Review of Prevention techniques for Denial of Service Attacks in Wireless Sensor Network

Review of Prevention techniques for Denial of Service Attacks in Wireless Sensor Network

Manojkumar L Mahajan

MTech. student, Acropolis Technical Campus, Indore (MP), India

Dushyant Verma

Assistant Professor, Acropolis Technical Campus, Indore (MP), India

Abstract Wireless ad-hoc sensor network is increasing popularity in all organization and it is useful for communication. Wireless ad-hoc sensor network is vulnerable to Denial of Service (DOS) attack. The network resources are unavailable to users due to DOS attack. In DOS attack affects the node to consume more battery power and degrades the network performance. Various techniques are used for detection and prevention of DOS attack such as spread spectrum, Secured lightweight Mechanism, packet leash and energy weight monitoring system but DOS attack cannot fully prevented using this techniques. The paper reviews various types of DOS attacks and its Detection techniques.

Keywords ad-hoc sensor network, Denial of Service (DOS) attack

1. INTRODUCTION

   Wireless sensor network (WSN) is nothing but facilitating real-time data processing in complex aera.WSN consists of different nodes connected to one or more several sensor nodes. These nodes are used in many applications like monitoring environment conditions, continuous communication for military and factory performance [6].All this application require node is more consistent and reliable. Life of the node is depends on the battery power. The performance of the network is goes down when the node consumes more battery power. In this paper we see various types of DOS attack and different Detection techniques.

   Denial of service (DOS) attack is an attempt to make a machine or network resource unavailable to its intended users. There are various types of DOS attack such as power exhaustion, jamming the signal and flooding with useless traffic. In jamming adversary it sends a strong signal for external model to destruct the message [5]. In internal model adversary adds the extra data in to the packet and makes packet corrupt. In SYN flood attack adversary sends consecutive SYN request to target system to consume enough server resources and makes the system unresponsive. SYN flood messages comes under Path based DOS attack. In wormhole adversary, this is attack on the network and changes the routing data. So packet is traversed in longest path instead of shortest path and causes DOS attack. Power exhaustion is also causes DOS attack. A power exhaustion attack on the node consumes large battery power of the node. One type of power exhaustion attack is Vampire attack.

   Vampire attack is combination of stretch attack and carousel attack. In stretch attack adversary sends the packet in longest possible path instead of shortest path so that it consumes more battery power of the node and in carousel attack adversary sends the packet in routing loop [1].

   In this paper we see the various types of Denial of service (DOS) attack and techniques for detection. In Section 2 there are different types of DOS attacks are described. In Section 3 Detection techniques for the DOS attacks are described. Comparative analyses of the different DOS attacks are discussed in Section 4.

2. DOS ATTACKS

   In wireless sensor networks there are two ways to attempt DOS attack by power exhaustion and Jamming the signal. In jamming sending a strong signals enough to destruct message in Wireless sensor networks and hence DOS attack is activated. In power exhaustion attack more battery power of the node consumption takes place, so node becomes inactive. Such inactive nodes reduce network performance and causes Denial of service attack. There are various types of Denial of service attack discuss as follows:

   1. Denial of sleep attack

      Denial of sleep attack is one of the type of DOS attack which targets the nodes power Consumption. In this attack adversaries have knowledge of MAC layer protocol and it has an ability to bypass encryption and authentication protocols. The one protocol designed for wireless sensor network is MAC protocol. The battery power of node saved by placing radio in low power modes when node not sending and receiving data. MAC protocol is an ability to overcome radios primary sources of energy loss such as collision, control packet overhead and overhearing.

   2. Path Based DOS attack

      In path based DOS attack adversaries attacks on network. This is done by flooding the data packet over multi hop end to end communication path. Path based DOS attack is easy to launch and destroying large portion of wireless sensor network. The following Fig 1 consists of Aggregator nodes which process and summarize the data from member nodes, and send the aggregated result to a base station via a multi- hop, end-to end communication path and adversaries launches DOS in wireless sensor network by flooding data

      packet along multi hop path which quickly exhaust the communication bandwidth, limited energy and memory.

      Fig 01: PDOS attack in End to End Communication in WSN

   3. Jamming attack

      Jamming is one type of DOS attack which has two types such as Jamming under external threat model and internal threat model. In External threat model jammer is not a part of network and jammer is sequentially or randomly transmits high power interference signal. In internal threat model any adversary who knows network secretes and implementation details of protocol of the network launching selective jamming attack[5]. In selective jamming attack massage with high importance are targeted.

   4. Wormhole attack

      In wormhole attack adversary record the individual bit of packet or whole packet at one location. After recording the packet tunnel into the other location and then revise them in to the networks. This tunnel distance is longer than normal wireless transmission range of single hop. It is simple for attacker to make tunnelled packet arrive sooner than other packets transmitted over a normal multihop route. Wormhole places the attacker in strong position for gain unauthorized access.

   5. Vampire Attack

      Vampire attacks are not protocol-specific.it is one type of Denial of Service attack in which consuming more energy, node can be discharge and it can be disconnected from the network.

      Vampire attack consists of two different types of attacks called Stretch attack and Carousel attack. These attacks are mainly depends on reducing the energy of the nodes.

      1. Carousel attack

         Fig 02: Carousel attack

         In Carousel attacks, an adversary sends the packets in routing loop as shown in fig 2. in above fig packet is sending from source to sink. The shortest path for sending packet from source to sink is source – node f- node E and then Sink. But here packet is not follows shortest path and adversary composes the packet in loops. Packet is repeatedly traversing the same set of nodes. in above fig 2 packet is forwarded in the sequence such as source node A node B node C node D node E .then node E instead of forwarding packet to Sink, it is Sends packet to node F. then node F forward packet to node A and forms a loop. it causes more energy consumed by the nodes by repeating same path. So, because of this energy depletion, performance of the networks degrades.

      2. Stretch attack

   In Stretch attack, an adversary forms artificially longest possible routes and potentially traversing every node in the network which increases path length. An example illustrated in following fig 03. In this type of attack, packet sending from

   Fig 03: Stretch Attck

   source to sink. Shortest path for forwarding packet is source- node F to destination node Sink via node F. but in this attack, an adversaries forward packet in long route path as shown by dark line instead of dotted line path in above Fig 3. So it increases energy usage by the network. Stretch attack achieves more effectiveness and these attacks are independent on attackers position relative to the destination.

   The impact of these attacks can be influenced by combining both Carousel and Stretch attack and increasing the number of adversarial nodes in the network. Although network does not employ authentication or network use only end-to-end authentication. So here adversary can replace routes in any overhead packets.

3. DETECTION TECHNIQUES

   1. Detection of Denial of Sleep attack

      In denial of Sleep attack adversary is knowledge of MAC layer protocol and ability to bypass encryption and authentication protocols.MAC layer protocol designed for wireless sensor network and use various algorithm to save battery power by placing radio in low power mode. In this paper divide MAC protocol in four types i.e. Sensor MAC(S- MAC), Berkeley MAC (B-MAC), Gateway MAC (G-MAC) and Timeout MAC (T-MAC).We analyze all these MAC protocol in detail as follows:

      Sensor -MAC frame is divided in to listening and Sleep period. The listening period is divided in to synchronization and transfer period. Periodic updating is done by SYNC packet, Receivers adjust their timer counters. All the nodes announce their sleep schedule for correcting network time out in Synchronization period.

      Fig 04: T-MAC adaptive timeout

      Fig 05: B-MAC low power listening

      T-MAC is an improvement in the S-MAC protocol by concentrating all traffic at the beginning of the duty period, as shown in Fig 04 .the figure indicates transmitted and received messages shown by arrows. T-MAC uses adaptive timeout (TA) mechanism allows nodes to transition to sleep mode when there is no more traffic in the cluster. T-MAC has network lifetime than S-MAC.B-MAC is does not attempt to synchronize sleep schedules. B-MAC uses the low-power listening (LPL) to reduce the energy consumption. LPL checks wireless sensor network for valid preamble byte that indicate the pending data transmission of another node. A node sends the pending data and preamble. It ensure that all nearby nodes have the opportunity to receive the preamble and subsequent data message If interval between receiver samples is longer.

      In denial-of-sleep attack adversary broadcasting unauthenticated traffic into the network. This unauthenticated traffic reduces network lifetime of the node which uses S-

      MAC and T-MAC protocol. In G-MAC protocol requests to broadcast traffic must be authenticated by the gateway node before the traffic can be sent to other nodes. Therefore, only the gateway suffers power loss due to unauthenticated broadcast. G-MAC protocol is used to improve network lifetime.

   2. Detection of Path Based DOS attack

      In this path based DOS attack is launched by flooding data packet along multi hop end to end path. an intermediate node must able to detect spurious packet or replayed packet and then reject them. to detect spurious packet and to defend against path based DOS attack use secured lightweight mechanism. In this scenario configures one way hash chain along a path enabling each intermediate node to detect a Path based DOS attack and prevents propagation of spurious or replayed packet. Every packet sent by end point includes new one way hash chain number which is used for message authentication. Different hash chain number is used for each time slot and intermediate node forward packet only if new hash chain number is verified. This process of verification by each intermediate node is continue and each time slot it verify new hash chain number. If number is not validate then the drop the packet.

   3. Detection of jamming attack

      In jamming attack adversary attack in the network under external as well as internal threat model. In the external threat model jammer is not part of the network. In external model jammer is continuously or randomly transmits high power interference signals. For the prevention of jamming attack from external jammer spread-spectrum communications technique used. Spread Spectrum techniques provide bit-level protection by spreading bits according to a secret pseudo noise (PN) code known only to the communicating parties. In the jamming under internal thread model any sophisticated adversary who is knowledge of network protocol can launch selective jamming attack. To launch selective jamming attack adversary must be capable of implementing classify then jam strategy before completion of wireless transmission. After classification, the adversary must introduce a sufficient number of bit errors so that the packet cannot be recovered at the receiver. For the prevention of jamming attack from internal thread model use packet hiding method. In packet hiding method before classification of the packet by adversary we hide the packets. Hence adversary cant add bit error in to the packet and it is securely transmits. There are two methods for packet hiding i.e. commitment methods and cryptographic puzzle. In commitment method sender commits the packet and it is verify by the verifier. In the cryptographic puzzle packet m is encrypted with a randomly selected symmetric key k of a desirable length l. The key k is blinded using a cryptographic puzzle and sent to the receiver. For adversary, the puzzle carrying k cannot be solved before the puzzle is received and transmission of the encrypted version of m is completed. Hence, the adversary cannot classify m for the purpose of selective jamming.

   4. Detection of wormhole attack

      Packet leash is used for detection of wormhole attack. There are two types of packet leash i.e. temporal packet leash and

      geographical packet leash. In temporal packet leash sender node uses its timestamp (sending time of the packet). In geographical packet leash sender uses its location and sending time of the packet to receiver. Based on this information receiver estimates distance between sender and receiver. If the estimated distance is longer than the possible radio range, receiver will reject the communication with Sender node.

   5. Detection of Vampire attack

   In this Vampire attack can be prevent by using energy weight monitoring algorithm(EWMA).In this algorithm energy of the node is consider for find out threshold level of the node. To detect malicious node in the network every node is add the test field while receiving the packet and forward packet to next node and then test field is check for each node. if the test field is correct then normal operation is continue and if the test field is wrong then create an alarm packet then alarm packet is broadcast and announce that node is malicious so that it avoid for further communication. This algorithm is divided in two phases such as communication phase and network configuring phase.

   In network configuring phase establish optimum routing path from source to destination. Attacked node consumes more energy and reaches threshold energy level. In this phase the node with threshold level energy (attacked node) sends ENG_WEG message to all its surrounding nodes. After receiving the ENG_WEG packets the surrounding nodes sends the ENG_REP message that encapsulates information regarding their geographical position and current energy level. The node upon receiving this stored in its routing table to facilitate further computations. Now the node is establishes the routing path from source to destination. The source nodes select the node which is less distance from source and require minimum energy to transmit the packet.

   In communication phase avoid same data packet transmitted repeatedly through same node. These repeatedly transmission of same packet through same node depletes more battery power of the node and degrade the network performance. The rocess of repeating the packet is eliminated by aggregating the data transmitting within forwarding node. In data aggregation copy the content of the packet which is transmitting through the node. This copied content compare with the data packet transmitting through the node. If the transmitted packet is matched with copied packet then stop the packet transmitted through them. so it avoids the redundant packet transmitting through the same node and protect from the vampire attack.

   Fig 06: EWM Algorithm

4. DISCUSSION

   In TABLE I we compare Detection techniques of Denial of Service attack. For each type of Denial of Service attack detection technique is different. The one type of attack is Denial of sleep which uses the MAC protocol to prevent node from entering in to the sleep cycle. But the drawback is that it considers attacks only at MAC protocol not for others. The wormhole attack is avoided by packet leash technique but it is not always applicable and requires high cost. Vampire attacks is detected and prevented by Energy weight monitoring System using threshold level of the nodes. By using threshold level of the node we also detect and prevent Denial of sleep attack, Path based DOS attack, Wormhole attacks.

   Energy Weight monitoring System is an effective technique to prevent the Denial of Service attacks because it is based on threshold level of the node.

   TABLE I. DETECTION TECHNIQUES OF DOS ATTACK V. CONCLUSION

   Type of DOS attack	Detection technique	Features	Disadvantages
   Denial of Sleep Attack	MAC Protocol	Prevent the node from entering the sleep cycle	It consider attacks only at the Medium Access Control(MAC)
   Path Based DOS Attack	Secured Lightweight Mechanism	Adversary cannot generate valid OHC number	It tolerate the packet losses
   Wormhole Attack	Packet Leash	Allow connection between two non- neighboring malicious node	Solution Comes at high cost and not always applicable
   Jamming Attack	Spread Spectrum and Cryptographic puzzle	Archiving strong security and prevention of network performance degradation	Spread Spectrum fails against internal threat model
   Vampire Attack	Energy Weight Monitoring System	It avoid redundant packet transmission or loop and saves power of the nodes	Not offered fully solution for vampire attack during topology discovery phase

   DOS attack is much easier to launch in ad-hoc wireless sensor network. In this paper we defined types of Denial of service attack (DOS) such as Jamming, power consumption and SYN flood that permanently disables the ad-hoc sensor network. Our aim is to study various types of Denial of service (DOS) attack and its prevention techniques. After developing many prevention techniques wireless ad-hoc sensor network is still vulnerable to DOS attack.DOS attack cause the serious problem to users. In future we improve our techniques to prevent DOS attack which are not able to stop DOS attack fully.

   REFERENCES

   1. Eugene Y. Vassermann and Nicholas Hopper Vampire Attacks: Draining Life from Wireless Ad Hoc Sensor Networks IEEE Trans. Mobile Computing, vol. 12, no. 2, pp. 318-332 Feb-2013.

   2. Raymond D. R., Marchany R. C., Brownfield M. I., Midkiff S. F., Effects of Denial-of Sleep Attacks on Wireless Sensor Network MAC Protocols, IEEE Transactions on Vehicular Technology,

      Vol. 58, Issue 1, pp. 367-380, January 2009.

   3. Jing Deng, Richard Han, and Shivakant Mishra Defending against Pathbased DoS Attacks in Wireless Sensor Networks ACM workshop on security of ad hoc and sensor networks, 2005.

   4. Yih-Chun Hu, Adrian Perrig and David B. Johnson Packet leashes: A defense against wormhole attacks in wireless ad hoc networks, INFOCOM, 2003.

   5. Alejandro Proano and Loukas Lazos, Packet hiding methods for preventing selective jamming attack, IEEE Transactions on dependable and secure computing, vol. 9, no. 1, january/february 2012.

   6. Anthony D. Wood and John A. Stankovic, Denial of service in sensor networks, Computer 35 (2002), no. 10.

   7. David R. Raymond and Scott F. Midkiff, Denial-of-service in wireless sensor networks: Attacks and defenses, IEEE Pervasive

Computing 7 (2008), no. 1.