A Distributed Security Framework for Heterogeneous Wireless Sensor Networks

1. A Distributed Security Framework for Heterogeneous Wireless Sensor Networks Presented by Drew Wichmann Paper by Himali Saxena, Chunyu Ai, Marco Valero, Yingshu Li, Raheem Beyah

2. Wireless Sensor Network (WSN) Security • Applications • Attacks • Sinkhole • Wormhole • DoS • Jamming • Sybil • Hello Flood • Defense Mechanisms

3. Memory Constraints • Mica2 mote • 4KB RAM • 128KB program memory • 60KB for Operating System • 45.26KB Code Dissemination Tool • 7.2KB Link Layer Security • 88% of memory consumed

4. Proposal • Distributed Security Framework (DSF) which can detect and defend against all known attacks efficiently • A warning mechanism can inform other clusters to install defense mechanisms for potential attacks in advance, thus reducing the impact caused by attacks • The security framework is modular and scalable, thus defense mechanisms for new or future attacks can be easily added

5. Assumptions • Base station and Gateway nodes tamper proof • Attacker has regular node capabilities • Those within transmission range are at higher risk • Gateway Nodes have enough memory to store all defense schemes • No false positives

6. Network Model • Heterogeneous Network • Gateway Nodes • Regular Nodes • Divide into clusters • Communication • Gateway nodes require only single hop • Regular nodes use multi-hop to communicate with gateway nodes

7. Threat Model • Two scenarios for attack • Single cluster • Multiple clusters • The attacker can change position • A compromised node has all material available

8. Problem Definition • Goal • Significantly reduce an attack’s effectiveness • There are a set of attacks, A ={A1 , A2 , … , An } • For every attack Ai , there exists a defense scheme Di • For every defense scheme Di , the program size is Pi • Each regular node has an available program memory of • Can only store a subset S of D

9. Problem Definition (continued) • Assign weight Wji to an attack Ai for a gateway node Gj • Wji represents the possibility of the attack Ai occurring in Gj • Knapsack Problem:

10. The security framework to efficiently defend against all known attacks DSF Architecture

11. Routing Protocol • Gateway nodes calculate routes for each pair • Regular nodes periodically send current state • If reports are not received on time, then the regular node is assumed dead • Gateway level uses Destination Sequenced Distance Vector (DSDV)

12. Choosing the Defense Mechanism Subset

13. Warning Messages • When an attack is detected, send a warning Wk • Wk = { Ai , Gs , WWk , Tk } • Each gateway node maintains a received warning list Lj • Keeps one entry per (Ai , Gs) • Then the likelihood of each attack is calculated

14. Propagate the subset • Solve: • Send the new defense mechanism images for S • Use Seluge to transmit the images • Protects this cluster from new attacks • With the warning system, can enable defense of future attacks in other clusters

15. Security Framework Workings

16. Performance Analysis • Parameters: • Metrics • Success Rate • Energy Consumption

17. Performance Analysis • Three schemes • Distributed Security Framework (DSF) • One Security Scheme (OSS) • Multiple Security Schemes (MSS)

18. Success Rate

19. Success Rate

20. Energy Use

21. Energy Use

22. Effect of Mobile Attacker Speed

23. Conclusion • Dynamically use available memory to provide security from multiple attacks • Warning scheme can enable prevention of future attacks • Simulation results confirm DSF performs well • Future work • Individual sensor subsets • Gateway node compromising • False positives and negatives • Implementation on real sensors • Thrashing Attacks

24. Questions?