240 likes | 489 Views
A Distributed Security Framework for Heterogeneous Wireless Sensor Networks. Presented by Drew Wichmann Paper by Himali Saxena, Chunyu Ai, Marco Valero, Yingshu Li, Raheem Beyah. Wireless Sensor Network (WSN) Security. Applications Attacks Sinkhole Wormhole DoS Jamming Sybil Hello Flood
E N D
A Distributed Security Framework for Heterogeneous Wireless Sensor Networks Presented by Drew Wichmann Paper by Himali Saxena, Chunyu Ai, Marco Valero, Yingshu Li, Raheem Beyah
Wireless Sensor Network (WSN) Security • Applications • Attacks • Sinkhole • Wormhole • DoS • Jamming • Sybil • Hello Flood • Defense Mechanisms
Memory Constraints • Mica2 mote • 4KB RAM • 128KB program memory • 60KB for Operating System • 45.26KB Code Dissemination Tool • 7.2KB Link Layer Security • 88% of memory consumed
Proposal • Distributed Security Framework (DSF) which can detect and defend against all known attacks efficiently • A warning mechanism can inform other clusters to install defense mechanisms for potential attacks in advance, thus reducing the impact caused by attacks • The security framework is modular and scalable, thus defense mechanisms for new or future attacks can be easily added
Assumptions • Base station and Gateway nodes tamper proof • Attacker has regular node capabilities • Those within transmission range are at higher risk • Gateway Nodes have enough memory to store all defense schemes • No false positives
Network Model • Heterogeneous Network • Gateway Nodes • Regular Nodes • Divide into clusters • Communication • Gateway nodes require only single hop • Regular nodes use multi-hop to communicate with gateway nodes
Threat Model • Two scenarios for attack • Single cluster • Multiple clusters • The attacker can change position • A compromised node has all material available
Problem Definition • Goal • Significantly reduce an attack’s effectiveness • There are a set of attacks, A ={A1 , A2 , … , An } • For every attack Ai , there exists a defense scheme Di • For every defense scheme Di , the program size is Pi • Each regular node has an available program memory of • Can only store a subset S of D
Problem Definition (continued) • Assign weight Wji to an attack Ai for a gateway node Gj • Wji represents the possibility of the attack Ai occurring in Gj • Knapsack Problem:
The security framework to efficiently defend against all known attacks DSF Architecture
Routing Protocol • Gateway nodes calculate routes for each pair • Regular nodes periodically send current state • If reports are not received on time, then the regular node is assumed dead • Gateway level uses Destination Sequenced Distance Vector (DSDV)
Warning Messages • When an attack is detected, send a warning Wk • Wk = { Ai , Gs , WWk , Tk } • Each gateway node maintains a received warning list Lj • Keeps one entry per (Ai , Gs) • Then the likelihood of each attack is calculated
Propagate the subset • Solve: • Send the new defense mechanism images for S • Use Seluge to transmit the images • Protects this cluster from new attacks • With the warning system, can enable defense of future attacks in other clusters
Performance Analysis • Parameters: • Metrics • Success Rate • Energy Consumption
Performance Analysis • Three schemes • Distributed Security Framework (DSF) • One Security Scheme (OSS) • Multiple Security Schemes (MSS)
Conclusion • Dynamically use available memory to provide security from multiple attacks • Warning scheme can enable prevention of future attacks • Simulation results confirm DSF performs well • Future work • Individual sensor subsets • Gateway node compromising • False positives and negatives • Implementation on real sensors • Thrashing Attacks