IPASJ International Journal of Electronics & Communication (IIJEC)

A Publisher for Research Motivatin........

Volume 2, Issue 1, January 2014

Web Site: http://www.ipasj.org/IIJEC/IIJEC.htm Email: editoriijec@ipasj.org ISSN 2321-5984

ATTACKS AND COUNTERMEASURES IN WSN

J.Steffi Agino Priyanka1 , S.Tephillah2 and A.M.Balamurugan3
2 1 PG Scholar, St. Josephs College of Engineering, Chennai, Tamil Nadu SAssociate Professor, St. Josephs College of Engineering, Chennai, Tamil Nadu 3 Associate Professor, St. Josephs College of Engineering, Chennai, Tamil Nadu

ABSTRACT
A wireless sensor network (WSN) is comprised of a large number of sensors that collaboratively monitor various environments. The sensors all together provide global views of the environments that offer more information than those local views provided by independently operating sensors. There are numerous potential applications of WSNs in various areas such as residence, industry, military and many others. While the deployment of sensor nodes in an unattended environment makes the networks vulnerable to a variety of potential attacks. This paper focuses the various attacks associated with wireless sensor network. Key words: Wireless sensor network, Sybil attack, Wormhole attack, Sinkhole attack, Hello flood attack.

1. INTRODUCTION
Wireless sensor Networks (WSN) consists of protocols and algorithms with self- organizing capabilities. It is used for monitoring large areas of spatial and temporal regions [1]. They are the networks that consist of sensors for sensing temperature, pressure and humidity that are distributed in an adhoc manner. The following are some factors which influence the design of sensor networks: Fault tolerance, scalability, production cost, operating environment, hardware constraints, power consumption and transmission media [2]. These sensors are of low cost, limited memory and energy is constrained due to their smaller size. They work with each other to sense some physical phenomenon. The gathered information is processed to get relevant results. An example of WSN is depicted in figure 1.Any physical quantity can be monitored by using a wireless device with a sensor and networking these sensors with the help of wireless communication capability. The advancement in WSN increases the life time of the nodes, but node failure is expected due to limited energy budget, environmental degradation, mechanical/electrical problems or battery depletion. This failure of nodes is true for sensor networks implemented in dangerous and critical applications like forest fire and defense applications.

Figure 1: Wireless Senor Network Architecture Sensor networks are widely used in both army and civil services such as battlefield surveillance, medical observation,

Volume 2, Issue 1, January 2014

Page 16

IPASJ International Journal of Electronics & Communication (IIJEC)

A Publisher for Research Motivatin........

Volume 2, Issue 1, January 2014

Web Site: http://www.ipasj.org/IIJEC/IIJEC.htm Email: editoriijec@ipasj.org ISSN 2321-5984

organic diagnosis, residence safety, etc[3]. Small size, low cost, utilization of the nodes in different environments is the goal of sensor nodes [4]. The wireless network is susceptible to wide range of security attacks due to its open nature, lack of infrastructure, fast and hostile deployment environments [3]. These networks are susceptible to defects and malicious attacks. Malicious nodes are likely to be present in WSNs due to resource constraints, falsified communications and unattended operation. Once a definite number of sensor nodes have been compromised, there are various threats that an attacker can start against wireless sensor networks [5]

2. LIST OF ATTACKS
All destructive attack targets control traffic or data traffic of wireless Sensor networks. Few examples of control traffic are routing, monitoring the liveness of nodes, topology discovery and distributed location determination. Control traffic threat comprises of (i) wormhole attack, (ii) rushing attack, (iii) Sybil attack , (iv) sinkhole attack, and (v) HELLO flood attack. An attack opposed to data traffic includes (vi) black hole and (vii) selective forwarding. These threats occur in the network layer and routing layer. Control threats are mostly hazardous since they can be utilized to destabilize the functionality of the routing protocol and generate options for a malicious node to begin a data traffic threat such as drop on every or a chosen subset of a group of data packets. Threats may contain compromised sensor nodes and introduce false data to deceive data aggregators in application layer[5] .

3. DESCRIPTION OF EACH ATTACK SYBIL ATTACK

Sybil Attack is defined as a malicious device illegitimately taking on multiple identities. At the worst, an attacker uses a physical device to generate a number of additional node identities. TYPES OF SYBIL ATTACKS Distributed storage In peer-to-peer storage systems, Sybil attack nullifies replication and fragmentation mechanisms. Distributed storage wireless sensor networks also experience the same problem. For example, the Sybil attack can easily nullify replication and fragmentation in a distributed hash table such as GHT [6]. Though the system has been designed to replicate or fragment data across many nodes, it stores data on Sybil identities generated by the same malicious n od e. Routing -In sensor networks the attack which can be used up against routi ng algori thms is Sybil attack [7]. There are two vulnerable mechanisms. One is multipath or dispersity routing and another is geographic routing. In multipath or dispersity routing a single malicious node has seemingly disjoint paths that presents several Sybil identities. In geographic routing a Sybil node appears in more than one place at one time instead of having one set of coordinates. Data Aggregation - Reading of the sensors can be aggregated in sensor network protocols to save energy rather than returning individual readings. By Sybil Attack, malicious node tries to alter the reading. Few malicious nodes reporting incorrect sensor readings will not affect the computed aggregate .However, by using the Sybil attack, one malicious node contributes to the aggregate many times. The aggregate reading can be completely altered with more Sybil nodes. Voting - A number of tasks in Wireless sensor networks use voting. In such a vote, Sybil attack helps to stuff the ballot box. The outcome of any vote depends on the number of identities the attacker owns. This helps in performing blackmail attacks in which it is assumed that the legitimate node is misbehaving. The attacker can use Sybil nodes, if there is a vote on whether the attackers identities are legitimate to vouch for each other. Fair Resource Allocation Unfair share of resources is obtained by the malicious node. Network resources are being allocated on a per node basis. For example, a single radio channel which shares the nearby nodes i s permitted to transmit by assigning a fraction of time per interval. A malicious node obtains an unfair share of any resource is allowed in Sybil attack. Services to legitimate nodes are denied by reducing their share of the resource, and also the attacker is given more resources to perform other attacks. Misbehavior Detection - In a misbehavior detection scheme, Sybil nodes spread the blame. If a particular

Volume 2, Issue 1, January 2014

Page 17

IPASJ International Journal of Electronics & Communication (IIJEC)

A Publisher for Research Motivatin........

Volume 2, Issue 1, January 2014

Web Site: http://www.ipasj.org/IIJEC/IIJEC.htm Email: editoriijec@ipasj.org ISSN 2321-5984

type of misbehavior is detected by a network .Some false positives occur in any such misbehavior detector. Due to this, no action will be taken unless several repeated offenses observed in the same node. An attacker with many Sybil nodes could spread the blame, by not having any one Sybil identity misbehave enough for the system to take action. Additionally, if the action taken is to revoke the offending node, the attacker can simply continue using new Sybil identities to misbehave, never getting revoked himself. DEFENSE MECHANISM The identity of a node can be validated by two mechanisms. Direct Validation: A nodes validity can be directly tested. Sybil nodes are made to communicate directly with legitimate nodes. When a radio message is sent to a Sybil node from the legitimate node, t he message is being listened by one of the legitimate nodes. Similarly, Messages that are sent from Sybil nodes are in fact sent from one of the malicious devi ces. Indirect Validation: The verified node is allowed to refute other nodes. Legitimate nodes are not able to communicate directly with the Sybil nodes in this attack. Instead of direct communication, one or more of the malicious devices are able to reach the Sybil nodes. These malicious nodes serve as a route to pass on messages to a Sybil node. Malicious nodes actually do not pass on the message but pretends to do so. There are many new proposals against this Sybil attack, including radio resource testing, Verification of key sets for random key pre distribution, Position verification and registration.

4. WORMHOLE ATTACK
Wireless sensor networks can be disabled by wormhole attacks. In a wormhole attack, at one point in the network the attacker receives the packets, forwards them through wired or wireless links and then passes them to another location in the network. The simplest instance is when messages are forwarded by a single node situated between two other nodes. Two distant malicious nodes are commonly involved in wormhole attacks, these nodes plot to understate their distance from each other and pass packets along an out-of-bound channel which is only available to the attacker. A well-placed wormhole created by the attacker is situated close to the base station which entirely disrupts routing. An attacker can convince nodes that there is only one or two hops away via the wormhole but it would be multiple hops from the base station. This creates a sinkhole, as they provide a high-quality route to the base station on the other side of the wormhole. If alternate routes are less attractive, traffic in the surrounding will be drawn through. This will be the case when the wormholes end point is relatively far from a base station [8] DETECTION STEPS There are many methods for detecting wormhole attacks in adhoc networks and WSNs. Some nodes in the network can be equipped with a special hardware; this is the requisite for these methods. Time synchronization or highly accurate clocks are necessary for solutions such as SECTOR and Packet Leashes to detect wormholes. Others would need a directional antenna to be used at each node while the rest involve anchor nodes which need manual setup of networks. The proposed solution node authentication uses the digital signature. In this algorithm, each sensor node in the packet header is provided with authentication which in turn is forwarded from source to destination. In wireless sensor network, only authenticate nodes can communicate. This authentication procedure h e l p s to detect the malicious nodes that serve as the cause for wormhole attack. As this method uses cryptographic concept digital signature, there is no necessity for specific hardware and clock synchronization. Node authentication is done by the use of digital signature. The sender node uses Data acknowledge to verify the receiver node at the destination and if the digital signature is false, the sender node is notified.[9] In wireless sensor networks there are two other mechanisms for detection of wormhole. Hypothesis testing is the basis for these methods and provides probabilistic results. As new links are created by the wormhole, the first is called the Network Neighbor Number Test (NNT) which detects the increase in the number of neighbors of the sensors. Shortcut links are created by the wormhole in the network, and the second mechanism is called All Distance Test (ADT), detects the decrease of the lengths of the shortest paths between all pairs of sensors. The assumptions made by both the

Volume 2, Issue 1, January 2014

Page 18

IPASJ International Journal of Electronics & Communication (IIJEC)

A Publisher for Research Motivatin........

Volume 2, Issue 1, January 2014

Web Site: http://www.ipasj.org/IIJEC/IIJEC.htm Email: editoriijec@ipasj.org ISSN 2321-5984

mechanisms is that the neighbor list were sent by the sensors to the base station , from the neighbor information obtained, the network graph is being reconstructed and the algorithm is run by the base station on the network graph.[10]

5. SINKHOLE ATTACK
The primary objective of the attacker in this method is to entice almost entire traffic in a specified field along a compromised node, which forms a sinkhole that accompanies a rival in the centre similar to a black hole attack in ad hoc networks. This attack symbolize an effort along forming a compromise node appear appealing to the neighboring nodes concerning the routing algorithm [9]. This attack is quite hard to oppose since the routing data given along a node is demanding to confirm and validate. For instance, a laptop-class adversary possess a high power radio transmitter which permits it to offer a excessive-standard route by transmitting with adequate power to extend a wide area of that network [11]

Figure 2 Demonstration of Sink hole Attack As shown in the fig 3 a compromised node engages every traffic from its surrounding nodes by saying that it offers the quickest route to reach the base station. The route is artificial high quality route.

Volume 2, Issue 1, January 2014

Page 19

IPASJ International Journal of Electronics & Communication (IIJEC)

A Publisher for Research Motivatin........

Volume 2, Issue 1, January 2014

Web Site: http://www.ipasj.org/IIJEC/IIJEC.htm Email: editoriijec@ipasj.org ISSN 2321-5984

Figure 3 Sinkhole using an artificial high quality route Fig.4 denotes the manner how a sinkhole is formed using wormhole. As shown in the figure below, a single malicious node draws every traffic and forms a burrow with further malicious node to extend to the base station.

Figure 4 Sinkhole using a wormhole COUNTERMEARSURES The sinkhole attack can be counteracted by the following approaches. Data consistency& Network flow information approach Hop count Monitoring Scheme RSSI based Scheme Monitoring nodes CPU Usage Mobile Agent based approach Using Message Digest Algorithm[12]

6. HELLO FLOOD ATTACK

To transmit hello messages from one node to its neighbors a number of routing protocols were found in WSN. A node might conclude that they are inside a radio range of the transmitter when accepting such messages .There are some exemptions in this case, a laptop class attacker which broadcasts routing or any other information with sufficient transmission power convinces every node in the network that the attacker is its neighbor. For example, a large number of nodes attempt to use a very high quality route to the base station when an adversary advertises about this route. The nodes might be transmitting the packets into oblivion for those nodes which are sufficiently far away from the

Volume 2, Issue 1, January 2014

Page 20

IPASJ International Journal of Electronics & Communication (IIJEC)

A Publisher for Research Motivatin........

Volume 2, Issue 1, January 2014

Web Site: http://www.ipasj.org/IIJEC/IIJEC.htm Email: editoriijec@ipasj.org ISSN 2321-5984

adversary. So the network remains in a condition of uncertainty. Protocols relying on localized data exchange within surrounding nodes for topology maintenance or flow control are primarily pretended by this type of attack. To utilize the hello flood attack a threat does not definitely has to build a legitimate traffic in sequence. To be accepted by every other node in the network it can directly re-transmit overhead packets with sufficient power.[13]

Figure 5 Hello Flood Attack COUNTERMEASURES Identity verification protocol is used to counteract the Hello Flood attack. Before taking correct action on the basis of a message received above that link, this protocol checks the bi-directionality of a link with encrypted echoback mechanism. When an attacker has a highly sensitive receiver and a powerful transmitter, this defense mechanism becomes ineffective. If this threat compromises a node before the feedback message, it can block all its downstream nodes by dropping feedback messages. This threat can easily form a wormhole to all nodes in the network. This measure will improbably be able to detect or control a hello flood, because the links on either side of these nodes and threats are bidirectional. A probabilistic based proposal has been approached, which drives some randomly chosen nodes to acknowledge to base station regarding hello requests, in view of the lack of energy resources of sensor nodes. The base station then further examines the request authenticity [14].

7. SELECTIVE FORWARDING
Malicious nodes might refuse to progress definite messages and directly drop them, making sure that they do not spread further in the chosen advancing attack. A Simple approach of this threat is: a malicious node acts like a black hole and refuses to advance every packet it receives. This type of a threat has the hazard that neighboring nodes will decide that this node is unsuccessful and finds an alternate route. A threat focused in defeating or changing packets starting from a few chosen nodes can reliably forward the existing traffic and restricts suspicion of its incorrect execution [15]

CONCLUSION
In this paper, a survey is given on existing and potential attacks in wireless sensor networks. We have also covered the countermeasures and potential solutions against those attacks, and mentioned some open research issues. Hopefully by reading this paper, the readers can have a better view of attacks and countermeasures in wireless sensor networks, and find their way to start secure designs for these networks.

Volume 2, Issue 1, January 2014

Page 21

IPASJ International Journal of Electronics & Communication (IIJEC)

A Publisher for Research Motivatin........

Volume 2, Issue 1, January 2014

Web Site: http://www.ipasj.org/IIJEC/IIJEC.htm Email: editoriijec@ipasj.org ISSN 2321-5984

ACKNOWLEDGEMENT
Our sincere thanks to Mr. Jerome Melkisidak, Managing director of Stigmata Techno Solutions to complete this paper.

REFERENCES
[1] PrabirBarooah, HarshvardhanChenji ,RaduStoleru and Tamas Kalmar-Nagy Cut detection in wireless sensor networks IEEE journals and magazines, volume23, issue 3 , 2012 pp 483-490 [2] I.F. Akyildiz, Y. Sankarasubramaniam , E. Cayirci Wireless sensor networks: a survey Broadband and Wireless Networking Laboratory, School of Electrical and Computer Engineering, Georgia Institute of Technology, Atlanta, GA 30332, USA,2002 , pp 393-422. [3] Issa Khalil, SaurabhBagchi, Cristina NinaRotaru, Detection, Diagnosis and Isolation Of control Attacks in Sensor Networks and privacy for Emerging areas in communication networks, First international conference ,2005, pp 89-100 [4] Mary Mathews, Min Song, SachinShetty, Rick McKenzie, Detecting compromised Nodes in Wireless sensor networks, 8th ACIS International conference on Software Engineering , Artificial Intelligence, Networking and Parallel /Distributed computing, volume 1, 2007, pp 273-278 [5] Sabeel .u, Chandra.N, Dagadi.S, A Novel for Multiple Spoof Attack detection and localization on WSN based home security system Computational Intelligence and Communication Networks(CICN), 5th International conference, 2013, pp 360- 367 [6] James Newsome, Elaine Shi, Dawn Song, Adrian Perrig, The Sybil Attack In Sensor Networks: Analysis & Defenses, Third International Symposium on Information Processing in Sensor Networks(IPSN), 2004,pp 259268 [7] Louazani.A, Sekhri.L, Kechar.B, A time Petri net model for Wormhole attack detection in Wireless Sensor networks, International Conference on Smart Communications in Network Technologies(SaCoNeT),2013, volume 1,pp1-6. [8] GuiyiWeiXueliWang Detecting Wormhole AttacksUsingProbabilisticRoutingand Redundancy Transmission. WASEInternational ConferenceonInformationEngineering2010, PP-251-254. [9] Triki, Bayrem, Rekhis, Slim, Boudriga.N, Digital Investigation of Wormhole Attacks in Wireless sensor Networks,8th IEEE International Symposium on Network computing and Applications, 2009,pp 179-186 [10] Sejun song, Haijie Wu, Baek-Young Choi, Statistical Wormhole detection for Mobile Sensor networks, 4th International conference on Ubiquitous and Future Networks(ICUFN),2012,pp 322-327

[11] VinaySoni, Pratik Modi, VishvashChaudhri, Detecting Sinkhole Attack in wireless Sensor Network, Department of Computer Engineering, LDRP-ITR, Gujarat Technological University, International Journal of Application or Innovation in Engineering & Management, volume 2, Issue 2,February 2013. [12] EdithC.H.Ngai,JiangchuanLiuandMichaelR.Lyu;OntheIntruderDetectionforSinkholeAttackin WirelessSensorNetworksIEEEInternationalConferenceonCommunications,2006,Volume8,pp.3383-3389. [13] Virendra Pal Singh, Sweta Jain, JyotiSinghai, Hello Flood Attack and its countermeasures in Wireless Sensor Networks, International journal of Computer Science issues, vol 7, Issue 3, No 11, May 2010.

Volume 2, Issue 1, January 2014

Page 22

IPASJ International Journal of Electronics & Communication (IIJEC)

A Publisher for Research Motivatin........

Volume 2, Issue 1, January 2014

Web Site: http://www.ipasj.org/IIJEC/IIJEC.htm Email: editoriijec@ipasj.org ISSN 2321-5984

[14] Dr. Moh. OsamaK., Hellofloodcountermeasurefor wirelesssensornetwork,InternationalJournal of Computer ScienceandSecurity,2007,volume(2)issue(3),pp 1-3 [15] Ding-Jie Huang, Kai-Jie You, Wie-Chung Teng, Secured flooding time synchronization Protocol, IEEE 8th International conference on Mobile Adhoc and Sensor Systems(MASS), 2011, pp 620-625 AUTHOR J.Steffi Agino Priyanka is pursuing her Masters degree in Applied Electronics from St. Josephs College of Engineering, Anna University, Chennai, Tamilnadu, India. She received her B.E degree in Electronics and Communication Engineering (2012) from Loyola Institute of Technology, Anna University, Chennai- 600025. S.Tephillah is a Research Scholar and pursuing a Doctoral Degree in Information & Communication Engineering at the Department of Electronics and Communication Engineering at Anna University, Chennai-600025, India. She Received her B.E in Electronics and Communication Engineering (2003) from Madras University, Chennai, Tamilnadu, India. She received her M.E in Applied Electronics (2006) from Anna University, Chennai, Tamilnadu. She has 8 years of experience in teaching and guiding projects for undergraduate and postgraduate students. Her research area is Security issues in Cognitive radio networks. A.M.Balamurugan is a Research Scholar and pursuing a Doctoral Degree in Information & Communication Engineering at the Department of Electronics and Communication Engineering at Anna University, Chennai 600025, India. He received his B.E in Electronics and Communication Engineering (2002) from Madurai Kamaraj University, Madurai, Tamilnadu, India. He received his M.E in Digital Communication and Network Engineering (2005) from Anna University, Chennai, Tamilnadu. He has 10 years of experience in teaching and guiding projects for undergraduate and postgraduate students. His research areas are Optical networks and Optical Communication.

Volume 2, Issue 1, January 2014

Page 23