Cryptography Reference
In-Depth Information
below the noise threshold without losing any information. Therefore, this technique is
hard for an eavesdropper to detect, due to lower energy levels per frequency and more
tolerance to interference.
The above-mentioned schemes can provide security only as long as the hopping
pattern or the spreading code is not disclosed to any adversary.
2.3.1.2 Security Measures in the Data Link Layer
Link-layer security plays an important role in providing hop-by-hop security. Its pro-
tocols are useful in handling fair channel access, neighbor-node discovery, and frame
error control. Legacy security protocols such as SSL or IPSec cannot be applied directly
to WSN because they do not provide data aggregation or allow in-network processing,
which are prime requirements in designing security protocols.
To prevent denial-of-service (DoS) attacks on WSN, it is proposed that each inter-
mediate node in the active routing path perform an authentication and integrity check.
However, if a few intermediate nodes in the active path have very low energy levels, and
if they are forced to perform authentication checks, they would expend all their energy
and disrupt the active path. On the other hand, if we look at end-to-end authentica-
tion in WSN, it is more energy-efficient, since the sink node (resource-abundant) is the
only node that performs authentication and integrity checks. Nevertheless, this scheme
is vulnerable to many types of security attacks (black hole, selective forwarding, and
eavesdropping). Hence there is a need for adaptive schemes that consider the energy
levels of each node when deciding on the authentication schemes.
Early security approaches focused on symmetric keying techniques, and authenti-
cation was achieved using Message Authentication Code (MAC). One of the common
MAC schemes is a cipher block chaining message authentication code. However, this
scheme is not secure for variable-length input messages. Hence the end user (sensor
nodes) have to pad the input messages to be equal to a multiple of the block cipher.
Therefore, each node has to waste energy padding input data. To overcome this issue,
other block cipher models such as CTR and OCB have been proposed. With ref-
erence to confidentiality, symmetric encryption schemes used to protect WSN are
DES, AES, RC5, and Skipjack (block ciphers) and RC4 (a stream cipher). Usually,
block ciphers are preferred over stream ciphers because they allow authentication and
encryption.
A few proposed link-layer security frameworks include TinySec, Sensec, SNEP,
MiniSec, SecureSense (Karlof et al. 2004; Perrig et al. 2002), and ZigBee Alliance
(www.zigbee.org/Specifications.aspx). However, these schemes have limitations. For
example, in Tinysec a single key is manually programmed into all the sensor nodes in
the network. A simple node-capture attack on any one of these nodes may result in the
leakage of the secret key and compromising of the entire network. A need for a stronger
keying mechanism is needed to secure TinySec. In addition, TinySec requires padding
for input messages that are less than 8 bytes. It uses block cipher to encrypt messages,
and for messages that are less than 8 bytes, the node will have to use extra energy to pad
the message before encrypting.
Search WWH ::
Custom Search