Documente Academic
Documente Profesional
Documente Cultură
6 ISSN: 1837-7823
Securing Wireless Sensor Networks using Concealed Data Aggregation, Secret Sharing and Randomized Dispersive Routes
G.Ravi 1,M.Mohamed Surputheen2, Dr.R.Srinivasan 3 Research Scholar, Dr. M.G.R Educational and Research Institute University, Chennai - 600 095, India. Research Scholar, Dr. M.G.R Educational and Research Institute University, Chennai - 600 095, India. Dean Research and PG Studies, RNS Institute of Technology, Bangalore 560 061 India
1 3 2 1
Due to the unmanned nature of Wireless Sensor Networks, security becomes a key criterion when it comes to networks dealing with confidential data. Compromised node, Denial of Service (DoS) [2] attacks and BlackHoles/Sink-Holes [4] are the three key types of attacks in Sensor Networks. Classic routing algorithms use deterministic multipath routing schemes, where a predefined path exits between any two nodes. Once if the adversary acquires the routing algorithm it is possible to compute the route, making all information sent over these routes vulnerable to its attacks. Our approach involves the use of a dispersive randomized routing combined with secret sharing scheme that circumvents the black-holes formed due to these attacks. Since energy efficiency is of paramount importance in a Wireless Sensor Network, we employ a data aggregation scheme that reduces that need to transfer huge amounts of data to the base stations. Also we apply Privacy Homomorphism based encryption scheme to secure the data during the aggregation process. Simulations show that our approach is much more effective in terms of security and energy efficiency compared to their deterministic counterparts. Keywords: Wireless Sensor Network, Randomized Routing, Concealed Data Aggregation, Secret Sharing, Dispersive Routes
International Journal of Computational Intelligence and Information Security, July 2012 Vol. 3, No. 6 ISSN: 1837-7823
For this reason, algorithms and protocols need to address the following issues: 1. 2. 3. Lifetime maximization Robustness and fault tolerance Self-configuration
1.2 Motivations
Of the various possible security threats encountered by a WSN, we are interested in Compromised Node (CN), Denial of Service (DoS) and Black-holes or Sink-holes attacks. Compromised Node: Compromised Node can lead to eavesdropping or leakage of legitimate information or manipulation of legitimate information to mislead the base stations. Denial of service: Denial of Service [2] is actually the unintentional failure of a system due to which it becomes unable to provide service to its users. DoS attack tries to exhaust the network resources by sending huge amount unnecessary data to the system due to which it becomes unable to provide service to its legitimate users. There are two variants of this attack: DoS and Distributed DoS (DDoS).
Black-hole/Sink-hole Attack [4]: In this attack, a malicious node acts as a black-hole to attract all the traffic in the sensor network. Then it says to the target nodes that it contains the high quality or shortest path to the base station. Once the malicious device has been able to insert itself between the communicating nodes (for example, sink and sensor node), it is able to do anything with the packets passing between them. These two attacks are similar in the sense that they both generate black holes: areas within which the adversary can either passively intercept or actively block information delivery. Due to the unattended nature of WSNs, adversaries can easily produce such black holes. Severe CN and DOS attacks can disrupt normal data delivery between sensor nodes and the sink, or even partition the topology. A conventional cryptography-based security method cannot alone provide satisfactory solutions to these problems. This is because, by definition, once a node is compromised, the adversary can always acquire the encryption/decryption keys of that node, and thus can intercept any information passed through it. Likewise, an adversary can always perform DOS attacks even if it does not have any knowledge of the underlying cryptosystem.
2. Problem Definition
The classic multipath routing approaches that are being used are vulnerable to attacks, mainly due to their deterministic nature. When using deterministic Routing, the attacker if gains access to a compromised node, can compromise the entire network because he can compute the routes based on obtained routing algorithm.
International Journal of Computational Intelligence and Information Security, July 2012 Vol. 3, No. 6 ISSN: 1837-7823
Figure 1: Implication of route dispersiveness on bypassing the black hole [1]. (a) Routes of higher dispersiveness. (b) Routes of lower dispersiveness.
International Journal of Computational Intelligence and Information Security, July 2012 Vol. 3, No. 6 ISSN: 1837-7823
and flexible in-network data aggregation. A particular class of encryption transformations has been applied and techniques for computing the aggregation functions average and movement detection has been discussed. The routing approach used here [2] is susceptible to attack. Though the data is encrypted, Denial of Service is possible and also they could not avoid Sink-Holes or Black-Holes, which will attract traffic and thus compromise the quality of sensed data and also its availability.
3. Our Approach
We follow a three stage process towards secure data sharing. 1. 2.
3.
Concealed Data Aggregation using Privacy Homomorphism based encryption at each node. Secret Sharing to share the information based on the (T, M) approach at the aggregator nodes. Routing the secret shares based on Non-Repetitive Random Propagation (NRRP) algorithm to the sink or base station circumventing black-holes.
Usually a single network wide key is used for encryption. Under such circumstances, the use of a single key for the whole network is probably the only possibility to guarantee a high routing flexibility. Here, the corruption of one node means that the attacker can subsequently eavesdrop on all the network traffic. In the work at hand, we use a keying model that we call topology-aware group keying [2]. This keying model still enables the use of end-to-end encryption with CDA and, at the same time, ensures that the corruption of a single node only affects a limited part of the WSN. Even the corruption of multiple nodes from the same region will most probably only has a limited effect. Compromise of multiple nodes in such cases results in a black-hole which could be circumvented using NRRP scheme
International Journal of Computational Intelligence and Information Security, July 2012 Vol. 3, No. 6 ISSN: 1837-7823
International Journal of Computational Intelligence and Information Security, July 2012 Vol. 3, No. 6 ISSN: 1837-7823
When a sensor node wants to send a packet to the sink, it first breaks the packet into M shares, according to a (T, M) -threshold secret sharing algorithm. Each share is then transmitted to some randomly selected neighbour. That neighbour will continue to relay the share it has received to other randomly selected neighbours, and so on. In each share, there is a TTL field, whose initial value is set by the source node to control the total number of random relays. After each relay, the TTL field is reduced by 1. When the TTL value reaches 0, the last node to receive this share begins to route it toward the sink using min-hop routing. Once the sink collects at least T shares, it can reconstruct the original packet. No information can be recovered from less than T shares.
Experimental Results
A wireless sensor network is simulated and traffic is configured using the NS2 (Network Simulator 2). Analysis of the network shows that the current system shows an increased immunity towards attacks, further reducing the load on the network. Data from the nodes are directly passed to the aggregator nodes, which combines the presented data to a single data and then divides it into several packets, hence the actual data that passes through the network before and after aggregation remains the same, but with increased tolerance towards attacks. The comparison depicted in Figure 2 shows the difference between normal approaches and our approach. Further packet transmission takes lesser time and hence energy efficient (Figure 3) when compared to normal approaches since lesser number of packets are transmitted in the network. Figure 4 represents the effectiveness of the secret sharing approach employed in our approach. Lesser number of packets and low transmission time means a highly energy efficient transmission.
4. Conclusion
By using the Concealed Data Aggregation, Secret Sharing and Dispersive Randomized Routing methods the packet interception probability can be easily reduced by the proposed algorithms. Also in our approach we have reduced the energy consumption by using data aggregation that reduces the amount of packets transferred from the nodes to the sink. Though the secret sharing mechanism increases the amount of data transferred from the aggregator node to sink, by optimizing the M value of (T, M) approach to be equal to the number of nodes from which data is aggregated we can overcome this overhead. Thus our approach remains secure and at the same time energy efficient compared to the classic deterministic routing approaches.
5. References
[1] Tao Shu, Marwan Krunz, and Sisi Liu, (2010) Secure Data Collection in Wireless Sensor Networks Using Randomized Dispersive Routes, IEEE transactions on mobile computing, vol. 9, no. 7. [2] Dirk Westhoff, Joao Girao, and Mithun Acharya, (2006), Concealed Data Aggregation for Reverse Multicast Traffic in Sensor Networks: Encryption, Key Distribution, and Routing Adaptation, IEEE transactions on mobile computing, vol. 5, no. 10.
International Journal of Computational Intelligence and Information Security, July 2012 Vol. 3, No. 6 ISSN: 1837-7823
[3] A.D. Wood and J.A. Stankovic, (2002), Denial of Service in Sensor Networks, Computer, vol. 35, no. 10, pp. 54-62. [4] I.F. Akyildiz, W. Su, Y. Sankarasubramaniam, and E. Cayirci, (200),A Survey on Sensor Networks, IEEE Comm. Magazine, vol. 40, no. 8, pp. 102-114. [5] Rka Limbek, Pter Sziklai, Privacy homomorphisms. [6] D.R. Stinson, (200), Cryptography, Theory and Practice, CRC Press. [7] Eduardo F. Nakamura, Antonio A. F. Loureiro And Alejandro C. Frery, Information Fusion for Wireless Sensor Networks: Methods, Models, and Classifications.
10