보안공학연구논문지 (Journal of Security Engineering), 제 9권 제 3호 2012년 6월 A Review of the Vulnerabilities and Attacks for Wireless Sensor Networks Ju young Kim 1), Ronnie D. Caytiles 2), Kyung Jung Kim 3) Abstract This paper presents a study of the different vulnerabilities, threats and attacks for Wireless Sensor Networks. Effective management of the threats associated with wireless technology requires a sound and thorough assessment of risk given the environment and development of a plan to mitigate identified threats. An analysis to help network managers understand and assess the various threats associated with the use of wireless technology and a number of available solutions for countering those threats are discussed. Keywords : WSN, WSN Threats, WSN Security, sensor nodes, encryption 1. Introduction WSNs consist of multifunction and spatially distributed sensor nodes that are small in size and communicate wirelessly over short distances. The sensor nodes integrate different properties for sensing the environment, as well as data processing and communication among other sensors. It monitors physical or environmental conditions, such as temperature, sound, vibration, pressure, humidity, motion or pollutants. WSNs perform an important role in many applications, such as battlefields surveillance, patient health monitoring, home automation, traffic control, environmental observation and building intrusion surveillance. The wireless networking has improved productivity through increased accessibility to information resources and easier, faster and less expensive network configuration. WSNs provide convenience, cost efficiency, and ease of integration with other networks and network components. However, wireless technology also creates new threats. Since communication for WSNs are through radio frequencies, the risk of interception is greater than with wired networks. Received(January 05, 2012), Review request(january 06, 2012), Review Result(1st: January 22, 2012, 2nd: February 05, 2012) Accepted(June 30, 2012) 1 565-701, Department of Child Welfare, Woosuk University. email: kdr1388@hanmail.net 2 306-791 Department of Multimedia Engineering, Hannam University. email: rdcaytiles@gmail.com 3 (Corresponding author)565-701, Department of Child Welfare, Woosuk University, Professor. e-mail: kkjung00@hanmail.net 241
A Review of the Vulnerabilities and Attacks for Wireless Sensor Networks If the message is not encrypted, or encrypted with a weak algorithm, the attacker can read it, thereby compromising confidentiality. Security objectives include: preserving confidentiality, ensuring integrity, and maintaining availability of the information and information systems. WSNs present a handful of issues for network managers. Unauthorized access points, unknown stations, captured nodes, spoofed acknowledgements are just a few of the problems addressed in WSN troubleshooting. Moreover, onsite maintenance for remotely deployed sensor nodes is infeasible, thus a thorough consideration of security solutions and troubleshooting tools must be available. In this paper, the different countermeasure schemes and solutions that can address the risks offered by the threats and attacks related to WSNs have been identified and discussed. Although these threats cannot be totally eliminated, a desired level of security can be achieved by adopting such countermeasure. The objective of this paper is to assist managers in making decisions by providing them with a basic understanding of the nature of the various threats associated with wireless networking and available countermeasures. 2. WSN Vulnerabilities, Threats and Attacks This section covers the different attacks and threats that relate to WSNs. Most of these attacks are similar to those that apply to traditional networks. However a node capture attack is a totally new and distinct phenomenon which does not apply to traditional networks. 2.1 Node Capture Attack One of the distinct attacks in WSNs is a node capture. In this attack, an attacker gains full control over a sensor node through a direct physical access. Then the attacker can easily extract cryptographic primitives and obtain unlimited access to the information stored on the memory chip of the captured node through a reverse engineering process with the potential to cause substantial damage to the entire WSN. Three main factors that can aid the attackers during a node capture attack: If sensor nodes within the WSN share a key or keys with neighboring nodes that is used to encrypt or decrypt data. A node capture attack has a great impact on the structure or topology of a WSN. The density of the WSN has a direct influence on node capture attacks, having a similar affect to the network structure. 2.2 Side Channel Attack 242
보안공학연구논문지 (Journal of Security Engineering), 제 9권 제 3호 2012년 6월 A side channel attack refers to any attack that is based on information gathered from the physical implementation of a cryptosystem, in contrast to vulnerabilities in the algorithm itself [9]. For example the attacker monitors the power consumption or the electromagnetic (EM) emanation from such cryptographic devices, and then analyzes the collected data to extract the associated crypto key. Side channel attacks include: Simple power analysis (SPA) is a technique that involves directly interpreting power consumption measurements collected during cryptographic operations. No statistical analysis is required in such an attack [5]. Simple electromagnetic analysis (SEMA) an adversary is able to extract compromising information from a single electromagnetic sample [4]. In differential power analysis (DPA) an adversary monitors the power consumed by cryptographic devices, and then statistically analyzes the collected data to extract a key in contrast to the simple power analysis [5]. In differential electromagnetic analysis (DEMA), instead of monitoring the power consumption, an attacker monitors electromagnetic emanations from cryptographic devices, and then the same statistical analysis as that for the differential power analysis is performed on the collected electromagnetic data to extract secret parameters [4]. 2.3 Denial of Services (DoS) A Denial-of-Service attack (DoS) occurs when an attacker continually bombards a targeted AP (Access Point) or network with bogus requests, premature successful connection messages, failure messages, and/or other commands. DoS is an event that diminishes or eliminates a network s capacity to perform its expected function through hardware failures, software bugs, resource exhaustion, malicious broadcasting of high energy signals, environmental conditions, or any complicated interaction between these factors [11]. Communication systems could be jammed completely if such attacks succeed. Other denial of service attacks are also possible, e.g., inhibiting communication by violating the MAC protocol. These cause legitimate users to not be able to get on the network and may even cause the network to crash. These attacks rely on the abuse of protocols such as the Extensible Authentication Protocol (EAP). 2.4 Software Attacks In Software-based attacks on WSNs, an attacker may try to modify the software code in memory or exploit known vulnerabilities in the software code. A well-known example of such an attack is a buffer overflow 243
A Review of the Vulnerabilities and Attacks for Wireless Sensor Networks attack where a process attempts to store data beyond the boundaries of a fixed length buffer, thus, resulting in the extra data overwriting the adjacent memory locations. 2.5 Routing Attacks As described earlier, every node acts as a router in a WSN. Routing and data forwarding are an important task for sensor nodes. Routing protocols have to be energy and memory efficient, but at the same time they have to be robust against attacks and node failures. There have been many power-efficient routing protocols proposed for WSNs. However, most of them suffer from security vulnerabilities of one sort or another. In the real world, a secure routing protocol should guarantee the integrity, authenticity and availability of messages in the existence of adversaries of arbitrary power. Every authorized receiver should receive all messages proposed for it and should be capable of proving the integrity of every message and also the identity of the sender. Some of the routing protocol attacks are the following [10]: Black hole attacks or packet drop attack; Spoofed, altered, or replayed attack; Wormholes attack; Selective forwarding attack; Sinkhole attack; HELLO flood attack; Acknowledgement spoofing. 2.6 Traffic Analysis Attacks All communication is WSNs is moving toward a base station in many-to-one or many-to-few patterns. An attacker is able to gather much information on the topology of the network as well as the location of the base station and other strategic nodes by observing traffic volumes and pattern. There are two types of traffic analysis attacks in WSNs: a rate monitoring attack and a time correlation attack. In a rate monitoring attack an attacker monitors the packet sending rate of nodes near the attacker and moves closer to the nodes that have a higher packet sending rate. In a time correlation attack an attacker observes the correlation in sending time between a node and its neighbor node that is assumed to be forwarding the same packet and deduces the path by following the sound for each forwarding operation as the packet propagates towards the base station [3]. 2.7 Sybil Attacks 244
보안공학연구논문지 (Journal of Security Engineering), 제 9권 제 3호 2012년 6월 The Sybil attack is defined as a malicious device illegitimately taking on multiple identities. For example, a malicious node can claim false identities, or impersonate other legitimate nodes in the network [1][2]. The Sybil attack can affect a number of different protocols such as the following: Distributed storage protocols; Routing protocols; Data aggregation (used in query protocols); Voting (used in many trust schemes); Fair resource allocation protocols; Misbehavior detection protocols. To attack routing protocols a Sybil attack would rely on a malicious node taking on the identity of multiple nodes, thus routing multiple paths through a single malicious node. However the Sybil attack can operate in different ways to attack the protocols listed above. 2.8 Attacks on In-Network Processing Data aggregation or in-network processing is very useful in terms of reducing the communication overhead. However there can be different types of attack on in-network processing: Compromise a node physically to affect aggregated results [12]; Attack aggregator nodes using different attacks; Send false information to affect the aggregation results. 2.9 Attacks on Time Synchronization Protocols Time synchronization protocols provide a mechanism for synchronizing the local clocks of nodes in a sensor network. Three of the most prominent protocols are the reference broadcast synchronization (RBS) protocol, Timing-sync Protocol for Sensor Networks (TPSN) and Flooding Time Synchronization Protocol (FTSP). Since most of the time synchronization protocols do not consider security, an attacker can physically capture a fraction of the nodes and injecting them with faulty time synchronization message updates easily. This event can make the nodes in the entire network out-of-sync with each other. 2.10 Replication Attacks There are two ways to launch replication attacks in WSNs. First, an attacker can eavesdrop on communications and resend old packets again multiple times in order to waste its neighboring sensor nodes 245
A Review of the Vulnerabilities and Attacks for Wireless Sensor Networks energy. Then, an attacker can insert additional replicated hostile sensor nodes into the WSN after obtaining some secret information from captured sensor nodes or through infiltration. 3. WSN Vulnerabilities, Threats and Attacks Countermeasure Schemes and Solutions 3.1 Securing the Confidentiality of WSN Data Transmission Several types of countermeasures exist for reducing the risk of eavesdropping on wireless transmissions. The first involves methods for making it more difficult to locate and intercept the wireless signals. The second involves the use of encryption to preserve confidentiality even if the wireless signal is intercepted. The rest are attack specific countermeasures. 1) Signal Hiding Techniques: In order to intercept wireless transmissions, attackers first need to identify and locate wireless networks. There are, however, a number of steps that organizations can take to make it more difficult to locate their wireless access points. The easiest and least costly include the following: Turning off the service set identifier (SSID) broadcasting by wireless access points, Assign cryptic names to SSIDs, Reducing signal strength to the lowest level that still provides requisite coverage or Locating wireless access points in the interior of the building, away from windows and exterior walls. More effective, but also more costly methods for reducing or hiding signals include: Using directional antennas to constrain signal emanations within desired areas of coverage or Using of signal emanation-shielding techniques, sometimes referred to as TEMPEST, 1 to block emanation of wireless signals. 2) The Use of Encryption: The best method for protecting the confidentiality of information transmitted over wireless networks is to encrypt or scramble all wireless traffic and communications over the network. This is especially important for organizations subject to regulations. Two types of countermeasures can significantly reduce the risk of such attacks: strong encryption and strong authentication of both devices and users. 3) Countermeasures against Denial of Service Attacks: Wireless communications are also vulnerable to denial-of-service (DoS) attacks. Organizations can take several steps to reduce the risk of such unintentional DoS attacks. Careful site surveys can identify locations where signals from other devices exist; the results of such surveys should be used when deciding where to locate wireless access points. Regular periodic audits of wireless networking activity and performance can identify problem areas; appropriate remedial actions may include removal of the offending devices or measures to increase signal strength and coverage within the problem area. The summary of countermeasures for different DoS attacks are depicted in Table 1. 246
보안공학연구논문지 (Journal of Security Engineering), 제 9권 제 3호 2012년 6월 [Table 1] WSN Layers and DoS Defenses Sensor network layers and denial-of-services defense Network layer Attacks Defenses Physical Link Network and Routing Transport Jamming Tampering Collision Exhaustion Unfairness Neglect and greed Homing Misdirection Black Holes Flooding De-synchronization Spread-spectrum, priority message, lower Duty cycle, region mapping, mode change Tamper-proofing, hiding Error-correction code Rate limitation Small frames Redundancy, probing Encryption Egress filtering, authentication, monitoring Authorization, monitoring, redundancy Client puzzles Authentication 4) Countermeasures against Software Attacks: The following countermeasure can be considered to secure the WSN software and be protected from being exploited by malicious users: Software authentication and validation, e.g., remote software-based attestation for sensor networks; Defining accurate trust boundaries for different components and users; Using a restricted environment such as the Java Virtual Machine; Dynamic run-time encryption/decryption for software. This is similar to encryption/decryption of data except that the code running on the device is encrypted. This can prevents a malicious user from exploiting the software; Hardware attestation. The trusted computing group platform and next generation secure computing base provide this type of attestation. A similar model could be used in sensor networks. 5) Countermeasures against Sybil Attacks: Proposed solutions to the Sybil attack include the following: radio resource testing which relies on the assumption that each physical device has only one radio; random key pre-distribution which associates the identity of each node to the keys assigned to it and validates the keys to establish whether the node is really who it claims to be; registration of the node identities at a central base station; and Position verification which makes the assumption that the WSN topology is static. 3.2 Securing the WSN Access Point 247
A Review of the Vulnerabilities and Attacks for Wireless Sensor Networks Insecure, poorly configured wireless access points can compromise confidentiality by allowing unauthorized access to the network. Organizations can reduce the risk of unauthorized access to wireless networks by taking these three steps: 1. Eliminating rogue access points. The best method for dealing with the threat of rogue access points is to use 802.1x on the wired network to authenticate all devices that are plugged into the network. Using 802.1x will prevent any unauthorized devices from connecting to the network; 2. Properly configuring all authorized access points. Organizations also need to ensure that all authorized wireless access points are securely configured. It is especially important to change all default settings because they are well known and can be exploited by attackers; and 3. Using 802.1x to authenticate all devices. Strong authentication of all devices attempting to connect to the network can prevent rogue access points and other unauthorized devices from becoming insecure backdoors. The 802.1x protocol discussed earlier provides a means for strongly authenticating devices prior to assigning them IP addresses. 3.3 Other Countermeasures The following are several tips for countering attacks and ensuring security for WSNs: Use anti-virus and anti-spyware software, and a firewall. Computers on a wireless network need the same protections as any computer connected to the Internet. Install anti-virus and anti-spyware software, and keep them up-to-date. If your firewall was shipped in the off mode, turn it on; Turn off identifier broadcasting. Most wireless routers have a mechanism called identifier broadcasting. It sends out a signal to any device in the vicinity announcing its presence. You don t need to broadcast this information if the person using the network already knows it is there. Hackers can use identifier broadcasting to home in on vulnerable wireless networks. Disable the identifier broadcasting mechanism if your wireless router allows it; Change the identifier on your router from the default. The identifier for your router is likely to be a standard, default ID assigned by the manufacturer to all hardware of that model. Even if your router is not broadcasting its identifier to the world, hackers know the default IDs and can use them to try to access your network. Change your identifier to something only you know, and remember to configure the same unique ID into your wireless router and your computer so they can communicate. Use a password that s at least 10 characters long: The longer your password, the harder it is for hackers to break; Change your router s pre-set password for administration. The manufacturer of your wireless router probably assigned it a standard default password that allows you to set up and operate the router. Hackers know these default passwords, so change it to something only you know. The longer the 248
보안공학연구논문지 (Journal of Security Engineering), 제 9권 제 3호 2012년 6월 password, the tougher it is to crack; Allow only specific computers to access your wireless network. Every computer that is able to communicate with a network is assigned its own unique Media Access Control (MAC) address. Wireless routers usually have a mechanism to allow only devices with particular MAC addresses access to the network. Some hackers have mimicked MAC addresses, so don t rely on this step alone; Turn off your wireless network when you know you won t use it. Hackers cannot access a wireless router when it is shut down. If you turn the router off when you re not using it, you limit the amount of time that it is susceptible to a hack; Don t assume that public hot spots are secure. Many cafés, hotels, airports, and other public establishments offer wireless networks for their customers use. 4. Conclusion Wireless Sensor Networks provide a numerous opportunities for increasing productivity and minimizing costs. It provides significant advantages for many applications that would not have been possible for the past. The different vulnerabilities, threats and attacks that could possibly put WSNs in a vital or critical situation have been identified and discussed in this paper. The different categories for these threats are defined to identify a possible countermeasure scheme applicable for each threat classification. References [1] T. Roosta, S. Shieh, S. Sastry: Taxonomy of Security Attacks in Sensor Networks, 1st IEEE Int. Conference on System Integration and Reliability Improvements 2006, Hanoi (2006) pp. 13 15. [2] A. Perrig, J. Newsome, E. Shi, D. Song: The Sybil Attack in Sensor Networks: Analysis and Defences, 3rd Int. Symposium on Information Processing in Sensor Networks 2004 (ACM Press, New York, USA 2004) pp. 259 268. [3] J. Deng, R. Han, S. Mishra: Countermeasures Against Traffic Analysis Attacks in Wireless Sensor Networks, First IEEE/Cerate Net Conference on Security and Privacy in Communication Networks (SecureComm) 2005, Athens (2005) pp. 113 124. [4] K. Gandol, C. Mourtel, F. Olivier, Electromagnetic Analysis: Concrete Results, Published in C_.K. Ko_c, D. Naccache, and C. Paar, Eds., Cryptographic Hardware and Embedded Systems { CHES 2001, vol. 2162 of Lecture Notes in Computer Science, pp. 251{261, Springer-Verlag, 2001. [5] Power Analysis, http://en.wikipedia.org/wiki/power_analysis, Accessed: December, 2011. [6] Wireless Sensor Networks, http://en.wikipedia.org/wiki/ Wireless_sensor_network, Accessed: December 2011. [7] J.N. Al-Karaki, A.E. Kamal: Routing techniques in wireless sensor networks: A survey, IEEE Wirel. 249
A Review of the Vulnerabilities and Attacks for Wireless Sensor Networks Commun. 11(6), 6 28 (2004). [8] F. Ye, H. Luo, J. Cheng, S. Lu, L. Zhang: A Two-Tier Data Dissemination Model for Large-Scale Wireless Sensor Networks, ACM/IEEE MOBICOM 2002 (2002) pp. 148 159. [9] T. Roosta, S. Shieh, S. Sastry: Taxonomy of Security Attacks in Sensor Networks, 1st IEEE Int. Conference on System Integration and Reliability Improvements 2006, Hanoi (2006) pp. 13 15. [10] Y.-C. Hu, A. Perrig, D.B. Johnson: Adriane: A Secure On-Demand Routing Protocol for Ad Hoc Networks, Annual ACM Int. Conference on Mobile Computing and Networking (MobiCom) 2002 (2002). [11] Denial-of-Service Attack, http://en.wikipedia.org/wiki/denial-of-service_attack, Accessed: December, 2011. [12] K. Kifayat, M. Merabti, Q. Shi, D. Llewellyn-Jones: Group-based secure communication for large scale wireless sensor networks, J. Information Assurance Security. 2(2), 139 147 (2007). Authors Ju young Kim 1985: B. S. in Civil Engineering, Chung-Ju National University. 2007: B. S. in Social Welfare, Seoul Digital University. 2009: M. S. in Child Welfare, Woosuk University. 2012: Course for Ph.D in Korean Language and Literature, Woosuk University. Research interests: Child welfare, Child care information protection, Korean fairy tale. Ronnie D. Caytiles 1995~2000: Bachelor of Science in Computer Engineering, Western Institute of Technology, Iloilo City, Philippines. Currently: Integrated Course for M.S. and Ph.D. in Multimedia Engineering, Hannam University, Daejon, Korea. Research Interests: Information Technology Security, U-Learning, Control and Automation. Kyung Jung Kim 1980: B. S. in Education of Teacher, Chungang University. 1983: M. S. in Early Childhood Education, Chungang University. 1989: Ph.D.in Early Childhood Education, Chungang University 1985: Research Professor: Internationale Jugend Bibliotek(IJB), Institution in Germany 1999: Visiting Scholar: Michigan State University in USA. Currently: Professor, Department of Child Development & Welfare, Woosuk University, and President of Association of Korea Family Educare (from 1994) Research interests: Child welfare, Child care information protection. 250