Chapter 1: Introduction
Research is defined as search for new knowledge or an art of scientific and careful investigation of new facts. Research method is referred as a systematic methodology of defining and re-defining the problems, suggest solutions, formulate hypothesis, evaluate the data, make deductions and then reach conclusions. At last, test the conclusions to determine whether they are suitable for the formulating hypothesis or not (KOTHARI, C. R., 2005). The research method chosen for the present study are case studies. Case study research is used because of its capability to bring a clear idea on any complicated issue and thereby strengthening the previously developed research works. A key characteristic of case study research method is its ability to provide multiple sources of evidence each with its strengths and weaknesses (Bill Gillham, 2000).
The steps involved in case study research method are as follows:
Getting Started – The research work started with the collection of data on Wireless Sensor Networks. Sensor networks are referred as secured networks if they can provide end to end security with authenticity and confidentiality. The present research work emphasizes the importance of providing data security in sensor networks through Location-Aware End-to-end Data Security system.
Selecting Cases – Selection of cases is an important aspect of building theory from case studies. The earlier stages of the research work focused on various security systems and then identified Location-Aware End-to-end Data Security system for providing data security in sensor networks. Literature review section of this research work will explain all these aspects very clearly. Case study research method is quiet difficult as it provides multiple sources of evidence in its research. So to develop this research work, data was collected from various sources like books, journals, articles and online websites.
Crafting Instruments and Protocols – After the collection of data related to sensor networks and its importance in the field of providing security for networks it was analyzed that efficient steps must be followed by the organizations to provide security for sensor networks. In order to provide an efficient data security system for sensor networks, the research work was customized a number of times. All the design principles were considered for improving the security in sensor networks so to implement better communication networks.
Entering the field – After gathering the information related to wireless sensor networks from various sources like websites, journals, articles and books. The information gathered gave a better understanding on Location-Aware End-to-end Data Security system for providing data security in sensor networks.
Analyzing data – The case study research method primarily concentrated on Location-Aware End-to-end Data Security system for providing data security in sensor networks. The data collected for this research work was analyzed using various methods and techniques. This analysis helps to find the link between the research objects and outcomes with respect to the present study thereby providing an opportunity to strengthen the research findings and conclusions.
Shaping hypotheses – The task of shaping hypotheses is mainly applied for the alteration or modification of models applied for the research work previously. The new models applied in the research depend upon the data analysis.
Enfolding literature – After the analysis stage which was helpful in assessing the proposed solutions related to the problems occurred by disasters then a detailed critical analysis will be presented in literature review section that will evaluate the existing security designs so as to improve the performance of sensor networks.
Reaching closure – From the start of the research work to the analysis stage it was analyzed that providing efficient security for sensor networks is very important as it increases the life of networks and improves the efficiency of networks.
Background study of Wireless Sensor Networks
Wireless Sensor networks will fall under the category of modern networking systems. It has emerged in the past and caters the needs of real world applications. These networks are the preferred choice for the design and development of monitoring and control systems. In the year of 1940’s and 50’s wireless sensing technology was developed. To discover and chase enemy craft this was used by military (Shimmer, 2006). The technology formulated to let in radio frequency identification and real time location system but the real force behind wireless sensor network was the power to place detectors in remote or in the environment without wired lines. This allows in turn for capture and analysis of information to transmit warnings and to identify the approaching phenomenon. The quality of life by allowing real time information was developed by WSN’s. WSN’s supply real world information in a perceive manner rather than a virtual world (Shimmer, 2006). As the health of the people is becoming worse and the global population is getting older, with the ability to sense and perform direct measurements biometric solutions can be created which will improve the healthcare and improves the quality of life. As one of the key drivers for wireless sensor networks data will be captured and analyzed for detecting and predicting the phenomena like falls and warnings to develop intelligent solutions for industry.
Chapter 2: Literature Review
Providing security for data in Wireless Sensor Networks (WSNs) is a difficult task because of complexity in managing the critical resource. Data security in sensor networks can be achieved by Location-Aware End-to-end Data Security system. A sensor network can called as secured if it can provide end-to-end security through data confidentiality, authenticity and availability. Applications like wildlife monitoring, manufacturing performance monitoring and military operations use wireless sensor networks. Security is the most important requirement for all these WSNs applications. Providing security in wireless sensor networks is different from traditional approaches because of resource limitations and computation restrictions. Node compromise attacks, DoS attacks and resource consumption attacks are the most general attacks in the wireless sensor networks while providing security to the data. This research concentrates on wireless sensor networks, data security in sensor networks, Location-Aware End-to-end Data Security (LEDS) systems and its performance in providing data security.
2.2 Wireless Sensor Network
Wireless Sensor Network is a fast growing technology and has exciting research area. Military and civilian activities can be operated successfully using this network. Interconnection between thousands of sensor nodes in large sensor networks can create technical issues (LEWIS, F. L., 2004). To offer a high quality sensing in terms of space and time the sensing nodes are closely arranged and are made to work together. This technology is responsible for sensing and also for the first stages of the processing hierarchy. Computations, communication capacities, memory, low cost devices which have limited energy resources are included in the network. One of the major applications of sensor networks is actuators. This type of sensor networks is widely used in many sectors like military applications, environmental applications and commercial applications (RAGHAVENDRA, C. S., Krishna M. Sivalingam and Taieb F. Znati, 2004). Networks can be organized in multi-hop wireless paths and large landscapes in order to recognize the events of interest. Industries attain security and safety by making use of wireless sensor networks. This network uses sensors for the detection of toxic, harmful and unsafe materials and also provides a way for the identification of leakages which may cause dangerous results. These networks are best suitable for monitoring and help in controlling rotations in moving machinery (Edgar h. Callaway, 2003). Wide usage of sensor networks in large applications forces the network to provide security for data in order to operate the applications effectively. Security is the major issue faced by wireless sensor networks. The main reason for security problems in sensor networks is hold of data by attackers.
If number of nodes increased in communication then there may be chance for tampering the data which may create the problem of data loss (CHAN, H. and PERRIG, A., 2003). This sensor network helps in expanding the internet into physical space. Compared to customary approaches wireless sensor networks provide many advantages. Information in sensors networks is available only at runtime. Sensors networking is done by contribution from signal processing, database and information management, embedded systems and architecture and distributed algorithms. Much number of sensors is already in use for monitoring the traffic in networks (Feng Zhao and leonidas J. Guibas, 2004) The organization growth reduces internally by loss of important data and due to false data introduced by hackers in network.However, the lack of end-to-end security guarantee makes the WSN weak due to the attacks. Functions in the networks are injured by internal attacks which lead to breakdown of mission-critical appliances (Elaine Shi and PERRIG, A., 2004). Hence from the above discussion it can be understood that wireless networks leads to a new trend as the way of interchanging of data through internet service like e-mail and data file transfers is increasing tremendously. WSN is used in many martial appliances. As these networks provide many benefit for organizations and users it lacks in providing security to data while transferring. Wireless sensor networks play a vital role in transferring the data from one network to another without any delays or disturbances. The functionality and behavior of the WSN are completely dissimilar from the other wireless network devices present in WSN.WSN are not assured by the users. In terms of battery and power these devices are much more restrained. The WSN can be separated into two parts Data acquisition and data dissemination network. Data acquisition network consists of sensor nodes and base stations. Sensor nodes are the accumulation of small devices with the charge of assessing the physical information of its setting, and base stations are influential devices in case of gathering information of its surroundings. Sensor networks are mainly projected for real-time collection and analysis of low level data in aggressive environments (Javier Lopez and Jianying Zhou, 2008). For this reason they are well fitted to a significant amount of monitoring and observation applications. Famous wireless sensor network applications involve wildlife monitoring, bushfire response, military command, intelligent communications, industrial quality control, infrastructures, smart buildings, traffic monitoring and examining human heart rates etc. greater part of the sensor network are spread in aggressive environments with active intelligent resistance (Feng Zhao and Leonidas J. Guibas, 2004). Hence security is a crucial issue. One obvious example is battlefield applications where there is a pressing need for secrecy of location and resistance to subversion and destruction of the network.
2.3. Evaluating the existing security designs in WSNs
Evaluation of existing systems can be done with the help of data security requirements like data authentication, availability and authentication. Security is not provided efficiently by the existing systems due to weak security strengths and is exposed to many different attacks. Security authentication tools such as authentication and key management. These tools provide various security mechanisms for sensor network. Routing and localization are supports sensor network
(Donggang Liu and Peng Ning, 2007). Similar to the traditional networks most of the sensor network applications need security against introduction, and modification of packets. Cryptography is the standard defense. Interesting system tradeoffs grow while comparing cryptography into sensor networks. For point-to-point communication, continues cryptography attains a high level of protection but involves those keys to be set up among all end points and be in companionable with passive participation and local broadcast (C. S. Ragahavendhra, Krishna M. Sivalingam, Taieb F. znati, 2004). Link layer cryptography with a network wide shared key simplifies key setup and supports passive participation and local broadcast but intermediate nodes might alter messages. The earliest sensor networks are likely to use link layer cryptography because this approach supplies the greatest ease of deployment among presently available network cryptographic approaches. Subsequent systems may react to demand for more security with more advanced use of cryptography. Cryptography implies a performance cost for extra computation that frequently gains packet size. Cryptographic hardware support increases efficiency and also increases the financial cost of implementing a network.
Limitations of existing key management schemes
From many past years many different pre-distribution schemes have been proposed. Hop-by-hop is one of the techniques which don’t provide end-to-end security in a proper manner. This hop-by-hop not only involves the end points but also have the intermediate components for data forwarding. Hop-by-hop header carries information which should be examined by each and every node along the packet path. As this technique involves each node referencing and processing it becomes complex in analysis of networks (Alberto Leon Garcia and Indra Widjaja, 2004). Data authentication and confidentiality is very much vulnerable to inside attacks and the multi hopping makes a worse while transmitting the messages. The problem of distributing and updating cryptographic is to valid member is known as Key Management. The key management is one of the most important tasks in the cryptographic mechanisms for networks. However the sensor networks, the key management is one of the more challenging network because there may be no central authority, trusted third party, or server to manage security keys. The key management performed in the distributed way. The self organization scheme to distribute and manage the security keys proposed (Yang Xiao, 2006). This system certificates are stored and distributed to the user by themselves.
False data filtering and their analysis
This helps in protecting data from validation in WSNs. Data that is not authorized will be filtered out by the transitional nodes. Location Based Resilient Secrecy (LBRS) is the proposed scheme that identifies the problems and errors in Statistical En-route Filtering (SEF) and Interleaved Hop-by–Hop Authentication (IHA). All these methods are highly exposed to interference attacks and selective forwarding attacks (kui Ren, Wenjing Lou and Yanchao Zhang, 2008). SEF helps in detecting and dropping the false reports during the forwarding process that contains Message Authentication Codes (MAC) generated by multiple nodes (Anne-Marie Kermarrec, Luc Bouge and Thierry Priol, 2007). IHA identifies the fake reports by using interleaved authentication
2.4. Data Security Requirements in Wireless Sensor Networks (WSNs)
As wireless sensor networks usage is increasing in organizations, security should be provided for data in order operate organizations successfully. Data security in wireless sensor networks includes data authentication, data availability and data confidentiality. Data should be available for authenticated users only in order to provide security. Various data security requirements for wireless sensor networks are (Kui Ren, Wenjing Lou and Yanchao Zhang, 2008):
- Data availability
- Data Confidentiality
- Data authentication
- Data integrity
- Time synchronization
- Secure Localization
Data availability – To ensure availability of message protection in sensor network it should protect the resources or sensor nodes. Nodes in sensor networks should be guarded from unnecessary processing of messages. Avoiding unnecessary processing can reduce the energy usage so that the life time of sensor network increases. Wireless sensors are influenced by many factors like limited communication capabilities and computation. Wireless sensor networks are vulnerable to various attacks like Denial of Service attacks, node compromise attack and resource consumption attack (Shinqun Li, Tieyan Li and Xinkai Wang, 2002). Hence, in order to provide availability and security resources should be maintained effectively.
Data Confidentiality – In wireless sensor networks confidentiality can be achieved by allowing only authenticated users to access the data. In sensor networks data can be secured by using cryptographic methods. Using encryption and decryption for data allows only authenticated users to access the data. Unauthorized or third parties cannot read the original data if confidentiality is provided effectively (Chris Karlof, Naveen sastry and David Wagner, 2004). Hence to have confidentiality for data wireless sensor networks should make of encryption methods.
Data authentication – Authentication is necessary for controlling the sensor networks effectively. Data authentication in sensor networks allows the users to verify whether the data is sent from authorized resources or not. It also protects the original data from alterations. Digital signatures can be used for authentication in sensor networks (Mona Sharifnejad, Mohsen Sharifi and Mansoureh, 2007). Hence, authentication in sensor networks can be achieved with digital signature which helps in authenticating the senders.
Hence from the discussion it can be given in order to provide security data availability, authentication and confidentiality should be sustained in sensor networks.
Data integrity in sensor networks is required to check the dependability of the information and concerns to the capability, to support that message has not been corrupted, altered or changed. Even if the network has confidentiality measures, there is still a possibility that the data integrity has been compromised by alterations (Richard Zurawski, 2006). The integrity of the network will be in trouble when the malicious node present in the network throws fake data. Wireless channel cause damage or loss of data due to unstable conditions. Hence from the above it can be given the information provided by the sensor network is easily corrupted which can leads to loss of data.
Most of the sensor network applications trust on some form of time synchronization. Moreover, sensors may wish to calculate the continuous delay of a packet as it moves among two pair wise sensors. For tracking the applications a more collaborative sensor network may involve group synchronization.
The usefulness of a sensor network will trust on its ability of each sensor to accurately and mechanically locate in the network (G. Padmavathi and D. Shanmugapriya, 2009). A sensor network planned to locate faults and it need accurate fixed information in order to identify the location of a fault. In this an attacker can easily misrepresent non secured location information by giving false signal strengths and playing back signals. Hence from the above content it has discussed about the security goals that are widely available for wireless sensor networks.
2.5. Proposing Location-Aware End-to-end Data Security (LEDS)
LEDS helps in providing safety to data in a well-organized way. Security to data is provided through confidentiality, authentication and availability in LEDS. This mechanism has the ability to provide en-route filtering and end to end authentication. It makes use of key management for achieving data security. LEDS can be used either in small networks or large networks (Ed Dawson and Duncan S. Wong, 2007). LEDS splits the whole network into small cell regions and sends keys for each cell in order to provide security. Cell size of LEDS depends on the number of keys distribute and it does not support dynamic topology. Sensors helps in finding events that are occurring in network. Encryption of events is happened in networks by sensor nodes which are participating in the network. In order to encrypt the events LEDS uses the pre distributed cell keys (Abu Shohel Ahmed, 2009). Sensor nodes calculates unique share key for sensors after encrypting the data, where this is demonstrated using different sinks. Sensor nodes use authentication keys for calculating MACs. To avoid duplicate reporting each and every report is given with different MACs. A report or data validity will be checked at each and every node while broadcasting through networks in order to provide data security (Fan Ye, Hao Yang and Starsky H.Y. Wong, 2006). Hence from the above discussion it can be understood that, LEDS mechanism helps wireless sensor networks in providing end to end security. This mechanism makes use of key management in order to provide data authentication, confidentiality and availability.
The main aim of designing LEDS is to provide end to end data security through data confidentiality, authenticity and availability. LEDS has the capability of preventing false data report attacks. Brief description of the goals of designing LEDS:
Provide end-to-end data confidentiality and authenticity:
Event reports in wireless sensor networks can maintain authenticity and confidentiality if the sending nodes themselves are not compromised for data corruption. Compromised nodes may affect the neighbor node performance. Cryptographic methods are used to protect data from attackers which is collected from compromised nodes. Key management assists in providing data authenticity and confidentiality by LEDS (Jun Luo, Panos Papadimitratos and Jean-Pierre Hubaux, 2007). In LEDS key management mechanism the nodes use keys for applying cryptographic methods on data in order to provide security.
Achieve high level of assurance on data availability:
If any attack occurs on data in wireless sensor network, then it should be flexible in selecting alternative ways for forwarding the data. In order to ensure availability, networks should be able to detect and drop the duplicate reports in an efficient and deterministic manner (Kui Ren, Wenjing Lou and Yanchao Zhang, 2008). LEDS assures data availability in the networks by identifying the duplicate reports early in the networks.
Hence from the discussion it can be understood that, LEDS was designed for providing security in the wireless sensor networks. False information reports can be eliminated by using some LEDS mechanisms in networks.
2.6. Components of Location-Aware End-to-end Data Security
To provide data security, LEDS makes use of two major components:
- Location-aware key management framework.
- End-to-end data security mechanism.
LEDS provides end to end security by providing data authentication, confidentiality and availability.
2.6.1. Location-aware key management framework
As wireless sensor networks are used in wide range of applications it should be deployed correctly in order to collect data. Network planners should give a framework before organizing in order to have security to data. LEDS makes use of key management in providing framework for the sensor networks. Using Key management in LEDS exploits the static and location-aware nature of wireless sensor networks (Reihanah Safavi Naini, 2008). Key management adopts a grid structure for redistributing and examining specific properties related to designing process. For providing a light-weight and robust location aware key management framework for sensor nodes in network preloaded keys are distributed in networks. This framework can be understood through embedding location information into the keys. Framework using key management should be derived in such a way that it should provide data authentication, confidentiality and availability (Yan Zhang, Honglin Hu and Masayuki Fujise, 2006). In LEDS every sensor node computes three different types of location-aware keys for distributing purpose. A sensor node computes two unique secret keys which can be shared between a node and sink. These keys help in providing node to sink authentication. A cell key will be distributed between two nodes in the same cell. Confidentiality to data in Wireless Sensor Networks is given by distribution cell keys among network elements. A set of authentication keys can be distributed among the nodes in the network in order to provide authentication to the nodes. This distributing of keys can help sensor networks in data filtering. A Sensor node in the network computes the location-aware key independently. Key management provides basis for end to end data security (Kui Ren, Wenjing Lou and Yanchao Zhang, 2008). Key management strategies for wireless sensor network have proposed recently existing keys which are based on pre-distribution where a probabilistic access for fixing up session keys among adjacent nodes. Random key Pre-distribution schemes are dangerous to selective nodes and node replication attacks. These frequent attacks can be prohibited by the location aware key management. More challenges are to be taken by the location aware key management such as connectivity within the groups, deployment flexibility and security resilience (Xiaofang Zhou, 2006). Existing strategies need the deployment data as a priority before the deployment. This makes it very hard in major applications. Hence from the above discussion it can be concluded that, for developing a structure for WSN LEDS uses the key management technique. In this framework the safety to data is given by the distribution of keys between sensor nodes. Different location-aware keys computed from sensor nodes can provide data confidentiality, authentication and data filtering.
2.6.2 End-to-end data security mechanism
Security is the main issue in transformation of data over internet or any wired or wireless communication. Several encryption methods are implemented and deployed in organization for providing security to data. Network smart cards supports networking mainstream standards and secured protocols. Private data can be sent from smart cards to remote server by establishing a secured connection between network smart cards and trusted remote internet server. This mechanism helps in avoiding manual type for confidential information. End-to-end mechanism struggle in identifying threat mechanism that will capture the data before it is encrypted (Yuliang Zhenq, 2004). Specificdevices and protocols can be installed at the end point connection for offering end to end security. Hyper text Transfer Protocol (HTTP) connection is an example of end-to-end connection to web server where an IP security is used as end-to-end security. There is an opinion that end-to-end security mechanism provides solutions in providing security to network based systems. Wireless sensor networks usually consist of a prominent number of resource constraint sensor nodes which are distributed in neglected uncongenial surroundings, and therefore are displayed to more characters of serious insider approaches due to node cooperation. Existing security designs generally supply a step by step security prototype and are exposed to such attacks (Claude Castelluccia, 2005). Moreover, existing security designs are also exposed to several DOS attacks such as report disruption attacks and selective forwarding attacks and thus put information accessibility at stake. To overcome these exposures for major static WSNs come up with a location-aware end-to-end security framework in which secret keys are bound to geographic locations (frank Stajano , Catherine Meadows, Srdjan Capkun and Tyler more, 2007). This location alert property successfully limits the impact of settled nodes only to their locality without involving end-to-end data security. The suggested multi functional key management framework checks both node to sink and node to node authentication along with the report forwarding routes and the suggested data delivery access assures effective en-route fake data filtering, and is highly influential against DOS attacks. In end-to-end security the end points refers to connection between client and server. Providing security is the major constraint for transferring data in a secured manner. For providing end-to-end secure communication constrains components like (Michael H. Behringer, 2009)
- Identity- which helps in identification of entities at both the ends
- Protocols- to provide required security functions protocols are implemented with the help of algorithms.
- Security- the end points used by network should be provided with secured protocols and the operations implemented on the end points should be in a secured manner.
Thus from the above context it can be given that networks which uses end-to-end security mechanism provides a great security. In spite of having some potential problems end –to-end security many of the organizations are deploying this type of mechanism. End-to-end security protocols and their clarification acts as keystone in having security for the networks.
2.7. Security and performance analysis of LEDS
Location aware End to end Data security design (LEDS) function is to anticipate the security and analyze in diverse etiquette. Digital systems afford the sanctuary by means of sundry techniques. In providing the security features researchers generate innovative services for improving the recital and trustworthiness of single technique algorithm (Sam Brown, 2002). Along with security the performance, hardware and software implementations are focused, transparency of the requirements as well as performance and productivity. The factors that involves in escalating this technology are Viability, power consumption, area, complexity, Flexibility. Security analysis can be explained in three dissimilar ways (Kui Ren, Wenjing Lou and Yanchao Zhang, 2008):
- Data Confidentiality as the security strength
- Data Authenticity
- Data Availability
Data Confidentiality as the security strength:
The requirement of provide data confidentiality within the internal network can be met using the same deployment and management approaches used. Using of the data encryption standard the confidentiality of encryption could be obtained. Data Confidentiality is also used in the Marketing and Sales (John W. Ritting House and James F. Ransome, 2004). In LEDS every report is encrypted by the corresponding cell key and therefore no nodes out of the event cell could obtain its content. Node from the event cell is compromised as the attacker obtains the contents of the corresponding reports because of the data confidentiality. Scheming total network cells number of compromised nodes and portion of compromised cell were utilized. There are two ways for calculating they are Random node capture attack and selective node capture attack.
The above figure shows the data confidentiality in LEDS. One has to be clear that in compromising 40% of total cells at least 5% of the total nodes are to be compromised. Along with random node capture attacks accessible defense designs in which compromising a few hundred nodes usually compromise even in all the network communication, which specifies the dominance of the altitude in litheness.
By using diverse online techniques authenticity of data is accomplished. Significance of the data generation determines the position of the obligation (Chris Mann and Fiona Stewart, 2000). Security strength of LEDS regarding the data Authenticity is obtained by the content o