Sensor nodes, when deployed to form Wireless sensor network operating under control of central authority i.e. Base station are capable of exhibiting interesting applications due to their ability to be deployed ubiquitously in hostile & pervasive environments. But due to same reason security is becoming a major concern for these networks. Wireless sensor networks are vulnerable against various types of external and internal attacks being limited by computation resources, smaller memory capacity, limited battery life, processing power & lack of tamper resistant packaging. This survey paper is an attempt to analyze threats to Wireless sensor networks and to report various research efforts in studying variety of routing attacks which target the network layer. Particularly devastating attack is Wormhole attack- a Denial of Service attack, where attackers create a low-latency link between two points in the network. With focus on survey of existing methods of detecting Wormhole attacks, researchers are in process to identify and demarcate the key research challenges for detection of Wormhole attacks in network layer.
Keywords
Denial of Service, Mobile adhoc network, Security, Wireless sensor network, Wormhole attacks.
1. Introduction
Wireless sensor networks as a part of MANET consists of a large number of sensor nodes that continuously monitors environmental conditions. These sensor nodes will perform significant signal processing, computation, and network self-configuration to achieve scalable, robust and long-lived networks. The sensors all together provide global scenario of the environments that offer more information than those provided by independently operating sensors. These sensor nodes which are limited are distributed over the environment and communicate through the wireless media. They are also responsible for sensing environment and transmission information. Usually the transmission task is critical as there is huge amount of data and sensors devices are restricted. As sensor devices are limited the network is exposed to variety of attacks. Conventional security mechanisms are not suitable for WSNs as they are usually heavy and nodes are limited. Also these mechanisms do not eliminate risk of other attacks. There are numerous potential applications of WSNs in various areas such as residence, industry, military and many others. For instance, in a military area, we can use wireless sensor networks to monitor an activity. If an event is triggered, these sensor nodes sense it and send the information to the base station (called sink) by communicating with other nodes. To gather data from WSNs, base stations are commonly used. They usually have more resources (e.g. computation power and energy) than normal sensor nodes which have more or less such constraints. Aggregation points gather data from nearby sensors, integrate the data and forward them to base stations, where the data are further processed or forwarded to a processing centre. In this way, energy can be conserved in WSNs and network life time is thus prolonged.
WSNs have some special characteristics that distinguish them from other networks such as MANET. The characteristics, are listed as follows, that can lead to the use of WSNs in the real world:
• Sensors have limited resources, such as energy, memory and computation capacity. Lightweight protocols and algorithms are preferred to achieve longer sensor life.
• Sensors have limited reliability, partially because of the resource constraints.
• The topology of sensor network changes very frequently. Sensor nodes die and new sensor nodes may come up in to the network.
• WSNs are usually centralized in terms of data processing. Data flow from sensors towards a few aggregation points which further forward the data to base stations of a fewer number. Base stations could also broadcast query/control information to sensors [8].
Among the designs of WSNs, security is one of the significant aspects that deserve great attention, considering the tremendous application opportunities. Thus keeping in mind security constraints this paper presents a brief review of existing techniques for wormhole attack detection in network layer.
Thus, the survey paper focuses on various approaches to detect wormhole attacks. Section 2 describes the challenges of sensor networks; section 3 presents attacks on sensor networks; section 4 studies background and significance of wormhole attack; section 5 describes countermeasures to sensor networks and section 6 followed by future research challenges. Section 7 describes the conclusion.
2. CHALLENGES OF SENSOR NETWORKS
A wireless sensor network is a special network which has many constraint compared to a conventional computer network Security in wireless sensor networks has attracted a lot of attention in the recent years. Majority of resource constraints makes computer security more challenging task for these systems. The various challenges are discussed as follows.
.
2.1. Wireless nature of communication
The wireless medium is inherently less secure because its broadcast nature makes eavesdropping simple. Any transmission can easily be intercepted, altered, or replayed by an adversary. The wireless medium allows an attacker to easily intercept valid packets and easily inject malicious ones. This factor should be taken into consideration so that performance of the system is not significantly affected.
2.2. Ad-Hoc Deployment
Sensor nodes are randomly deployed and hence do not fit into a regular topology. The ad-hoc nature of sensor networks means no structure can be statically defined. The network topology is always subject to changes due to node failure, addition, or mobility. Security schemes must be able to operate within this dynamic environment.
2.3. Hostile Environment
Another challenging factor is the hostile environment in which sensor nodes operate. Wireless sensor networks are vulnerable to security attacks due to the broadcast nature of the transmission medium. Moreover nodes are placed in a dangerous or unguarded environment where they are not physically protected. Attackers may capture a node, physically disassemble it, and extract from it valuable information. The highly hostile environment represents challenging approach for security researchers.
2.4. Resource Limitation
All security approaches require a certain amount of resources for the implementation, including data memory, code space, and energy to power the sensor. However, currently these resources are very limited in a tiny wireless sensor which poses considerable challenges to resource-hungry security mechanisms.
2.4.1 Limited Memory and Storage Space: A sensor is a tiny device with only a small amount of memory and storage space for the code. In order to build an effective security mechanism, it is necessary to limit the code size of the security algorithm.
2.4.2 Power Limitation: The use of wireless sensor networks is increasing day by day and at the same time it faces the problem of energy constraints in terms of limited battery lifetime. As each node depends on energy for its activities, this has become a biggest constraint in wireless sensor networks. The failure of one node can interrupt the entire system. Therefore, some mechanisms must be designed to conserve energy resource.
2.5. Scalability
Scalability is a major factor in wireless sensor networks. A network topology is dynamic, it changes depending upon the user requirements. All the nodes in the network area must be scalable so as to adapt themselves with changing network topology.
2.6.. Unreliable Communication
Certainly, unreliable communication is another threat to sensor security. The security of the network relies heavily on a defined protocol, which in turn depends on communication.
2.6.1 Unreliable Transfer: Normally the packet-based routing of the sensor network is connectionless and thus inherently unreliable.
2.6.2 Conflicts: Even if the channel is reliable, the communication may still be unreliable. This is due to the broadcast nature of the wireless sensor network.
2.6.3 Latency: Latency is defined by how much time a node takes to monitor, or sense and communicate the activity. Sensor nodes collect information, process it and send it to the destination. Latency in a network is calculated based on these activities as well as how much time a sensor takes to forward the data in heavy load traffic or in a low density network.
2.7. Unattended Operation: Depending on the function of the particular sensor network, the sensor nodes may be left unattended for long periods of time. There are three main cautions to unattended sensor nodes.
2.7.1 High risk of Physical Attacks: After deployment, sensors are usually left unattended and easy to be physically compromised. An adversary can capture one or more nodes, injects some malicious code into them to cause threats or receives information from the network. Also, an adversary can easily eaves drop the transmission or launch serious attacks. Therefore, it is not surprising that sensor networks are vulnerable to many security attacks.
2.7.2 Managed Remotely: Remote management of a sensor network makes it virtually impossible to detect physical tampering and physical maintenance issues.
2.7.3 Lack of Central Coordinator: A sensor network should be a distributed network. Each sensor node should operate autonomously with no central point of control in the network. However, if designed incorrectly, it will make the network organization difficult, inefficient, and fragile. A sensor node left unattended for longer time is more likely to be compromised by an adversary [6].
3. ATTACKS ON WIRELESS SENSOR NETWORKS
Wireless Sensor networks are vulnerable to security attacks due to the broadcast nature of the transmission medium. Also, wireless sensor networks have an additional vulnerability because nodes are generally deployed in a hostile or unprotected environment. Although there is no standard layered architecture of the communication protocol for wireless sensor network, hence there is need to summarize the possible attacks and security solution in different layers with respect to ISO-OSI model as follows[9]:
Table 1. Layering based attacks and possible Security approaches
Layer
Attacks
Security approaches
Physical Layer
Denial of Service
Tampering
Priority Messages
Tamper Proofing
Hiding, Encryption [15].
Data Link Layer
Jamming
Collision
Traffic manipulation
Use Error Correcting Codes
Use spread spectrum techniques
Network Layer
Sybil attack
Wormhole attack
Sinkhole
Flooding
Authentication
Authorization
Identity certificates
Transport Layer
Resynchronization
Packet injection attack
Packet Authentication
Application Layer
Aggregation based attacks
Attacks on reliability
Cryptographic approach
3.1. Definitions, Strategies and Effects of Network Layer Attacks on WSN
WSNs are designed in layered form .This layered architecture makes these networks susceptible and lead to damage against many kinds of attacks. For each layer, there are various attacks and their defensive mechanisms. Thus, WSNs are vulnerable to different network layer attacks, such as black hole, gray hole, wormhole, sinkhole, selective forwarding, hello flood, acknowledgement spoofing, false routing, packet replication and other attacks to network layer protocols [3].
Now, the following table shows network layer attacks on WSNs, its classification and comparison based on their strategies and effects.
Table 2. Classification of Network layer attacks on WSN
Attack/Criteria
Attack Definition
Attack Effects
Black hole
In a black hole attack, the attacker swallows (i.e. receives but does not forward) all the messages he receives, just as a black hole absorbing everything passing by.
It can break the communication between the base station and the rest of the WSN, and effectively prevent the WSN from serving its purposes.
Throughput of a subset of nodes, around the attacker and with traffic through it, is dramatically decreased [8].
Wormhole
A wormhole attack] requires two or more adversaries. These adversaries have better communication resources (e.g. power, bandwidth) than normal nodes, and can establish better communication channels (called "tunnels") between them [8].
False/forged routing information.
Change the network topology.
Prevention of path detection protocol;
Packet destruction/alteration by wormhole nodes.
Changing normal messages stream.
Sybil
In Sybil attack, a malicious node can represent multiple identities to the network
Confusion and WSN disruption.
Enable other attacks.
Exploiting the routing race conditions.
Sinkhole
Sinkhole is a more complex attack compared with black hole attack[8].
Luring and to attract almost all the traffic.
Triggering other attacks, such as eavesdropping, trivial selective forwarding, black hole and wormhole.
Changes the base station's position.
Selective forwarding
In this type of attack, attacker refuses to forward packets or drop them and act as a black hole [4].
Message modification.
Information fabrication and packet dropping.
Suppressed messages in a certain area.
Routing information modification.
Exhaustion of resources
Hello flood
In Hello Flood Attack, Attacker broadcast hello packets to the networks to add himself as the neighbor to the other nodes [4].
Creates an illusion of being a neighbor to many nodes in the networks.
confuse the network routing badly.[6]
Acknowledgement Spoofing
An adversary can spoof
Network layer acknowledgements (ACKs) of overheard packets
False view/information of the WSN.
Launch selective forwarding attack.
Packet loss/corruption.
False Routing(Misdirection Attack)
In this case, attacker may spoof, alter or replay the routing packets, creates the loops in networks, repel the network traffic [1].
False and misleading messages generated;
Resources exhaustion;
Degrade the WSN Performance
4. BACKGROUND AND SIGNIFICANCE OF WORMHOLE ATTACK
Hardware limitations of a wireless sensor network themselves make it vulnerable to many kinds of security attacks. Adversary, with a large amount of power supply, memory and processing abilities and capacity for high power radio transmission, leads to various kinds of attacks to the network. Denial of Service can disturb, disrupt or can stop the legitimate routing operations even without the knowledge of the encryptions methods unlike other kinds of attacks. This feature makes it very important to identify and to defend against it [10]..
Wormhole attack is a severe type of attack on Wireless sensor network routing where two or more attackers are connected by high speed off-channel link called wormhole link [7].
Wormhole attacks can be launched in two different modes, namely 'hidden' and 'exposed' mode, depending on whether attackers put their identity into packet headers when tunnelling and replaying packets [2].
In wormhole attack, an attacker receives packet at one point in the network 'tunnels' them to another point in the network and replays them into the network from that point. This attack can form a serious threat in wireless networks, especially against routing protocols. Routing can be disrupted when routing control messages are tunnelled. This tunnel between the two colluding attackers is referred as wormhole. Figure 1 shows the wormhole attack. The attacker replays the packets received by X through Y and vice versa.
Normally it take several hops for a packet to traverse from a location near X to a location near Y, packets transmitted near X travelling through the wormhole will arrive at Y before packets travelling through multiple hops in the network. The attacker can make A and B believe that they are neighbours by forwarding routing messages, and then selectively drop data messages to disrupt communication between A and B [11].
Figure 1: Wormhole Attack
Wormholes are effective even if routing information is authenticated or encrypted. This attack can be launched by insiders and outsiders. This can create a sinkhole since the adversary on the other side of the wormhole can artificially provide a high quality route to the base station, potentially all traffic in the surrounding area will be drawn through her if alternate routes are significantly less attractive. When this attack is coupled with selective forwarding and the Sybil attack becomes very difficult to detect [9].
5. COUNTERMEASURES TO WORMHOLE ATTACK
Several Researchers have worked on detection and prevention of wormhole attacks in Wireless Sensor Networks. This section will describe the important wormhole attack detection mechanisms.
Location Information based method
Hu, Perrig and Johnson defined the wormhole attacks in adhoc networks [12]. Then, they proposed a general mechanism, called packet leashes, for detecting and thus defending against wormhole attacks. The leash is the information added into a packet to restrict its transmission distance.
In the geographical leashes, each node must know its own location and all nodes must have loosely synchronized clocks to verify the neighbour relation. Before sending a packet, node appends its current position and transmission time to it. The receiving node, on receipt of the packet, computes the distance to the sender and the time it took the packet to traverse the path. The receiver can use this distance anytime information to deduce whether the received packet passed through a wormhole or not. In temporal leashes, the packet transmission distance is calculated as the product of signal propagation time and the speed of light. In Temporal Leashes, all nodes are required to maintain a tightly synchronized clock but do not rely on GPS information [2].
Both mechanisms use lightweight hash chains to authenticate the nodes [10]. The Message Authentication Code (MAC) can be calculated in real time. One advantage of packet leashes is the low computation overhead
Statistical Analysis method
Song et al. propose a wormhole discovery mechanism based on statistical analysis of multipath routing. Song observes that a link created by a wormhole is very attractive in routing sense, and will be selected and requested with unnaturally high frequency as it only uses routing data already available to a node. These factors allow for easy integration of this method into intrusion detection systems only to routing protocols that are both on-demand and multipath [12].
Hardware based method
Hu and Evans suggested the method of directional antennas [13]. It is based on the fact that in ad hoc networks with no wormhole link, if one node sends packets in a given direction, then its neighbour will receive that packet from the opposite direction. Only when the directions are matching in pairs, the neighbouring relation is confirmed. It is obvious that each node requires a special hardware i.e. directional antenna.
Visualization based method
Multi-dimensional scaling-visualization of wormhole (MDS-VOW) is adopted by Wang and Bhargava [2] to detect wormhole attacks in WSNs. The approach is based on the observation that the network with malicious nodes has different visualization from that with normal nodes. It reconstructs the layout of the sensors using multi-dimensional scaling and surface smoothing scheme. The anomalies, which are introduced by the fake connections through the wormhole, will bend the reconstructed surface to pull the sensors that are far away to each other. Therefore, MDS-VOW could locate the wormhole connections. In MDS-VOW, all sensor nodes are required to send their neighbour lists to the base station.
Graph theory method
Lazos and Poovendran [2] developed a "graph theoretical" approach to wormhole attack prevention in WSNs. The proposed protocol is based on the use of limited location-aware guard nodes (LAGNs) which are nodes with known location and origination and can be acquired through GPS receivers. LAGNs use "local broadcast keys" that are valid only between immediate one hop neighbours. In the proposed protocol, in order to defy wormhole attackers, a message encrypted with a local key - encrypted with the pair-wise key - at one end of the network cannot be decrypted at another end. The authors propose it to use hashed messages from LAGNs to detect wormholes during the key establishment. A node can detect certain inconsistencies in messages from different LAGNs if a wormhole is present. Without a wormhole, a node should not be able to hear two LAGNs that are far from each other, and should not be able to hear the same message from one guard twice.
Hop counting method
The hop count is the minimum number of node-to-node transmissions. This method uses protocol Delay per Hop Indicator (Delphi) [12] proposed by Hon Sun Chiu and King-Shan Lui, can detect both hidden and exposed wormhole attacks. In DelPHI, attempts are made to find every available disjoint route between a sender and a receiver. Then, the delay time and length of each route are calculated and the average delay time per hop along each route is computed. These values are used to identify wormhole. The route containing a wormhole link will have a greater Delay per Hop (DPH) value. This mechanism can detect both types of wormhole attack; however, it cannot pinpoint the location of a wormhole. Moreover, because the lengths of the routes are changed by every node, including wormhole nodes, wormhole nodes can change the route length in a certain manner so that they cannot be detected.
Message Travelling time information based method
Message travelling time information is usually expressed in terms of round trip time (RTT). One way to prevent wormhole attack, as used by Tran et al. [2], Jane Zhen and Sampalli [12], is to measure RTT of a message and its acknowledgement. The RTT is the time that extends from the Route Request (RREQ) message sending time of a node A to Route Reply (RREP) message receiving time from a node B. A will calculate the RTT between A and all its neighbours. Because the RTT between two fake neighbours is higher than between two real neighbours, node A can identify both the fake and real neighbours. In this mechanism, each node calculates the RTT between itself and all its neighbours. This mechanism does not require any special hardware [12].
Trust based methods
The Trust Based Model by Jain and Jain [12] presents a novel trust-based scheme for identifying and isolating nodes that create a wormhole in the network without engaging any cryptographic means. In this method, trust levels are derived in neighbouring nodes based upon their sincerity in execution of the routing protocol. This derived trust is then used to influence the routing decisions, which in turn guide a node to avoid communication through the wormholes. By using Trust Based Model Packet Dropping is reduced by 15% without using any cryptography mechanism and throughput is increased up to 7-8%.
Table 2. Summary of wormhole attacks detection mechanisms
Methods
Requirements
Comments
Temporal Packet Leashes by Hu, Perrig and Johnson[10]
Tightly synchronized clocks
Required time synchronization level and currently not achievable in sensor networks
Geographical Packet Leashes[10]
GPS coordinates of every node; Loosely synchronized clocks (ms)
Robust, straightforward
solution; inherits
general limitations of
GPS technology
Statistical Analysis by Song et al[13]
Requires statistical routing information from each sensor node.
Works only with multi-path on-demand protocols; Easy integration with intrusion detection system
Directional Antennas by Hu and vans[7]
Nodes use specific 'sectors' of
their antennas to communicate with each other; Directional antennas on all nodes.
Good solutions for networks relying on directional antennas, but not directly applicable to other networks.
Network Visualization(MDS-VOW) by Wang and Bhargava[2]
Requires central coordination
Works best on dense networks; Mobility is not studied
Graph theoretic model by Lazos and Poovendran[12]
Requires a combination of
location information and
cryptography
Uses location aware guard nodes equipped with GPS receivers
Travelling time mechanism by Tran et al.[14]
Does not require any special supporting hardware
Measures Round Trip Time of a message and its acknowledgement
Multipath Hop-count Analysis by Shang, Laih and Kuo[12]
No hardware requirement
Scheme has high efficiency and very good performance with low overhead
Trust Based Model by Jain and
Jain[12]
No hardware requirements
Effectively locate dependable routes through the network
OPEN RESEARCH CHALLENGES
In the previous sections, we have studied various strategies of network layer attacks, significance of wormhole attack and their countermeasures in Wireless sensor networks. This section will identify open research challenges in this area. In Table 3, summary of wormhole detection technique is presented. Most of the methods employ hardware which increases the manufacturing cost of a sensor node. Later researchers focused on software-based wormhole detection techniques. But still the detection of wormhole attacks in sensor networks is a challenging task for researchers.
Among software-based methods, Multipath Hop count analysis, travelling time mechanism, trust based models are widely used as they are promising in terms of detecting wormhole attacks without any hardware requirements. These techniques generally assume that time or distance data that is used for wormhole detection cannot be changed. However, since malicious nodes are able to change any type of data they receive, distance-bounding and time-based wormhole detection techniques must be supported by cryptographic authentication mechanisms so that authenticity of the information can be verified over the path.
Wormhole attacks are strictly related to network layer protocols. As new routing protocols are proposed for WSNs, it is important to identify possible vulnerabilities of these new routing protocols, measure the performance of new routing protocol with wormhole attack and to investigate the effectiveness of the existing wormhole detection techniques on these protocols. Hence, there is a scope for further research in terms of validating existing wormhole detection techniques on new routing protocols. Future work in this area focuses on additional security enhancements for routing protocols in wireless sensor networks.
In the current wormhole detection research usually static WSNs are considered. Hence, wormhole detection in a dynamic WSN setting is an open research area. In a dynamic WSN, any two legitimate sensor nodes that were previously many hops away from each other may become one hop neighbours, and then the base station may think that a wormhole attack has been launched. Hence, it is a challenging problem to distinguish such legitimate nodes from malicious nodes while detecting wormhole attacks.
CONCLUSION
Wireless sensor networks are vulnerable to several attacks because of their deployment in an open and unprotected environment. This survey paper introduces the major security threats in WSN and also investigates different wormhole detection techniques, many existing methods to find out how they have been implemented to detect wormhole attack. It has been studied that among the number of techniques discussed, each technique has its own strength and weaknesses and there is no proper wormhole detection technique that can detect all wormhole attacks completely. Finally, by analyzing the pros and cons of existing techniques, the open research challenges in the wormhole detection area are studied.
