security topology in wireless sensor networks with ... - Semantic Scholar

2 downloads 984 Views 691KB Size Report
*M.Ismail and **M.Y.Sanavullah ... limitation in a wireless sensor networks, such as, the sensor nodes must consume extremely low ... In this context, in this thesis, the power, mobility, and task management planes that can monitor the power,.
SECURITY TOPOLOGY IN WIRELESS SENSOR NETWORKS WITH ROUTING OPTIMISATION *M.Ismail and **M.Y.Sanavullah *Research Scholar, Electronics and Communication, Vinayaga Mission University, Salem **Professor and Dean, Dept. of EEE, K.S.R. Engg. College, Tiruchengode. e-mail id: [email protected] ABSTRACT Multiple sensor nodes deployed in a common neighborhood to sense an event and subsequently transmit sensed information to a remote processing unit or base station, has been the recent focus of research. Tiny sensor nodes, which consist of sensing, data processing, and communicating components, leverage the idea of sensor networks based on collaborative effort of a large number of nodes. These numerous sensors are used (similar to different sensory organs in human beings) for delivering crucial information in real-time from environments and processes, where data collection is impossible previously with wired sensors [1]. Typically, wireless sensor networks are composed of low power sensor nodes and integrate general-purpose computing with heterogeneous sensing and wireless communication. Their emergence has enabled observation of the physical world at an unprecedented level of granularity. One of the most important components of a sensor node is the power unit and may be supported in most applications by a power scavenging unit such as solar cells. Hence, there is a major limitation in a wireless sensor networks, such as, the sensor nodes must consume extremely low power. Also, wireless networks are subject to various kinds of attacks and wireless communication links can be eavesdropped on without noticeable effort and communication protocols on all layers are vulnerable to specific attacks. In contrast to wire-line networks, known attacks like masquerading, man-in-the-middle, and replaying of messages can easily be carried out. Hence, a fundamental issue in the design of wireless sensor networks is the reliability i.e. how long can the wireless sensor networks survive and how well are the wireless sensor networks recovery after the malicious attacks. In this context, in this thesis, the power, mobility, and task management planes that can monitor the power, movement, and task distribution among the sensor nodes are proposed. These planes help the sensor nodes coordinate the sensing task and also lower the overall power consumption. In addition, a secure topology discovery algorithm is proposed and its performance is studied for different types of node distributions. The proposed work is the development of architecture for secure communication in mobile wireless networks. The approach divides the network into clusters and implements a decentralized certification authority. Decentralization is achieved using threshold cryptography and a network secret that is distributed over a number of nodes. While this basic idea has been proposed earlier partially, its application on a clustered network is a novelty.

1. INTRODUCTION the data in the network layer and to design a power aware Medium Access Control (MAC) protocol (where the environment is noisy and sensor nodes can be mobile [7]), (iii) to minimize collision with neighbors broadcast and to effectively detect the aberrant nodes and eliminate them (iv)To devise simple but robust modulation, transmission and receiving techniques for the physical layer and provide WSNs the flexibility to balance detection accuracy, sensor density and energy consumption. Such energy efficient WSNs will extend the system’s life time as sensor nodes usually rely on small and non-renewable batteries [9].

A sensor node is made up of four basic components as shown in figure 1: a sensing unit, a processing unit, a transceiver unit and a power unit [5]. They may also have application dependent additional components such as a location finding system, a power generator and a mobilizer. One of the most important components of a sensor node is the power unit and may be supported in some cases even by a power scavenging unit such as solar cells. These nodes must (i) consume extremely low power (ii) operate in high volumetric densities [12] (iii) have low production cost and be dispensable and (iv) be adaptive to the environment. The primary objective of this paper is (i) to propose a secure topology discovery algorithm for a WSN (ii) To optimize the routing table and effectively route

978-1-4244-3328-5/08/$25.00 ©2008 IEEE

7

Authorized licensed use limited to: Korea Advanced Institute of Science and Technology. Downloaded on August 26, 2009 at 02:08 from IEEE Xplore. Restrictions apply.

employing nodes that are adjacent to the base station to serve as intermediaries for non-adjacent nodes. Figure 2 depicts an example of such a sensor network topology.

Figure 1 Components of a sensor node. 2. SECURE TOPOLOGY DISCOVERY ALGORITHM The secure topology algorithm proposed in this work, belongs to the class of prevention type security. The malicious nodes are prevented from eaves dropping while discovering the routes. This is implemented by providing a secret key to all sensor nodes and all the route information messages are encrypted. Perimeter security is the application chosen to illustrate the security protocol. The following assumptions are made in this work: (i) The base station is computationally robust, and possess the requisite processor speed, memory and power to support the cryptographic and routing requirements of the sensor network. (ii)The base station is part of a trusted computing environment. (iii) The communication paradigm is either base station to sensor or vice-versa (iv)The radio range of a sensor is 15 meters and sensing range is 1m. (v) The protocol provides for a multi-hop scenario where the range of a base station is extended employing nodes that are adjacent to the base station to serve as intermediaries for non-adjacent nodes.

Figure 2 Example Network Topology The format of all communication (sensor nodes and the base station) consists of a preamble, header and payload. The preamble is empty if the communication originates from the base station and is directed to a sensor; otherwise it contains the address of the sending node. The header contains the recipient’s address, nonce and a command and is encrypted under key Kj, which is shared between the base station and node j. The payload contains data exchanged between the node and the base station. As will be explained, the payload is encrypted under the shared key of the destination node, which may be different from the key used to encrypt the header. This difference comes into play when the communication needs to be relayed by an intermediate node. Figure 3 depicts the communication format. The size of the packet is assumed to be 40 bytes.

2.1 SINGLE COLLECTION AND AUTHENTICATION POINT (BASE STATION) MODEL

Figure 3 Message Format 2.2 DISCOVERY ALGORITHM

Consider the family of sensor routing protocols where each sensor communicates either directly or indirectly with a base station. In turn the base station correlates and aggregates information from each sensor. Accordingly, the base station will need to verify the authenticity of the sensor, the integrity of the communication and ascertain that it is not a replay of an earlier communication. Recall the assumption that the base station is computationally robust and secure. In this security protocol each sensor j shares a unique 64 bit Key Keyj with the base station. The protocol provides for a multi-hop scenario where the range of a base station is extended

The base station is deployed with the unique ID and symmetric encryption key of each node in the micro sensor network. Similarly, each node is deployed with the unique key that it shares with the base station and its clock is synchronized with the base station’s clock. 2.2.1 Adjacent node Discovery A node is called an adjacent node if it is within the broadcast range of the base station. To

8

Authorized licensed use limited to: Korea Advanced Institute of Science and Technology. Downloaded on August 26, 2009 at 02:08 from IEEE Xplore. Restrictions apply.

discover a node as adjacent node or not, the following steps are performed: 1. The base station sends a HELLO message to each node. 2. If the node replies with a HELLO-REPLY, then the node is adjacent to the base station and the base station adds that node to its route table. This is illustrated in fig. 4.

4.

5.

the base station’s address to the preamble and the Ψ to the payload (Fig. 6 Step 3). In turn, the adjacent node receives the transmission, decrypts the header and upon seeing the RELAY command, adds the preamble to the payload and transmits it to the base station (Fig. 6 Step 4). The base station after receiving the HELLOREPLY adds the adjacent node as one of the route to reach the non-adjacent node.

Figure 4 Adjacent node discovery 2.2.2

Non-adjacent node discovery

A non-adjacent node is one which is not reachable directly by the base station (Figure 5). To discover the non-adjacent node, the base station uses the adjacent nodes. The base station tries all the adjacent nodes to reach the non-adjacent node. The adjacent nodes which are used to reach the nonadjacent node are noted as the route to reach the nonadjacent node. Figure 6 Non-adjacent node discovery Algorithm After performing the secure topology discovery, the base station contains a route table that represents a constituent of nodes and their route to reach these nodes. In this table the route to adjacent node is mentioned as direct. This route table is called as raw route table since it has many redundant routes to reach a non-adjacent node. The purpose of route table optimization is to assign impartial load to all adjacent nodes [6].

Figure 5 Network model The detail implementation procedure is given below. 1. The base station sends a message containing the RELAY command and a payload, to be forwarded to the non-adjacent node, to each of the adjacent nodes (Fig. 6 Step 1). 2. The relaying (adjacent) node adds the original header to the payload (which contains Ψ) and transmits the new message to the non-adjacent node which contains the HELLO command (Fig. 6 Step 2). 3. To respond to the HELLO message, the nonadjacent node constructs a HELLO-REPLY message encrypting it under the key it shares with the base station and places it in the payload. The message is transmitted adding

3. ROUTE ALGORITHM

TABLE

OPTIMIZATION

For a non-adjacent node, the route table optimization algorithm involves calculation of load for each adjacent node and the node with minimum load is assigned as the route to the non-adjacent node. The algorithm involves the following steps: For a non-adjacent node 1. Calculate the load for each adjacent node.

9

Authorized licensed use limited to: Korea Advanced Institute of Science and Technology. Downloaded on August 26, 2009 at 02:08 from IEEE Xplore. Restrictions apply.

2.

Chose minimum load adjacent node as the route. 3. Steps 1 and 2 are repeated till all the nonadjacent nodes are assigned routes. This is given in appendix-1 of this paper.

taken for simulation etc. The network animator was used to view the simulation in its animated form. To check the validity of the algorithms proposed in this work, different test inputs were given and the results were analyzed. The secure topology discovery algorithm was validated with random distributions like Poisson, Rayleigh and Exponential. The various results obtained are explained in the following section.

3.1 Load calculation Load is calculated based on the number of past assigned nodes (confirmed) and the number of future possible assignment of nodes. Since the past assigned nodes are known, they are given higher weightage than the future possible assignments. For an adjacent node the load calculation is done using the formula Load = mP + nQ Where ‘P’ is the number of past assigned nonadjacent nodes to the adjacent node and ‘Q’ is the number of future possible assignment of non-adjacent nodes to the adjacent node, ‘m’ and ‘n’ are the weights for P and Q respectively.

5.1 DISCUSSION It was assumed that 12mA of current was drawn to transmit a message and 1.8mA to receive a message. The base station was located at the centre and 24 sensor nodes are randomly distributed around the base station. The secure topology discovery algorithm is validated by giving various random distributions as the input. The distribution of sensor nodes is made with reference to the base station which is located at the centre. The distributions considered for study in this work are Poisson, Rayleigh and exponential probability distribution function. A known placement of nodes (uniform distribution of nodes) is also considered for study. These are all shown in figures 7 to 10.

3.2 Optimal weight In this algorithm the optimal weight is chosen by trial and error method. The optimized route table is compared for different weights and the set of weights which results in best route table are chosen as the optimal weights. In this work, by simulation the optimal weights are found to be m = 1 and n = 0.5. The simulation results are presented in the last section. 4. CIPHER UPDATING Cipher updating is the process by which the non-adjacent nodes are given a payload to enable communication with the base station. The primary route is the cipher given to the non-adjacent nodes. The Cipher contains the address of the primary route node, a nonce and COMMAND encrypted by the key of the primary route node. An example cipher can be given by considering the Table 4. Cipher for the node E will be like Ψ = KB {Address of B, DTG, RELAY} 5. RESULTS AND DISCUSSION The secure topology discovery algorithm of section 2 was simulated in ns2 (network simulator 2) and the analysis graphs are plotted using MATLAB. The route table optimization algorithm of section 3 was implemented in MATLAB. The neglect type DoS threat was simulated in ns2. Ns2 used 914MHz license free ISM (Industrial, Scientific and Medical) band as the frequency of operation. The output of ns2 is used to compute the energy consumption, time

Figure 7 Known Placement of nodes .

10

Authorized licensed use limited to: Korea Advanced Institute of Science and Technology. Downloaded on August 26, 2009 at 02:08 from IEEE Xplore. Restrictions apply.

Figure 10 Poisson distribution of sensor nodes Figure 8 Exponential distribution of sensor nodes

In this work the random node distribution that gives the best performance for the proposed algorithm is evaluated. It is established that Poisson distribution of nodes gives best performance in terms of time taken and energy required to discover the topology. The route table optimization algorithm is implemented for a sample node distribution and the results are presented. Fig.11 to 13 shows the load on nodes. The comparison of these plots proves that the value of weight n = 0.5 results in equal share of load to the nodes.

Figure 9 Rayleigh distribution of sensor nodes The plots depict the placement of nodes in the actual field in terms of the X and Y coordinates of the nodes.

Figure 11 Load on nodes for n = 0.3

11

Authorized licensed use limited to: Korea Advanced Institute of Science and Technology. Downloaded on August 26, 2009 at 02:08 from IEEE Xplore. Restrictions apply.

Figure 15 shows the energy spent in transmission and reception to discover the given topology using the secure topology discovery algorithm. Figure 16 shows the energy spent in transmission comparing the various distributions. The throughput fluctuation plot obtained is given in figure 17.

Figure 12 Load on nodes for n = 0.5

Figure 15 Energy consumption for topology discovery Figure 13 Load on nodes for n = 0.7 Figure 14 gives the screen shot of simulation results in ns2 for neglect type DoS threat. In figure, the blue colored node is the base station. The yellow one is the malicious node and the black ones are the sensor nodes that are not triggered. The green colored nodes are the nodes triggered by the phenomenon depicted by red color.

Figure 16 Energy spent in transmission for different random node distributions Figure 14 ns2 screen shot for neglect type DoS threat

12

Authorized licensed use limited to: Korea Advanced Institute of Science and Technology. Downloaded on August 26, 2009 at 02:08 from IEEE Xplore. Restrictions apply.

(5)D. Culler, D. Estrin and M. Srivastave, “Overview of sensor networks”, IEEE Computer, 37: 4149, August 2004. (6)J.Elson and D.Estrin,“ Wireless sensor networks”,Kluwer Academic Publishers, 2004, Ch. Wireless sensor networks: A bridge to the physical world. (7)Standard for part 15.4: Wireless Medium Access Control (MAC) and Physical layer (PHY) specifications for low rate wireless personal area networks (WPAN), IEEE std 802.15.4, IEEE, Newyork 2003. (8)J.Polastre, J.Hill, D. Culler, “Versatile low power media access for wireless sensor networks”, Proceedings of the SenSys04,35, November, 2004, Baltimore, Maryland. (9)Lige Yu, Lin Yuan, Gang Qu, Anthony Ephremides, “ Energydriven detection scheme with guaranteed accuracy”, IPSN 06, April 19-21, 2006, Tennessee, USA. (10)Wenyu CAI, Xinyu Jin, Yu Zhang, Kangsheng Chen, Jun Tang, “Research on reliability model of large scale wireless sensor networks”,1-4244-0517-3/06, 2006 IEEE. (11)M. Cardei and D.Z. Du, “Improving wireless sensor network lifetime through power aware organization”,ACM wireless networks, Vol. 11, No.3, 2005. (12)F. Akyilidz, W.Su, Y. Sankarasubramaniam and E.Cayirici, “ A survey on sensor networks”, IEEE communication magazine, Aug 2002: 102-114.

8. BIOGRAPHIES (1)Mr. Mohammed Ismail is presently a research scholar in Vinayaka Mission University, Salem, and working as Associate Professor in department of ECE, SR Engineering College, Warangal. His areas of interest include wireless sensor networks, fault tolerant networks, etc.

Figure 17 Comparison plot of throughput fluctuation for Rayleigh, Exponential and known distribution 6. CONCLUSION The present work is ideally suited to most of the applications that share similar features such as difficult to access because of geographical location where the network has been deployed, the large scale of deployment, high mobility and prone to failure. It also ensures that the WSN be autonomous and operate unattended, be adaptive to the environment and choose an optimal number of communicating sensing nodes since too many sensors can generate bottlenecks in the communication infrastructure when they all compete for bandwidth.

(2) Dr. M.Y.Sanavullah is presently Dean, Faculty of Electrical Engg.. His areas of interest include fault tolerant system design, sensor signal processing and evolvable hardware.

7. REFERENCES (1) Ruizhong Lin, Zhi Wang and Youxian Sun, “ Wireless sensor networks solutions for real time monitoring of nuclear power plant” , In Proceedings of 5th world congress on Intelligent Control and Automation, June 15-19, 2004, China. (2)Hairong Qi, Phani Teja Kuruganti and Yingyue Xu, “The development of localized algorithms in wireless sensor networks”,Computer Networks, 2002, 38, 286-292. (3)Yue-Shan Chang, Chih-Jen Lo, Ming-Tsung Hsu, Jiun-Hua Huang and Tong-Ying Juang, “ Fault estimation and fault map construction on cluster-based wireless sensor network”, Proceedings of the IEEE international conference on Sensor networks, Ubiquitous and Trustworthy computing, 2006. (4)Bonnie Zhu, Bruno Sinopoli, Kameshwar Poolla and Shankar Sastry, “Estimation over wireless sensor networks”, Proceedings of the 2007 American Control conference, July 11-13, 2007.

13

Authorized licensed use limited to: Korea Advanced Institute of Science and Technology. Downloaded on August 26, 2009 at 02:08 from IEEE Xplore. Restrictions apply.

APPENDIX-I Table 1 Connection table 1 0 1 1 0 0 1 1 0 1

3 4 6 8 9 12 18 22 23

2 0 0 0 0 0 0 1 0 1

5 0 0 0 0 0 0 0 1 0

7 0 0 1 1 0 0 1 0 1

10 0 0 0 0 0 0 0 0 1

11 0 0 0 0 0 0 0 1 0

13 1 1 1 0 0 1 1 0 0

14 0 0 0 0 0 0 0 0 0

15 0 1 1 0 0 1 1 0 0

16 1 0 0 0 1 0 0 1 0

17 1 0 0 0 1 1 0 0 0

19 0 0 1 1 0 0 1 0 1

20 1 0 0 0 0 1 0 0 0

21 0 1 1 1 0 0 1 0 1

24 1 0 0 0 1 0 0 1 0

Table 2 Primary route Table 1

2

5

7

10

11

13

14

15

16

17

19

20

21

24

3

0

0

0

0

0

0

0

0

0

0

0

0

1

0

0

4

0

0

0

0

0

0

1

0

0

0

0

0

0

0

0

6

0

0

0

0

0

0

0

0

1

0

0

0

0

0

0

8

0

0

0

1

0

0

0

0

0

0

0

0

0

0

0

9

0

0

0

0

0

0

0

0

0

1

0

0

0

0

0

12

0

0

0

0

0

0

0

0

0

0

1

0

0

0

0

18

1

0

0

0

0

0

0

0

0

0

0

0

0

0

0

22

0

0

1

0

0

0

0

0

0

0

0

0

0

0

0

23

0

1

0

0

0

0

0

0

0

0

0

0

0

0

0

Table 3 Secondary route Table 1

2

5

7

10

11

13

14

15

16

17

19

20

21

24

3

0

0

0

0

0

0

0

0

0

1

0

0

0

0

0

4

0

0

0

0

0

0

0

0

1

0

0

0

0

0

0

6

1

0

0

0

0

0

0

0

0

0

0

0

0

0

0

8

0

0

0

0

0

0

0

0

0

0

0

1

0

0

0

9

0

0

0

0

0

0

0

0

0

0

1

0

0

0

0

12

0

0

0

0

0

0

0

0

0

0

0

0

1

0

0

18

0

1

0

0

0

0

0

0

0

0

0

0

0

0

0

22

0

0

0

0

0

1

0

0

0

0

0

0

0

0

0

23

0

0

0

1

0

0

0

0

0

0

0

0

0

0

0

Note: Table 1 shows the connection table. Table 2 and 3 are obtained after applying the optimization algorithm. The optimized route table is given in Table 4.

14

Authorized licensed use limited to: Korea Advanced Institute of Science and Technology. Downloaded on August 26, 2009 at 02:08 from IEEE Xplore. Restrictions apply.

Table 4 Optimized route Table Node

Primary Route

Secondary Route

1

D

2

D

3

20

16

4

13

15

5

D

6

15

7

D

8

7

19

9

16

17

10

D

11

D

12

17

13

D

14

D

15

D

16

D

17

D

18

1

19

D

20

D

21

D

22

5

11

23

2

7

24

D

1

20

2

15

Authorized licensed use limited to: Korea Advanced Institute of Science and Technology. Downloaded on August 26, 2009 at 02:08 from IEEE Xplore. Restrictions apply.