Wireless Sensor Network Safety Study M.Shankar 1, Dr.M.Sridar 2, Dr.M.Rajani 3

Transcription

1 Wireless Sensor Network Safety Study M.Shankar 1, Dr.M.Sridar 2, Dr.M.Rajani 3 1 Associate Professor and Head, for UG and PG studies Department of Electrical and Electronics Engineering Kuppam Engineering College, Kuppam, Andhra Pradesh magaprajin@gmail.com 2 Director of International Relations Bharath University, Chennai, , Tamilnadu, India, deaninternational@bharathuniv.ac.in 3 Director of R & D Bharath University, Chennai, , Tamilnadu, India, deanrd@bharathuniv.ac.in ABSTRACT Few security mechanisms in wireless sensor networks (WSNs) have been implemented, and even fewer have been applied in real deployments. The limited resources of each sensor node makes security in WSNs hard, as the tradeoff between security and practicality must be carefully considered. These complex systems include in their design different types of information and communication technology systems, such as wireless (mesh) sensor networks, to carry out control processes in real time. This fact has meant that several communication standards, such as Zig bee PRO, Wireless HART, and ISA100.11a, have been specified to ensure coexistence, reliability, and security in their communications. This work evaluates the impact of a security conditions and robustness criteria of routing protocols for WSN. Some of ITS features are not found in existing WSN simulation systems. It will provide the opportunity for implement and evaluate the routing algorithms and the designed to be that secure but for which there are in the experimental studies on the robustness and real impact of designed security mechanisms. 1. Introduction Sensors integrated into structures, machinery, and the environment, coupled with the efficient delivery of sensed information, could provide tremendous benefits to society. Potential benefits include: fewer catastrophic failures, conservation of natural resources, improved manufacturing productivity, improved emergency response, and enhanced homeland security. More specifically, sensor nodes will do local processing to reduce communications, and consequently, energy costs. We believe that most [1] efficient and adaptive routing model for WSN is cluster based hierarchical model. For a cluster based sensor network, the cluster formation plays a key factor to the cost reduction, where cost refers to the expense of setup and maintenance of the sensor networks. In wired data networks, nodes rely on pre-deployed trusted server to help establish trust relationships but in WSN, these trusted authorities do not exist because sensor nodes have limited memory, CPU power, and energy, hence cryptographic algorithms must be selected carefully. A survey of security issues in ad hoc and sensor networks can be found in. Related work in the security area, focused on WSN, is summarized in. Currently, wireless sensor networks are beginning to be deployed at an accelerated pace. It is not unreasonable to expect that in years that the world will be covered with wireless sensor networks with access to them via the Internet. This can be considered as the Internet becoming a physical network. This new technology is exciting with unlimited potential for numerous 169

2 application areas including environmental, medical, military, transportation, entertainment, crisis management, homeland defence, and smart spaces. 2. WSN architecture The power of wireless sensor networks lies in the ability to deploy large numbers of tiny nodes that assemble and configure themselves. Usage scenarios for these devices range from real-time tracking, to monitoring of environmental conditions, to ubiquitous computing environments, to in situ monitoring of the health of structures or equipment. While often referred to as wireless sensor networks, they can also control actuators that extend control from [2,3] cyberspace into the physical world. The most straightforward application of wireless sensor network technology is to monitor remote environments for low frequency data trends. For example, a chemical plant could be easily monitored for leaks by hundreds of sensors that automatically form a wireless interconnection network and immediately report the detection of any chemical leaks. Unlike traditional wired systems, deployment costs would be minimal. Physical factors of nodes that is used in many applications for wireless sensor network, and these factors: Light Sound Humility Pressure Temperature The basic unit of the wireless sensor network is a sensor node. Its duty not only senses the environment, the physical world, furthermore it contains other units help processing, and delivering the sensed data [4]. Sensor node, depending on application scenarios and requirements, in addition to units shown in figure 2: sensor unit, communication unit, controller unit, and memory and power unit, maybe include other units like GPS, camera, energy scavenge and locomotive units. 2.1 Hardware components When choosing the hardware components for a wireless sensor node, evidently the application. requirements play a decisive factor with regard mostly to size, costs, and energy consumption of the nodes [5]. In some cases, an entire sensor node should be smaller than 1 cc, weigh less than 100 g, cheaper than US$1, and consume less than 100 µw [6]. Sometimes, the nodes are claimed to have to be reduced to the size of grains of dust. In more realistic applications, the mere size of a node is not so important; rather, convenience, simple power supply, and cost are more important [7]. There is certainly not a single standard available, nor would such a standard necessarily be able to support all application types. The scope of middleware for WSN is not restricted to the sensor network alone, but also covers devices and networks connected to the WSN. Classical mechanisms and infrastructures are typically not well suited for interaction with WSN. One reason for this are the limited resources of a WSN, which may make it necessary to execute resource intensive functions or store large amounts of data in external components. This may result in a close interaction of processes executing in the WSN and a traditional network. One example of such external functionality is so-called virtual counterparts, components residing in the Internet which augment real-world objects with information-processing capabilities [9]. Thus, middleware for sensor networks should provide a holistic view on both WSN and traditional networks, which is a challenge for architectural design and implementation Dissolved oxygen Sensorex manufactures a wide variety of sensors including dissolved oxygen sensors which can be used in Coastal marine systems are particularly vulnerable to the effects of human activity attendant on industrial, tourist and urban development. Information and communications technologies offer new solutions for monitoring such ecosystems in real time. In response to this demand for technology, the last ten years have seen the emergence of various initiatives, from simple case studies to complex coastal observation systems designed to monitor the marine environment. These systems are composed of sensor nodes, frequently wireless, which transmit data to a sink node, in real time, on a number of physical, chemical and/or biological measurements (temperature, ph, dissolved oxygen, salinity, turbidity, phosphates, chlorophyll, etc.) 170

3 2.3. Temperature in WSN net work A smart power outlet will report the current energy usage of the attached device to a central server. Temperature sensors are used to react upon variations in room temperature. Actuator nodes are responsible to control small subsystems within the building. A presence sensor [10,11] can automatically switch off the ceiling lightning when an employee has left its office. However, even more energy can be saved when different subsystems cooperate with each other. For example, the central control system can switch off the office lights, lower the heating and send an employee s PC to standby mode when the door system reports that the employee has left the building Voltage in WSN Energy efficiency should be taken account is all design phases starting from system design e.g. topology down to physical implementation constrains. In the literature has shown that energy efficiency can be improved in various areas when designing wireless sensor network e.g. VLSI design, protocols and network topology. This paper is collection from several papers related to chip implementation. Main focus is in digital design. In the near future, sensor devices will be produced in large quantities at a very low cost and densely deployed to improve robustness and reliability. They can be miniaturized into a cubic millimetre package (e.g., smart dust [16]) in order to be stealthy in a hostile environment. Cost and size considerations imply that the resources available to individual nodes are severely limited. We believe, however that limited processor bandwidth and memory are temporary constraints in sensor networks. They will disappear with fast developing fabrication techniques. 2.5 Gateway or Access points If a gateway is to be used for WSNs in Developing Countries, it is clear that the scenario requires a device designed around the following constraints. Low-power consumption: to run using solar panels or using batteries (in case of a short deployment). High storage capabilities: to be able to store data for a long period of time, in case of remote deployments. Flexible connectivity: to be able to connect to the gateway via wired or wireless networks. Different wireless network typologies should be possible: the gateway could serve as an Access Point, as a client or as a node of a mesh network. Low-cost: to be suitable for deployments in Developing Countries. Web-based design: to allow users to visualize the data from the WSN without installing specific software. 3. Network manager Sensor network management systems can be classified according to the approach taken to monitoring and control. Passive monitoring: The system collects information about network states. It may perform post-mortem analysis of data. Fault detection monitoring: The system collects information about network states in order to identify whether faults have occurred. Reactive monitoring: The system collects information about network states to detect whether events of interest have occurred and then adaptively reconfigure the network. Proactive monitoring: The system actively collects and analyses network states to detect past events and to predict future events in order to maintain the performance of the network. 4. Security manager The management subsystem is responsible for the configuration and initialization of the connectivity and middleware subsystems based on information provided in the application profiles. The management subsystem interfaces to the middleware subsystem to configure [12,13,14] the middleware and to exchange messages with peer nodes, and interacts with the connectivity subsystem to manage the NW, MAC, and PHY functions of the sensor node. In the management subsystem, several functions are implemented service and node discovery, location and positioning, time. The security manager controls all issues related to authentication, privacy and trust, while the node and system manager handles all tasks related to the correct operation of the node and system. 5. WSN Security Analysis 5.1 Attacks Attacks against wireless sensor networks are categorized as invasive or non-invasive. Non- invasive attacks generally consist of side channel attacks such as power, timing or frequency based attacks. 171

4 M Shankar et al,int.j.computer Techology & Applications,Vol 3 (1), Denial-of-Service (DoS) attack 5.9 Flooding In the denial-of-service (DoS) attack, the hackers objective is to render target machines inaccessible by legitimate users. There are two types of DoS attacks Passive attack: Selfish nodes use the network but do not cooperate, saving battery life for their own communications; they do not intend to directly damage other nodes. Sometime, the malicious node can cause immense traffic of useless messages on the network. This is known as the flooding. Sometimes, malicious nodes replay some actual broadcast messages, and hence generating useless traffic on the network. 6. Counter measures Active attack: Malicious nodes damage other nodes by causing network outage by partitioning while saving battery life is not a priority. 5.3 Attacks on Information in Transit The most common attacks against WSNs are on information in transit between nodes. Information in transit is vulnerable to eavesdropping, modification, injection that can be prevented using well established confidentiality, authentication, integrity and replay protection protocols. 5.4 Routing attack FIGURE 1. PRONOUNCED DATA TRAFFIC PATTERNS IN A WSN USING SP ROUTING SCHEME REVEAL THE LOCATION OF THE BASE STATION. Selective forwarding is a way to influence the network traffic by believing that all the participating nodes in network are reliable to forward the message. Our countermeasures against traffic analysis are similar to the methods used in traditional privacy and anonymity research, but we have three unique properties. First, we focus on hiding the physical location of a base station, instead of hiding the identity of a message sender or receiver. Second, the communication pattern in sensor networks is highly asymmetric and converges on a base station. This makes it more difficult to protect the base station against traffic analysis attacks Sinkhole attacks 6.1 Outsider attacks and link layer security. As with almost all networks there are a number of attacks that target the routing protocol of WSNs, all of which are necessarily insider attacks. Some are as follows 5.5 Selective forwarding In sinkhole attacks, adversary attracts the traffic to a compromised node. The simplest way of creating sinkhole is to place a malicious node where it can attract most of the traffic, possibly closer to the base station or malicious node itself deceiving as a base station. 5.7 Sybil attacks In Sybil attack, a single node presents multiple identities to all other nodes in the WSN. This may mislead other nodes, and hence routes believed to be disjoint w.r.t node can have the same adversary node. 5.8 Wormholes In wormhole attacks, an adversary positioned closer to the base station can completely disrupt the traffic by tunnelling messages over a low latency link. A second distinction can be made between outsider attacks and insider attacks. We have so far been discussing outsider attacks, where the attacker has no special access to the sensor network. One may also consider insider attacks, where an authorized participant in the sensor network has gone bad Insider attacks may be [15] mounted from either compromised sensor nodes running malicious code or adversaries who have stolen the key material, code, and data from legitimate nodes, and who then use one or more laptopclass devices to attack the network. In the presence of outsider adversaries, link layer security mechanisms can guarantee integrity, authenticity, and confidentiality of messages because they deny an outsider access to the network. However, we still must rely on the routing protocol to guarantee availability. 172

5 6.2. The Sybil attacks In a Sybil attack [2], a single node presents multiple identities to other nodes in the network. The Sybil attack can significantly reduce the effectiveness of fault-tolerant schemes such as distributed storage [16], disparity [17] and multipath routing, and topology maintenance Replicas, storage partitions, or routes believed to be using disjoint nodes could in actuality be using a single adversary presenting multiple identities. Sybil attacks also pose a significant threat to geographic routing protocols. Location aware routing often requires nodes to exchange coordinate information with their neighbours to efficiently route geographically addressed packets. It is only reasonable to expect a node to accept but a single set of coordinates from each of its neighbours, but by using the Sybil attack an adversary can be in more than one place at once. The term sybil attack is introduced in [2] to denote an attack where the attacker (sybil node) tries to forge multiple identification in a certain region. Sybil attack is particularly easy to perform in wireless sensor networks (WSN) where the communication medium is broadcast, and same frequency is shared among all nodes. By broadcasting messages with multiple identifications, a sybil node can rig the vote on group based decisions and also disrupt network middleware services severely. A received signal strength indicator (RSSI) based solution for sybil attack is desirable as it does not burden the WSN with shared keys or require piggybacking of keys to messages. Ideally, upon receiving a message, the receiver will associate the RSSI of the message with the sender-id included in the message, and later when another message with same RSSI but with different sender-id is received, the receiver would complain of a sybil attack Dimension Direct vs. Indirect Communication Direct Communication One way to perform the Sybil attack is for the Sybil nodes to communicate directly with legitimate nodes. When a legitimate node sends a radio message to a Sybil node, one of the malicious devices listens to the message. Likewise, messages sent from Sybil nodes are actually sent from one of the malicious devices. Indirect Communication In this version of the attack, no legitimate nodes are able to communicate directly with the Sybil nodes. Instead, one or more of the malicious devices claims to be able to reach the Sybil nodes. Messages sent to a Sybil node are routed through one of these malicious nodes, which pretend to pass on the message to a Sybil node Dimension: Fabricated vs. Stolen Identities Fabricated Identities In some cases, the attacker can simply create arbitrary new Sybil identities. For instance, if each node is identified by a 32-bit integer, the attacker can simply assign each Sybil node a random 32-bit value. Stolen Identities Given a mechanism to identify legitimate node identities, an attacker cannot fabricate new identities. For example, suppose the name space is intentionally limited to prevent attackers from inserting new identities. In this case, the attacker needs to assign other legitimate identities to Sybil nodes. This identity theft may go undetected if the attacker destroys or temporarily disables the impersonated nodes. Accordingly, they are vulnerable to any method that allows identities [18,19] to be forged or falsified. Such a method is the Sybil attack. In a Sybil attack, a single node illegally presents multiple identities to other nodes in the network by either forging new (false) identities, or stealing legal identities. A Sybil node is a misbehaving node s additional identity. Therefore, a single entity may be selected multiple times (based on multiple identities) to participate in an operation that relies on redundancy, thereby controlling the outcome of the operation, and defeating the redundancy mechanisms. Currently, most WSN applications are designed to operate in trusted environments. However, security issues are a major concern when WSNs are deployed in un trusted environments. An adversary may disable a WSN by interfering with intra-network packet transmission via wormhole attacks, Sybil attacks [11], and jamming or packet injection attacks [17]. 7. HELLO flood attacks Some routing protocols in WSN require nodes to broadcast hello messages to announce themselves to their neighbours. A node which receives such a message may assume that it is within a radio range of the sender. However in some cases this assumption may be false; sometimes a laptop-class attacker broadcasting routing or other information with large enough transmission power could convince every other node in the network that the attacker is its neighbour. For example, an adversary advertising a very high quality route to the base station could cause a large number of nodes in the network to attempt to use this route. But those nodes which are sufficiently far away from the adversary would be sending the packets into oblivion. Hence the network is left in a state of confusion. Protocols which depend on localized information exchange between neighbouring nodes for topology maintenance or flow control are mainly affected by this type of attack. 173

6 8. Wormhole and Sinkhole attacks The examination of the wormhole routing attack and some of the proposed countermeasures makes it evident that it is extremely difficult to retrofit existing protocols with defences against routing attacks. It is suggested that one of the ways to approach this rich field of research problems in WSNs could be to carefully design new routing protocols in which attacks such as wormholes can be rendered meaningless. We focus on the wormhole routing attack in some detail. A variety of countermeasures have been proposed in the literature for such attacks. However, most of these countermeasures suffer from flaws that essentially render them ineffective for use in large scale WSN deployments. Due to the inherent constraints found in WSNs, there is a need for lightweight and robust security mechanisms. The examination of the wormhole routing attack and some of the proposed countermeasures makes it evident that it is extremely difficult to retrofit existing protocols with defences against routing attacks. It is suggested that one of the ways to approach this rich field of research problems in WSNs could be to carefully design new routing protocols in which attacks such as wormholes can be rendered meaningless. The past decade has witnessed an explosive growth in the use of wireless technologies. In particular, WSNs have become a very active area of research [8]. There are many diverse and interesting aspects of this technology which demand further research to produce the innovative solutions needed to make WSNs a viable technology. Routing plays a central role in WSNs. In particular, owing to the inherent characteristics of WSNs, routing security is a hugely important area of research. 9. Building A Secure WSN The network model we use is as follows. We consider a network composed of a small number of base stations, and a massive number of wireless sensor nodes randomly distributed in the target area. These nodes have limited processing power, energy and bandwidth while the base stations are resource-rich in terms of their computational capabilities, storage capacity, and energy lifetime. Another assumption is that sensor nodes are not mobile during the duration of their lifetime and are equipped with Omni-directional antennas. Moreover, the deployed sensor nodes are trustworthy and cannot be compromised by attackers. This means that an internal attack is impossible and hence, the attack can be achieved only by hostile nodes or anti-nodes which are generally capable of performing various kinds of outside attacks as discussed in Section 2. Most of the outside attacks can be avoided by a simple encryption and authentication of the messages (routing and data packets); the encryption and authentication prevent an attacker from injecting packets in the network, they also eliminate the possibility of altering packets, as well as creating sinkholes and making selective forwarding, etc. 9.1 Selective forwarding Selective Forwarding Attack that may be launched against a WSN. This IDS uses routing information local to the base station of the network and raises alarms based on the 2D feature vector (bandwidth, hop count). Classification of the data patterns is performed using a one-class SVM classifier. To the best of our knowledge this is the first attempt to apply SVMs as a solution in a WSN security scenario. We have chosen SVMs over other traditional classification methods, such as neural networks and nearest neighbour classifiers, because SVMs are able to provide very good results. 9.2 Authenticated broadcast and flooding Since base stations are trustworthy, adversaries must not be able to spoof broadcast or flooded messages from any base station. This requires some level of asymmetry: since every node in the network can potentially be compromised, no node should be able to spoof messages from a base station, yet every node should be able to verify them. Authenticated broadcast is also useful for localized node interactions. Many protocols require nodes to broadcast HELLO messages to their neighbours. These messages should be authenticated and impossible to spoof. Proposals for authenticated broadcast intended for use in a more conventional setting either use digital signatures and/or have packet overhead that well exceed the length of typical sensor network packet. TESLA is a protocol for efficient, authenticated broadcast and flooding that uses only symmetric key cryptography and requires minimal packet overhead OSI Layer wise threats and countermeasures Following are the some of the known threats and countermeasures classifying in different OSI layer. Physical Layer: In Table 1, we describe Physical Layer Threats & Countermeasures in case of Wireless Sensor Network. TABLE 1: PHYSICAL LAYER THREATS AND COUNTER MEASURES 174

7 M Shankar et al,int.j.computer Techology & Applications,Vol 3 (1), Data-link Layer: In Table 2, we describe Data-Link Layer Threats & Countermeasures in case of Wireless Sensor Network. While there are attacks that can be directed to any of the cell layers of the WSN, Here we broadly describe the attacks related to the network layer, responsible for forwarding data. 10. Secure Routing Protocols for WSN TABLE 2. DATA-LINK LAYER THREATS AND COUNTERMEASURES Network Layer: In Table 3, we describe Network Layer Threats & Countermeasures in case of Wireless Sensor Network. One can establish three classes of protocols [10]: those based on location, the data-centric and hierarchical. The location-based protocols use this information to make the best decisions to achieve the targets (eg, IGF [6]). The data-centric, ie exploiting the semantics of data are usually based on algorithms that perform searches launched from synchronization (eg Directed Diffusion). Finally, the hierarchical protocol, whose design is based on building groups of nodes, usually referred to as clusters (eg, LEACH ), which operate on the principle of aggregation of group data and the transfer of information for us base. Many routing protocols for WSN have not been designed taking into account the factor of safety. Instead, they wanted to adapt to environmental applications and the characteristics and capabilities of the WSN. However, when it intends to extend its use to other areas, whose safety is essential, these concerns increase, since the security mechanisms involve a direct increase in computing and an increase in the cost of communication, reflected in the autonomy of sensors. TABLE 3: NETWORK LAYER THREATS AND COUNTERMEASURES 11. Conclusion Security in Wireless Sensor Network is vital to the acceptance and use of sensor networks. In particular, Wireless Sensor Network product in industry will not get acceptance unless there is a fool proof security to the network. In this paper, we have made a threat analysis to the Wireless Sensor Network and suggested some counter measures. Link layer encryption and authentication mechanisms may be a reasonable first approximation for defence against mote class outsiders, but cryptography is not enough to defend against laptop-class adversaries and insiders: careful protocol design is needed as well. 12. References [1] WIRELESS SENSOR NETWORK SECURITY ANALYSIS, Hemant Kumar Kalita1 and Avijit Kar[19], 175

8 M Shankar et al,int.j.computer Techology & Applications,Vol 3 (1), International Journal of Next-Generation (IJNGN),Vol.1, No.1, December 2009 Networks ACM Workshop on Wireless Security (WiSe'03), San Diego, CA, USA, September [2] Wireless Networks. Security Vulnerabilities In Wireless Sensor Networks: A Survey. Journal of Information Assurance and Security, 5([19]010): , [15] C. Karlof and D. Wagner. Secure routing in wireless sensor networks: Attacks and countermeasures. Ad Hoc Networks, 1(2-3), September [3] Security Issues in Wireless Sensor Networks Zoran S. Bojkovic, Bojan M. Bakmaz, and Miodrag R. Bakmaz, INTERNATIONAL JOURNAL OF COMMUNICATIONS Issue 1, Volume 2, 2008 [16] D. Liu and P. Ning. Establishing pairwise keys in distributed sensor networks. In CCS'03,Washingon D.C, USA, October [4] Mark Luk, Adrian Perrig, Ghita Mezzour, and Virgil Gligor. MiniSec: a secure sensor network communication architecture. pages , Cambridge, Massachusetts, USA, ACM. [5] Paolo Baronti, Prashant Pillai, Vince W.C. Chook, Stefano Chessa, Alberto Gotta, andy. Fun Hu. Wireless sensor networks: A survey on the state of the art and the 80[19].15.4and ZigBee standards. Computer Communications, 30(7): , May [6] Chris Karlof, David Wagner, "Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures", University of California at Berkeley. [7] J. R. Douceur, "The Sybil Attack," in 1st International Workshop on Peer-to-Peer Systems (IPTPS '02), March [8] Castro and Liskov, "Practical byzantine fault tolerance," in OSDI: Symposium on Operating Systems Design and Implementation. USENIX Association, Co-sponsored by IEEE TCOS and ACM SIGOPS, [17] S. Madden, M. Franklin, J. Hellerstein, and W. Hong. Tag: a tiny aggregation service for ad-hoc sensor networks. In 5th Symposium on operating systems design and implementation (OSDI'02), Boston, MA, December M.Shankar received B.E degree in Electrical and Electronics Engineering from Madras University, Tamilnadu, India in 2003 and the M.Tech degree in embedded system Technology from Bharath University, Chennai, India in 2006.Currently doing research in Bharath University Chennai. He is a lie member of Computer Society of India (CSI) and published many national and international research articles. His researches interest is Timing analysis in embedded system software. Dr.M.Sridar Currently working as Director - International relations, Bharath University. He has published many international research articles. His researches interests are timing analysis and security for embedded systems. Dr.M.Rajani Currently working as Research director in Bharath University in Chennai, India. She has published many international research articles. Her research interests are error correcting codes addresses effectively decoding algorithm and VLSI Architecture. [9] A. Banerjea, "A taxonomy of dispersity routing schemes for fault tolerant real-time channels," in Proceedings of ECMAST, vol. 26, May 1996, pp [10] Y.-C. Hu, A. Perrig, and D. B. Johnson, "Wormhole detection in wireless ad hoc networks," Department of Computer Science, Rice University, Tech. Rep. TR01-384, June [11] D. Ganesan, R. Govindan, S. Shenker, and D. Estrin, "Highly-resilient, energy-efficient multipath routing in wireless sensor networks," Mobile Computing and Communications Review, vol. 4, no. 5, October [12] D. Goldschlag, M. Reed, and P. Syverson. Onion routing for anonymous and private internet connections. Communications of ACM, 42(2), February [13] J. Hill, R. Szewczyk, A. Woo, S. Hollar, D. Cullar, and K. Pister. System architecture directions for network sensors. In Nineth International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS' 00), Cambridge, MA, USA, November [14] Y. Hu, A. Perrig, and D. Johnson. Rushing attacks and defense in wireless ad hoc network routing protocols. In 2nd 176