ArticlePDF Available

Abstract and Figures

Wireless sensor networks are becoming significantly vital to many applications, and they were initially used by the military for surveillance purposes. One of the biggest concerns of WSNs is that they are very defenceless to security threats. Due to the fact that these networks are susceptible to hackers; it is possible for one to enter and render a network. For example, such networks may be hacked into in the military, using the system to attack friendly forces. Leap protocol offers many security benefits to WSNs. However, with much research it became apparent that LEAP only employs one base station and always assumes that it is trustworthy. It does not consist of defence against hacked or compromised base stations. In this paper, intensive research was undertaken on LEAP protocols, finding out its security drawbacks and limitations. A solution has been proposed in order to overcome the security issues faced in implementing this protocol whilst employing more than one base station. The performance of the proposed solution has been evaluated and simulated to provide a better network performance.
Content may be subject to copyright.
International Journal of Computer Science & Engineering Survey (IJCSES) Vol.3, No.3, June 2012
DOI : 10.5121/ijcses.2012.3301 01
S
ECURITY IN
W
IRELESS
S
ENSOR
N
ETWORKS
I
MPROVING THE
LEAP
P
ROTOCOL
Delan Alsoufi
1
, Khaled Elleithy
1
, Tariq Abuzaghleh
2
and Ahmad Nassar
1
1
Department of Computer Engineering, University of Bridgeport, CT, 06604
dalsoufi@bridgeport.edu, elleithy@bridgeport.edu,
anassar@bridgeport.edu
2
Department of Electrical Engineering, University of Bridgeport, CT, 06604
tabuzagh@bridgeport.edu
A
BSTRACT
Wireless sensor networks are becoming significantly vital to many applications, and they were initially
used by the military for surveillance purposes. One of the biggest concerns of WSNs is that they are very
defenceless to security threats. Due to the fact that these networks are susceptible to hackers; it is
possible for one to enter and render a network. For example, such networks may be hacked into in the
military, using the system to attack friendly forces.
Leap protocol offers many security benefits to WSNs. However, with much research it became apparent
that LEAP only employs one base station and always assumes that it is trustworthy. It does not consist of
defence against hacked or compromised base stations. In this paper, intensive research was undertaken
on LEAP protocols, finding out its security drawbacks and limitations. A solution has been proposed in
order to overcome the security issues faced in implementing this protocol whilst employing more than one
base station. The performance of the proposed solution has been evaluated and simulated to provide a
better network performance.
K
EYWORDS
Network Protocols, Wireless Sensor Network (WSN), LEAP protocol, Security, compromised nodes
1.
I
NTRODUCTION
Wireless technology has propagated the use of sensor networks in many applications. Sensor
networks join small sized sensors and actuators with general purpose computing components
[1]. Such networks comprise of hundreds and sometimes thousands of self-functioning, low
power, inexpensive wireless nodes to observe and influence the surroundings.
Figure 1. Example of a Wireless Sensor Network
International Journal of Computer Science & Engineering Survey (IJCSES) Vol.3, No.3, June 2012
2
Wireless sensor networks usually consist of a single or multiple base stations acting as points of
centralized control, whereby they provide access to other networks. These networks are unique
in their dynamic network topologies. A network topology is usually selected depending on the
type of application the sensors are used for or where it is situated. The types of topologies used
for sensor networks include star, mesh, star-mesh etc. [2]
In Wireless sensor networks there are two kinds of wireless nodes; sensor and base station
nodes. The main function of the base station (also referred to as sinks) relies on managing the
actions executed to provide reliable and efficient sensing support. It provides a gateway to other
networks or acts as a data storage processing data in a powerful way [3]. It even acts as an
access point to human interface for human interaction, and is capable of broadcasting control
data in the network or removes data from it. The base station node will calculate and send the
even source, its position and a timestamp to the analysis centre. If an alert is received by the
base station regarding a target, an identity of the target will be allocated allowing all related
alerts getting appropriate management.
Every sensor within the network primarily consists of a certain amount of power and a base
station that provides entrance to other networks or to the centre analysis. It is important to know
that base stations have significant features over other nodes in the network. They comprise of
adequate battery power to exceed the existence time of all sensor nodes, and have the capacity
to save cryptographic keys, well-built processors and resources to commune with external
networks.
In contrast to the base stations, in a sensor network a large number of sensor nodes are
connected together with radio frequency communication links, giving much significance to
broadcasting in the network [1]. Protocol procedure plays a vital role. Although they have
concerns with trust assumptions, energy usage is decreased when using these protocols. The
main purpose of these nodes is to gather information or events occurring from their targets. The
main functions associated with sensor nodes include: collecting information on the target with
consideration to their nature and positioning, which involves the communication from nodes to
base stations regarding for example sensor readings and particular alerts.
Nodes should be capable of producing real-time events on detected targets using the base station
node to forward an even transmission to a centre for the event to be analyzed [4]. Base stations
may request updates from sensor nodes, resulting in base station to node communication.
Finally the generated events will be relayed to the base station from the sensor nodes. In this
part of the communication architecture, base stations contact all of the nodes it is assigned for
purposes such as routing beacons or reprogramming of the complete network.
Given that sensor networks usually compose of nodes that are not physically protected in certain
environments, these networks contain further vulnerabilities to security threats. Some of these
security threats include passive information gathering, Sink-hole attacks, Wormhole attacks,
false node and malicious data and so forth.
International Journal of Computer Science & Engineering Survey (IJCSES) Vol.3, No.3, June 2012
Figure 2.
In the attempt to conquer
all of these factors which affect the designs of Wireless sensor
networks, we have to trade off performance or expenses so that these liabilities are decreased to
tolerable levels. Due to the fact that such factors are motivated by cost and application l
performance and energy, to minimize their affects, it is preferable sometimes to acquire sensor
hardware that is more efficient in terms of security and consist of more than one base station.
This, of course, is more expensive than sensors having a si
protocols, software or certain services, sometimes there is a need for trading of performance or
cost for security.
This
paper proposes a solution to some of the security issues faced in WSNs.
paper
focuses on LEAP protocol taking into consideration its advantages and
overcome its disadvantages.
2.
L
EAP PROTOCOL
LEAP is also a very popular security solution in Wireless Sensor Networks and it was proposed
by Zhu et al in 2004. The
Localized Encryption and Authentication Protocol (LEAP) is a key
management protocol used to provide security and support to sensor networks. It uses µ TESLA
to provide Base station broadcast authentication and a one
packets [5]
. This protocol is inspired by the idea that every message broadcasted between
sensor-
to meet the variety of security requirements when exchanging messages, ha
mechanism is impractical, thus LEAP proposes four types of keys assigned to every individual
node. The four types of keys established are: individual keys, pair
group keys [6].
wormhole
attacks
False node
and
malicious
data
International Journal of Computer Science & Engineering Survey (IJCSES) Vol.3, No.3, June 2012
Figure 2.
WSNs and common attacks
all of these factors which affect the designs of Wireless sensor
networks, we have to trade off performance or expenses so that these liabilities are decreased to
tolerable levels. Due to the fact that such factors are motivated by cost and application l
performance and energy, to minimize their affects, it is preferable sometimes to acquire sensor
hardware that is more efficient in terms of security and consist of more than one base station.
This, of course, is more expensive than sensors having a si
ngle base station. When working with
protocols, software or certain services, sometimes there is a need for trading of performance or
paper proposes a solution to some of the security issues faced in WSNs.
In particular, the
focuses on LEAP protocol taking into consideration its advantages and
LEAP is also a very popular security solution in Wireless Sensor Networks and it was proposed
Localized Encryption and Authentication Protocol (LEAP) is a key
management protocol used to provide security and support to sensor networks. It uses µ TESLA
to provide Base station broadcast authentication and a one
-way-hash-
key to authenticate source
. This protocol is inspired by the idea that every message broadcasted between
nodes is different from another and comprise of different security requirements. In order
to meet the variety of security requirements when exchanging messages, ha
ving a single key
mechanism is impractical, thus LEAP proposes four types of keys assigned to every individual
node. The four types of keys established are: individual keys, pair
-
wise keys, cluster keys and
WSN
Subversion
of a node
Passive
information
gathering
Sybil attacks
Sinkhole
attacks
wormhole
attacks
False node
and
malicious
data
International Journal of Computer Science & Engineering Survey (IJCSES) Vol.3, No.3, June 2012
3
all of these factors which affect the designs of Wireless sensor
networks, we have to trade off performance or expenses so that these liabilities are decreased to
tolerable levels. Due to the fact that such factors are motivated by cost and application l
evel
performance and energy, to minimize their affects, it is preferable sometimes to acquire sensor
hardware that is more efficient in terms of security and consist of more than one base station.
ngle base station. When working with
protocols, software or certain services, sometimes there is a need for trading of performance or
In particular, the
focuses on LEAP protocol taking into consideration its advantages and
attempts to
LEAP is also a very popular security solution in Wireless Sensor Networks and it was proposed
Localized Encryption and Authentication Protocol (LEAP) is a key
management protocol used to provide security and support to sensor networks. It uses µTESLA
key to authenticate source
. This protocol is inspired by the idea that every message broadcasted between
nodes is different from another and comprise of different security requirements. In order
ving a single key
mechanism is impractical, thus LEAP proposes four types of keys assigned to every individual
wise keys, cluster keys and
International Journal of Computer Science & Engineering Survey (IJCSES) Vol.3, No.3, June 2012
4
2.1 Individual Key
The Individual key is a unique key shared between a node and its corresponding base station in
order to provide security between them as they commune. Communication between a node and
a base station is vital as it allows a node to inform the base station of any abnormal behavior
detected from its surrounding nodes. As a result, the base station being aware of the malicious
node can then use the key to encrypt the important information such as instructions to a specific
node. The individual key can be fabricated using the following equation:

Where
is the pseudo random function,
is the initial key, also known as the master key and

is the ID of node u
2.2 Pair-wise Key
The pair-wise key is a key shared between a node and its neighbouring sensor nodes. The
establishment of this key ensures protection of communication that longs for privacy or
authentication of a source. The advantage of having a pair-wise key secures transmission
because it is shared between a node and one of its immediate neighbors and therefore prevents it
from intruders. After the individual key has been set up, nodes can then identify their neighbors
by sending out a message with its ID waiting for a response from the neighbor node n. The Pair-
wise (Kp) key can be fabricated by the following equation:

u
* : 
, Nonceu
n u : ID
n
, MACK
n
(Nonce
u
|ID
n
)
Thus,

2.3 Group Key
A group key, also known as the global key is shared by all the sensor nodes within the network.
The base station uses this key to encrypt data that is transmitted to all the nodes within the
group. Since the entire group of nodes is sharing this key, it eliminates the need for a base
station to separately encrypt the same message to individual nodes with individual keys.
Confidentiality is invoked as long as the key is updated every once a while in case one of the
nodes stops functioning and is removed from the group or network. A special case of a group
key is known as the cluster key
.
2.4 Cluster Key
The cluster key is a key shared by a node with multiple of its neighboring sensor nodes. The
cluster key is generated by node u using a random function and encrypts this key using the pair-
wise key so that only the authenticated neighbors are able to decrypt to get access to the cluster
key. Hence, Kc (cluster key) is generated randomly by node
u n
i
: (
)

International Journal of Computer Science & Engineering Survey (IJCSES) Vol.3, No.3, June 2012
5
The advantages of this protocol are simply that it reduces the participation of a base station and
it is efficient in terms of communication and energy. Its security purposes mainly cover local
communication such as routing information and protecting messages sent from the nodes. The
establishment of this key allows nodes to decrypt and authenticate certain messages like
readings from neighboring nodes. Therefore, LEAP permits the use of cluster keys which one
node may use to protect its data allowing only authenticated neighboring nodes to obtain and
decrypt this data.
All in all, it can be stated that LEAP protocols are very advantageous in that they offer
mechanisms for authenticating both: broadcasting of a base station and source packets, as well
as mechanisms providing key revocation and refreshing. Other advantages LEAP presents a
network are its scalability and cluster communication abilities.
However, the major disadvantage of this protocol, which can influence the network most, is that
it only consists of a single base station and assumes that it is never compromised [7]. Other
drawbacks include security weakness that is present during the process of key establishment,
and the high cost of capacity needed to store the four different keys for each node, when the
number of nodes is small.
In the leap protocol, several efforts are made through the use of the keying mechanisms to
ensure that a compromised node is revoked or at least prevent it from slowing the network
operations. On the other hand, the LEAP protocol lacks in preventing attacks on the base station
itself, which happens to be very critical as the base station covers a large network operational
area.
3.
P
ROPOSED SOLUTION
:
I
MPROVED
L
EAP PROTOCOL
In literature, the majority of the key management protocols usually focus on the aspect that only
a singular base station or sink node is used in a WSN and these protocols assume that it is
trustworthy. For some systems, however, several sink nodes are used [8]. In these systems, two
important things must be considered: cost and security.
In the leap protocol, several efforts are made through the use of the keying mechanisms to
ensure that a compromised node is revoked or at least prevent it from slowing the network
operations. A base station, on the other hand, will be treated the same as any compromised node
and the idea is to apply the same mechanisms used to overcome a compromised node to also
prevent a hacked base station node.
With a lot of excessive research, the literature usually covers WSN functionalities in terms of
one base station participating in one system. It is important to remember that with an increase in
a sensor network there’s an increase in the distance separating the base station and its related
sensor nodes and the increase in the distance may alter the following:
-
With a long distance for packets to propagate through, they may get lost on the way
resulting in network performance degradation.
-
Data transmissions between sensor nodes and a single base station in a large network
require high energy consumptions giving the need to reduce the lifetime of nodes.
-
For the nodes that are situated nearby a base station, their energy is worn out rapidly,
which in turn shortens the network life time very drastically.
International Journal of Computer Science & Engineering Survey (IJCSES) Vol.3, No.3, June 2012
6
To overcome these problems, a network employing several base stations shows potential in
bettering the performance. However, there is of course the tradeoff between performance and
cost. By deploying more than one sink node in a network may be costly, but the distance
between the sink nodes and its associated sensor nodes will be reduced providing more
successful paths for data transmission as well as eliminating the disadvantage of the high energy
consumptions otherwise faced.
For this research, a WSN with several base stations will be considered. Under the circumstances
that a base station and a sensor node are compromised, an evaluation of the network
performance will be analyzed.
Wireless sensor networks provide the advantage of using a large number of nodes (from a
hundred up to thousands of nodes) communicating with each other inexpensively. One or more
base stations process all of the network functions. Should there be a need to increase the number
of sink nodes, one has to consider enhancement in expenses. The LEAP protocol offers much
security to a system with the establishment of the four keys, mentioned previously. The protocol
consists of key revocation and refreshing mechanisms in the attempts to successfully avoid or
deal with compromised sensor nodes.
The methods used in detecting the isolated compromised nodes are done through µ TESLA and
one-way key chain hash authentication functions [9]. However, this protocol lacks in security
against a base station, should it be compromised, and network robustness. These are significant
aspects to consider because if a sink node is compromised, it could severely affect the entire
network or system as all the network functions are dealt by these nodes. The flexibility feature
of a LEAP protocol is advantageous over many other security protocols used, but improvements
in robustness are needed. Therefore, to improve the LEAP protocol, a solution is proposed to
overcome the limitations faced for possible attacks on the base stations itself and thereby adding
more robustness to the network system in terms of recovering from a compromised base station
as well as a compromised sensor node.
In theory, the majority of research papers, consider the presumption of a reliable base station
and only take measures for compromised nodes. In isolated locations, it is relevant to be vigilant
in case a base station is compromised. Security against higher levels of attacks against a base
station, which usually occur from sources with higher computational power, is a necessity [10].
In a wireless sensor network, three courses of actions can occur:
-
A sensor node is compromised
-
A base station is compromised
-
Sensor nodes and base stations are compromised concurrently
The LEAP protocol only consists of actions that deal with the first scenario. In improving the
LEAP protocol, all three scenarios have to be dealt with, thus a network has to be built with
more than one base station. So, by ensuring that the LEAP protocol is able to handle all three
scenarios aforementioned, the LEAP protocol will be improved in terms of security for WSNs.
I used the same mechanisms as the original LEAP protocol to overcome compromised sensor
nodes, and added another similar mechanism to detect if any of the base stations are to be
compromised. For this solution, I had to establish another key, called the Base station key (Kb).
The base station key will also be updated periodically, and it is shared amongst the base
stations. If a base station is hacked, it will not be aware of the updated session key, and continue
International Journal of Computer Science & Engineering Survey (IJCSES) Vol.3, No.3, June 2012
7
to use its old key. In doing so, the base station will not be involved in the data transmission, and
the other remaining base stations will identify that this base station is compromised.
The authenticated base stations will send the administrator a message indicating that one of the
base stations is hacked. It is then up to the administrator to remove it from the system or replace
it with another one. However, there is always a case whereby the opponent base station will act
like an authenticated node and accuse one of the other validated base stations of being hacked.
The administrator will consider any of the base stations to be hacked if at least more than one of
the remaining three base stations declares otherwise.
4.
R
ESULTS AND
C
ONCLUSIONS
To evaluate the proposed solution, an algorithm has been developed to simulate a sensor
network using the MATLAB program. The whole idea was to implement a system whereby
multiple base stations have been employed for the soul purposes of improving the data
transmissions amongst nodes and to come up with a solution for a base station, should it be
compromised.
The LEAP protocol was implemented and simulated using one base station and fifty sensor
nodes situated randomly. Initially, an individual key was generated for each node from a
randomly generated master key. Then a cluster key was generated by each node and published
to their neighboring nodes using the pair-wise keys. Finally, the global key was generated in
order to enable public broadcasts.
Figure 3 shows an ideal case for the LEAP protocol. It simply represents a base station
surrounded by fifty sensor nodes. In this scenario, none of the nodes are compromised.
However, even though it is an ideal case, we still face the problem of data loss. For arguments
sake, let’s assume that node z wants to communicate with the base station. Having a singular
base station means that no matter how far the distance, the sensor node and the base station will
commune with each other. The longer the distance, however, the more nodes they have to
transmit through, the more bandwidth will be used and the higher the possibility of loss of data.
International Journal of Computer Science & Engineering Survey (IJCSES) Vol.3, No.3, June 2012
8
Figure 3. LEAP protocol: Ideal scenario
Figure 4 shows the scenario of a compromised node. The node that is labelled symbolizes a
node that has been hacked. As mentioned throughout this paper, the LEAP protocol is very
efficient when it comes to dealing with compromised nodes. With its key refreshing and
revocation schemes, if a node is affected, these mechanisms prove advantageous. With the many
keys assigned to all the sensor nodes with its periodic updates, if one of the nodes is unable to
decrypt an updated key, the compromised node will not be able to further participate in the data
transmission which will then inform the surrounding nodes and eventually the base station that
this node is no longer wanted. The compromised node will be removed.
0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1
0
0.1
0.2
0.3
0.4
0.5
0.6
0.7
0.8
0.9
1
z
International Journal of Computer Science & Engineering Survey (IJCSES) Vol.3, No.3, June 2012
9
Figure 4. LEAP protocol: A compromised Sensor Node
In order to simulate and test the performance of the proposed improved LEAP protocol, a WSN
of hundred sensor nodes situated randomly, and four base stations also situated randomly has
been generated.
Figure 5 shows the improved LEAP protocol in an ideal scenario, whereby multiple base
stations are supported. Depending on the distance between the nodes and the base stations, each
sensor node was assigned to its closest base station. The four different colors (red, blue, green
and black) are used in order to distinguish between the base stations and its corresponding
sensor nodes.
This diagram illustrates an ideal scenario whereby none of the nodes or the base stations are
compromised. The use of four base stations provides an advantage over the existing LEAP
protocol. The idea that more than one base station has been used, the nodes will not need to
transmit to a base station that is extremely distant from it, which means that it minimizes the
problem most networks sometimes face regarding lost data during transmission.
International Journal of Computer Science & Engineering Survey (IJCSES) Vol.3, No.3, June 2012
10
Figure 5. Improved LEAP protocol: Ideal Scenario
Figure 6 demonstrates the scenario whereby a base station is compromised. A hacked base
station can be detected and revoked by the other base stations using the new generated key
known as base station key (Kb). If a base station is hacked, it will not be aware of the updated
session key, which is also updated periodically, and continue to use its old key. In doing so, the
base station will not be involved in the data transmission, and the other remaining base stations
will identify that this base station is compromised. The authenticated base stations will send the
administrator a message indicating that one of the base stations is hacked. It is then up to the
administrator to remove it from the system or replace it with another one. However, there is
always a case whereby the opponent base station will act like an authenticated node and accuse
one of the other validated base stations of being hacked. The administrator will consider any of
the base stations to be hacked if at least more than one of the remaining three base stations
declares otherwise.
International Journal of Computer Science & Engineering Survey (IJCSES) Vol.3, No.3, June 2012
11
Figure 6. Improved LEAP protocol: A compromised base station
In this solution, the LEAP protocol was improved in terms of using multiple base stations for
the purpose of minimizing loss of data transmissions, and also the proposed solution was able to
detect a compromised base station. In using multiple base stations, the performance of the
system is improved but the cost of implementation is increased. Table 1 shows a comparison
between the LEAP and the improved LEAP protocols.
Table 1. Comparison between LEAP and Improved LEAP protocols
LEAP Improved LEAP
Detects and removes Compromised Sensor
Nodes
Yes Yes
Detects and removes compromised base
stations
No Yes
Data Loss High Minimal
Cost
Low
High
Bandwidth use High Low
Transmission Delay time High Low
Energy consumption High Low
Node lifetime Low High
International Journal of Computer Science & Engineering Survey (IJCSES) Vol.3, No.3, June 2012
12
R
EFERENCES
[1
] Saraogi, M. (n.d.). Security in wireless sensor networks. University of Tennessee,
[2] Burgner, D. E., & Wahsheh, L. A. (2011). Security of wireless sensor networks. Eighth
International Conference on Information Technology: New Generations,
[3] Madden, S. R., Franklin, M. J., Hellerstein, J. M., and Hong, W., TAG: A tiny aggregation
service for ad-hoc sensor networks. In The Fifth Symposium on Operating Systems Design and
Implementation (OSDI 2002), 2002,
[4] Madden, S. R., Szewczyk, R., Franklin, M. J., and Culler, D. Supporting aggregate queries over
ad-hoc wireless sensor networks. In Workshop on Mobile Computing and Systems Applications,
2002,
[5] Zhu, S., Setia, S., Jajodia S., LEAP: Efficient Security Mechanisms for Large-Scale Distributed
Sensor Networks. In The Proceedings of the 10th ACM conference on Computer and
communications security, 2003.
[6] Jang, J., Kwon, T., & Jooseok, S. (2007). A time-based key management protocol for wireless
sensor networks. E. Dawson and D.S. Wong (Eds.): ISPEC 2007, LNCS 4464, pp. 314–328,
2007.,
[7] Pathan, A. K. (2011). Security of self-organizing networks. (1 ed., pp. 318-344). Florida: CRC
Press.
[8] Saraogi, M. (n.d.). Security in wireless sensor networks. University of Tennessee,
[9] Jang, J., Kwon, T., & Jooseok, S. (2007). A time-based key management protocol for wireless
sensor networks. E. Dawson and D.S. Wong (Eds.): ISPEC 2007, LNCS 4464, pp. 314–328,
2007.,
[10] Zhu, S., Setia, S., Jajodia S., LEAP: Efficient Security Mechanisms for Large-Scale Distributed
Sensor Networks. In The Proceedings of the 10th ACM conference on Computer and
communications security, 2003.
[11] Modares, H., Salleh, R., & Moravejosharieh, A. (2011). Overview of security issues in wireless
sensor networks. Third International Conference on Computational Intelligence, Modelling &
Simulation, IEEE,
[12] Abuhelaleh, M. A., & Elleithy, K. M. (2010). Security in wireless sensor networks: Key
management module in sooawsn. International Journal of Network Security & Its Applications
(IJNSA), 2(No. 4),
[13] Mohanty, P., Panigrahi, S., Sarma, N., & Satapathy, S. S. (2010). Security issues in wireless
sensor network data gathering protocols: A survey. Journal of Theoretical and Applied
Information Technology,
[14] Perrig, A., Szewczyk, R., Wen, V., Culler, D., & Tygar, J. D. (2001). Spins: Security protocols
for sensor networks. Mobile Computing and Networking 2001,
[15] Wang, Y., Ramamurthy, B., & Xue, Y. (2008). A key management protocol for wireless sensor
networks with multiple base stations. CSE Conference and Workshop Papers. Paper 111.,
[16] Wang, Y., Ramamurthy, B., & Xue, Y. (2008, January 1).Digitalcommons@university of
nebraska - lincoln. Retrieved from http://digitalcommons.unl.edu/cseconfwork/111
[17] Xue, Y., Lee, H. S., Yang, M., & Kumarawadu,, P. (2007). Performance evaluation of ns-2
simulator for wireless sensor networks. 0840-7789/07 ©2007 IEEE,
[18] Söderlund, R. (2006). Energy efficient authentication in wireless sensor networks. LITH-
IDA/DS-EX--06/012--SE,
[19] Perillo, M. A., & Heinzelman, W. B. (n.d.). Wireless sensor network protocols. Department of
Electrical and Computer Engineering University of Rochester,
International Journal of Computer Science & Engineering Survey (IJCSES) Vol.3, No.3, June 2012
13
[20] Tun , Z., & Maw, A. H. (2008). Wormhole attack detection in wireless sensor networks. World
Academy of Science, Engineering and Technology 46 2008,
[21] J. Hill, R. Szewczyk, A. Woo, S. Hollar, D. Culler and K. Pister. System architecture directions
for networked sensors. In Proceedings of ACM ASPLOS IX, November 2000,
[22] Adrian Perrig, Ran Canetti, J.D. Tygar, and Dawn Song. Efficient authentication and signing of
multicast streams over lossy channels. In IEEE Symposium on Security and Privacy, May 2000.
[23] Karlof, C., Sastry, N., Wagner, D. TinySec: A Link Layer Security Architecture for Wireless
Sensor Networks. ACM SenSys 2004, November 3-5, 2004.
[24] Y.C. Hu, A. Perrig, and D. B. Johnson, “Wormhole detection in wireless ad hoc networks,”
Department of Computer Science, Rice University, Tech. Rep. TR01-384, June 2002.
[25] P. Apostolos, "Cryptography and Security in Wireless Sensor Networks," FRONTS 2nd
Winterschool Braunschweig, Germany, 2009.
[26] Chris Karlof David Wagner. In Secure Routing in Wireless Sensor Networks: Attacks and
Countermeasures.
[27] Y. Hu, A. Perring, and D.B. Johnson. Packet Leashes: A Defense against Wormhole Attacks in
Wireless Networks. In Proceedings of 22nd Annual Conference of the IEEE Computer and
Commu-nication Societies, Vol.3, April 2003. pp.1976-1986.
[28] L. Eschenauer and V. D. Gligor, “A key-management scheme for distributed sensor networks,”
in Proc. CCS’02. New York, NY, USA: ACM Press, 2002, pp. 41–47.
[29] Perrig, A., Stankovic, J., & Wagner, D. (2004). Security in wireless sensor
networks. Communications of the ACM, 47(6),
Authors
Delan Alsoufi received her Master degree in Computer Engineering at the
University of Bridgeport, in 2012 with a GPA of 3.82. Her research area
is on Wireless sensor network security. After the completion of her Master
degree she’s going to Iraq to work as an Instructor in the computer
engineering department at the University of Duhok, Kurdistan.
She grew up in London, UK, where she completed the 13compulsary
years of education. In 2005 she moved to Iraq and completed her B.Sc.
degree in Electrical and Computer Engineering from University of Duhok.
In 2010 she received the prestigious Fulbright scholarship to pursue her
graduate studies in the United States.
Khaled Elleithy is the Associate Dean for Graduate Studies in the
School of Engineering at the University of Bridgeport. He has research
interests are in the areas of network security, mobile communications,
and formal approaches for design and verification. He has published
more than one hundred fifty research papers in international journals and
conferences in his areas of expertise. He is the co-chair of the
International Joint Conferences on Computer, Information, and Systems
Sciences, and Engineering (CISSE). CISSE is the first
Engineering/Computing and Systems Research E-Conference in the
world to be completely conducted online in real-time via the internet and
was successfully running for four years. He is the editor or co-editor of
10 books published by Springer for advances on Innovations and
Advanced Techniques in Systems, Computing Sciences and Software. He received the B.Sc. degree in
computer science and automatic control from Alexandria University in 1983, the MS Degree in computer
networks from the same university in 1986, and the MS and Ph.D. degrees in computer science from The
Center for Advanced Computer Studies in the University of Louisiana at Lafayette in 1988 and 1990,
respectively.
International Journal of Computer Science & Engineering Survey (IJCSES) Vol.3, No.3, June 2012
14
Tariq Abuzaghleh completed his Masters in Electrical Engineering in
2012 from the University of Bridgeport, Connecticut, and graduated with a
GPA of 4.00. His research areas are image processing techniques and
network security. He has published several research papers in these areas
in well recognised journals and conferences. He has been working as a
research assistant in university of Bridgeport in the last two years. He grew
up in Amman, Jordon, and after receiving his B.Sc. degree in electrical
engineering; he worked as a broadcasting engineer for two years and is
currently attempting to pursue his educational knowledge by undertaking a
Ph.D program.
Ahmad Nassar completed both his B.Sc. and M.Sc. in computer
engineering at the University of Bridgeport. For his Masters degree, he
received a GPA of 3.82. During his graduate studies, he worked as
graduate assistant in the lab operations in the engineering school where he
broadened his knowledge in the field of computer networking and
security. Currently he is working in Virtusa, Connecticut, as a software
developer.
... The limitations of existing security protocols further underscore the need for innovative solutions. Protocols such as Low-energy Adaptive Clustering Hierarchy Protocol (LEAP) 16 , Security Protocols for Sensor Networks (SPINS) 17 , and Entanglement-based Secure Key (ESK) 18 distribution have made significant contributions to WSN security by introducing efficient key management and authentication mechanisms. However, these protocols often rely on static key distribution schemes or centralized trust models 19 , which are ill-suited for the dynamic and decentralized nature of modern WSNs. ...
... This matrix structure ensures that compromising individual keys does not lead to the systemic failure of the entire network's security infrastructure. Third, the key assignment phase (lines [11][12][13][14][15][16][17] distributes m keys to each node from this matrix. By limiting the number of keys per node to m (where m ≪ N ), we maintain memory efficiency while ensuring sufficient key sharing probability between legitimate nodes. ...
... The simulated WSN environment included varying numbers of nodes (1)(2)(3)(4)(5)(6)(7)(8)(9)(10)(11)(12)(13)(14)(15)(16)(17)(18)(19)(20) to test under different scales. The metrics evaluated were energy consumption, network latency, data integrity, scalability, attack resilience, network throughput, key distribution time, Sybil attack detection rate, routing efficiency, and node connectivity. ...
Article
Full-text available
Wireless Sensor Networks (WSNs) are increasingly deployed in critical applications from healthcare to military systems, yet they face significant security challenges due to their resource constraints and distributed nature. This paper addresses two fundamental security problems in WSNs, i.e., vulnerable key distribution and Sybil attacks. Specifically, we propose a synergized security framework, a groundbreaking approach tailored to enhance the security performance of WSNs. First, a bidirectional hash-based key pre-distribution scheme that increases key generation complexity by 43% while maintaining low memory requirements. Second, a multi-trust layered detection mechanism that combines energy consumption pattern analysis with fuzzy logic for Sybil attack detection, achieving a 91.7% detection rate. Finally, comprehensive evaluations using OMNeT++ with networks of 1–500 nodes demonstrate that our framework outperforms existing protocols (LEAP, SPINS, ESK) by 17–32% in network throughput and 12–26% in node connectivity, while maintaining comparable latency to quantum-based methods (QKD, BB84). Real-world validation in a 32-node test environment confirms the framework’s practical effectiveness with only 4.3% performance deviation from simulation results. Our framework particularly excels in dynamic networks, maintaining 89% effectiveness even with 15% node mobility rates, significantly advancing the state-of-the-art in WSN security.
... There is some advanced extension of LEAP+. Improved LEAP+ and LEAP-Initial Protection (LEAP-IP) for reducing the computation and communication overhead are worth mentioning here (Alsoufi et al., 2012;Yang et al., 2014;Nesteruk and Bezzateev, 2018). LEAP-IP is different from other LEAP based protocols due to its non-hierarchical nature of key generation. ...
Article
Internet of Thing (IoT) is one of the most influential technologies in the present time. People, processes, and things are connected with the Internet through IoT. With the increasing demands of user applications, the number of connections is also increasing exponentially. Therefore, security becomes a critical issue in IoTs. Confidentiality, Integrity, and Availability (CIA) services are important for IoT applications. IoTs must also ensure proper authentication mechanisms to ensure CIA in the second stage. Various researches in this direction address the authentication issues in IoTs. In this paper, we survey the authentication aspects in IoTs and their allied domains. We analyse the potentialities of the existing state-of-the art-approaches and also identify their limitations. We discuss the basics of authentication and its related attacks for the ease of interpretability of the readers. We show a taxonomical understanding of the approaches and try to connect the evolution of the solution strategies. These connections, to the best of our knowledge, are novel as compared to the existing authentication surveys. Besides, the multidimensional vision of this survey for IoT extensions is an add-on to the benefits. We also provide a discussion on the future direction of research in this domain. In a nutshell, this survey is a one-stop solution for academia and industry to understand the status quo of IoT authentication schemes/protocols.
... LEAP stands for Localized Encryption and Authentication Protocol (Alsoufi, Elleithy, Abuzaghleh, & Nassar, 2012) is one of the key management protocol. It uses four secret keys (e.g. ...
Chapter
Wireless sensor networks (WSNs) are comprised of large collections of small devices having low operating power, low memory space, and limited processing capabilities referred to as sensor nodes. The nodes in WSNs are capable of sensing, recording, and monitoring environmental conditions. Nowadays, a variety of WSNs applications can be found in many areas such as in healthcare, agriculture, industries, military, homes, offices, hospitals, smart transportation, and smart buildings. Though WSNs offer many useful applications, they suffer from many deployment issues. The security issue is one of them. The security of WSNs is considerable because of the use of unguided medium and their deployment in harsh, physically unprotected, and unattended environments. This chapter aims to discuss various security objectives and security attacks on WSNs and summarizes the discussed attacks according to their categories. The chapter also discusses different security protocols presented to prevent, detect, and recover the WSNs from various security attacks.
... In energy LEACH protocol first round of communication, all the nodes have the same chance to turn as cluster head. Delan Alsoufi et al, 2012 [3] described about security for WSN. The author proposed a new protocol LEAP(Localized Encryption and Authentication Protocol). ...
Conference Paper
Full-text available
Wireless Sensor Network (WSN) has been looked into broadly in the course of recent years. WSN were first utilized by the military for reconnaissance purposes and have since ventured into modern and regular citizen uses, for example, climate, contamination, traffic control, and human services. There are a few research difficulties, one part of remote sensor arranges on which inquire about has been directed is the security of remote sensor systems. These systems are powerless against programmers who may assault in WSN. A case of this would be an adversary seizing an automaton and inspiring it to assault inviting powers. In this proposed work, security for WSN is concerned. Detection of a fake node in the network is the main part. Using common scenarios, we can spot an attack and a malicious node in the network. By calculating the packet drop, throughput, and residual energy. These are demonstrated in ns2, thereby proposed scheme helps to achieve in detecting the fake node.
... LEAP stands for Localized Encryption and Authentication Protocol (Alsoufi, Elleithy, Abuzaghleh, & Nassar, 2012) is one of the key management protocol. It uses four secret keys (e.g. ...
Chapter
Wireless sensor networks (WSNs) are comprised of large collections of small devices having low operating power, low memory space, and limited processing capabilities referred to as sensor nodes. The nodes in WSNs are capable of sensing, recording, and monitoring environmental conditions. Nowadays, a variety of WSNs applications can be found in many areas such as in healthcare, agriculture, industries, military, homes, offices, hospitals, smart transportation, and smart buildings. Though WSNs offer many useful applications, they suffer from many deployment issues. The security issue is one of them. The security of WSNs is considerable because of the use of unguided medium and their deployment in harsh, physically unprotected, and unattended environments. This chapter aims to discuss various security objectives and security attacks on WSNs and summarizes the discussed attacks according to their categories. The chapter also discusses different security protocols presented to prevent, detect, and recover the WSNs from various security attacks.
... In energy LEACH protocol first round of communication, all the nodes have the same chance to turn as cluster head. Delan Alsoufi et al, 2012 [3] described about security for WSN. The author proposed a new protocol LEAP(Localized Encryption and Authentication Protocol). ...
Article
Full-text available
Wireless Sensor Network (WSN) has been looked into broadly in the course of recent years. WSN were first utilized by the military for reconnaissance purposes and have since ventured into modern and regular citizen uses, for example, climate, contamination, traffic control, and human services. There are a few research difficulties, one part of remote sensor arranges on which inquire about has been directed is the security of remote sensor systems. These systems are powerless against programmers who may assault in WSN. A case of this would be an adversary seizing an automaton and inspiring it to assault inviting powers. In this proposed work, security for WSN is concerned. Detection of a fake node in the network is the main part. Using common scenarios, we can spot an attack and a malicious node in the network. By calculating the packet drop, throughput, and residual energy. These are demonstrated in ns2, thereby proposed scheme helps to achieve in detecting the fake node.
... 2) Improved LEAP Improved LEAP protocol [20] provides support of several base stations. It allows to reduce communication overhead and also makes protocol resistant from base station capturing. ...
Article
Full-text available
This research paper delves into the critical aspects of Wi-Fi network security, providing a thorough analysis of the vulnerabilities and risks associated with wireless networks. As Wi-Fi technology continues to expand globally, ensuring robust security measures has become increasingly vital to protect sensitive data and maintain the integrity of network communications. The paper explores the various security protocols employed in Wi-Fi networks, evaluates their effectiveness, and highlights the common threats that these networks face, including unauthorized access, data interception, and cyber-attacks.Through a detailed examination of case studies and current security practices, the paper identifies potential weaknesses in existing Wi-Fi security frameworks and proposes strategies for mitigating these risks. By addressing both technical and practical considerations, this research aims to contribute to the ongoing efforts to enhance Wi-Fi network security, ensuring safer and more reliable wireless communication in both personal and professional environments. Recent tools and methods have proven to be beneficial in the research study area, with a particular focus on utilizing tools like OPNET. The study emphasizes the hardware requirements necessary for conducting MANET and OPNET simulations, which are crucial for enhancing network security and developing robust mechanisms to defend against attacks and hacking attempts. Researchers must employ powerful hardware systems, scalable techniques, and advanced simulators to meet the high computational demands of modern state-of-the-art application domains.
Article
Full-text available
Security was a prior concern to the researchers since the beginning of wireless sensor network. With the growing technology, the belongings on security are also advancing day by day. Though it was tried to formulate this network completely secured during the time of designing, intruders and attackers always find their way to get inside it and accomplish their disgraceful intention. Different research papers have shown different ways to keep the network secured and trustworthy. This paper presents a significant analysis on the security issues of wireless sensor network. Literature study on various articles are accumulated where both possible security violence and their solutions are focused from most recent research papers which will be very helpful for future work for the researchers. Moreover, some basic implications are also proposed to keep the network away from vulnerability and interception.
Article
Full-text available
This paper proposes a distributed wormhole detection algorithm for wireless sensor networks, a potential technology for infrastructures of many applications. Currently, most sensor networks assume they will be deployed in a benign envi-ronment; however, when a sensor network is de-ployed in some hostile environment, attacks (espe-cially those like wormhole attacks that don't need to capture the keys used in the network) may affect current sensor networks and may even disable their functions. This paper proposes a distributed wormhole detection algorithm called Wormhole Geographic Distributed Detection (WGDD), that is based on detecting disorder of the networks which is caused by the existence of a wormhole inside the network. Since wormhole attacks are passive, this algorithm uses a hop-counting tech-nique as a probe procedure to detect wormhole at-tacks, then reconstructs local maps in each node, and after that, uses a feature called "diameter" to detect abnormalities caused by wormholes. The main advantage of using a distributed wormhole detection algorithm is that such an algorithm can provide the approximate location of a wormhole, which may be useful information for further de-fense mechanisms. Simulations show that the pro-posed detection method has both a low False Tol-eration Rate (FTR) and a low False Detection Rate (FDR) in detecting wormhole attacks.
Conference Paper
Full-text available
Simulation for wireless sensor networks has become a challenging exercise due to the hardware design, energy constraints, and deployment of large number of nodes. NS-2 has been widely used in network simulations but does not perform well for wireless sensor networks. This paper provides a comprehensive analysis of the NS-2 simulator based on performance evaluation of simulation results, and proposes some improvements needed in NS-2 to cope up with wireless sensor network simulations.
Conference Paper
Full-text available
The main purpose of this study is to investigate how to provide authentication in wireless sensor networks and how it can be done in an energy efficient way. Other goals are to give an introduction to general security in wireless sensor networks and to see how the addition of message authentication codes (MAC) of various lengths affects the lifetime of a sensor node. To do this, a study of security solutions with focus on key establishment schemes that enable authentication and practical tests on the energy consumption depending on MAC length are performed. The conclusion from the study of security solutions is that symmetric cryptography is to prefer over public key cryptography.
Chapter
Since routing is a fundamental operation in all types of networks, ensuring routing security is a necessary requirement to guarantee the success of routing operation. Securing routing task gets more challenging as the target network lacks an infrastructure-based routing operation. This infrastructure-less nature that invites a multihop routing operation is one of the main features of wireless sensor networks that raises the importance of secure routing problem in these networks. Moreover, the risky environment, application criticality, and resources limitations and scarcity exhibited by wireless sensor networks make the task of secure routing much more challenging. All these factors motivate researchers to find novel solutions and approaches that would be different from the usual approaches adopted in other types of networks. The purpose of this chapter is to provide a comprehensive treatment of the routing security problem in wireless sensor networks. The discussion flow of the problem in this chapter begins with an overview on wireless sensor networks that focuses on routing aspects to indicate the special characteristics of wireless sensor networks from routing perspective. The chapter then introduces the problem of secure routing in wireless sensor networks and illustrates how crucial the problem is to different networking aspects. This is followed by a detailed analysis of routing threats and attacks that are more specific to routing operation in wireless sensor networks. A research-guiding approach is then presented to the reader that analyzes and criticizes different techniques and solution directions for the secure routing problem in wireless sensor network. This is supported by state-of-the-art and familiar examples from the literature. The chapter finally concludes with a summary and future research directions in this field.
Article
Wireless sensor networks are usually deployed for gathering data from unattended or hostile environment. Several application specific sensor network data gathering protocols have been proposed in research literatures. However, most of the proposed algorithms have given little attention to the related security issues. In this paper we have explored general security threats in wireless sensor network and made an extensive study to categorize available data gathering protocols and analyze possible security threats on them.
Conference Paper
Wireless sensor networks (WSN) are generally set up for gathering records from insecure environment. Nearly all security protocols for WSN believe that the opponent can achieve entirely control over a sensor node by way of direct physical access. The appearance of sensor networks as one of the main technology in the future has posed various challenges to researchers. Wireless sensor networks are composed of large number of tiny sensor nodes, running separately, and in various cases, with none access to renewable energy resources. In addition, security being fundamental to the acceptance and employ of sensor networks for numerous applications, also different set of challenges in sensor networks are existed. In this paper we will focus on security of Wireless Sensor Network.
Article
Abstract—The nature of wireless ,ad hoc ,and sensor networks make them very attractive to attackers. One of the most popular and serious attacks in wireless ad hoc ,networks is wormhole ,attack and most,proposed ,protocols ,to defend ,against ,this attack ,used positioning devices, synchronized clocks, or directional antennas. This paper analyzes the nature of wormhole ,attack and existing methods of defending,mechanism,and then proposes round trip time (RTT) and neighbor numbers,based wormhole,detection mechanism. The consideration of proposed ,mechanism ,is the RTT between ,two successive nodes and those nodes’ neighbor number,which is needed to compare those values of other successive nodes. The identification of wormhole attacks is based on the two faces. The first consideration isthat the transmission time between two wormhole ,attack affected nodes is considerable higher than that between two normal neighbor nodes. The second detection mechanism,is based on the,fact that by introducing new links into the network, the adversary increases the number,of neighbors of the nodes within its radius. This system does not require any specific hardware, has good performance and little overhead,and also does not consume ,extra energy. The proposed system is designed ,in ad ,hoc on-demand distance vector (AODV) routing protocol and analysis and simulations of the proposed system are performed in network simulator (ns-2). Keywords—AODV, Wormhole attacks, Wireless ad hoc and sensor networks
Conference Paper
Wireless sensor networks have been researched extensively over the past few years. They were first used by the military for surveillance purposes and have since expanded into industrial and civilian uses such as weather, pollution, traffic control, and healthcare. One aspect of wireless sensor networks on which research has been conducted is the security of wireless sensor networks. These networks are vulnerable to hackers who might go into the network with the intent of rendering it useless. An example of this would be an enemy commandeering a drone and getting it to attack friendly forces. In this paper, we review the security of wireless sensor networks. Areas that are covered include: architectures and routing protocols, security issues that include context and design as well as confidentiality, integrity, and authenticity, algorithms, and performance issues for wireless sensor network design. Performance of the Self-Originating Wireless Sensor Network (SOWSN), Practical Algorithm for Data Security (PADS), and mechanisms for in-network processing were investigated in further detail with SOWSN having the best performance as a result of it being based on realistic scenarios.
Conference Paper
Most of the proposed key management protocols for wireless sensor networks (WSNs) in the literature assume that a single base station is used and that the base station is trustworthy. However, there are applications in which multiple base stations are used and the security of the base stations must be considered. This paper investigates a key management protocol in wireless sensor networks which include multiple base stations. We consider the situations in which both the base stations and the sensor nodes can be compromised. The proposed key management protocol, mKeying, includes two schemes, a key distribution scheme, mKeyDist, supporting multiple base stations in the network, and a key revocation scheme, mKeyRev, used to efficiently remove the compromised nodes from the network. Our analyses show that the proposed protocol is efficient and secure against the compromise of the base stations and the sensor nodes.