Image Processing Reference
In-Depth Information
Consequently, the following security objectives prove to be challenging in wireless sensor net-
works:
•
Avoiding and coping with sensor node compromise:
this includes measures to partially
“hide” the location of sensor nodes at least on the network layer, so that an attacker
should ideally not be able to use network layer information to locate specific sensor nodes.
Furthermore, sensor nodes should as far as possible be protected from compromise
through tamper-proofing measures, where this is economically feasible. Finally, as node
compromise cannot be ultimately prevented, other sensor network security mechanisms
should degrade gracefully in case of single node compromises.
•
Maintaining availability of sensor network services:
this requires a certain level of robust-
ness against so-called DoS attacks, protection of sensor nodes from malicious energy
draining, and ensuring the correct functioning of message routing.
•
Ensuring confidentiality and integrity of data:
data retrieved from sensor networks should
beprotectedfromeavesdroppingandmaliciousmanipulation.Toattainthesegoals
in sensor networks, both efficient cryptographic algorithms and protocols as well as
an appropriate key management are required, and furthermore the specific commu-
nication pattern of sensor networks (including data aggregation) has to be taken into
account.
In the following sections, we will discuss these challenges in more detail and present first approaches
that have been proposed to meet them.
10.2 Denial of Service and Routing Security
DoS attacks aim at denying or degrading a legitimate user's access to a service or network resource,
or at bringing down the systems offering such services themselves.
From a high level point of view, DoS attacks can be classified into two categories “resource
destruction” and “resource exhaustion.” In a more detailed examination, the following DoS attacking
techniques can be identified:
•
Disabling services by
Breaking into systems (“hacking”)
●
Making use of implementation weaknesses as buffer overrun, etc.
●
Deviation from proper protocol execution
•
Resource exhaustion by causing
●
Expensive computations
●
Storage of state information
●
Resource reservations (e.g., bandwidth)
●
High traffic load (requires high overall bandwidth from attacker)
●
Generally speaking, these attacking techniques can be applied to protocol processing functions at
different layers of the protocol architecture of communication systems. While some of the attacking
techniques can be defended against by a combination of established means of good system manage-
ment, software engineering, monitoring, and intrusion detection, the attacking techniques protocol
deviation and resource exhaustion require dedicated analysis for specific communication protocols.
In sensor networks, two aspects raise specific DoS concerns: First, breaking into sensor nodes is
facilitated by the fact that it might be relatively easy for an attacker to physically capture and manip-
ulate some of the sensor nodes distributed in an area, and second, energy is a very scarce resource in
