Performance Comparison of wireless Sensor Network Security Protocols

Download PDF
12 downloads 2012 Views 58KB Size Report
Comment
Performance Comparison of wireless Sensor. Network Security Protocols. Bharat Singh1, Surendra Yadav2, Kapil Dev Sharma3. 1,2Maharshi Arvind College of ...
éclat : International Journal of Computational Science, Engineering & Technology (ISSN 2320-4648) Volume I, Issue II, March 2013

Performance Comparison of wireless Sensor Network Security Protocols Bharat Singh1, Surendra Yadav2, Kapil Dev Sharma3 1,2

Maharshi Arvind College of Engineering & Research Centre, 3 Anand International College of Engineering Jaipur 1

[email protected] 2

[email protected] 3

[email protected]

Abstract- Improvement in micro electro mechanical frameworks and remote systems has opened another dominion in systems administration history called remote sensor systems. A remote sensor arrange typically comprises of a huge number of small cost, level power, and multi working sensor junctions that are sent in a range of investment. The aforementioned sensor junctions are minor in size yet are ready with sensors, inserted chip, and radio transceivers. Remote sensor systems judge the qualified data, handle them by regional standards and impart it to the outside planet by means of satellite or Internet. Security for WSNs is a range that should be acknowledged to secure the purpose of the aforementioned systems, the information they pass on and the area of their parts.

Environmental following Traffic Monitoring Habitat following Seismic Detection Inventory following Process Monitoring

Traffic Monitoring Embedded System Acoustic identification Military observation Medical following Defence Monitoring

II. SECURITY GOALS AND ISSUES Sensor system is substantially utilized as a part of various realms that handle delicate qualified information. Because of this, there are numerous contemplations that ought to be explored and are identified with ensuring delicate qualified data voyaging between junctions from been divulgence to unauthorized gatherings.

In this paper primarily concentrate on the remote sensor system existing security orders exhibitions and their illustration, this paper investigation of the different sorts of assaults on remote sensor systems and outline and near investigation of the distinctive security methodologies. Keywords- WSN, Security Protocols, Attacks, Authentication

Confidentiality: Confidentiality implies keeping informative data mystery from unauthorized gatherings. A sensor system might as well not emit sensor readings to neighbouring systems. In numerous requisitions crux conveyance junctions impart profoundly delicate information. The standard approach for keeping delicate information mystery is to encrypt the information with a mystery key that just expected collector’s control, henceforth attaining secrecy.

I. INTRODUCTION WISENET is a remote sensor arranges that screens the natural conditions for example light, temperature, and moistness. This system is included junctions called "bits" that structure an impromptu system to transmit this information to a workstation that role as a server. The server saves the information in a database where it can later be recovered and examined by means of an electronic interface. Remote Sensor Networks are new sort of arranged frameworks described by severely obliged computational and vigor assets. The aforementioned systems will comprise of hundreds or many self-forming, flat control, minimal effort remote junctions. In this study paper principally concentrate on the remote sensor system existing security methodologies exhibitions and their necessities, different sorts of ambushes on remote sensor systems and review of the diverse security orders. The provisions for WSNs are numerous and fluctuated. They are utilized as a part of business and streamlined requisitions to screen information that might be troublesome or unreasonable to screen utilizing wired sensors. A percentage of the run of the mill provisions are:

Authenticity: In a sensor system, a rival can effortlessly infuse memos, so the beneficiary ought to determine that the information utilized within any choice-production process starts from the right source. Information validation counteracts unauthorized gatherings from partaking in the system and honest junctions ought to have the ability to catch wires from unauthorized junctions and reject them. Integrity: Moving onto the respectability destination, there is the threat that qualified data might be adjusted when traded over unstable systems. Absence of respectability might bring about numerous situations since the results of

30

éclat : International Journal of Computational Science, Engineering & Technology (ISSN 2320-4648) Volume I, Issue II, March 2013 utilizing off base informative content might be sad, for instance for the medicinal services segment where lives are jeopardized. Honesty controls must be enabled to guarantee that qualified information should not be adjusted in any startling way there is desperate need to verify that qualified data is going from one end to the other without being blocked and changed in the procedure.

Clone Attack In Clone attack, an enemy may catch a sensor junction and duplicate the cryptographic qualified information to an additional junction regarded as cloned junction. At that point this cloned sensor junction could be instated to catch the qualified information of the system. The rival can moreover infuse false qualified information, or control the informative data passing through cloned nodes [7].

Data Freshness: One of the numerous strike started opposite sensor systems is the note replay strike where an enemy may catch wires traded between junctions and replay them later to create perplexity to the system. Information freshness objective guarantees that wires are natural, indicating that they obey in a memo requesting and have not been reused. To actualize freshness, systems orders must be outlined in a manner to distinguish double parcels and dispose of them anticipating potential blend.

Man in the Middle Attack The man-in-the-middle attack is a manifestation of dynamic listening stealthily in which the aggressor makes autonomous associations with the victimized individuals and transfers wires between them, making them accept that they are talking straight to one another over a private association. The ambusher can catch all wires trading between the two victimized individuals and infuse new ones [7].

Secure Management: Management is needed in each framework that is constituted from multi segments and handles touchy informative data. On account of sensor systems, we require secure administration on base station level; since sensor junctions conveyance winds up at the base station, issues like nexus dissemination to sensor junctions keeping in mind the end goal to make encryption and tracking qualified data require secure administration. Moreover, bunching needs secure administration simultaneously, since every gathering of junctions may incorporate an extensive number of junctions that need to be validated with one another and trade information in a secure way.

Replay Attack A replay attack is a manifestation of system ambush in which a bona fide information transmission is noxiously or deceitfully rehashed or postponed. This is completed either by the originator or by rival who blocks the information and retransmits it. This sort of ambush can effortlessly overrule encryption [7]. Selective forwarding Selective forwarding is a path to impact the system activity by accepting that every bit of the taking interest junctions in system is dependable to send the content. In particular sending ambush, malignant junctions basically drop certain wires rather than sending each note [6].

Availability: Availability guarantees that utilities and qualified information could be entered during that timeframe that they are needed. In sensor organizes there are numerous chances that might bring about misfortune of accessibility for example sensor junction catching and refusal of aid ambushes. Quality of Service: Quality Service goal is an enormous migraine to security it ends up being considerably increasingly obliged. Security components must be lightweight for the purpose that the overhead brought on for instance by encryption must be minimized and not influence the exhibition of the system. Robustness and Survivability: The sensor system ought to be hearty opposite different security ambushes, and if a strike succeeds, its effect ought to be minimized. The bargain of a specific junction might as well not break the security of the whole system.

Sinkhole Attacks In sinkhole attacks, foe pulls in the movement to a compromised junction. The most effortless route of making sinkhole is to place a malignant junction where it can draw in the majority of the activity, probably closer to the base station or pernicious junction itself beguiling as a base station [6]. Sybil Attacks In Sybil attack, a specific junction exhibits numerous characters to all different junctions in the WSN. This may delude different junctions, and thus tracks accepted to be disjoint junction can have the same enemy junction [6]. Wormholes In wormhole attacks, , a foe positioned closer to the base station can totally upset the movement by tunneling wires over a flat dormancy join. Here a foe influences the junctions which are multi bounce away that they are closer to the base station [6].

III. ATTACKS IN WSN In spite of the fact that there is different strike in Wireless Sensor Networks, however certain dynamic ambushes that might be caught with our suggested model are as takes after:

Flooding At some time, the malignant junction can create gigantic movement of useless wires on the system. This

31

éclat : International Journal of Computational Science, Engineering & Technology (ISSN 2320-4648) Volume I, Issue II, March 2013 is reputed to be the flooding. Once in a while, pernicious junctions replay some genuine show notes, and consequently creating useless movement on the network [6]. IV.

an upper bound on the greatest synchronization blunder. While sending a confirmed bundle, the base station basically figures an AC on the parcel with a key that could be mystery at that purpose of time. Any time a junction accepts a parcel, it can verify the comparing MAC key dependent upon its inexactly synchronized clock, its most extreme synchronization failure, and the time lineup at which keys are disclosed[1].

SECURITY PROTOCOLS FOR WSN

A. SPIN SPINS is a suite of security fabricating pieces recommended by Perig et all. It is enhanced for asset compelled territories and remote communication. [1] 4.1.1 SNEP: security system encryption methodologies SNEP utilize encryption to accomplish privacy and post confirmation code (MAC) to attain two-party confirmation and information uprightness. This guarantees that a spy has no qualified information concerning the plaintext, regardless of the fact that it sees various encryptions of the same plaintext .The essential procedure to attain this is randomization i.e. when encrypting the note with a fastening encryption work the sender goes before the note with an erratic spot string .This avoids the aggressor from construing the plaintext of encrypted wires in the event that it knows plaintext-figure content matches encrypted with the same nexus. To abstain from including the extra transmission overhead of the aforementioned added bits, SNEP utilizes an imparted counter between the sender and the collector for the piece figure in counter mode (CTR). The imparting gatherings offer the counter and augment it after every block [1].

C. ZigBee Security ZigBee utilizes the greater part of the fundamental security components of the IEEE 802.15.4 standard. What's more, the ZigBee security detail utilizes a less troublesome and unified mode of operation of CCM (this modes in an amalgamation of both the encryption and validation suites recorded above), characterizes key sorts (Master, Link, Network) and portrays crux setup and support (Commercial, Residential) [2]. Furthermore, ZigBee gives freshness through the utilization of freshness checks. The aforementioned checks anticipate replay ambushes, as ZigBee gadgets support incoming and friendly freshness counters. Whenever another key is made, the counters are reset. It is proposed that mechanisms that convey once for every second should not flood their freshness counters for 136 years [2]. Content respectability and encryption are moreover given under the ZigBee security particular, the operations of which are reported in [3] and [2]. Under the ZigBee particular, confirmation is outlined to give certification regarding the originator of a content. This forestalls an ambusher from copying the operation of a different mechanism in any endeavor to bargain the system[4].

SNEP offers the taking after lands: D. TINYSEC Karlof et al.[6] composed the trade for the unfinished SNEP, regarded as TinySec (2004). Inalienably it gives comparative aids, incorporating confirmation, inform honesty, secrecy and replay assurance. A major contrast between TinySec and SNEP is that there are no counters utilized within TinySec. For encryption, it utilizes CBC mode with figure content taking, and for validation, CBC-MAC is utilized.

Replay insurance: The counter worth in the MAC anticipates replaying old wires. Depending on if the counter were not display in the MAC, an antagonist might effectively replay notes. Information freshness: If the content verified rightly, a recipient realizes that the post must have been sent after the past content it gained effectively (that had a more level counter quality). This authorizes a note requesting and yields frail freshness.

TinySec XORs the encryption of the post length with the first plaintext obstruct to make the CBC-MAC secure for variably estimated posts. There are two bundle arranges outlined by TinySec. The aforementioned are TinySecAuth, for verified wires, and TinySec-AE, for verified and encrypted posts. For the TinySec-AE bundle, a payload of up to 29 Bytes is specified, with a parcel header of 8 Bytes in length. Encryption of the payload is all that is essential, however the MACis figured over the payload and the header. The TinySec-Auth bundle can convey up to 29 Bytes of payload. The MAC is processed over the payload and the parcel header, which is 4 Bytes longto the length of the MAC. TinySec indicates a MAC of Generally, the security of CBCMAC is straight identified 4 Bytes, considerably less

Flat conveyance overhead: The counter state is kept at every finish focus and does not have to be sent in every post. Information verification: If the MAC verifies rightly, a collector might be guaranteed that the note began from the guaranteed sender. B. µTESLA: The TESLA order gives proficient confirmed show. µTESLA utilizes symmetric confirmation however presents asymmetry through a deferred exposure of the symmetric keys, which brings about a proficient show verification plan. µTESLA needs the base station and junctions to be inexactly time synchronized, and every junction knows

32

éclat : International Journal of Computational Science, Engineering & Technology (ISSN 2320-4648) Volume I, Issue II, March 2013 than the expected 8 or 16 Bytes of past security methodologies. In the setting of sensor systems, Karlof et al [16][4].

in the system. They outline two security levels (medium and elevated), dependent upon the apparatuses' power and security strategies. The aforementioned two levels are outlined by either standard or polynomial groundwork computations. Elliptic Curve Cryptography (ECC) contrivances offer sensible computational loads and more modest key lengths for proportional security than different procedures[10]. This level of security can then be expanded as security should be expanded and, along these lines, permitting a variable overhead [4].

E. MINISEC MiniSec is a secure system layer methodology that claims to have lower power utilization than TinySec while realizing a level of security which matches that of Zigbee. A major headline of MiniSec is that it uses balance codebook (OCB) mode as its square figure mode of operation, which offers verified encryption with one exclusive pass over the memo information. Regularly two passes are needed for both mystery and validation. An additional major profit of utilizing OCB mode is that the figure content is the same length as the plaintext, dismissing the extra settled length tag, four bytes for MiniSec's situation, so cushioning or figure content taking is not indispensible. An additional essential headline MiniSec has over the other security suites said here is solid replay insurance without the transmission overhead of sending a vast counter with every bundle or the issues connected with synchronized counters if bundles are dropped. To actualize this MiniSec has two modes of operation, one for unicast parcels MiniSec-U, and one for show bundles [6].

H.

LEACH

Low Energy Adaptive Cluster Hierarchy (LEACH) is near one of the most punctual force effective methodologies produced for WSN [13]. LEACH is arranged into the three stages bunch set-up, calendar creation, and information transmission (otherwise known as relentless state). Junctions structure groups under a group head (CH). A CH is answerable for facilitating transmission plans and conglomerating information. LEACH chooses CHs by probabilistically self choosing junctions. Competitors promote their preparedness to neighboring junctions. Non-CH junctions select the closest CH dependent upon the strongest sign quality. Non-CHs react witha bunch join inform to get bunch parts (CM). CH is answerable for arranging CMs by giving a time calendar. When bunches are ordered, every bunch can synchronously gather sensor information from its parts[5].

F. LEAP Localised Encryption and Authentication Protocol (LEAP) was recommended by Zhu et al (2003) as a nexus administration order for sensor arranges composed to underpin in-system preparing, while confining the effect of a bargained junction to the system. Four sorts of keys are backed for every sensor junction – a single key imparted to the base station, a pair wise key imparted to a different junction, a bunch key imparted to different neighbouring junctions and a gathering key imparted by all system junctions. During that timeframe, predeployed keying was the most reasonable approach for bootstrapping mystery keys in sensor junctions. This intimates that the junctions were stacked into the sum of the sensors before they were sent in the sensor field. This may appear primitive right now, yet is incorporated to realize thoroughness. Pair quick keys might be produced between two junctions dependent upon this predeployed keying informative data. The overhead is variable hinging on the sorts of keys specified for utilization in the execution. Every one of the four sorts may not be utilized for a specific application[4].

I. LEDS LEDS gives area mindful end-to-end security. LEDS moreover furnishes end-to-end validation and in transit sifting. It gives area conscious nexus administration. LEDS could be utilized within humble and impressive systems. Not with standing, number of keys builds with cell estimate. Likewise, LEDS does not back alert topology. LEDS separates the system in unit districts. Depending on if an occasion happens inside a locale, the occasion ought to be sensed by T junctions. First and foremost, every partaking junctions concede to the report M. T junctions encrypt the occasion utilizing the cell nexus. After that, every junction registers an extraordinary offer Cu of C through predefined polynomial method LSSS [3][13]. J. LISP A Lightweight Security Protocol For Wireless Sensor Networks Taejoon Park et al. [10] suggested a lightweight security methodology (LiSP) that is outfitted with crux restore capability and makes a tradeoff between security and asset utilization. The heart of LiSP is a novel rekeying order that (1) occasionally restores the imparted key to unravel the crux stream-reuse situation and amplify scalability/energy productivity. What's more (2)supports solid crux circulation.

G. Security Manager Heo and Hong (2006) suggested another system for nexus understanding, whereby, when another mechanism joins a system the Security Manager (SM) gives static area parameters for example at the base station, the request of the bend and the elliptic bend coefficients [10]. In the wake of computing an open nexus utilizing the base focus and a private crux, the unit sends an open key to the SM. Accordingly the SM might have people in general key record for every last one of the the gadgets

The rekeying methodology has the taking after striking headlines:

33

éclat : International Journal of Computational Science, Engineering & Technology (ISSN 2320-4648) Volume I, Issue II, March 2013 TABLE 1 PROTOCOL C OMPARISON

• Efficient key TV without retransmission/ACKs; • Implicit confirmation for new keys without causing supplemental overhead. • Ability of detecting/recovering lost keys; • Aimless key refreshment without upsetting continuous information transmission; power to clock skews right around junctions [10]. K. Secure Communication Protocol For powerful aggregation conveyance in sensor organizes, in light of the vital element and challenge of doing different junction denial, no orders work prudently enough for sensor organizes. [11] Protocols of other customary methodologies for example gather crux circulation [12,15] or telecast encryption orders are as a rule not suitable for sensor arranges either, because of the constrained assets of sensor system. For pair clever correspondence (unicasts), Eschenauer and Gligor [13] planned a crux predistribution plan utilizing the hypothesis of irregular diagrams.

Protocol / Service

C

F

I

Ava

IA

A

PIN

YES

YES

YES

NO

YES

NO

LEAP

YES

NO

NO

NO

YES

NO

TINYSE C

YES

NO

NO

YES

-

YES

ZIGBEE

YES

YES

YES

NO

YES

YES

SM

YES

NO

NO

-

YES

YES

SDEP

YES

NO

YES

YES

YES

YES

C=Confidentiality, F=Freshness, I=Integrity, Ava=Availability, IA=Implicit Authentication, A=Authentication of user

TABLE 2 PROTOCOL C OMPARISON Protoc ol

L. Zero Knowledge Protocol Zero-information order permit ID, crux trade and other essential cryptographic operations to be actualized without disclosing any mystery informative data throughout the chat and with littler computational prerequisites in examination to open key methodologies. Hence ZKP appears to be extremely magnetic for asset compelled units. ZKP permits one gathering to demonstrate its information of a mystery to an additional gathering while never uncovering the mystery. ZKP is an intelligent verification framework which includes a prover, P and verifier, V. ZKP based methodologies need less transmission capacity, less computational power, and less memory contrasted with other confirmation strategies and consequently appears to be suitable for WSN [5].

Type

Key

Location

manageme nt

aware

InNetwo rk

Scalable

proces s

M. SDEP Sensor Data Encryption Protocol in this plan the creator utilization the RC 6 system with the end goal of encryption and decryption. RC 6 furnish best disarray and dissemination lands with the less computational overhead. With a specific end goal to affirm adequacy of SDEP, a relative exhibition assessment with AES and RC 5 ordered systems are displayed as far as memory necessity and execution time criteria. Our suggested plan gives preferred exhibition over AES and RC 5 in the term of execution time and add up to memory necessity. We moreover furnish re-enactment comes about for recommended technique in the term of overhead and force consistent with this outcome SDEP is solid square figure for remote sensor systems [8].

TinySe c

Hopto-hop

No

No

Yes

Partial

LLSP

Hopto-hop

No

No

Yes

Low

SPINS

Nodeto-Base

Yes

No

No

Low

LiSP

Nodeto-GH

Yes

Parti al

Partial

Partial

LEDS

Endto-End

Yes

Parti al

Partial

Partial

LEAP

End to end

Yes

Yes

Yes

Low

V. CONCLUSION AND FUTURE WORK In this paper, we have discussed various limitations in developing security protocols for sensor networks, design goal of security protocol for sensor networks, different types of attacks on sensor. networks and overview of selected security protocols .As there number is very small we do not find any need to sub classify security protocols In . In future sensor networks will be used extensively in sensitive applications, where network security will be of prime importance. We expect the current work in security protocols will make the sensor network a more attractive option.

34

éclat : International Journal of Computational Science, Engineering & Technology (ISSN 2320-4648) Volume I, Issue II, March 2013 REFERENCES [1]

[2]

[3] [4]

[5]

[6]

[7]

[8]

[9]

[10]

[11]

[12]

[13]

[14]

[15]

[16]

Perrig, R. Szewczyk, V. Wen, D. Culler, J. D. Tygar. SPINS: Security Protocols for Sensor Networks. In Seventh Annual ACM International Conference on Mobile Computing and Networks (MobiCom 2001), July 2001. ZigBee Alliance (2006) ZigBee Security Specification Overview[online],available:http://www.zigbee.org/en/event s/documents/december2005_open_house_presentations/zigb ee_security_layer_technical_overview.pdf [Accessed 13 Dec 2006] ZigBee Specification v1.0: ZigBee Specification (2005), San Ramon, CA, USA: ZigBee Alliance. D. Boyle, T. Newe, Security Protocols for use with Wireless Sensor Networks, Conference on Wireless and Mobile Communications (ICWMC'07) 0-7695-2796-5/07,2007 IEEE. Yang, Li, "Centralized Security Protocol for Wireless Sensor Networks" (2011). Master's Projects. Paper 167. http://scholarworks.sjsu.edu/etd_projects/167. Ritu Sharma,Yogesh Chaba, Yudhvir Singh, Analysis of Security Protocols in Wireless Sensor Network, Int. J. Advanced Networking and Applications Volume: 02, Issue: 03, Pages: 707-713 (2010). Siba K. Udgata, Alefiah Mubeen, Samrat L. Sabat, Wireless Sensor Network Security model using Zero Knowledge Protocol, IEEE ICC 2011 proceedings2011 IEEE Bharat Singh, Parvinder Singh, Dr. V.S. Dhaka, Sensor Data Encryption Protocol for Wireless Network Security, Global Journal of Computer Science and Technology Volume 12 Issue 9 Version 1.0 April 2012. ADRIAN PERRIG, ROBERT SZEWCZYK, J.D. TYGAR, VICTORWEN and DAVID E. CULLER, SPINS: Security Protocols for Sensor Networks, Wireless Networks 8, 521.534, 2002. Kluwer Academic Publishers. Manufactured in The Netherlands. Taejoon Park And Kang G. Shin , “LiSP: A Lightweight Security Protocol for Wireless Sensor Networks”, ACM Transactions on Embedded Computing Systems, Vol. 3, No. 3, August 2004, Pages 634–660. Scott C.-H. Huanga,*, Maggie X. Chengb, Ding-Zhu Dua , “GeoSENS: geo-based sensor network secure communication protocol ” , Computer Communications xx (xxxx) 1–6 Article in press. Accepted on 17 December 2004. H. Chan, A. Perrig, D. Song, Random key predistribution schemes for sensor networks, in: IEEE Symposium on Security and Privacy, May 2003. L. Eschenauer, V.D. Gligor, A key-management scheme for distributed sensor networks, in: Ninth ACM Conference on Computer and Communication Security, November 2002, pp. 41–47. C.K. Wong, M.G. Gouda, S.S. Lam, Secure group communications using key graphs, IEEE/ACM Transactions on Networking 8 (1) (2000) 16–30. A.T. Sherman, D.A. McGrew, Key establishment in large dynamic groups using one-way function trees, IEEE Transactions on Software Engineering 29 (05) (2003) 444– 458. Karlof, N. Sastry, and D. Wagner, "TinySec: a link layer security architecture for wireless sensor networks," in 2nd international conference on Embedded networked sensor systems, Baltimore, MD, USA, 2004, 162 – 175.

35