You are on page 1of 5

International Journal of Scientific Research Engineering & Technology (IJSRET), ISSN 2278 0882

Volume 4, Issue 3, March 2015

Survey on Various Attacks and Message Authentication


Schemes in WSN
Tejaswini B S,
Dept. PGSCEA
The National Institute of Engineering
Mysore

ABSTRACT:
Wireless sensor networks (WSN) are gaining
more importance in area of research and
development Because of its wide range of
applicationsand usage of less battery power.
Despite making such sensor networks possible,
the very wireless nature of the sensors presents a
number of security threats when deployed for
certain applications like military,surveillances
etc. The problem of security is due to the
wirelessnature of the sensor networks and
constrained nature of resources on the wireless
sensor nodes.Hence the traditional security
architecture used for wireless networks are not
always valid for WSN.Since the nodes are
always placed in a dangerous environment, the
nodes are physically not protected.This is an
added vulnerability to WSN. Number of
schemes have been developed to prevent
unauthorized access of messages. One of such
scheme is Message authentication which is the
one of the most efficient way to prevent
unauthorized and corrupted messages from
being forwarded in wireless sensor networks
(WSNs). There are various methods for
authentication such as Message Authentication
Code, Signedecryption, and Key Aggregate
System .This paper is about investigating
various methods for authentication.Other goals
are to give an introduction to general security in
wireless sensor networks. Each message
authentication methods have their own problems
such as threshold overhead and key management
and computation overhead and scalability. To
solve such problem we developed a new
authentication scheme which uses the elliptic
curve cryptography, in which any node can
transmit n number of message without threshold
problem. This paper is to do survey before
actually implementing it.

Prof. Bhat Geetalaxmi Jairam


Dept.IS&E
The National Institute Of Engineering
Mysore

Keyword:
Authentication,
elliptic
curve
cryptography, symmetric key, public key.

I.

INTRODUCTION

Message authentication is defined as the way of


detecting at the receiver side wheather the
message sent by the sender has been modified or
not while travelling across transmission
medium. Message authentication protects the
integrity of the message. The special
characteristics of Wireless sensor is the absence
of infrastructure. And they also have have
limitedbandwidth, energy constraints, low
computationalcapabilities.Inspite
all
these
limitations wireless sensor networks have wide
range of applications in military, medical
fieldetc. Since the node is deployed in a hostile
environment the security becomes the major
constraint in WSN.The WSN can be easily
hacked by an attacker and he can gather all the
private information which is present. In many
cases it is sufficientto secure data transfer
between the sensor nodes and thebase station.In
particular, the base station must be able toensure
that the received message was sent by
specificsensor node and not modified while
transferring.ManyWSN
applications
needs
strong and lightweightauthentication schemes to
secure data from unauthorised users. To
overcomeall security issue many different
scheme that had beendiscover. Some schemes
detects thecompromised node , detects the
injected false messagein the network or giving
special authorization to the senderor receiver,
Encryption of decryption is the most often used
scheme for providing the security. Message
authentication prevents the unofficial and
corrupted message in WSN.It is a short piece of
informationused to authenticate a message and
to provide integrity andauthenticity to the
message.
Symmetric-keycryptosystems
or
public-key cryptosystems are the various

www.ijsret.org

148

International Journal of Scientific Research Engineering & Technology (IJSRET), ISSN 2278 0882
Volume 4, Issue 3, March 2015

schemesthat are proposed to provide authenticity


and integrity of the message. These schemes
have limitations such as highcomputational and
communication overhead, lack ofscalability,
node compromise attacks. I have mentionsome
schemes that actually implemented for
preserving thesecurity of WSN through
authentication method.

II.

TYPES OF ATTACKS ON WSN

Security in WSN is essential since wireless


networks are vulnerable to security attacks and
the nodes will be placed in a dangerous
environment.
There are two different attacks in WSN:
1. Attack against security mechanisms.
2. Attack against basic mechanisms (like routing
Mechanisms).
In many applications, the data obtained by the
sensing nodes needs to be kept confidential and
it has to be authentic [22]. A false or malicious
node could interceptprivate information, or
could send false messages to nodes in
thenetwork if there is no security in a network.
The main attacks are: Denial of Service (DOS),
Wormhole attack, Sinkhole attack, Sybil attack.
Brief description of various attacks are given
below.
2.1 Denial of Service (DoS)
Unintentional failure of nodes or malicious
action results in DOS.DOS attackerstarts over
using all the available resources by sending
unnecessary packets thus resulting in delay in
access of resources by users.[19][20].DOS not
only disrupt destroys the network, it also
diminishes the network capability[2].Various
layers of wireless sensors networks becomes the
victim of DOS attack. Atphysical layer it results
in jamming and tempering, at link layer
collision, atnetwork layer black holes and at
transport layer it is by desynchronisation and
malicious flooding
2.2 The Wormhole attack
A node (sender) sends message to another node
(receiver) in a network. The receiver sends the
same message to the neighbouring nodes. The
neighbouring nodes assumes that the
sender(originating node) has sent the message
and it tries to communicate with the sender and
fails since the sender will be very far i.e., out of
range. This is a very serious attack in WSN
since compromising a sensor in network is not
required. It will be performed at the initial phase

during the phase of discovering neighbouring


information [23]. Since the routing information
supplied by a node is difficult to verify
Wormhole attacks are difficult to counter
2.3 The Sybil attack
In this attack, a single node i.e. a malicious node
will appear tobe a set of nodes and this
malicious node will send incorrect information
to a node inthe network.The informationcan be a
[22] position of nodes, signal strengths, making
up nodesthat do not exist.Authentication and
encryption are the best remedy to prevent a
Sybil attack on the sensor network by an
outsider. Whereas an insider cannot be
prevented in participating in thisattack in a
network.Public key cryptography is the only
means that can prevent insider attack but public
key cryptography is expensive to be used.

III.

DEFENSE MECHANISMS

The following section shows the preventive


measures for all the attacks which are so far
explained.
3.1 DOS prevention
Authentication, trafficidentification [19][20],
charging for the various resources used are the
various ways to prevent DOS attacks. One
among the various security technique uses
authentication scheme. It uses the concept of
reprogramming process. The whole program is
divided into series of messages, wherein which
each message contains the hash value of next
message. Inthis, the intruder cantstop a program
transmission which is running, even when the
hashed message is known, because it is
impossible to reconstruct the message that
matches the hash value of previous message.
Various attacks can be easily prevented by using
encryption, authentication mechanism, and
many other mechanism can easily trigger the
administrators about the attacks which are
ongoing.
3.2 Wormhole attack prevention
A proactive routing protocol DAWWSEN [24],
was developed which is based on construction of
hierarchical tree. Inthis, the root node acts as the
base station, the leaf nodes are the sensor nodes
of the tree. The main advantage of this is, that it
does not require any information on sensor
nodes such as geographical information. And
this does not take the time stamp of the packet
for detecting a wormhole attack.

www.ijsret.org

149

International Journal of Scientific Research Engineering & Technology (IJSRET), ISSN 2278 0882
Volume 4, Issue 3, March 2015

3.3 Sybil prevention


The mechanisms to prevent against Sybil attacks
are to utilizeIdentity certificates [25]. The
setupServer assigns each sensor node some
uniqueInformation. The identity certificate is
created which binds the nodes identity to the
assigned unique information and this
information is downloaded to the node.A node
proves itself by matching the unique information
withits identify certificate. Identity certificates
[25] can be computed by using Merkle hash
tree.This tree is a vertex-labelled binary tree.
The label of eachNon-leaf vertex is a hash of the
concatenation of the labels of itstwo child
vertexes. The set ofVertexes on the path from
the leaf to the root of the tree is the primary path
of a leaf vertex. TheAuthentication path has the
siblings of the vertexes on thisPrimary path.
Given a vertex, its authentication path, and
theHash function, the primary path can then be
computed, up to andincluding the root of the
tree. The computed value of the rootCanis
thencompared with a stored value, which verify
theAuthenticity of the label of the leaf vertex.

IV.

LITERATURE SURVEY

Efficient Authentication over Lossychannel [1]


paperIntroduces schemes, TESLA and EMSS,
forsecure Lossy multicast streams. TESLA,
TimedEfficient
Stream
Loss-tolerant
Authentication, provides senderAuthentication,
strong loss robustness, scalability, andminimal
overhead, at the cost of looseinitial
timesynchronization and slightly delayed
authentication. EMSS, Efficient Multi-chained
Stream Signature, provides non repudiation of
origin, loss resistance, andlow overhead, at the
cost of slightly delayed verification.
Attacking cryptographic scheme [2] show
attacks on several cryptographic systems. This
schemes use perturbation polynomials. It add
noise to polynomial-based systems which
gives security to the information. They show
that the heuristic security argumentsgiven for
these modified schemes do not hold, and the
heuristic
security
arguments
can
be
completelybroken once the parameters are
extended beyond the achieved underlying
information theoreticschemes.
R.L. Rivest, A. Shamir, and L. Adleman [3]
proposed aMethod for get Digital Signatures and
Public-KeyCryptosystems. They showed that
message is encrypted by representing it as
M,raising it to the power e,later taking the
remainder when the result is divided by which is

the product of two large prime numbers p and


q.Decryption is as same as encryption. The more
the complexity in factorizing the divisor n,
greater is the security of the system.
Comparing Symmetric-Key and Public-Key
Based SecuritySchemes [4] proposed a system
that keeps track of the user accesscontrol on
commercial sensor devices.They also does
worked to provides integrating and designing
public-keybased protocols for sensor networks.
David Point cheval and Jacques Stern [5]
introduces the signature schemes. Providing
security proofs forsignature schemes in the
random oracle model is discussed in this
paper.They establish the generality of this
technique againstadaptively chosen message
attacks.The main application provides security
proof for a variant of the ElGamal signature
scheme where saved values arehashed with the
message.
In A SecureNetwork Discovery by Message
Authentication [6] in Wireless Sensor Network
they introduce ascalable authentication scheme
based on elliptic curvecryptography (ECC). Any
node can send unlimited number of messages
without threshold problem.
Dining
cryptographer
scheme
[7]
preservessecurity
for
message
authenticationover the destination.This keeps the
data confidential, by tracing the transmission to
its origin. This solution secures the system only
based on one time used key or public keys. In
this paper, theencryption of message is done
with recipient public keys to provide security.
The sender keeps the identification of recipient.
Thesender also adds the prefix to the message
which can only be decrypted by recipient with
recognizedprefix. Each time a different prefix
has to be used.
Statistical En-route Filtering (SEF) [8]
mechanism can detect and drop false reports in a
node. Sensor network has a large number of
smallsensors. Detecting false reportsinjected by
compromised node is a challenge in large scale
sensor networks .Whena node in compromised
all the data present in that node can be accessible
by anyone.These types of nodes provides false
report to all its neighbouring nodes. This type of
problem is solved by asymmetric encryption.
Inthis paper, author provides new scheme of
statisticalenroute filtering (SEF).In order to
prevent the node from failure, SEF limits the
information assigned to each node. Each time
the sending node verifies the MACs while
forwarding
the
sensing
reports.Thekey

www.ijsret.org

150

International Journal of Scientific Research Engineering & Technology (IJSRET), ISSN 2278 0882
Volume 4, Issue 3, March 2015

assignment method is used for enroute detection


offalse report. They design a mechanism for
collective data report generation, enrol report,
filtering and sinkverification .This method can
efficiently filter out 90% of false data in
compromised nodes.
ElGamal [9] Public key cryptography is applied
for digitalsignature.ElGamalalgorithm has more
application in the field of e commerce and
authentication. In this paper new improved
ElGamal algorithm is implemented which is
more efficient than old ElGamalalgorithm. The
difference between these two algorithms is
discussed in this paper.The new ElGamal is
more complex than older one because if the
hacker needs to solve the test solution, each time
he needs to go through an inverse and
exponential. The author concentrate on
increasing the security of random numbers. And
provides complex link between random number
and private key. So, hackers cannot use random
number to attack the private key.
An
interleavedhop-by-hop
authentication
scheme [10] is used forperfectauthentication .In
militating application there is a need to monitor
the enemy activity, which can be achieved by
clustering. Clustering is grouping up of
certaingroup of nodes in particular area. A base
station can be created in a secured location to
collect all the data ad to control the activities of
sensors The hacker may compromise a node in a
cluster and then he may use same node to inject
false data into the network. In this paper
prevention against false data injection is
discussed. Here, according to author base station
is responsible for authenticity of reports.Before
the false injected packet reaches the base station,
it is filtered according to this scheme. Different
phases are present in this scheme like line
nodeinitialization,
deployments
phase,
association discoverynodes to discover ids of the
associated node, report endorsement to generate
the report. Here the main aim is to provide
security to the packets during the transmission.
A ring signature [11], specify aset of signers
without revealing which member hasproduced
the signature. Ring signatures does not have
group managers, no setupprocedures, no
revocation procedures, and no coordination as in
group signatures. In this paper a new way of
construction of signature is discussed which is
more secured than oracle model and it is
efficient. Adding the ring member increases the
cost of signing and single symmetric encryption.

Network without user observatory [12] deals


withrelationship between the sender and receiver
for security purpose. In this paper various
anonymity concept related to receipt and sender
anonymity is introduced. Recipientanonymity
deals with implicit address, to address thecorrect
recipient. Aspecial network station called MIX
realises the unlink ability of sender and
recipient. MIX collects the unlimited number of
messages from sender and changes their
encoding and transmit it to the recipient in
various different orders. Like this the
relationship between the sender and recipient is
hidden..The sender generates one key bit for
each message and set it to the other user station
in a secure channel in this way sender
anonymity is preserved by MIX.

V.

CONCLUSION

Authentication plays a main role in securing the


message to be transmitted. Through proper
message authentication only one can achieve
great security. Security is the only seed that
plant the proper tree of authenticity. This is a
survey paper As a future enhancement the aim is
to develop efficient authentication scheme using
ellipticcurve cryptography.to investigate the
different techniques available in message
authentication. Any number of messages can be
transmitted without threshold problem in this
scheme. This is provided by deployment of
secure Message authentication code (MAC).

REFERENCES
[1] Perrig, R. Canetti, J. Tygar, and D. Song,
Efficient Authentication and Signing of
Multicast Streams over Lossy Channels, Proc.
IEEE Symp. Security and Privacy, May 2000.
[2] M. Albrecht, C. Gentry, S. Halevi, and J.
Katz, Attacking Cryptographic Schemes Based
on
Perturbation
Polynomials,
Report
2009/098, http://eprint.iacr.org/, 2009.
[3] R. Rivest, A. Shamir, and L. Adleman, A
Method for Obtaining Digital Signatures and
Public-Key Cryptosystems, Comm. ACM, vol.
21, no. 2, pp. 120-126, 1978.
[4] H. Wang, S. Sheng, C. Tan, and Q. Li,
Comparing Symmetric-Key and Public-Key
Based Security Schemes in Sensor Networks: A
Case Study of User Access Control, Proc. IEEE
28th Intl Conf. Distributed Computing Systems
(ICDCS), pp. 11-18, 2008.

www.ijsret.org

151

International Journal of Scientific Research Engineering & Technology (IJSRET), ISSN 2278 0882
Volume 4, Issue 3, March 2015

[5] D. Pointcheval and J. Stern, Security


Arguments for Digital Signatures and Blind
Signatures, J. Cryptology, vol. 13, no. 3, pp.
361- 396, 2000.
[6] Ashwini M. Rathod, Archana C. S, Secure
Network Discovery by Message Authentication
in Wireless Sensor Network ,international
Journal of Research in Engineering Technology
and Management ISSN 2347 7539
[7] D. Chaum, The Dinning Cryptographer
Problem: Unconditional Sender and Recipient
Untraceability, J. Cryptology, vol. 1, no. 1, pp.
65-75, 1988.
[8] F. Ye, H. Lou, S. Lu, and L. Zhang,
Statistical En-Route Filtering of Injected False
Data in Sensor Networks, Proc. IEEE
INFOCOM, Mar. 2004.
[9] T.A. ElGamal, A Public-Key Cryptosyst m
and a Signature Scheme Based on Discrete
Logarithms, IEEE Trans. Information Theory,
vol. IT-31, no. 4, pp. 469-472, July 1985.
[10] S. Zhu, S. Setia, S. Jajodia, and P. Ning,
An Interleaved Hop-By- Hop Authentication
Scheme for Filtering False Data in Sensor
Networks, Proc. IEEE Symp. Security and
Privacy, 2004
[11] R. Rivest, A. Shamir, and Y. Tauman,
How to Leak a Secret, Proc. Advances in
Cryptology (ASIACRYPT), 2001.
[12] A. Pfitzmann and M. Waidner, Networks
without User Observability Design Options,
Proc. Advances in Cryptology EUROCRYPT),
vol. 219, pp. 245-253, 1985.
[13] M. Reiter and A. Rubin, Crowds:
Anonymity for Web Transaction, ACM Trans.
Information and System Security, vol. 1, no. 1,
pp. 66-92, 1998.
[14] C. Blundo, A. De Santis, A. Herzberg, S.
Kutten, U. Vaccaro, and M. Yung, Perfectly
Secure Key Distribution for Dynamic
Conferences, Proc. Advances in Cryptology
(Crypto 92), pp. 471- 486, Apr. 1992.
[15] Waidner, Unconditional Sender and
Recipient Untraceability in Spite of Active
Attacks, Proc. Advances in Cryptology
(EUROCRYPT), pp. 302-319, 1989. [16] M.
Bellare and P. Rogaway, Random Oracles are
Practical: A Paradigm for Designing Efficient
Protocols, Proc. ACM First Conf. Computer
and Comm. Security (CCS 93), pp. 62-73,
1993.
[17] W. Zhang, N. Subramanian, and G. Wang,
Lightweight
and
Compromise-Resilient
Message Authentication in Sensor Networks,
Proc. IEEE INFOCOM, Apr. 2008.

[18] Jian Li, Yun Li, Jian Ren, Senior Member,


IEEE, and Jie Wu, Fellow, IEEE,Hop-by-Hop
Message Authentication and Source Privacy in
WirelessSensor Networks, ieee transactions on
parallel and distributed systems, vol. 25, no. 5,
may 2014
[19]. A.D. Wood and J.A. Stankovic, (2002)
Denial
of
Service
in
Sensor
Networks,Computer, vol. 35, no. 10, 2002, pp.
54 62. [20]David R. Raymond and Scott F.
Midkiff,(2008) "Denial-of- Service in Wireless
Sensor Networks: Attacks and Defenses," IEEE
Pervasive Computing, vol. 7, no. 1, 2008, pp.
74-81
[21]. E. C. H. Ngai, J. Liu, and M. R. Lyu,
(2006)On the intruder detection for sinkhole
attack in wireless sensor networks, in
Proceedings of the IEEE International
Conference on Communications (ICC 06),
Istanbul, Turkey..
[22].Adrian Perrig, John Stankovic, and David
Wagner, (2004) Security in wireless sensor
networks, Commun.ACM, 47(6):53-57.
[23]Zaw Tun and Aung Htein Maw,(2008),
Worm hole Attack Detection in Wireless Sensor
networks, proceedings of world Academy of
Science, Engineering and Technology Volume
36, December 2008, ISSN 2070-3740.
[24] Rouba El Kaissi, Ayman Kayssi, Ali
Chehab and ZaherDawy, (2005)DAWWSEN:
A Defense Mechanism against Wormhole ttack
In Wireless Sensor Network, Proceedings of
the Second International Conference on
Innovations
in
Information
Technology
(IIT05).
[25] J. R. Douceur,(2002) The Sybil Attack, in
1stInternational Workshop on Peer-to-Peer
Systems (IPTPS 02).

www.ijsret.org

152