1. Abstract2. IntroductionSecure Routing in Wireless Sensor Networks: A study onDirected DiffusionAjay Kalambur, San Jose State University, Dept. of EE1. AbstractThe aim of this paper is to discuss secure routing in Wireless Sensor networks. I havemade an endeavor to present an analysis on the security of Directed Diffusion, a protocolused for routing in wireless sensor networks. Along with this the paper also discusses thevarious attacks possible on this routing protocol and the possible counter-measures toprevent theses attacks.2. IntroductionThe technological advancements in wireless communication and microelectronics haveresulted in a growing interest in the field of wireless sensor networks. A sensor networkinvolves deploying an array of sensors for distributed monitoring of real time events. Thesensor networks have limited energy, as the sensor nodes are battery powered. The sensornodes also have limited memory and computational capability and can be deployed inremote areas or inhospitable terrain. There has been an increasing use of sensor networksfor life critical applications such as monitoring patients in hospitals and militaryapplications. These applications make it important to have a good security infrastructurefor sensor networks. The deployment of these networks in military applications and thelimited power and memory, make the design of a security protocol very challenging. Inthis paper security issues in Directed diffusion are addressed. Directed Diffusion is anovel routing protocol for sensor networks. A look-in to possible attacks and countermeasures is provided. Section 3,briefly covers the directed diffusion protocol followed bya discussion on the possible attacks on this routing protocol. The paper is concluded witha brief analysis on the possible countermeasures to prevent such attacks.3. Directed Diffusion: An insightDirected Diffusion [1] is a data-centric, interest-based routing protocol. An interest is a request for a specific type of data. For ex: In a sensor network to monitor various properties of water in a lake, the interest could be a request for data on toxins to be sent every 10 seconds for the next 50 seconds from a particular area of the sensor network. This interest message would be sent as a packet. The node that sends out interests is referred to as the sink node. The sink node resends these interest packets periodically. A base station node normally does the interest dissemination. This node broadcasts its interests to all its neighbors in the network. This process is referred to as interest-dissemination. The interests consists of the following parameters:- Type of data required by the sink node- Area of sensor network from which the data is required (X, Y co-ordinates)- How often the data needs to be sent to the sink node? This is referred to as data refreshing rate.- Expiration timeBased on these parameters for the interest dissemination, a gradient is set-up in the reverse direction for data flow. This gradient is set-up in response to the interest dissemination instantiated by the sink node. This process of interest dissemination and thecorresponding gradient establishment continues until we reach the nodes generating the events. These are referred to as source nodes. The data is routed through paths, which have a higher gradient value. Those nodes, which send out data more frequently to the sink node, would be positively reinforced. This would mean that the paths to these nodeswould obtain higher gradient values, by increasing the data refresh rate. The sink node must refresh and reinforce the interest once it begins to receive data from the source node. Also each node stores a copy of the interest it receives in an interest cache, before itforwards the interest. This is done to avoid routing loops and repeated flooding. Thus the directed diffusion is based on data centric routing where the sink node broadcasts the interest.4. ATTACKS ON DIRECTED DIFFUSION [2]The possible attacks on directed diffusion protocol can be classified under:1. Denial of Service attacks2. Modification and spoofing of routing information3. Dropping or selective forwarding of dataIn the following sections these attacks along with the possible countermeasures againstthese attacks is discussed.1. Denial Of Service attacksThe simplest form of the denial of service attack would require an attacker to deploya malicious node with a powerful transmitter and a large battery power. This wouldenable the attacker to jam the communications in the entire sensor network with hispowerful transmitter. A normal malicious node would only be able to jam thecommunication link in its immediate vicinity.A second form of denial of service attack would involve spoofing negativereinforcements. A malicious node could spoof negative reinforcements to certainnodes. If the latter nodes communicate with the base station or a sink node via themalicious node, they would be denied service to the base station because of thespoofed negative reinforcements that they received from the malicious node. Thefigure below depicts this:Spoofing Negative Reinforcements Blocked sensor nodesFig1: Simple DOS attack2. Modification and spoofing of routing informationIn Directed Diffusion the routing is done on the basis of interest dissemination andthe corresponding gradient establishment. If a malicious node receives interests fromthe base station, it could replay the interest with itself listed as the base station. Thiswould enable the malicious node to receive a copy of the events, which are sent to thebase station.A malicious node can influence the other nodes to route data through it by spoofingpositive and negative reinforcements and false data events. For example consider thata malicious node receives interests from the base station or a sink node. It adopts thefollowing procedure- Rebroadcasts the interests to its upstream nodes. Upstream is the directionfrom sink node to source node.- Sends strong positive reinforcements to the upstream nodes. This wouldenable the malicious node to receive a steady flow of events from the itsupstream nodes- Send spoofed events at a high data rate to the sink node or base station- This would make the base station to positively reinforce the malicious node asagainst the alternate routes, as the node is generating a
View Full Document
Unlocking...