1. Field of the Invention
The present invention relates to a sensor network and to an adaptive method for monitoring security in the sensor network, and more specifically, to a sensor network having node architecture for performing trust management of neighboring sensor nodes, and to an adaptive method for performing trust management of neighboring sensor nodes.
2. Discussion of the Background
Wireless sensor networks, a type of ubiquitous computing, offer various novel applications. A wireless sensor network may rely on the use of tiny sensors, referred to as sensor nodes or nodes, embedded in the environment. The sensor nodes may have limited power, low memory storage capabilities, and limited processing power. However, each sensor node may have a radio transceiver. Therefore, the sensor nodes may collect, store, receive, and transmit information via radio transmissions without any fixed infrastructure.
A wireless sensor network may include a base station and sensor nodes arranged randomly or in a pattern to monitor such conditions as room temperatures, real-time traffic, security conditions such as fire in office buildings, to perform military surveillance, or any combination thereof. The sensor nodes may transmit data messages in the form of packets representing these sensed conditions to the base station as radio signals transmitted from the radio transmitter in each sensor node.
However, because sensor nodes are generally tiny and usually have very limited resources including processing capacity, power and memory, they frequently cannot transmit a packet directly to the base station, which may be positioned extremely long distances from the sensor node and outside the range of the sensor node's radio transmitter. Therefore, sensor nodes use a system referred to as relaying to transmit a packet to the base station. Specifically, a sensor node may store data in an internal memory relating to a parent node. The parent node may be an intermediate intended recipient of a sensor node's signal, and the parent node may be one hop, or message transmission, closer to the base station than the sensor node. The parent node may also have a parent node, which is also one hop, or message transmission, closer to the base station. By this method, a sensor node may relay a packet to the base station. Because the base station may have better resources than the sensor node, the base station may be connected to a local area network, a wireless network, the internet, or another type of network or network terminal, and may be able to transmit the packets received from the sensor nodes of the sensor network to a computer terminal, data collection facility, or other type of end user.
Any sensitive data in the packets must be protected to ensure the packets are transmitted from a sensor node to the base station without loss of information authenticity, confidentiality or integrity. In some military applications, security may be critical to successful completion of a military mission.
When designing a security protocol for a wireless sensor network, the unique nature of the wireless sensor network is considered. For example, a wireless sensor network may be application-oriented to performing specific sensing operations. Additionally, each sensor node in a wireless sensor network may possess limited battery power, small memory storage size, and low power computing capacity. Finally, sensor nodes may transmit packets containing critical information over an insecure wireless network, thus making sensor nodes more susceptible to various attacks. These attacks are documented in Karlof, C., Wagner, U., “Secure routing in wireless sensor networks: Attacks and countermeasures”, Proceedings of First IEEE International Workshop on Sensor Network Protocols and Applications, 2003. Such attacks may include spoofed, altered, or replayed routing information to increase a traffic load, selective forwarding of packets, sinkhole attacks where traffic is routed through a malicious or compromised node, sybil attacks where a node represents itself as many nodes to other nodes, wormhole attacks where nodes two are incorrectly convinced that they are neighbors, HELLO flood attacks where a malicious node may appear as a neighbor to every node in a network, and acknowledgement spoofing where nodes receive incorrect acknowledgements to determine a strength of a link between two nodes. Other attacks may pose a risk to a wireless sensor network and this list of possible attacks is not intended to be exhaustive.
Conventional efforts towards improving the security of a wireless sensor network focus primarily on cryptographical schemes for encoding data embedded in the packets. See, for example, Deng, J., Han, R., and Mishra, S., “INSENS: Intrusion-tolerant routing in wireless Sensor Network”, Technical Report CUCS-939-02, Department of Computer Science, University of Colorado, 2002; and Perrig, A., Szewczyk, R., Wen, V., Cullar, D, Tygar, J., “SPINS: Security protocols for sensor networks”, Proceedings of the Seventh Annual International Conference on Mobile Computing and Networking, 2002.
However, these cryptographical schemes still suffer from many security vulnerabilities, such as an adversary's capture of sensor nodes and denial-of-service (DOS) attacks. Due to the unique characteristics of sensor nodes, wired network security solutions may not be applicable for wireless sensor networks. Cryptographical hashing mechanisms for wired network security have been applied to wireless sensor networks with certain modifications.
From an intrusion prevention perspective, SPINS, mentioned above, consists of Secure Network Encryption protocol (SNEP) and a micro-version of Timed, Efficient, Streaming, Loss-tolerant Authentication (μTESLA) Protocol. SNEP may provide confidentiality, two-party authentication, integrity and data freshness by encrypting an eight byte code into a message transmitted by packet. This code may include an encryption key, a counter shared by the sender and receiver of the message, and a message authentication code (MAC). Therefore, there is an additional resource load for each packet transmission. The μTESLA protocol offers data broadcast authentication similar to the data broadcast authentication provided by TESLA. However, TESLA requires significant resources at the message origination location to generate the lengthy authentication codes. The μTESLA protocol modifies the TESLA protocol by generating authentication codes as function of a one-way function such as a cryptographic hash function and by using symmetric cryptography mechanisms. Further, the authentication codes are not transmitted as a component of each message but are regularly transmitted independently of messages.
SPINS discloses node architecture for providing security to resource-constrained senor nodes with symmetric cryptography mechanisms. However there are drawbacks to the SPINS strategy. For example, SPINS provides little protection against an adversary's capture of sensor nodes and denial-of-service (DOS) attacks where malicious sensor nodes disrupt service.
For intrusion tolerance, INSENS mentioned above and the Multipath Routing scheme described in Ganesan, D., Govindan, R., Shenker, S., and Estrin, D., “Highly Resilient, Energy Efficient Multipath Routing in Wireless Sensor Networks”, Mobile Computing and Communication Review, No. 2, 2002 (“Ganesan”), propose multiple path routing.
Using these schemes, even though a small number of nodes may fail, the failure does not cause widespread damage in the network since there may be alternate paths for routing a packet from a sensor node to a base station.
However, Ganesan only discloses a method for responding to a failure of a node or group of nodes. No method is disclosed for responding to an adversary's attack. Further, no method is disclosed for a sensor node to determine a failure. Ganesan defines a failure as an absence of detection events, which may not be applicable during an attack. Further, a failure is determined not by a sensor node but by a sink, which is defined as a data processing or human interface device and may be similar to a base station. Moreover, building redundant routing paths may unnecessarily consume resources since all sensor nodes may build redundant routing paths where an identified failure does not impact many of the sensor nodes.
Accordingly, the existing security solutions fail to provide a solution for facilitating sensor network security at the sensor nodes.