Graduation Year

2013

Document Type

Dissertation

Degree

Ph.D.

Degree Granting Department

Electrical Engineering

Major Professor

Ravi Sankar

Keywords

access control, clustering, cryptography, network security, user authentication

Abstract

Wireless Sensor Networks (WSNs) continue to grow as one of the most exciting and challenging research areas of engineering. They are characterized by severely constrained computational and energy

resources and also restricted by the ad-hoc network operational

environment. They pose unique challenges, due to limited power

supplies, low transmission bandwidth, small memory sizes and limited energy. Therefore, security techniques used in traditional networks cannot be directly adopted. So, new ideas and approaches are needed, in order to increase the overall security of the network. Security applications in such resource constrained WSNs with minimum overhead provides significant challenges, and is the main focus of this dissertation.

There is no "one size fits all" solution in defending WSNs against intrusions and attacks. Therefore, intrusions and attacks against WSNs should be carefully examined to reveal specific vulnerabilities associated with them, before beginning the design of any kind of intrusion prevention and detection systems. By following this rationale, the dissertation starts with providing information regarding the WSNs, types of attacks towards WSNs, and the methods on how to prevent and detect them. Then, in order to secure WSNs, a security provisioning plan is provided.

In general, the following processes may be involved in securing WSNs: Intrusion Prevention, Intrusion Detection, and Intrusion

Mitigation. This dissertation presents solutions (algorithms and

schemes) to the first two lines of defenses of the security

provisioning plan, namely, Intrusion Prevention and Intrusion

Detection.

As a first line of defense in securing WSNs, this dissertation

presents our proposed algorithm ("Two-Level User Authentication" scheme) as an Intrusion Prevention System (IPS) for WSNs. The algorithm uses two-level authentication between a sensor node and a user. It is designed for heterogeneous WSNs, meaning that

the network consists of two components: regular nodes and more

powerful cluster heads. The proposed scheme is evaluated both

analytically and also in a simulation environment, by comparing it

to the current state-of-the-art schemes in the literature.

A comprehensive and systematic survey of the state-of-the-art in

Intrusion Detection Systems (IDSs) that are proposed for Mobile

Ad-Hoc Networks (MANETs) and WSNs is presented. Firstly, detailed

information about IDSs is provided. This is followed by the analysis

and comparison of each scheme along with their advantages and

disadvantages from the perspective of security. Finally, guidelines

on IDSs that are potentially applicable to WSNs are provided. Overall, this work would be very helpful to the researchers in developing their own IDSs for their WSNs.

Clustering (of the nodes) is very important for WSNs not only in

data aggregation, but also in increasing the overall performance of

the network, especially in terms of total life-time. Besides, with the help of clustering, complex intrusion prevention and detection algorithms can be implemented. Therefore, background on the

clustering algorithms is provided and then a clustering algorithm

for WSNs is proposed, that is both power and connectivity aware. The proposed algorithm provides higher energy efficiency and increases the life-time of the network. In evaluating the proposed clustering algorithm (in a simulation environment by comparing its' performance to the previously proposed algorithm, namely Kachirski et al.'s algorithm), it is demonstrated that the proposed algorithm

improves energy efficiency in WSNs.

Finally, an IDS framework based on multi-level clustering for

hierarchical WSNs is proposed. It is based upon (the nodes use our

proposed clustering algorithm while forming their clusters) the

clustering algorithm that is proposed in this dissertation. The

framework provides two types of intrusion detection approaches,

namely "Downwards-IDS (D-IDS)" to detect the abnormal behavior (intrusion) of the subordinate (member) nodes and "Upwards-IDS (U-IDS)" to detect the abnormal behavior of the cluster heads. By using analytical calculations, the optimum parameters for the D-IDS (number of maximum hops) and U-IDS (monitoring group size) of the framework are evaluated and presented.

Overall, this dissertation research contributes to the first two lines of defenses towards the security of WSNs, namely, IPS and IDS.

Furthermore, the final contribution of this dissertation is towards

the topology formation of the WSNs (especially for the hierarchical

WSNs), namely, clustering; which would be very useful in implementation of the IPS and IDS systems that are presented in this dissertation.

Share

COinS