A secure alternate path routing in sensor networks

doi:10.1016/j.comcom.2006.08.006

Computer Communications

Volume 30, Issue 1, 15 December 2006, Pages 153-165

https://doi.org/10.1016/j.comcom.2006.08.006 Get rights and content

Abstract

This paper presents a secure alternate path routing in sensor networks. Our alternate path scheme makes the routing protocol resilient in the presence of malicious nodes that launch selective forwarding attacks. SeRINS (a Secure alternate path Routing IN Sensor networks) detects and isolates the compromised nodes, which try to inject inconsistent routing information, from the network by neighbor report system. In neighbor report system, a node’s route advertisement is verified by its surrounding neighbor nodes so that the suspect node is reported to the base station and is excluded from the network. Simulation experiments show that SeRINS is resilient in the presence of several compromised nodes which launch selective forwarding attacks, and robust by excluding the compromised nodes which inject inconsistent routing information from the network.

Introduction

Sensor networks are drawing much attention in the research community and will play an essential role in a wide variety of areas ranging from critical military applications to monitoring of building security in the near future. To deploy sensor networks in real situation, security is an important aspect in sensor networks and should be provided against various attacks such as node capture, physical tempering, denial of service, etc. [14], [26], [31].

Researchers in sensor networks have actively investigated security problems and proposed security mechanisms that protect against malicious attackers eavesdropping, injecting malicious packets, replaying old messages, etc. While key-management schemes for establishing pairwise keys among neighboring nodes [2], [6], [17], [27], [33] and security mechanisms for node-to-node secure communication [15], [27] such as link layer encryption and authentication mechanisms in sensor networks are well defined, many other security issues need further investigation. Karlof and Wagner [14] have revealed that especially current routing protocols are insecure and are highly vulnerable to node capture attacks. Their analysis shows that attacks launched from insiders (the adversaries compromise the legitimate nodes and make them affect the routing topology adversely) are most dangerous, and they leave it as an open problem to design secure routing protocols.

Security mechanisms in sensor networks should deal with compromised nodes, detecting any compromised node and then revoking its cryptographic keys network-wide. Most key-management schemes in sensor networks have the ability to exclude compromised nodes from the entire network by the revocation of the entire key rings of the compromised nodes. Those schemes provide how to revoke the key rings of the compromised nodes (e.g., base station involved revocation [6] or localized voting system [2]). They, however, do not address the problem, of deciding which nodes have been compromised.

To design secure routing protocols in the presence of several compromised nodes that drop all relaying packets, launch selective forwarding attacks [14], or inject inconsistent routing information, secure routing protocols must be robust and resilient by detecting and isolating them from legitimate nodes. In reality, detecting all of the compromised nodes in the network is not always possible, so we should pursue graceful degradation, with a small number of compromised nodes [29].

Staddon et al. [30] have proposed an efficient algorithm to trace failed nodes in sensor networks. Although the algorithm efficiently puts intensive computation load for tracing failed nodes to the base station, it assumes that the nodes are sufficiently tamper-resistant to prevent an adversary from re-programming a legitimate node, which is a strong assumption in that an inexpensive sensor node cannot afford tamper-resistant packaging. (It turns out to be relatively easy to compromise a legitimate node [9], which is to extract cryptographic keys from a captured node and to make malicious code run for the attacker’s purpose.) Deng et al. [4] have designed an intrusion-tolerant routing protocol for sensor networks called INSENS. INSENS sends every packet along multiple and independent paths for resiliency, but it requires that every node send a feedback message to the base station during route discovery.

Hu et al. [10] have proposed SEAD, a secure ad hoc network routing protocol based on the design of the DSDV [23]. SEAD uses efficient one-way hash functions to prevent any active attackers or compromised nodes from injecting inconsistent route updates. They [11] have also improved SEAD to make up for the weak points such as same-distance fraud, the vulnerability of denial of service attacks, etc. However, SEAD does not directly fit the properties of sensor networks, since it is designed for ad hoc networks where the number of nodes in the network is much smaller than that of sensor networks and the node’s capacity is usually greater than that of sensor networks. Moreover, SEAD does not mention how to sever the compromised nodes from the network.

Secure routing protocols should be resilient in the presence of several compromised nodes that launch selective forwarding attacks (malicious nodes arbitrarily drop the relaying packets instead of forwarding them). Also, to protect the network from the malicious nodes that inject forged routing information with an intention of routing inconsistencies, secure routing protocols should have a mechanism that detects and isolates these compromised nodes with a light-weighted security mechanism in consideration of the limited capacity of sensor nodes.

In addition, secure routing protocols must guarantee that routing advertisement messages are really sent from the claimed node, otherwise it would be extremely hard or impossible to exactly point out the compromised node [16].

In this paper, we present SeRINS, a Secure alternate path Routing IN Sensor networks. Our alternate path scheme makes the routing protocol resilient in the presence of malicious nodes that launch selective forwarding attacks. SeRINS detects and isolates the compromised nodes, which try to inject inconsistent routing information, from the network by neighbor report system.

In the following section, we introduce our network threat model and goal. In Section 3, our protocol SeRINS is presented and described in detail. An evaluation of the protocol is given and discussed in Section 4. We draw conclusions in Section 5.

Section snippets

Network environments

Sensor networks typically comprise one or multiple base stations and hundreds or thousands of inexpensive, small, hardware-constrained nodes scattered over a wide area. Our sensor network model includes a powerful base station and numerous constrained sensor nodes. The sensor nodes set up a routing tree, with a base station at the root of the tree. While a base station, which has greater capabilities, can directly transmit data to any node in the network, a resource-constrained sensor node,

SeRINS: a secure alternate path routing IN sensor networks

In this section, we present our mechanism, SeRINS (Secure alternate path Routing IN Sensor networks). SeRINS consists of three different schemes. In the following subsections, we describe these three schemes, which are an alternate path scheme, neighbor report system, and neighbor authentication.

Simulation metrics

To evaluate the performance of our mechanism in the presence of several compromised nodes, we simulated SeRINS on a network simulator, ns-2 [7]. In our simulations, 300 sensor nodes and 600 sensor nodes are randomly deployed in 500 × 500 m² target area. Regarding the left-bottom corner of the target area as (0, 0), we positioned a base station at a fixed point (50, 50). Each sensor node has a constant transmission range of 30 m, which results in a 22 maximum hop count from a base station. Every

Conclusion and future work

In this paper, we have presented SeRINS, a secure alternate path routing in sensor networks. Our alternate path scheme makes the routing protocol resilient in the presence of malicious nodes that launch selective forwarding attacks. It also detects and isolates the compromised nodes, which try to inject inconsistent routing information, from the network by neighbor report system. In neighbor report system, a node’ route advertisement is verified by its surrounding neighbor nodes so that the

Acknowledgement

This work was supported by Grant No. R01-2006-000-10073-0 from the Basic Research Program of the Korea Science and Engineering Foundation.

Suk-Bok Lee received the M.S. degree in computer engineering from Hongik University, Seoul, Korea, in 2006. His research interests include wireless network security, fault-tolerant computing, computer architectures, and networking.

References (33)

R. Anderson, H. Chan, A. Perrig, Key infection: smart trust for smart dust, IEEE International Conference on Network...
H. Chan, A. Perrig, D. Song, Random key predistribution schemes for sensor networks, IEEE Symposium on Security and...
B. Deb, S. Bhatnagar, B. Nath, ReInForM: reliable information forwarding using multiple paths in sensor networks, IEEE...
J. Deng, R. Han, S. Mishra, A performance evaluation of intrusion-tolerant routing in wireless sensor networks, Second...
J. Deng, R. Han, S. Mishra, Intrusion tolerance and anti-traffic analysis strategies for wireless sensor networks, IEEE...
L. Eschenauer, V.D. Gligor, A key-management scheme for distributed sensor networks, ACM Conference on Computer and...
K. Fall, K. Varadhan (Eds.), NS notes and documentation, The VINT Project, UC Berkeley, LBL, USC/ISI, and Xerox PARC,...
D. Ganesan, R. Govindan, S. Shenker, D. Estrin, Highly Resilient, Energy-Efficient Multipath Routing in Wireless Sensor...
C. Hartung, J. Balasalle, R. Han, Node compromise in sensor networks: the need for secure systems, Technical Report...
Y.-C. Hu, D. B. Johnson, A. Perrig, SEAD: secure efficient distance vector routing for mobile wireless ad-hoc networks,...

Y.-C. Hu, A. Perrig, D.B. Johnson, Efficient security mechanisms for routing protocols, NDSS 2003, February 2003, pp....

Y.-C. Hu, A. Perrig, D.B. Johnson, Packet leashes: a defense against wormhole attacks in wireless ad-hoc networks, IEEE...

D. Johnson, D.A. Maltz, J. Broch, The Dynamic Source Routing Protocol for Mobile Ad Hoc Networks (Internet-Draft),...

C. Karlof, D. Wagner, Secure routing in wireless sensor networks: attacks and countermeasures, IEEE International...

C. Karlof, N. Sastry, D. Wagner, TinySec: a link layer security architecture for wireless sensor networks, ACM...

S.-B. Lee, Y.-H. Choi, ARMS: An authenticated routing message in sensor networks, Secure Mobile Ad-hoc Networks and...

Cited by (42)

Survey of secure multipath routing protocols for WSNs
2015, Journal of Network and Computer Applications
Citation Excerpt :
This section discusses some of the research in this area. In SeRINS (SEcure alternate path Routing IN Sensor networks), the sensor nodes set up a routing tree with a base station as the root (Lee and Choi, 2006). The BS can directly transmit data to any node in the network, whilst a sensor node sends data along the multi-hop route to the base station.
In sensing data to the base station, wireless sensor networks (WSNs) face some security challenges since such networks impose resource constraints that need to be addressed by the routing mechanism. This paper surveys, explores, and informs researchers regarding the landscape of multipath routing by providing the motivation behind multipath routing deployment. Subsequently, this paper analyzes the security requirements and common attacks in wireless sensor networks. Also, we provide a classification of secure multipath routing protocols on the basis of nature of defense against the WSN attacks. According to the classification, we investigate the existing secure multipath routing protocols within the WSN domain by discussing their strengths and limitations. A comparative study of the suggested classification is presented based upon the multipath technique, additional security infrastructure, security requirements, corresponding attacks, and efficiency analysis in pursuit of effective secure routing in wireless sensor networks.
Routing protocol design for secure WSN: Review and open research issues
2014, Journal of Network and Computer Applications
Citation Excerpt :
a) Authentication is always a great concern in providing a security objective because of the capability to verify the identity of the nodes in a data routing communication whilst isolates the legitimate participant from the network such as Di Pietro et al. (2003), Karlof et al. (2004), Oliveira et al. (2005), Deng et al. (2006), Pathan and Hong (2008), Gaurav et al. (2012), and Zhou (2013). ( b) Confidentiality indicates that a sensor network should not leak any data network during the routing process e.g., Lee and Choi (2006), Wood et al. (2006), Ma et al. (2007), Wang et al. (2007), Pathan and Hong (2008), and Altisen et al. (2013). ( c) Integrity ensures the receiver that the received data is not altered in transit by an adversary for instance, Pathan and Hong (2008), Gui et al. (2009), Fan et al. (2010), Triki et al. (2012), Zhou (2010), Kumar and Jena (2010), and Zhou (2013). (
Wireless sensor networks (WSNs) have gained a substantial attention in wireless research community as these networks are envisioned to support a large number of practical applications. Due to salient features of sensor networks, the security design for WSN is significantly challenging. Despite a good number of available surveys on this particular topic, we feel that there is a gap in the existing literature in terms of timeliness, emphasis, and comprehensiveness. This paper reviews the state-of-the-art for secure WSN routing protocols that illustrates the issues and challenges in the context design matters. Further, we propose the schematic taxonomy of key design issues for WSN routing protocols. We also define design factors categorization relevant to secure routing: basic, essential, and optional. The similarities and differences of secure routing approaches are summarized on the basis of key design attributes, security objectives, and attacks prevention. Finally, we outline possible future research trends on secure routing design in WSN.
A sinkhole resilient protocol for wireless sensor networks: Performance and security analysis
2012, Computer Communications
Citation Excerpt :
When assessing the performance of tree-based routing protocols, it is crucial to characterize the routing topology in terms of its vulnerability to malicious sensors. Typically, “the number of compromised sensors” is used as a metric for this purpose [9,15]. However, this metric is not necessarily a good indicator of the hazard that malicious nodes might cause in a WSN: one compromised sensor close to the sink can reduce the data delivery success more than dozens of compromised sensors at the border of the network.
This work focuses on: (1) understanding the impact of selective forwarding attacks on tree-based routing topologies in wireless sensor networks (WSNs), and (2) investigating cryptography-based strategies to limit network degradation caused by sinkhole attacks. The main motivation of our research stems from the following observations. First, WSN protocols that construct a fixed routing topology may be significantly affected by malicious attacks. Second, considering networks deployed in a difficult to access geographical region, building up resilience against such attacks rather than detection is expected to be more beneficial. We thus first provide a simulation study on the impact of malicious attacks based on a diverse set of parameters, such as the network scale and the position and number of malicious nodes. Based on this study, we propose a single but very representative metric for describing this impact. Second, we present the novel design and evaluation of two simple and resilient topology-based reconfiguration protocols that broadcast cryptographic values. The results of our simulation study together with a detailed analysis of the cryptographic overhead (communication, memory, and computational costs) show that our reconfiguration protocols are practical and effective in improving resilience against sinkhole attacks, even in the presence of collusion.
Secure and efficient disjoint multipath construction for fault tolerant routing in wireless sensor networks
2011, Journal of Network and Computer Applications
Citation Excerpt :
There has been a host of research works in multipath routing for sensor networking area in the last few years. Besides improving network resilience, multipath routing is also used for load balancing (Kim et al., 2008) and QoS provisioning (Li et al., 2010). Using multipath routing provides tolerance of node failures along any individual path and increases the network resilience.
In wireless sensor networks, reliability is a design goal of a primary concern. To build a comprehensive reliable system, it is essential to consider node failures and intruder attacks as unavoidable phenomena. In this paper, we present a new intrusion-fault tolerant routing scheme offering a high level of reliability through a secure multipath routing construction. Unlike existing intrusion-fault tolerant solutions, our protocol is based on a distributed and in-network verification scheme, which does not require any referring to the base station. Furthermore, it employs a new multipath selection scheme seeking to enhance the tolerance of the network and conserve the energy of sensors. Extensive analysis and simulations using TinyOS showed that our approach improves many important performance metrics such as: the mean time to failure of the network, detection overhead of some security attacks, energy consumption, and resilience.
Trust Aware Secured Energy Efficient Fuzzy Clustering based Protocol in Wireless Sensor Networks
2023, Research Square
Trust aware secured energy efficient fuzzy clustering-based protocol in wireless sensor networks
2023, Soft Computing

View all citing articles on Scopus

Yoon-Hwa Choi received the Ph.D. degree in computer engineering from the University of Texas at Austin in 1986. He is currently a Professor of Computer Engineering, Hongik University, Seoul, Korea. Prior to joining Hongik University, he was a faculty member of the Computer Science Department, University of Minnesota, Minneapolis, from 1986 to 1993. His research interests include sensor networks, wireless/mobile communications, embedded systems, nanoarchitectures, and fault-tolerant computing.

View full text