ADHOC ASSIGNMENT 2 ANSWERS

1. Explain the Issues and Challenges in Security Provisioning and how

network security attacks identified and reduced.
A strong routing protocol can only protect the network from various malicious
activities. Designing a strong security routing protocol for wireless sensor
network is
a very challenging task.
 WSN must have the richest set of different protocols to carryout application
requirements; a WSN protocol must handle a hostile environment.
 Routing protocol should provide a high throughput, and a decrease packet
loss ratio.
Routing algorithm should handle mobility and dynamic changing behavior in
WSNs.
 Unreliable wireless media can drop packets; routing protocols should prevent
packet
loss. Designing a new routing protocol for WSN should consider the following
security and privacy issues.
 Node Mobility
 Coverage Problem
 Shared Broadcast Radio Channel
 Insecure Operational Environment
 Lack of Central Authority
 Lack of Association
 Limited Resource Availability
 Physical Vulnerability
 Quality of Service
 Programming Wireless Sensor Networks

Node Mobility
 The mobility sink node is used to collect data from all sensors. A static sink
node
collects data from all sensors without changing its constant position. A mobile
sink
node has its own effects on the network, e.g., performance and dynamic change
behavior. Routing protocols must provide better connectivity, an efficient
energy
consumption, a controlled flooding mechanism, etc.
Coverage Problem
 Coverage is an important performance metric in WSNs; it reflects how well
the
environment is monitored. The surrounding vicinity should be monitored all
times to
collect data; a dead node cannot forward any packets; consequently, it degrades
network services.
Shared Broadcast Radio Channel

 Unlike in wired networks where a separate dedicated transmission line can be

provided between a pair of end users, the radio channel used for communication
in
wireless sensor networks is broadcast in nature and is shared by all nodes in the
network.
 Data transmitted by a node is received by all nodes within its direct
transmission
range. So a malicious node could easily obtain data being transmitted in the
network.
This problem can be minimized to a certain extent by using directional
antennas.
Insecure Operational Environment
 The operating environments where wireless sensor networks are used may
not always
be secure.
 One important application of such networks is in battlefields. In such
applications,
nodes may move in and out of hostile and insecure enemy territory, where they
would
be highly vulnerable to security attacks.
Lack of Central Authority
 In wired networks and infrastructure-based wireless networks, it would be
possible to
monitor the traffic on the network through certain important central points (such
as
routers, base stations, and access points) and implement security mechanisms at
such
points. Since wireless networks do not have any such central points, these
mechanisms cannot be applied in wireless sensor networks.
Lack of Association
 Since these networks are dynamic in nature, a node can join or leave the
network at
any point of the time. If no proper authentication mechanism is used for
associating
nodes with a network, an intruder would be able to join into the network quite
easily
and carry out his/her attacks.
Limited Resource Availability
 Resources such as bandwidth, battery power, and computational power are
scarce in

wireless sensor networks. Hence, it is difficult to implement complex

cryptography-
based security mechanisms in such networks.
Physical vulnerability
 Nodes in these networks are usually compact and hand-held in nature. They
could get
damaged easily and are also vulnerable to theft.
Quality of Service

 QoS is the function of its application. The proper congestion control provides
better
QoS. In WSNs, there is a minimum chance of congestion outside the base
station
area. Congestion near the base station results into: channel occupancy, buffer
overflow, packet collision, channel contention, high data rate, and minimum
node’s
life.
 For better services, minimum congestion in the network is necessary.
Congestion
avoidance ensures high throughput, better link utilization, minimum delay,
energy
efficiency, and minimum data rate error. Control packets are used to prevent
congestion.
Programming Wireless Sensor Networks

 Programming a large network of highly resource-constraint devices that are

self-
organized and globally consistent, with a robust behavior and a dynamically

changing environment, is a big challenge.

 Programming in a hostile or un-secure environment, to monitor the
surroundings, is a
daunting task. Programming WSNs must be equipped with proper software
engineering principles; it must be well coded, tested, debugged, and should
provide a
flawed free design.
4.4 Network Security Attacks
 Wireless networks are vulnerable to security attacks due to the broadcast
nature of the
transmission medium. Furthermore, WSNs have an additional vulnerability
because
nodes are often placed in a hostile or dangerous environment where they are not
physically protected.
 For a large-scale sensor network, it is impractical to monitor and protect each
individual sensor from physical or logical attack. Attackers may device different
types
of security attacks to make the WSN system unstable.
4.4.1 Based On the Capability of the Attacker
Outsider versus insider (node compromise) attacks
 Outside attacks are defined as attacks from nodes, which do not belong to a
WSN;
insider attacks occur when legitimate nodes of a WSN behave in unintended or
unauthorized ways.
Passive versus Active attacks

 Passive attacks include eavesdropping on or monitoring packets exchanged

within a
WSN; active attacks involve some modifications of the data steam or the
creation of a
false stream.
Mote-class versus laptop-class attacks
 In mote-class attacks, an adversary attacks a WSN by using a few nodes with
similar
capabilities to the network nodes; in laptop-class attacks, an adversary can use
more
powerful devices (e.g., a laptop) to attack a WSN. These devices have greater
transmission range, processing power, and energy reserves than the network
nodes.
4.4.2 Attacks on Information in Transit
 In a sensor network, sensors monitor the changes of specific parameters or
values and
report to the sink according to the requirement. While sending the report, the
information in transit may be attacked to provide wrong information to the base
stations or sinks. The attacks are:
 Interruption: Communication link in sensor networks becomes lost or
unavailable. This operation threatens service availability. The main purpose is
to launch denial-of service (DoS) attacks. From the layer-specific perspective,
this is aimed at all layers.
 Interception: Sensor network has been compromised by an adversary where
the attacker gains unauthorized access to sensor node or data in it. Example of
this type of attacks is node capture attacks. This threatens message
confidentiality. The main purpose is to eavesdrop on the information carried in
the messages.
 Modification: Unauthorized party not only accesses the data but also tampers
with it. This threatens message integrity. The main purpose is to confuse or
mislead the parties involved in the communication protocol. This is usually
aimed at the network layer and the application layer, because of the richer
semantics of these layers.
 Fabrication: An adversary injects false data and compromises the
trustworthiness of information. This threatens message authenticity. The main
purpose is to confuse or mislead the parties involved in the communication
protocol. This operation can also facilitate DOS attacks, by flooding the
network.

 Replaying existing messages: This operation threatens message freshness.

The main purpose of this operation is to confuse or mislead the parties
involved in the communication protocol that is not time- aware.

4.4.3 Host Based Vs Network Based

 Host-based attacks: It is further broken down in to User compromise: This

involves compromising the users of a WSN, e.g. by cheating the users into
revealing information such as passwords or keys about the sensor nodes.
Hardware compromise: This involves tampering with the hardware to extract
the program code, data and keys stored within a sensor node. The attacker
might also attempt to load its program in the compromised node. Software
compromise: This involves breaking the software running on the sensor nodes.
Chances are the operating system and/or the applications running in a sensor
node are vulnerable to popular exploits such as buffer overflows.
 Network-based attacks: It has two orthogonal perspectives layer-specific
compromises, and protocol-specific compromises. This includes all the attacks
on information in transit. Apart from that it also includes Deviating from
protocol: When the attacker is, or becomes an insider of the network, and the
attacker’s purpose is not to threaten the service availability, message
confidentiality, integrity and authenticity of the network, but to gain an unfair
advantage for itself in the usage of the network, the attacker manifests selfish
behaviours, behaviours that deviate from the intended functioning of the
protocol.
4.5 Layer wise Attacks in Wireless Sensor Networks
 This section discusses about the WSN layer wise attack.
4.5.1 Physical Layer Attacks
4.5.1.1 Jamming
 This is one of the Denial of Service Attacks in which the adversary attempts
to disrupt
the operation of the network by broadcasting a high-energy signal.
 Jamming attacks in WSNs, classifying them as constant (corrupts packets as
they are
transmitted), deceptive (sends a constant stream of bytes into the network to
make it
look like legitimate traffic), random (randomly alternates between sleep and
jamming
to save energy), and reactive (transmits a jam signal when it senses traffic).

 To defense against this attack, use spread-spectrum techniques for radio

communication. Handling jamming over the MAC layer requires Admission
Control
Mechanisms.
4.5.1.2 Radio Interference
 Here, adversary either produces large amounts of interference intermittently
or
persistently. To handle this issue, use of symmetric key algorithms in which the
disclosure of the keys is delayed by some time interval.
4.5.1.3 Tampering or Destruction
 Given physical access to a node, an attacker can extract sensitive information
such as
cryptographic keys or other data on the node.
 One defense to this attack involves tamper-proofing the node’s physical
package.
 Self-Destruction (tamper-proofing packages) – whenever somebody accesses
the
sensor nodes physically the nodes vaporize their memory contents and this
prevents
any leakage of information.
4.5.2 Data Link Layer Attacks
4.5.2.1 Continuous Channel Access (Exhaustion)
 A malicious node disrupts the Media Access Control protocol, by
continuously
requesting or transmitting over the channel. This eventually leads a starvation
for
other nodes in the network with respect to channel access.
 One of the countermeasures to such an attack is Rate Limiting to the MAC
admission
control such that the network can ignore excessive requests, thus preventing the
energy drain caused by repeated transmissions.
 A second technique is to use time division multiplexing where each node is
allotted a
time slot in which it can transmit.
4.5.2.2 Collision
 This is very much similar to the continuous channel attack. A collision occurs
when
two nodes attempt to transmit on the same frequency simultaneously. When
packets
collide, a change will likely occur in the data portion, causing a checksum
mismatch
at the receiving end. The packet will then be discarded as invalid. A typical
defense
against collisions is the use of error-correcting codes.
4.5.2.3 Unfairness
 Repeated application of these exhaustion or collision based MAC layer
attacks or an
abusive use of cooperative MAC layer priority mechanisms, can lead into
unfairness.

 This kind of attack is a partial DOS attack, but results in marginal

performance
degradation.
 One major defensive measure against such attacks is the usage of small
frames, so
that any individual node seizes the channel for a smaller duration only.
4.5.2.4 Interrogation
 Exploits the two-way request-to-send/clear-to-send (RTS/CTS) handshake
that many
MAC protocols use to mitigate the hidden-node problem.
 An attacker can exhaust a node’s resources by repeatedly sending RTS
messages to
elicit CTS responses from a targeted neighbour node.
 To put a defense against such type of attacks a node can limit itself in
accepting
connections from same identity or use Anti replay protection and strong link-
layer
authentication.
4.5.2.5 Sybil Attack
 In this attack, a single node presents multiple identities to all other nodes in
the WSN.
This may mislead other nodes, and hence routes believed to be disjoint with
respect to
node can have the same adversary node.
 A countermeasure to Sybil Attack is by using a unique shared symmetric key
for each
node with the base station.
4.5.3 Network Layer Attacks
4.5.3.1 Sinkhole Attack
 Sinkhole attacks normally occur when compromised node send fake routing
information to other nodes in the network with aim of attracting as many traffic
as
possible.
4.5.3.2 Hello Flood
 This attack exploits Hello packets that are required in many protocols to
announce
nodes to their neighbors. A node receiving such packets may assume that it is in
radio
range of the sender.
 A laptop class adversary can send this kind of packet to all sensor nodes in
the
network so that they believe the compromised node belongs to their neighbors.
This
causes a large number of nodes sending packets to this imaginary neighbour and
thus
into oblivion. Authentication is the key solution to such attacks. Such attacks
can
easily be avoided by verify bi-directionality of a link before taking action based
on
the information received over that link.

4.5.3.3 Node Capture

 Node capture attack is a serious attack through which an intruder can
performs
various operations on the network and can easily compromise the entire
network. It is
one of the hazardous attack in WSNs.
 A single node capture is sufficient for an attacker to take over the entire
network.
4.5.3.4 Selective Forwarding/ Black Hole Attack
 In Black Hole attack, a malicious node falsely advertises good paths (e.g.,
shortest
path or most stable path) to the destination node during the path-finding process
(in
on-demand routing protocols) or in the route update messages (in table-driven
routing
protocols). The intention of the malicious node could be to hinder the path-
finding
process or to intercept all data packets being sent to the destination node
concerned.
Malicious or attacking nodes can however refuse to route certain messages and
drop
them. If they drop all the packets through them, then it is called a Black Hole
Attack.
 However if they selectively forward the packets, then it is called selective
forwarding.
 To overcome this, Multi path routing can be used in combination with
random
selection of paths to destination, or braided paths can be used which represent
paths
which have no common link or which do not have two consecutive common
nodes, or
use implicit acknowledgments, which ensure that packets are forwarded as they
were
sent.
4.5.3.5 Wormhole Attacks
 An adversary can tunnel messages received in one part of the network over a
low
latency link and replay them in another part of the network. This is usually done
with
the coordination of two adversary nodes, where the nodes try to understate their
distance from each other, by broadcasting packets along an out-of-bound
channel
available only to the attacker.
 To overcome this, the traffic is routed to the base station along a path, which
is always
geographically shortest or use very tight time synchronization among the nodes,
which is infeasible in practical environments.
4.5.3.6 Spoofed, Altered, or Replayed Routing Information
 The most direct attack against a routing protocol in any network is to target
the
routing information itself while it is being exchanged between nodes. An
attacker may
spoof, alter, or replay routing information in order to disrupt traffic in the
network.
These disruptions include the creation of routing loops, attracting or repelling
network

traffic from select nodes, extending and shortening source routes, generating
fake
error messages, partitioning the network, and increasing end-to-end latency.
 A countermeasure against spoofing and alteration is to append a message
authentication code (MAC) after the message. Efficient encryption and
authentication
techniques can defend spoofing attacks.
4.5.3.7 Misdirection
 This is a more active attack in which a malicious node present in the routing
path can
send the packets in wrong direction through which the destination is
unreachable. In
place of sending the packets in correct direction the attacker misdirects those
and that
too towards one node and thus this node may be victimized.
4.5.3.8 Homing
 In a homing attack, the attacker looks at network traffic to deduce the
geographic
location of critical nodes, such as cluster heads or neighbors of the base station.
The
attacker can then physically disable these nodes. This leads to another type of
black
hole attack.

2. Explain in detail about Sensor Network Programming Challenges and

steps to overcome the issues.
Traditional programming technologies rely on operating systems to
provide abstraction for processing, I/O, networking, and user interaction
hardware. When applying such a model to programming networked
embedded systems, such as sensor networks, the application programmers
need to explicitly deal with message passing,
event synchronization, interrupt handling, and sensor reading.

 As a result, an application is typically implemented as a finite state

machine (FSM) that covers all extreme cases: unreliable communication
channels, long delays,irregular arrival of messages, simultaneous events
etc.
 For resource-constrained embedded systems with real-time
requirements, severalmechanisms are used in embedded operating
systems to reduce code size, improve
response time, and reduce energy consumption.
 The microkernel technologies modularize the operating system so that
only thenecessary parts are deployed with the application. Real-time
scheduling allocates
resources to more urgent tasks so that they can be finished early.
 Event-driven execution allows the system to fall into low-power sleep
mode when no
interesting events need to be processed.
 At the extreme, embedded operating systems tend to expose more
hardware controls to the programmers, who now have to directly face
device drivers and scheduling
algorithms, and optimize code at the assembly level.
 Although these techniques may work well for small, stand-alone
embedded systems,they do not scale up for the programming of sensor
networks for two reasons:
 Sensor networks are large-scale distributed systems, where global
propertiesare derivable from program execution in a massive number of
distributed nodes. Distributed algorithms themselves are hard to
implement, especially
when infrastructure support is limited due to the ad hoc formation of the
system and constrained power, memory, and bandwidth resources.
 As sensor nodes deeply embed into the physical world, a sensor
network
should be able to respond to multiple concurrent stimuli at the speed of
changes of the physical phenomena of interest.

 There no single universal design methodology for all applications.

Depending on the specific tasks of a sensor network and the way the
sensor nodes are organized, certain
methodologies and platforms may be better choices than others.
 For example, if the network is used for monitoring a small set of
phenomena and the
sensor nodes are organized in a simple star topology, then a client-server
software
model would be sufficient.
 If the network is used for monitoring a large area from a single access
point (i.e., the
base station), and if user queries can be decoupled into aggregations of
sensor
readings from a subset of nodes, then a tree structure that is rooted at the
base station
is a better choice. However, if the phenomena to be monitored are
moving targets, as
in the target tracking, then neither the simple client-server model nor the
tree
organization is optimal. More sophisticated design and methodologies
and platforms
are required.

5.4 Node-Level Software Platforms

 Most design methodologies for sensor network software are node-
centric, where
programmers think in terms of how a node should behave in the
environment.
 A node level platform can be node-centric operating system, which
provides hardware
and networking abstractions of a sensor node to programmers, or it can be
a language
platform, which provides a library of components to programmers.
 A typical operating system abstracts the hardware platform by
providing a set of
services for applications, including file management, memory allocation,
task
scheduling, peripheral device drivers, and networking.
 For embedded systems, due to their highly specialized applications and
limited
resources, their operating systems make different trade-offs when
providing these
services.
 For example, if there is no file management requirement, then a file
system is
obviously not needed. If there is no dynamic memory allocation, then
memory
management can be simplified. If prioritization among tasks is critical,
then a more
elaborate priority scheduling mechanism may be added.

5.5 Operating System Design Issues

 Traditional operating systems are system software, including programs
that manage
computing resources, control peripheral devices, and provide software
abstraction to
the application software.
 Traditional OS functions are therefore to manage processes, memory,
CPU time, file
system, and devices. This is often implemented in a modular and layered
fashion,
including a lower layer of kernels and a higher layer of system libraries.
 Traditional OSs are not suitable for wireless sensor networks because
WSNs have
constrained resources and diverse data-centric applications, in addition to
a variable
topology.

 Hence, WSNs need a new type of operating system, considering their

special
characteristics. There are several issues to consider when designing
operating systems
for wireless sensor networks.
 The first issue is process management and scheduling. The traditional
OS provides
process protection by allocating a separate memory space (stack) for each
process.
Each process maintains data and information in its own space. But this
approach
usually causes multiple data copying and context switching between
processes. This is
obviously not energy efficient for WSNs. For some real-time applications
in WSNs, a
real-time scheduler such as earliest deadline first (EDF) or its variants
may be a good
choice, but the number of processes should be confined since that would
determine
the time complexity of the EDF scheduler.
 The second issue is memory management. Memory is often allocated
exclusively for
each process/task in traditional operating systems, which is helpful for
protection and
security of the tasks. Since sensor nodes have small memory, another
approach,
sharing, can reduce memory requirements.
 The third issue is the kernel model. The event-driven and finite state
machine (FSM)
models have been used to design microkernels for WSNs. The event-
driven model
may serve WSNs well because they look like event-driven systems. An
event may
comprise receiving a packet, transmitting a packet, detection of an event
of interest,
alarms about energy depletion of a sensor node, and so on. The FSM-
based model is
convenient to realize concurrency, reactivity, and synchronization.
 The fourth issue is the application program interface (API). Sensor
nodes need to
provide modular and general APIs for their applications. The APIs should
enable
applications access the underlying hardware.
 The fifth issue is code upgrade and reprogramming. Since the behavior
of sensor
nodes and their algorithms may need to be adjusted either for their
functionality or for
energy conservation, the operating system should be able to reprogram
and upgrade.
 Finally, because sensor nodes generally have no external disk, the
operating system
for WSNs cannot have a file system. These issues should be considered
carefully in
the design of WSN OSs and to meet their constrained resources, network
behavior,
and data-centric application requirements.
 Sensor operating systems (SOS) should represent the following
functions, bearing in
mind the limited resource of sensor nodes:

 Should be compact and small in size since the sensor nodes have very
small
memory. The sensor nodes often have memories of only tens or hundreds
of
kilobytes.
  Should provide real-time support, since there are real-time
applications,
especially when actuators are involved. The information received may
become
outdated rather quickly. Therefore, information should be collected and
reported as quickly as possible.
 Should provide efficient resource management mechanisms in order to
allocate microprocessor time and limited memory. The CPU time and
limited
memory must be scheduled and allocated for processes carefully to
guarantee
fairness (or priority if required).
 Should support reliable and efficient code distribution since the
functionality
performed by the sensor nodes may need to be changed after deployment.
The
code distribution must keep WSNs running normally and use as little
wireless
bandwidth as possible.
 Should support power management, which helps to extend the system
lifetime
and improve its performance. For example, the operating system may
schedule
the process to sleep when the system is idle, and to wake up with the
advent of
an incoming event or an interrupt from the hardware.
 Should provide a generic programming interface up to sensor
middleware or
application software. This may allow access and control of hardware
directly,
to optimize system performance.

3. Designing of TinyOS for wireless sensor networks

The design of TinyOS allows application software to access hardware directly
when
required. TinyOS is a tiny micro threaded OS that attempts to address two
issues:
 How to guarantee concurrent data flows among hardware devices, and
 How to provide modularized components with little processing and storage
overhead.

 These issues are important since TinyOS is required to manage hardware

capabilities
and resources effectively while supporting concurrent operation in an efficient
manner.
 TinyOS uses an event-based model to support high levels of concurrent
application in
a very small amount of memory. Compared with a stack-based threaded
approach,

which would require that stack space be reserved for each execution context,
and
because the switching rate of execution context is slower than in an event-
based
approach, TinyOS achieves higher throughput.
 It can rapidly create tasks associated with an event, with no blocking or
polling. When
CPU is idle, the process is maintained in a sleep state to conserve energy.
TinyOS
includes a tiny scheduler and a set of components. The scheduler schedules
operation
of those components.
 Each component consists of four parts: command handlers, event handlers,
an
encapsulated fixed-size frame, and a group of tasks
 Commands and tasks are executed in the context of the frame and operate
on its state.
Each component will declare its commands and events to enable modularity
and easy
interaction with other components.
 The current task scheduler in TinyOS is a simple FIFO mechanism whose
scheduling
data structure is very small, but it is power efficient since it allows a processor
to
sleep when the task queue is empty and while the peripheral devices are still
running.
The frame is fixed in size and is assigned statically. It specifies the memory
requirements of a component at compile time and removes the overhead from
dynamic assignment. Commands are non-blocking requests made to the low-
level
components. Therefore, commands do not have to wait a long time to be
executed.
 A command provides feedback by returning status indicating whether it was
successful (e.g., in the case of buffer overrun or of timeout). A command often
stores
request parameters into its frame and conditionally assigns a task for later
execution.
 The occurrence of a hardware event will invoke event handlers. An event
handler can

store information in its frame, assign tasks, and issue high-level events or call
low-
level commands. Both commands and events can be used to perform a small
and

usually fixed amount of work as well as to pre-empt tasks.

 Tasks are a major part of components. Like events, tasks can call low-level
commands, issue high-level events, and assign other tasks. Through groups of
tasks,
TinyOS can realize arbitrary computation in an event-based model.
 The design of components makes it easy to connect various components in
the form
of function calls. The architecture of TinyOS shown in Figure 5.2.
 This WNS operating system defines three type of components:
 Hardware abstractions

 Synthetic hardware
 High-level software components
 Hardware abstraction components are the lowest-level components. They
are
actually the mapping of physical hardware such as I/O devices, a radio
transceiver,
and sensors. Each component is mapped to a certain hardware abstraction.
 Synthetic hardware components are used to map the behavior of advanced
hardware
and often sit on the hardware abstraction components. TinyOS designs a
hardware
abstract component called the radio-frequency module (RFM) for the radio
transceiver, and a synthetic hardware component called radio byte, which
handles
data into or out of the underlying RFM.
 Higher-level components encapsulate software functionality, but with a
similar
abstraction. They provide commands, signal events, and have internal
handlers, task
threads, and state variables

Figure 1 TinyOS Architecture

 An evaluation of TinyOS shows that it achieves the following performance

gains or
advantages:
 It requires very little code and a small amount of data.
 Events are propagated quickly and the rate of posting a task and switching
the
corresponding context is very high.
 It enjoys efficient modularity.