Social Media

A Security Adaptation Reference Monitor for Wireless Sensor Network

Description
ABSTRACT Security in Wireless Sensor Network has become a hot research topic due to their wide deployment and the increasing new runtime attacks they are facing. We observe that traditional security protocols address conventional security problems
Categories
Published
of 11
All materials on our website are shared by users. If you have any questions about copyright issues, please report us to resolve them. We are always happy to assist you.
Related Documents
Share
Transcript
  International Scholarly Research Network ISRN Communications and NetworkingVolume 2012, Article ID 528374, 10 pagesdoi:10.5402/2012/528374 Research Article  ASecurityAdaptationReferenceMonitorfor WirelessSensorNetwork  TewfiqEl-Maliki 1 andJean-MarcSeigneur 2 1 Information Technology Department Hepia, University of Applied Sciences and Arts Western Switzerland, 1202 Geneva, Switzerland   2  Advanced Systems Group, University of Geneva, 1211 Geneva 4, Switzerland  Correspondence should be addressed to Tewfiq El-Maliki, tewfiq.elmaliki@hesge.chReceived 14 March 2012; Accepted 19 April 2012Academic Editors: K. Teh, Y. M. Tseng, and A. VaccaroCopyright © 2012 T. El-Maliki and J.-M. Seigneur. This is an open access article distributed under the Creative CommonsAttribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the srcinal work isproperly cited.SecurityinWireless Sensor Network has become ahotresearchtopic duetotheirwide deployment andtheincreasing new runtimeattacks they are facing. We observe that traditional security protocols address conventional security problems and cannot deal withdynamic attacks such as sinkhole dynamic behavior. Moreover, they use resources, and limit the e ffi cient use of sensor resourcesand inevitably the overall network e ffi ciency is not guaranteed. Therefore, the requirements of new security mechanisms must beaddressed in a flexible manner. Indeed, there is a lack of generic security adaptation protocols to deal with extremely dynamicsecurity conditions and performances in a context of Wireless Sensor Network where reliability is a critical criterion for many applications. This paper proposes our Security Adaptation Reference Monitor for Wireless Sensor already validated in proximity-based wireless network. It is based on an autonomic computing security looped system, which fine-tunes security means based onthe monitoring of the context. Extensive simulations using agent-based approach have been conducted to verify the performanceof our system in the case of sensor network in the presence of sinkhole attacks. The results clearly show that we are e ffi cient interms of survivability, overall network utilization, and power consumption. 1.Introduction A Wireless Sensor Network (WSN) consists of a largenumber of low-power, and multifunction sensor nodesthat communicate as one hope, multihop, or cluster-basedmodels to send data to one or many base stations (BSs)through wireless links [1]. These BSs are highly enrichedwith a large amount of energy. WSNs represent a challengingand an interesting research area due to the constraintsinvolved. The small size of the sensors and the networkingcapability increase the appeal of WSNs for use in daily life. Distributed computing and routing could be wellappliedincaseofmultihopeandcluster-basedmodels.Thesecapabilities enable WSNs to provide significant advantagesfor many applications that were not possible in the past.The WSN is built by deploying the sensing nodes in thearea of interest to form a self-configured network and startacquiring the necessary information. The unique propertiesof WSNs increase flexibility and reduce user involvementin operational tasks. Battlefield surveillance, forest firedetection, and smart environments are some well-knownapplications. Since the nodes in WSN are battery operatedand have a limited lifetime to operate, there is a growingneed of energy aware security algorithm performing low computational load to preserve the network lifetime.WSN involves a huge number of interactions with itsenvironment where security is also di ffi cult to ensure againstdynamic changing attacks. Indeed, it is highly challenging tomaintain the overall security at the highest level due to theconfiguration complexity and the runtime changing context.Inaddition tothesecuritychallenge,datatransferinWSNsismore susceptible to loss due to the nature of sensors (powerand processing, etc.) and the high error rate of wirelesslinks. Moreover, sinkhole attackers by means of dynamicchanging behavior skyrocket the packet loss. Therefore, themost crucial constraint in WSN which is reliability is not atall guaranteed.In general, most applications cannot operate in caseof high packet loss. Thus, reliability, being a key issue insensor networks, is definitely one of the important criteria  2 ISRN Communications and Networkingto evaluate the quality of WSNs. Accordingly, the conceptthat must cope with this new security challenge in terms of availability has to be based on dynamic adaptation security system to satisfy an overall performance such as network reliability and energy loss. We have already proposed ageneric Security Adaptation Reference Monitor (SARM) as acompelling solution for such problems [2]. In this paper, wewill apply it for WSN under sinkhole attacks. Please note: weuse security in general term including availability, reliability,and survivability.In Section 2, we survey other related works. Section 3 gives the problem statement, highlighting the motivation of our work. Section 4 introduces SARM for WSN and explainsits components and functionalities. Section 5 explains ourexperiments and simulation implementation to validateSARM in the case of sensor network. Our simulation resultsand performance analysis are presented in Section 6 andSection 7 concludes our paper. 2.RelatedWork  The concept of adaptive security in wireless network is usedto mitigate the consequences of a substantial number of runtimethreats,whenitdoesnotcompletelyeliminatethem.Many systems rated at the higher levels of security fordata are implemented according to the reference monitorconcept. First introduced by Anderson [3], a referencemonitor is a concept that has proven to be a useful tool forcomputer security experts. It is the only e ff  ective tool knownfor describing the abstract requirements of secure systemdesign and implementation.Reference [4] has also proposed an adaptive security application in wireless ad hoc and sensor networks, wherenetwork conditions play a role in choosing relevant security mechanisms at runtime.Chiang et al. [5] have proposed an approach to increasethe availability of WSNs but they need additional hardwarewhich generates more cost. Consequently, a suitable security service is must be provisioned in a progressive way to achievethe maximum overall security services against network per-formance services throughout the course of sensor networksoperation. Security in sensor networks is complicated by theconstrained capabilities of the sensor node hardware and thedeployment properties [6–8]. All aspects of the wireless sensor network are beingexamined including secure and e ffi cient routing [9–12], data aggregation [13–16], and group formation [17, 18]. Although there are some existing architectures for WSN thatpartially solve these problems, it is still possible to pointout the neglected aspects that can be considered crucial forcreating a satisfactory security system.Other security issues include [19] security-energy assess-ment, data assurance, survivability, trust, end to end security,security and privacy support for data centric sensor net-works (DCS), and node compromise distribution. It is very important to study these areas due to the sensor network’sspecial character, such as battery limitation, high-failureprobability nodes, easier compromised nodes, and unreliabletransmission media. Until now, there have been only a few approaches available, and more studies are needed in theseareas. Furthermore, trust [20] is a good path to explorebecause it gives in some cases better results. 3.MotivationforOurFramework  We argue that the spare processing and transmissionresources are wasted in sensor environments if security isoverprovisioned. Hence, the trade-o ff   between security andperformance is essential in the choice of security services.Adaptive security mechanisms are also found in flexibleprotocol stacks for wireless networks [21], context-awareaccess control systems [22], and security architectures [23]. This prompted us for the implementation of a completely reconfigurable architecture [24], which is adapted to ter-minal and network context variability, particularly in thesecurity field [25]. Seigneur [20] has introduced autonomic security pattern in his security design but only at theauthentication level.Flexible security mechanisms are needed to respondto new types of attacks and to meet di ff  erent network requirements by setting specific protection. The requiredflexible security assessment can be achieved by introducing ageneric autonomic computing security framework accordingto Chess in [26, 27]. He describes the importance of  automatically configuring the security of various parts of thesystem and automatically making various security trade-o ff  saccording to the value of the assets being protected and thecost of the measures being employed to protect them.Becauseofthefollowinglimitations[17],layeredsecurity solutions are inadequate and/or ine ffi cient:(i) Redundant Security Provisioning: systematic security at each layer consumes more resources than neces-sary;(ii) Nonadaptive Security Services: because attacks ona WSN come from any layer and any protocol, acountermeasure scheme at only one layer is unlikely to guarantee security all the time;(iii) Power Ine ffi ciency: energy e ffi ciency must beaddressed because it is a crucial issue in WSN.The power e ffi ciency design cannot be addressedcompletely at any single layer in the networkingstack.In WSN case, the sensors have limited resources in termsofenergy.Sincethespendingofenergydramaticallyincreaseswith the range of transmission, the sensors usually forwardtheir messages to a Base Station (BS) [28] in a hop-by-hopfashion. It is quite easy for an attacker as a sinkhole [29]to defeat the WSN purpose by dropping messages whenreceived rather than forwarding them or to consume energy of other sensors by requesting them to continuously sendinformation.As mentioned earlier, it is highly challenging to keep theoverall security due to the configuration complexity and theruntime changing context. Moreover, assuring reliable datadelivery between the sensor nodes and the BS in wireless  ISRN Communications and Networking 3sensor networks is also a challenging task as it a ff  ects theability to sense event. In fact, the reliability of data transferis impacted by data loss due to nature of sensors in additionto high error rate of wireless links. The problem of achievingreliable communication between nodes is further aggravatedby the presence of sinkhole attackers whenever they arechanging dynamically their behavior. Therefore, the mostcrucial constraint in WSN, which is reliability, cannot beguaranteed.In addition, most applications cannot operate in case of high packet loss. Thus, reliability, being a key issue especially in sensor networks, is definitely one of the important criteriato evaluate the quality of wireless sensor networks. Thereby,the concept that must cope with this new security challengein term of availability has to be based on dynamic adaptivesecurity system to satisfy an overall performance such asnetwork reliability and energy loss.Thus, to lengthen the lifetime of wireless sensor network,an e ffi cient protocol needs to support reliable network inmost energy e ffi cient manner under sinkhole attacks.We propose a generic framework called Security Adap-tation Reference Monitor (SARM) as a compelling solutionfor this problem, because it is a looped system developedespecially for highly dynamic wireless network.Implementing this security scheme at each applicationlevel is not feasible because the change will interfere in eachcommunication program in each sensor. The best way toovercome this constraint is to implement it in the kernelwhich leads to an overall security control.Since the following constraints: energy limitation, decen-tralized collaboration, and fault tolerance are imposed insensor networks, algorithms for network security tend to bequite complex and usually defy analytical methods that havebeen proved to be fairly e ff  ective for traditional networks.Furthermore,applying new methods and mechanisms in realnetworks is very di ffi cult and not operational. It appears thatsimulation is the only feasible approach to the quantitativeanalysis of new algorithms in the wireless networks.We propose SARM for wireless environments based onan autonomic computing security looped system, whichfine-tunes security means based on the monitoring of thecontext including the application environment and energy consumption aspects. It is aimed to o ff  er a global adaptationsecurity scheme for any application instead of a classicallayered security mechanism. 4.SARMDescription We would like with SARM to fine-tune security means asbest as possible taking into account the risk of the currentenvironment and the performance of the system especially regarding the optimization of its energy consumption.Thereby, our system di ff  ers from others by its [2]:(a) autonomic computing security looped system,(b) dynamicandevolvingsecuritymechanismsrelatedtocontext-monitoring,(c) explicit energy consumption management. ContextUserVulnerability Adaptation actionsUser preferencesAnalysisMonitoringTunePoliciesLogsApplicationsManagement UnitFunctional unitApp dep. sec.Security meansApp indep. sec. Context gathering Performance    R   i  s    k Figure  1: SARM components high-level view. The concept of isolating various functions and restrictingtheir access to specific system can also be applied to security in wireless environment integrated in the operating systemitself. The best way to overcome the nonrealistic constraintof implementing the framework in each communicationprogram is to integrate it in the kernel and consequently having an overall security control. Thus, all communicationprograms go through SARM at some stage in order to gainaccess to communication resources.ThekeychallengeofSARMistheadaptationofReferenceMonitor (RM) [3] concept for wireless communication andbeyond data access control. The goal of a RM is to enforcesecurity by forcing all processes and also to prevent usersfrom accessing any data but only through the reference itself.The security kernel is managed by security policies. Wehave also chosen to apply the autonomic computing security pattern [27] to design SARM by dividing it into a functionalunit and a monitoring unit.To reduce the system complexity and to make the systemincremental, we propose a looped framework as introducedin [20] at the authentication level, that is, the systemautomatically tunes to its best configuration based on thecurrent monitored context, thus avoiding any static decisionmaking. Hence, we split SARM into two units looped as aservocontrolsystemmodeltofinetunetheadequatesecurity measures/means, which we will discuss later. One unit calledmanagement or monitor unit is for monitoring the contextby evaluating and analyzing risks, performances, and energy consumption, which are significant for detecting attacks andtuning the adequate security means using the second modulecalled functional unit.We have depicted in Figure 1 the di ff  erent components of SARM and their interconnections.Security means are defined as any algorithm or mech-anism that could ensure security but it could also be ano security action when it is not necessary. It includesalso the choice of the adequate network access too becausesome network communication technologies are more secure  4 ISRN Communications and Networking Table  1: Characteristic data for the Mica2dot sensor platform: 3V,4MHz, 915MHz transceiver, and transmit power 5dBm.Field ValueE ff  ective data rate 12.4kbpsEnergy to transmit 59.2 µ J/byteEnergy to receive 28.6 µ J/byte with higher energy consumption and others less securewith lower energy consumption. Security means can beapplication dependent such as a localized trust [30, 31] or a distributed trust [32] or application independent such ascryptographic protocols. Indeed, localized and distributedtrusts are good paths to explore because they generate low-computing charge (less energy consumption) and give insome cases better results. Thereof, we are fitting perfectly thecontext of WSN.Firstly, the application uses communication means. Thedefault preferences related to the chosen application aretaken. Secondly, the context gathering module will collectall information about the current context of the application.This information is sent to the Monitoring/ManagementUnit, which is responsible for all security analysis in accor-dance with the security policies based on log files in a firststage, risks, vulnerabilities, and energy consumption in asecond stage. The Logs are used to store all the informationabout the system: mainly the security problems. Risks, per-formances, and energy consumption analysis with policiesis a key issue in the framework because it is responsible fordetecting a potential unsecure context, a probable energy wasting environment, and/or a very vulnerable application.Thereby, the analysis could trade-o ff   between all theseconstraints to choose an e ffi cient action to tune the func-tional unit. Individual sensor nodes in a WSN have theinherent limitations in resources, which make the design of security procedures more complicated. 4.1. Sensors Energy Consumption.  A typical sensor nodeprocessor is of 4–8MHz, having 4KB of RAM, 128KBflash, and ideally 916MHz of radio frequency. Each of theselimitations is due in part to the two greatest constraints:limited energy and physical size [33]. Table 1 shows that receiving costs almost half the energy of sending. 4.2. WSN-SARM.  To validate SARM, we have applied anadapted version of SARM, called WSN-SARM, to theapplication domain of wireless sensor network. 4.2.1. Validation Application Domain Main Problem.  InWireless Sensor Networks (WSN), one of the main con-straints is to minimize energy consumption in order tomaximize the lifespan of the network. Indeed, sensor nodesare usually battery powered [34–36]. In order to increase the lifetime of sensor networks, various energy saving schemeshave been proposed.Oneofknownpossibilityforprolongingnetworklifetimeis energy balancing, which is the approach that we haveimplemented in our framework SARM for WSN. In anenergybalancednetwork,allthenodesdepletetheirenergyatthe same rate. It is an e ffi cient method to implement a data-gathering algorithm for WSN’s.Indeed, a data-gathering WSN is deployed over a regionto be monitored and when a sensor detects an event, it needsto report to the BS which is not limited in energy in our casestudy.We send messages to the BS in a hop-by-hope routingmethod. While this method searches to minimize the overallnetwork utilization of energy, since the power cost is infunction of distance to the power of a parameter ranged from2 to 5.This heavy load of tra ffi c on nodes near the BS bringsthem to deplete their energy rapidly.Thus, it creates bottleneck region in the network. Unfor-tunately, when too many of those nodes run out of energy,the sink becomes disconnected from the network, This leadsto put the network down while there may be plenty of energy remaining in nodes away from the sink. Therefore, it seemsthat energy balancing is a particularly promising way of maximizing the lifespan of networks accomplishing a data-gathering task.Another problem that challenges all the proposed solu-tion is sinkhole attack. Indeed, it compromises the balancinge ff  ect on the lifespan of any WSN. That’s why a countermea-sure is necessary in this caseWe propose as an e ffi cient solution our SARM with itsfeedback mechanisms and its Trust Function to balance theenergy through all reachable nodes to overcome sinkholeattacks. Then, we compare it with simple equidistribution(uniform packet repartition) without any feedback. 4.2.2. Validation.  The goal of this validation is to show thatSARM adapts security as e ffi ciently as possible by (a) keepinganappropriatelevelofsecuritydependingonthe context,(b) whilst maximizing the overall utilization,(c) and minimizing the power consumption. 4.2.3. WSN-SARM Description.  In Figure 2, we describemodule by module, how SARM is applied to the applica-tion domain of our validation, becoming the WSN-SARMversion.First of all, the security means, which can be tunedby SARM, are uniform packet repartition or unbalancedneighbors packet repartition or a set of suboptimal distancepaths. The application preference is to maximize the usagetime whilst keeping enough security. The gathering contextmodule is used to collect and distribute trust values betweenthe Base Station and nodes (sensors). These values representthe trust of a sensor about its neighbors. They are summa-rized in Table 2.The values are sent to the management unit for analysisusing a Trust Function (TF) that will assert the fact whichalgorithmhastobeusedornot.Inaddition,theperformance  ISRN Communications and Networking 5 TuneContext: sensingFunctional unitPreferences maximum energy saving reliability ApplicationsNot usedSecurity means Balanced or unbalanced distribution of packets and min distance Monitoring Received info from BSAnalysis trust function Policies Logs: sinkhole Management unit    R   i  s    k Performance: network reliability Vulnerability: packet lost sinkholes Send an action to security  Figure  2: WSN-SARM Modules. Base stationSinkholeIdle sensorTransmitting sensor Figure  3: Context of WSN-SARM. is fixed as energy saving in accordance with ApplicationPreference, which is lifespan maximizing.Each sensor sends packets uniformly to a number of Sensors within a defined range according to threshold usedas policy. Thanks to its context gathering module the TrustFunction has all information to evaluate the trust. Figure 3gives a representation of the context of each Sensor andbehavior of some of them.The management unit will integrate the Trust Func-tion TF that predicts whether or not to use uniform orunbalanced connections depending on the  output   of the TFdepending on historical  values  v  i ,  j  ( i  packets) sent by the BSto sensor z   about his neighbor sensor  j  within defined range.(i)  T  z  j ( v  ij )  =  ( Σ N i = 1 v  ij )  /N   [ T  z  j ( v  ij ): trust of sensor  z   insensor j and  v  i  are sent by BS as ACK,  N  : number of all packets sent by sensor  z   and received by the BS] Table  2: Behavior and recommended value sent by Base Station toSensor under sinkhole attack.Sensor Behavior over neighbors Recommended value to SensorNormal The packet is received (1)Sinkhole to neighbors’ by notsending packet The packet is lost ( − 1) (ii) Threshold  =  rand()For all  j  sensorsif ( T  z  j ( v  ij )  >  0TF is the summation of all positive Trust over  j neighborsif (TF  =  0)then  { we send uniformly  } else  { TF  >  threshold  } then  { we send the packet to sensor  j } End forThe system consists of one to many sensors with di ff  erentbehaviors that could change randomly. Therefore, we shouldhave analyzed the overall system characteristics in a realworld but that was very di ffi cult. The complexity of analysiscomes from the fact that every nodes acts independently from others. Therefore, our model will be studied usingsimulation tools in order to compare it with reference cases. 5.ImplementationandValidationMethodology  We have implemented WSN-SARM and validated it in a Sen-sor wireless network simulation developed with AnyLogic,which is a simulation tool that supports all di ff  erent sim-ulation methodologies: System Dynamics, Process-centric(a.k.a.DiscreteEvent),andAgent-Basedmodeling.Itisbasedon Real-time UML and Java object-oriented language. 5.1. Model Setup.  The basic element of an Agent-Basedmodel is the agent itself. By using an Agent-Based model, wehave created a new class that behaves as Sensor. Each Sensoris associated to a given agent matching with its location. As asensor is placed randomly, we have modeled its coordinatesusing  X   and  Y   random variables.Setting up our security model using Table 2, we cantake advantage of state chart by monitoring the behavior of agents. The state of our agents is controlled by state charts,which represents the exact behavior of sensors, as shown inFigure 4.Setting up our security model using Table 2, one can takeadvantage of state charts to control the behavior of Sensors.Using AnyLogic as implementation platform agents andespeciallystate-chartscanbeprogrammedveryconveniently.In particular modifications and/or extensions of the finalmodel can be handled in a simple way.
Search
Tags
Related Search
We Need Your Support
Thank you for visiting our website and your interest in our free products and services. We are nonprofit website to share and download documents. To the running of this website, we need your help to support us.

Thanks to everyone for your continued support.

No, Thanks