('Node %d is trying to set up a link\n',i)
axis([-rad_anchorwidth+rad_anchor -rad_anchor length1+rad_anchor])
title('Communication stage');
Nx1 = Ax(i);
Ny1 = Ay(i);
for j = 1:node_num
Nx2 = node_x(j);
Ny2 = node_y(j);
d= calc_dist([Nx1,Ny1],[Nx2,Ny2]);
if d<2.5 % if the node is within range
forkk = 1:200
Rdkey = round(30000*rand(1,3000));
% Generate some random derived key try to hack the channel
z=intersect(R(j).Dkey,Rdkey);
ck = length(z);
if ck~=0
Page 55
ck
end
ifck>=Nc
ck
% Set up the communication link
line([Nx1 Nx2],[Ny1 Ny2],'color','r')
comm_link = [comm_link;i j];
count1 = count1+1;
fprintf('%d attacker has set up link with node %d\n',i,j)
pause(0.01)
break;
end
end
end
end
end
2. Encryption Phase
2.1 Domingo Ferrer Encryption
M = 1232423;
% r = randi([1,M-1],1);
r = randint(1,1,[1,M-1]);
e1 = mod(k+m,M);
C = mod(m*r,M);
d1 = mod(C/r,M);
mod(e1-k,M);
C = e1;
2.2 Elliptic Curve Naccache-Stern (EC-NS) algorithm
p = 250;
Page 56
q = 450;
n = p*q;
b = 234;
sigma =12345;
G = 35234;
mu = lcm(p+1,q+1);
%% Encryption
% m = [5 7 0 8];
% r = 120;
C = (m+sigma*r)*G;
%% Decrypt
mrec = (C/G)-(sigma*r);
% G_1 = (mu/sigma)*G;
% val = (mu/sigma)*C;
% m = log([val,G_1])
% m = C/G
2.3 Elliptic Curve ElGamal (EC-EG) algorithm
E = 100;
p = 230;
G = 340;
% x = 100;
Y = x*G;
%%
k = 12;
R = k*G;
S = M + k*Y;
C = [R S];
%%
% M = -x*12*G+M+x*k*G
M = -x*R+S;