Graduation Year
2013
Document Type
Dissertation
Degree
Ph.D.
Degree Granting Department
Electrical Engineering
Major Professor
Ravi Sankar
Keywords
access control, clustering, cryptography, network security, user authentication
Abstract
Wireless Sensor Networks (WSNs) continue to grow as one of the most exciting and challenging research areas of engineering. They are characterized by severely constrained computational and energy
resources and also restricted by the ad-hoc network operational
environment. They pose unique challenges, due to limited power
supplies, low transmission bandwidth, small memory sizes and limited energy. Therefore, security techniques used in traditional networks cannot be directly adopted. So, new ideas and approaches are needed, in order to increase the overall security of the network. Security applications in such resource constrained WSNs with minimum overhead provides significant challenges, and is the main focus of this dissertation.
There is no "one size fits all" solution in defending WSNs against intrusions and attacks. Therefore, intrusions and attacks against WSNs should be carefully examined to reveal specific vulnerabilities associated with them, before beginning the design of any kind of intrusion prevention and detection systems. By following this rationale, the dissertation starts with providing information regarding the WSNs, types of attacks towards WSNs, and the methods on how to prevent and detect them. Then, in order to secure WSNs, a security provisioning plan is provided.
In general, the following processes may be involved in securing WSNs: Intrusion Prevention, Intrusion Detection, and Intrusion
Mitigation. This dissertation presents solutions (algorithms and
schemes) to the first two lines of defenses of the security
provisioning plan, namely, Intrusion Prevention and Intrusion
Detection.
As a first line of defense in securing WSNs, this dissertation
presents our proposed algorithm ("Two-Level User Authentication" scheme) as an Intrusion Prevention System (IPS) for WSNs. The algorithm uses two-level authentication between a sensor node and a user. It is designed for heterogeneous WSNs, meaning that
the network consists of two components: regular nodes and more
powerful cluster heads. The proposed scheme is evaluated both
analytically and also in a simulation environment, by comparing it
to the current state-of-the-art schemes in the literature.
A comprehensive and systematic survey of the state-of-the-art in
Intrusion Detection Systems (IDSs) that are proposed for Mobile
Ad-Hoc Networks (MANETs) and WSNs is presented. Firstly, detailed
information about IDSs is provided. This is followed by the analysis
and comparison of each scheme along with their advantages and
disadvantages from the perspective of security. Finally, guidelines
on IDSs that are potentially applicable to WSNs are provided. Overall, this work would be very helpful to the researchers in developing their own IDSs for their WSNs.
Clustering (of the nodes) is very important for WSNs not only in
data aggregation, but also in increasing the overall performance of
the network, especially in terms of total life-time. Besides, with the help of clustering, complex intrusion prevention and detection algorithms can be implemented. Therefore, background on the
clustering algorithms is provided and then a clustering algorithm
for WSNs is proposed, that is both power and connectivity aware. The proposed algorithm provides higher energy efficiency and increases the life-time of the network. In evaluating the proposed clustering algorithm (in a simulation environment by comparing its' performance to the previously proposed algorithm, namely Kachirski et al.'s algorithm), it is demonstrated that the proposed algorithm
improves energy efficiency in WSNs.
Finally, an IDS framework based on multi-level clustering for
hierarchical WSNs is proposed. It is based upon (the nodes use our
proposed clustering algorithm while forming their clusters) the
clustering algorithm that is proposed in this dissertation. The
framework provides two types of intrusion detection approaches,
namely "Downwards-IDS (D-IDS)" to detect the abnormal behavior (intrusion) of the subordinate (member) nodes and "Upwards-IDS (U-IDS)" to detect the abnormal behavior of the cluster heads. By using analytical calculations, the optimum parameters for the D-IDS (number of maximum hops) and U-IDS (monitoring group size) of the framework are evaluated and presented.
Overall, this dissertation research contributes to the first two lines of defenses towards the security of WSNs, namely, IPS and IDS.
Furthermore, the final contribution of this dissertation is towards
the topology formation of the WSNs (especially for the hierarchical
WSNs), namely, clustering; which would be very useful in implementation of the IPS and IDS systems that are presented in this dissertation.
Scholar Commons Citation
Butun, Ismail, "Prevention and Detection of Intrusions in Wireless Sensor Networks" (2013). USF Tampa Graduate Theses and Dissertations.
https://digitalcommons.usf.edu/etd/4449
Included in
Computer Engineering Commons, Computer Sciences Commons, Electrical and Computer Engineering Commons