Received date: November 21, 2018 Accepted date: January 11, 2019 Published date: February 08, 2019
Citation: Khan AS, Khan M (2018) A Review on Security Attacks and Solution in Wireless Sensor Networks. Am J Compt Sci Inform Technol Vol.7 No. 1: 31 doi: 10.21767/2349-3917.100031
Copyright: © 2019 Khan MA, et al. This is an open-access article distributed under the terms of the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited.
Wireless Sensor Network (WSN) utilizes small sensors with constrained properties to broadcast, collect, and sense the data in numerous applications. As WSN is an interest gaining technology. Security challenges become the main issue, especially in task like mission critical application. In this article, we identify the security attacks in WSN and identify the major solution for these attacks. These attacks are of three major categories; service integrity and network availability, privacy and confidentiality, and the integrity of data and major solution for these attacks. In addition, we also explain the methods and techniques used in these categories for the defense purposes and summarize the open research issues in these areas.
Wireless sensor network; Security; Privacy; Confidentiality; Availability; Integrity
Advanced technologies have made possibilities to evolve tiny sensor nodes with compact hardware at very low prices. It is suitable to form a wireless sensor network (WSN), which is selforganized and self-healing network consist of dense or small number of sensor nodes, to remote and even hostile areas to perform certain monitoring tasks. For example, reconnaissance of battle field, surveillance of coast and border, rescue and search, outer space and deep ocean exploration, monitors level of pollution, traffic integral structural of buildings. Some other applications are, sensing of climate, office control, and sensing home environments like light, temperature and moisture . In WSN the collected data is not directly transmit to the user, indeed, sensed data is initially aggregated and then transmit . A WSN consist of sink, base station or gateway, which connect all the nodes with each other to form a network and should be connected to end user. At the sensor node data is compressed and then transmitted to sink or base station, due to which end user can see the results of an activity [3,4]. Sometimes data packets are sent to the user terminal via multiple intermediate nodes. This type of transmission is known as multi-hop transmission.
The wireless sensor node having limited resources, however, the objective is to achieve goals with minimum energy consumption, usage of minimum memory and less computation cost. Moreover, these nodes are self-healing and self-organize into network to co-operate for sensing/aggregation of particular information or execution of specific activity. Since, these sensor nodes are usually working in harsh and unattended environment without any protection, and wireless media is used for communication by sensor nodes. Thus they are unprotected to a vast range of attacks. WSN applications should be secured in specific number of all critical applications; the data exchanged among WSN nodes need superior level of security. In some of military applications, number of sensor nodes co-operate with each other for target tracking . Hence, the exchange of information among these nodes is related to the target position. The operation of this application can disturb by attackers injecting false message. In application like medical, the collected information of patient by sensor nodes kept protected and confidential . Secure network communication may also important for the privacy of location, which is major factor in military application, animal monitoring and homeland security applications . Hence, a secure network communication method shall be applied for the protection of inter-network communication from security attacks, such as modifying text, eavesdropping and injecting messages .
The rest of the article is organized as follows. The next section explain the security requirements in WSN, section 3 classify the security threats, section 4, 5, 6 explain the attacks and solution for service integrity, network availability, privacy, confidentiality, and integrity of data in WSN, section 7 simply summarize this article, section 8 explain the research issues and section 9 conclude this article.
In this section we give a review of the basic requirements that WSNs, typically have to achieve.
In timely manner, the services served by the WSN should be always available. Attacks of resource depletion are the major classes of attacks attempt to fail this property.
It is the guarantee that data can only modified and exchange by the WSN nodes only.
Secrete data exchanged and stored in WSN must not be reveal to unauthorized users. In some scenario, even the existence of communication between nodes must be kept hidden. To measure the confidentiality threats in WSN normally cryptographic tools are used. In changing topology of WSN, where nodes can leave or join the network, WSN must be addressed by the backward and forward secrecy. Forward secrecy refer to stop access any future communication with nodes that leave the network, and backward secrecy refer that before joining the network nodes are not in the position to receive or send any message.
It refers that only authorized sensor nodes and entities must be able to access the network.
WSN must be able to separate and find compromised sensor nodes, it should be impossible for message sender to conquer challenge the message authorship.
Classes of security threats
Generally, attacks on WSN can be classified on the basis of attacker status, purpose of the attackers, and on the behavior of the attacker.
Status: These classifications of attacks are based on either the attacker is insider or outsider. Insider attackers are authorized sensor behaving in a vicious way while outsider attackers are not belonging to WSN but aim to disrupt the service provided by the network.
Purpose: This category only depends on the purpose of the attacker. Attacks on service integrity and network availability, try to disrupt the network services. Physical attack, denial of service (DoS), and routing attacks belonging to this category.
Behavior: The third classification differentiates active and passive attacks. The formers, physically access to some part of the WSN. While, latter just consist of eavesdropping exchanged data, analyzing and monitoring the network behavior.
Attacks against confidentiality and privacy are the attacks which aim to get insight on secret data. In such situation, the goal of attackers is to exchange data in network, information and functioning of the network topology, and information of contextual. Finally, attacks against the integrity of data try to change the transmitted data. Vicious nodes may inject wrong messages, replicate entire nodes or old packets, etc. .
Attacks against service integrity and network availability are habitually called denial of service (DoS) attacks, a foe attempts to subvert, destroy or disrupt the network services. DoS attacks target one of the WSN layer. Even, these attacks affect the physical, the network, the data link, and the transport layers. In this section we will summarize common DoS attacks on above mention layers.
Attacks and solution on physical layer
Generally, outsiders carried out active attacks, all based on a common access by accessing physically single or multiple sensor nodes tampering with hardware. More nearly, the purpose of the attacker is might be to alter the behavior of the sensor nodes, to interchange them with enemy sensor which is controlled by the attacker, or steal cryptographic or confidential information .
Tamper-resistant nodes are the best defense option against physical nodes tampering. However, one of the feasible and cheaper options is tamper-resistant hardware. As alternative solution are the software’s, which were distinctly designed for the detection of tampering attacks, and primarily detect cryptographic data before the execution of protocol termination. Tampering with present node hardware had been investigated in . The authors tell that, without the interference of the normal sensor operation generally has negligible impact. For serious attack, which results in the full control of the node, deceased the node for specific time from the network. Therefore, better defensive strategy is that, monitored node should be inactivity for long period.
The latest analysis of researchers show that the best countermeasure for sensor tampering is authentication of node using the hash function, this technique is preferable due to the establishment of session key, strong authentication of sensor node and maintain the efficiency of WSN .
A noise signal is generated by the attackers in jamming attack for disrupting original signal entirely or partially. A device which generate noise is so called jammer, which having the ability to interfere with the frequency of sensor in WSN. This activity is capable only if the SNR (signal-to-noise) is minimum than one. Depending on the power of transmission, the jammer can disturb the whole WSN or some area of network. A jamming attack may disrupt the network easily, if neglected in the initial design, despite of higher level security schemes. Jamming attacks classified as [13,14]:
Spot jamming it is the simplest technique. The attackers transmit all power verses the frequency signal. Usually, it is effective but this attack may be failed by changing the frequency.
Sweep jamming it’s rapidly shift multiple frequencies to target a frequency in a quick succession. This activity is not continuous; the effect of sweep jamming is limited. Though, it could be forced many retransmission in WSN due to the loss of packets.
Barrage is jamming its target multiple frequencies at a time. The range of attacked increase and the output power decreased proportionally.
Deceptive jamming it’s involved in replaying or fabricating valid signals incessantly on the channel. It is try to destroy the service of the network using the available bandwidth. This type of jamming can be applied to set of frequency or single frequency.
The radios having single-frequency are used by the first generation wireless sensors; therefor nodes were unsafe to the narrow band noise, either malicious or unintentional. For the reduction of noise vulnerability direct sequence spread spectrum (DSSS) is used by recent motes. Generally, particular countermeasures might be used against different jamming attacks. Power transmission regulation, antenna polarization, DSSS, directional transmission, ultra wide band technologies (UWB), frequency hopping spread spectrum (FHSS) and hybrid DSSS/FHSS are few examples [15,16]. Present security schemes which addresses attacks of jamming in WSN can be categorized as follow:
The aim of detection technologies is to detect jamming attacks instantly. It is observed by packet delivery ratio or carrier sensing time, signal strength to detect jammer presence individually. The detection is improved by presenting the concept of consistent checking, to classify the radio link whether its utility is poor, ratio of packet delivery is used, and then consistent checking is achieve to determine whether link quality is effected by the jamming attack .
Proactive countermeasures made the WSN immune against the jamming attacks instead of respond reactively to such attacks. DEEJAM is an example; this protocol had been presented for the defense using IEEE 802.15.4 against the secret jammers . To contrast enemies which use the same hardware with same properties as the deployed sensor nodes, it uses the four defensive strategies altogether:
Frame masking this strategy is used for the defense only when the jammers steal the preamble bits and start Frame (SFD) Delimiter Sequence.
Channel hopping defend against jammers that try to capture activity of radio by radio signal strength indicator (RSSI) which is periodically sampled.
Packet fragmentation breaks every packet into small fragments which are separately transmitted with different SFDs on different channels. If transmission frequency rapidly changes, attacker cannot jam the right frequency at a time.
Redundant encoding handles jammer that blindly attacks a single channel by short pulses. It allows the recovery of packet even if a single fragment is corrupted, in this case bandwidth and energy usage are increased.
Reactive countermeasures empower reaction at the time of jamming attack. JAM algorithm is the perfect example , which increases the efficiency of the network by enabling the mapping and detection of jammed areas. In activity, sensor near the boundary of jammed area notify neighbors, these neighbors nodes start mapping the area that is presently jammed by exchanging of mapped messages. When the jammer stops attack or simply moves, the jammed nodes notify neighbor that it is recovered.
Mobile agent based techniques dominance Mobile Agents (Mas) that is autonomous process that could be moved from host-to-host and behaves on the behalf of users in the direction of completed assign task. JAD protocol is an example .
The jamming can analyze by three ways: techniques of detection, the localization technique, and the defensive algorithms. When the detection techniques are enhanced it increases the lifetime of the sensor node. Correct enemy position is specifying by the enhancement of localization techniques. The two recent algorithms FM-AM and ICMT proposed for the defense of jamming and considered the better countermeasure for jamming. The FM-AM is the hybrid algorithm while the ICMT is the advanced version of O-QPSK .
In radio interface attacks a steady or irregularly interference are produced by the attacker. The symmetry key algorithm is the solution of the attacks.
Attacks and solutions on data link layer
Several attacks in WSN can be attached with data link layer. All these attacks having two major objectives: (I) exhausting the power resources of nodes, in WSN most of the energy is consumed due to the communication and (II) degrading service timeliness.
Collision attacks are very similar to the jamming attacks in the physical layer. Attacker hacked/identify the WSN frequency by using his own frequency, and then attacker transmits a small signal as one byte to corrupt the entire message. The only proof of this attack is the false message reception which is detected by Cyclic Redundancy Code checking (CRC) on the data link layer. In this case, false message is automatically discard by this layer, which causes bandwidth and energy wastage. Forward Error Correcting (FEC) code is the possible solution for this attack which can recover lost data .
The selection of optimum channel resource allocation algorithm, the attractive sensing protocol for the monitoring of channel, and increase the amount of channels are an alternative solution for this type of problem. All these factors are integrated in SN protocol, which also consider the software and hardware design of sensor node .
The attackers direct/control and measure the efficiency of protocol and forced the sensor to spend extra energy as result exhaustion occurs. The better solution for this type of attack is to reject extra network requests. A reliable protocol More the Safe, Less the Unsafe (MSLU), which is used to detect unauthenticated packets. If the probability report at the base station of the packet is high then the packet considered as authentic otherwise it is injected. The MSLU is one of the recent protocols which is the best solution for exhaustion [23,24].
Unfairness attacks, the enemy transmit excessive number of packets when medium is ideal, to prevent the sensor nodes from transmitting packets. So as a result, real-time applications are possibly fail and service quality should be degraded. Though, this attack is normally considered very weak type of DoS, because by using small packets this attack can be limited, in such case that channel is only seized for limited time.
In WSNs, sleep mode is used by sensor nodes to maintain energy/power and increase the lifetime. Attacks against this activity of nodes are called denial-of-sleep or sleep deprivation torture studied in. There are three methods to reduce the effect of sleep deprivation. The first and significant method is strong authentication of data-link-layer to defend denial-of-sleep attacks. The TinyOS and TinySEC are the existing authentication algorithms for the implementation, based on IEEE 802.15.4. The second option is protection of anti-reply, CARP protocol is one of the famous algorithm . The last is broadcasting attack protection which allows capturing denial-of-sleep attack. The Zero Knowledge Protocol (ZKP) is the latest protocol for the solution of denial-of-sleep attacks, in this protocol the authentication of the node to send the synchronization message .
Attacks and solution on network layer
At this layer, number of attacks may be disrupting the availability of network. We will explain them with their corresponding countermeasures. However, the security at routing layer mostly depends upon authentication. Due to the limited resources, authentication in WSN could not depend on public-key cryptography. Based on hash functions and symmetric keys. Subramanian and Zhang  proposed a message authentication technique which achieves the goals of immediate authentication, non-repudiation, and scalability.
Against the network layer direct attack can try to alter, spoof, or false reply to routing information. The enemy may change data flow toward him by destroying original information. An effective solution against the spoof and altering data is message authentication code (MAC). Timestamps or counters could be used to defend reply attacks . Generally, the authors proposed is  two different algorithms that alleviate the effects of misbehavior routing, the path rater and watchdog. Watchdog identify nodes which having misbehavior attitude and path rater avoid effected nodes from routing.
Hello message is used for the discovery of the neighbor nodes and create automatically a network. Many protocols are used for Hello flooding. However, the enemy having higher transmitter power transmits multiple hello packets which can damage/ corrupt node and make the other nodes believe that the damage sensor is in their neighborhood. Though, data message routed to the dead node will be even sent into nonexistence , causing both energy wasting and data loss. Simply, the solution to this attack is checking acknowledgment of every transmission link. A signal strength method is proposed in  to prevent and detect these attacks.
Sink/Black hole attacks works by initiating the sensor nodes to route traffic along a number of negotiated sensors that can then access or drop all the routed messages. This type of attack can be discovered by monitoring transmission and to listening by neighbors and the best solution for these attacks are probably advanced algorithms such as REWARD . This attack can be dangerous when the attackers know the exact position of the sink node; attackers detect and attack on sink node which is called sink whole attack. The Mint Route protocol is used in WSN against these attacks .
The powerful and fast connection between two distant compromised nodes in Wormhole attack established to ruin routing information. The enemy can handle data between the two nodes locations, and convince the other nodes to know that this path is the quickest to the whole network. A packet leashes protocol is best solution for countering and detecting Wormhole attacks .
When an effected sensor does not follow the network routing protocol, but behave like filter, dropping certain messages and forwarding other, then the WSN faced the problem of selective forwarding attack . The special case of selective forwarding attack is black hole attack where all the routed packets are loss/ dropped. The best solution for the tackling/detecting selective forwarding attacks is multipath routing using redundant methods, these algorithms increase the probability by sending same data packets along multipath to reach the destination .
Sybil attacks occur when the malicious node attempting multipath identities. Sybil attacks are first introduced in peer-topeer network but Wanger and Karlof introduced that Sybil attacks can be present in WSN as a threat. Distributed, routing storage algorithm, and fault tolerant algorithms can be affected by Sybil attacks . The major countermeasures for Sybil attacks are (i) testing radio resources, that willing, all the nodes transmit signal in different channel at the same time, (ii) key validation for pre-distribution of key randomly, (iii) verification of nodes position.
Attacks and solution on transport layer
Transport layer protocols are classified into two types of algorithms; algorithms provide reliability and protocols that provide congestion control. Reliability is more relevant, which guarantee that the lost packets are detected and retransmitted until reach to their destination. The two major types of attacks in transport layer are desynchronization and flooding .
Desynchronization attack, the enemy transmit duplicate messages containing false sequence number or flags to interrupt the existing connection between two end-sensors. These attacks prevent end nodes transmission and drain the energy of the sensor by constantly sending retransmission requests. The effective and typical solution to this attack is the authentication.
Flooding attacks drain the resources memory of the sensor nodes, by unicasting multiple connection establishment messages to the victim. The client puzzles algorithm is suitable solution for flooding in WSN .
Attacks and solution for privacy and confidentiality in WSN
As the WSN become common, the more privacy and confidentiality represent two major concerns.
For example (Table1), in applications like military confidentiality is necessary and the privacy is essential for sensing data and give the priority over confidentiality. In much application, like commercial and health monitoring applications confidentiality and privacy both are essential. Eavesdropping and traffic analysis are two major classes of these attacks.
|WSN Layers||Attackers Target||Class of Attacks||Solution/Defense||References|
|Physical Layer||Integrity, secrecy, privacy, and availability||Tampering, jamming, Eavesdropping||Tampering detection software, tamper-proofing, sensor node monitoring, hash function, detection strategies, reactive, mobile-agent-based, defensive protocols, spread spectrum, priority message, duty cycle, region mapping, cryptographic techniques.||    |
|Data Link Layer||Integrity and availability||Sleep deprivation, exhaustion, collision, unfairness, information about routing, black hole, hello flooding, sinkhole, wormhole||Authentication of link-layer, auto-reply, protection of broadcast attacks, nodes authentication, limitation of rate, packet authentication, codes for forward error correction, attractive sensing protocols, monitor transmission, multiple channels, data aggregation, codes for error correction, MAC, authentication, REWARD, Path rater, watchdog, bidirectional checking, signal strength, secure routing and redundancy.||       |
|Transport Layer||Integrity and availability||Selective forwarding, Sybil, Desynchronization, and flooding.||Redundancy, probing, IDs, authentication, multihop acknowledgment, multipath routing, radio source testing, validation of key for predistribution, position verification, cryptography, and puzzles.||   |
|Network Layer||Integrity, secrecy and privacy||Analysis of traffic and injection, alteration and duplication of packets||Randomization of communication, authentication of data||   |
Table 1: The Summary of Attacks and Solution in WSN
If end-to-end communication is not secure, and anyone access/trapped the communication data by eavesdropping on the radio frequency band of the network. This type of enemy is considered as passive attacker which can steal sensitive and private information. The general method to handle this attack is cryptography . The symmetric-key cryptography is preferable than public-key cryptography in WSN due to limited power of computational. The SPIN algorithm is best countermeasure for eavesdropping .
Encryption of single node data is not sufficient to guarantee secrecy/privacy in wide sense. An enemy can analyze data traffic overhead to get important/essential information about the topology of the network and the sensed data. Just influence analysis of traffic, the enemy identify nodes with major roles, or run designed of targeted attacks to maximize harm. The countermeasure is proposed by Deng et al versus traffic analysis attack for the security of base station . Wadaa et al also proposed a protocol for the randomization of communication during set-up phase of network, for the protection of WSN infrastructure .
Attacks and solution for integrity of data in WSN
When the attackers corrupt record/data the data integrity is violated, and sink node is unable to recover the original sensor nodes sensed data. The data erasure is the simplest attack which compromise the sensed data, that is, erases any specific information before reaching the sink node. In general there are three classes of attacks against the integrity in WSN, alteration, packet- injection, and node replication.
To modify gathered data by the network, the enemy having three main classifications: false data is injected completely, packets are replicated which are previously captured, or alter the intercepted messages. The insider attacker can easily run these attacks and difficult for outsider because the outsider must have to break the authentication of the WSN. Generally, symmetric cryptographic protocols are applicable in WSN instead of Asymmetric protocols. Generally TESLA, μTESLA, and BECAN like protocols are best countermeasure against these attacks [42,43].
In Node replication attacker captures a sensor node without being detected, he can easily use that node to inject fake data and authentication. Even if nodes used in WSNs are not normally tamper-proof, the limited number of nodes are used by the adversary for control in many application. The centralized solution for this attack is that nodes periodically transmit a list of their neighbor nodes, including location and IDs of nodes . Another protocol having emergent properties is proposed for this attack aiming to limit the communication which causes the minimum power consumption .
In this article we discussed the major security attacks and their corresponding solutions in WSNs, classified these threats with respect to their relative target. Depending on the different service provided, defensive mechanisms need to protect the security of WSNs like, (I) availability of network and service integrity, (II) privacy and confidentiality of data and (III) integrity of data. Dealing with service and network reliability, we additionally differentiate the attacks based on the different layers, which intelligently modify the nature of threats and their corresponding solution/defense. Security techniques must be implemented on each layer of WSN.
Research challenges may depend on the application of WSN. However, In WSN few issues should need further/extended research that saturates the WSN. These researches comprise to make privacy and security well-suited with scalability, fighting against DoS attacks, enhancing the efficiency of bandwidth, dealing with the mobility of nodes and also make the WSN worldwide standardization.
WSN are introduced for some specific applications. These applications are not too much limited, including target tracking in military, surveillance of different systems, monitoring of environments, and monitoring different industrial machines. As the WSN is wireless and self-organized and self-healed therefore having different features. The major two features are the asset and weakness of WSN. The encouraging factors, which WSN is very flexible, easy to deploy and comparatively very cheap, which describe their popularity and great momentum both for military and civil applications. The negative factors including that WSN are very susceptible to the attacks against integrity of service, availability, privacy and Security. Certainly, depending on radio communication which enables the eavesdropping, DoS attacks and interception, while a self-organized and self-healing topology without integrated control disposed to the attacks against the authentication, such as replication, suppression, and impersonation of the nodes etc.
Elsewhere the above common advantages and disadvantages, there is excessive multiplicity in WSN. In spitefulness of the above multiplicity, aggregation and encryption of data seem very useful existent with symmetric key cryptography to moderate the vulnerability and scalability in WSN.
All Published work is licensed under a Creative Commons Attribution 4.0 International License
Copyright © 2019 All rights reserved. iMedPub LTD Last revised : June 24, 2019