Security Analysis in Wireless Sensor Networks

Abstract

In recent years, wireless sensor network (WSN) is employed in many application areas such as monitoring, tracking, and controlling. For many applications of WSN, security is an important requirement. However, security solutions in WSN differ from traditional networks due to resource limitation and computational constraints. This paper analyzes security solutions: TinySec, IEEE 802.15.4, SPINS, MiniSEC, LSec, LLSP, LISA, and LISP in WSN. The paper also presents characteristics, security requirements, attacks, encryption algorithms, and operation modes. This paper is considered to be useful for security designers in WSNs.

1. Introduction

Developments in low-cost sensor architectures have made wireless sensor networks (WSNs) a new and known research area [1]. These networks consist of large number of low-power and low-cost sensors with limited capacity, short-range transmitters spatially distributed in an often inaccessible and unreliable environment [2]. Each node has the abilities of calculation, detection, and communication [3]. These nodes that can be randomly distributed in the environment to be observed can recognize each other and can perform the task of measuring in a wide area by working together. Because of these properties, they can be used in a wide range of areas from health care to military, building security to detection of forest fires [4]. The WSN is facing a wide variety of security vulnerabilities due to the hardware limitations of the sensor nodes, wireless communication environment, real-time processing needs, heterogenic structure, large number of nodes, need for measurability, mobility, the weight of the application environmental conditions, and cost [5]. Confidentiality which is the basic goal of security provides one of the most important obstacles to overcome in order to ensure the integrity and availability as well as the achievement of time-critical and vital goals [6]. During sensitive WSN applications, such as the surveillance of enemy or borderlines, the security protocols which enable the sensors to transfer secret data to the base station must be used. However, the low processor and radio capacities of the sensors prevent traditional security protocols from being used in WSN applications [7]. Nowadays, various security protocols that consider these aspects of WSNs and their nodes are being developed. The security protocols to be developed should implement all the security issues (data confidentiality, data integrity, data freshness, data authentication, and availability) [8] but also provide high security with low energy consumption. Moreover, the fact that most of the suggested solutions are just based on the simulation platform and that solutions on sensory platforms are not considered is a big deficiency in past research. Thus, in order to be able to use the suggested protocols in applications that require solid security, the protocols should also be tested on sensor nodes besides the simulation platform. TinyOS is installed on the sensor nodes that compose the WSN. TinyOS is an embedded operating system distributed free of charge and with open source code to be used in wireless sensor networks. TinyOS is coded in NesC programming language. With this coding, the nodes can be imparted with new features. Designed algorithms or protocols can be installed on the nodes by using NesC programming language. TinyOS operating system is designed to support the needs of wireless sensor networks [9]. While trying to fulfill these requirements, it should not be forgotten that WSN has restricted energy sources and the primary goal of a WSN is energy efficiency. Otherwise, a protocol that fulfills all the security requirements but consumes a bit of too much energy will be just impractical for WSN. Therefore, to provide the security requirements and the security solutions, the methods they use and their variations in the literature must be very well known by the researchers developing a new security solution. In this study, security solutions in WSN are analyzed in detail. In the second chapter, WSN characteristics, security requirements, and attacks are given. In the third chapter, encryption algorithms and modes of operation are mentioned. While in the fourth chapter the current security protocols are described, analysis of the protocols is in the fifth chapter.

2. Wireless Sensor Networks

In this chapter, WSN characteristics, security requirements, and attacks are described.

2.1. Characteristics

Characteristics preventing the use of traditional security protocols in WSNs and only belonging to WSN are summarized below. Taking into account the mentioned characteristics during design and development of protocols increases the usability of them [6].

2.1.1. Large Scale

General applications of WSNs require geographical coverage of large areas [10]. Number of nodes in WSNs may exceed tens of thousands [11].

2.1.2. Limited Resources

Requirement that WSNs must be with low installation and operation cost necessitates that sensor nodes should have simple hardware. For this reason, operation and communication resources in WSNs are limited. For example, one of the generic sensor types, TelosB, has 16-bit 8 Mhz processor, 48 KB main memory, and 1024 KB flash memory. Every protocol must be designed taking into account limitations in processor capacity, memory and radio communication [10].

2.1.3. Redundancy

Because of node redundancy, each event is detected by the multiple sensor nodes on the network and therefore increases the amount of data to be transferred over it. In other words, redundancy increases the amount of data sent to the base station and decreases the life duration of the network [10]. To get rid of data redundancy data, clustering protocols are used.

2.1.4. Security

WSN applications, such as military systems and medical monitoring systems, are very sensitive in terms of security. Due to the limited resources of the sensor nodes, traditional security mechanisms cannot be used in WSNs. For this reason, the security mechanisms of WSNs should be designed considering limited resources and malicious sensors [10].

2.2. Security Requirements

The so far listed security requirements of WSN are data confidentiality, data integrity, data freshness, and data authentication and availability [12–15]. These requirements are briefly explained hereinafter.

2.2.1. Data Confidentiality

Data confidentiality in WSN impedes access of unauthorized people to obtain data which is one of the crucial requirements in sensitive WSN applications. A sensor node should not relay on the data derived from the environment to its neighbors. The data collected on the nodes can be very sensitive, particularly in military applications. Furthermore, in numerous applications, nodes have to transmit highly sensitive data (e.g., key distribution) to other sensor nodes by means of wireless transmission environment. Additionally, routing data must also be kept secret against malicious nodes because these nodes can exploit these data and reduce the performance of the network. Due to these issues, establishing a safe communication channel is vital for data transmission in WSNs. The standard approach for preserving data confidentiality is the encryption of the data with a secret key. Since they consume low energy, encryption algorithms that rely upon secret key substructure are used in WSNs.

2.2.2. Data Integrity

Data confidentiality can prevent taking hold of data by malicious nodes; however, it cannot stop data from being altered by unauthorized persons. Data integrity ensures that the message will not be altered during communication. A malignant node can cause the network to work improperly by disrupting the message. Furthermore, the messages might be disrupted during transmission without actual presence of a malicious node. Thus, it is essential to utilize message authentication codes or cyclic codes to ensure data integrity.

2.2.3. Data Authentication

Since WSNs use public wireless environment, they need authentication mechanisms to pick up messages and deceptive packets that come from malicious nodes. Authentication mechanisms aid a node in verifying the identity of a node that it is in contact with. If there is no authentication, a malicious node can behave as if it was a different node and might acquire some sensitive data and also hamper proper operation of other nodes. In case only two nodes are in contact, authentication can be achieved by symmetric key cryptography. Transmitter and receiver can compute the verification code of all the messages sent by a common hidden key.

2.2.4. Data Freshness

In WSN structures, sensors send measurement data related to environment in which they are present through specific time intervals and then what matters is the delivery of the measurement times. It is possible that an attacker can retransmit the copy of old measurement values. It is therefore important to check that the data is new. A counter can be added to the message packet or a random number can be used during encryption to maintain data freshness.

2.2.5. Availability

Availability denotes WSN's capability in sustaining its service continuity even during denial-of-service DoS attacks. One of the methods to hinder the service is DoS type of attack. This type of attack focuses on making the target system incapable of damaging any one and also using up of all the sources of that system by regular or consecutive attacks. From perspective of technical terms, there is no takeover, capture, or “hacking.” What is done is pressurizing of the victim system to use its sources and make the system inoperable to serve. It is possible that DoS attacks take place at any protocol layer of WSN and the selected victim might make the nodes inoperative. Besides the DoS attacks, excessive communication or calculation load might run out of the battery of the node faster than expected. Highly serious consequences might result from not providing availability to WSN. Let us take a military based application as an example, if some nodes do not function properly, then the enemy alliances might leak from these nonfunctional parts of WSN. Developing a detection and defense unit is essential to provide availability.

2.3. Attacks

Comparable to any wireless network, WSNs are suffering from many different attacks. In this section, we introduce the major attacks to WSNs.

2.3.1. Physical Layer

Jamming. One of the attacks interfering with the radio frequencies that a network's nodes are using is jamming [16, 17]. Typical defenses against jamming include variations of spread-spectrum communication such as frequency hopping and code spreading [17].

Tampering. Tampering is another type of physical layer attack. If a physical access is given to a node, an attacker can draw sensitive information such as cryptographic keys or other data on the node. The node may also be altered or replaced to create a compromised node controlled by the attacker. Tamper-proofing the node's physical package is one of the defenses to this attack [17].

2.3.2. Data Link Layer

Collision. A collision occurs when two nodes attempt to transmit on the same frequency simultaneously. A typical defense against collisions is the use of error-correcting codes [17].

Exhaustion. Repetitive collisions can also be made use of by an attacker to cause resource depletion. A feasible solution is to impose rate limits to the MAC admission control such that the network can disregard excessive requests, thus preventing the energy drain resulting from repeated transmissions [17].

Unfairness. Rather than blocking access to a service outright, an attacker can degrade it for gaining an advantage such as causing other nodes in a real-time MAC protocol to miss their transmission deadline. Using small frames reduces the effect of such attacks by decreasing the amount of time with which an attacker can take hold of the communication channel.

2.3.3. Network Layer

Selective Forwarding. A malicious node attempts to block the packets in the network by rejecting to forward or drop the messages passing through them. In addition, the malicious node may send the messages to the wrong path so that it can create unfaithful routing information in the network [18]. Using multiple paths to send data is one defense against selective forwarding attacks whereas the second defense is to detect the malicious node or presume that it has failed and looked for a different route [19].

Sinkhole Attack. The intent of the adversary is to attract almost all the traffic from a certain area by means of a compromised node, creating a metaphorical sinkhole with the enemy at the center. Sinkhole attacks typically work by making a compromised node appear particularly attractive to neighboring nodes in terms of routing algorithm [20]. This type of attack causes selective forwarding to be very simple because all traffic from a large area in the network will flow through the adversary's node.

Sybil Attacks. A single node duplicates itself and is presented in more than one location. The Sybil attack aims at fault tolerant schemes, for example, distributed storage, multipath routing, and topology maintenance. In a Sybil attack, a single node exhibits multiple identities to other nodes in the network. Authentication and encryption techniques can hinder an outsider from starting a Sybil attack on the sensor network [21].

Wormholes Attacks. In a wormhole attack, an attacker gets packets at one point in the network, “tunnels” them to another point in the network, and then replays them into the network from that point [22].

HELLO Flood Attacks. A large number of protocols utilizing HELLO packets naively assume that receiving such packets means that the sender is within the radio range and is therefore a neighbor. An attacker may use a high-powered transmitter to deceive a large area of nodes into believing they are neighbors of that transmitting node. Cryptography is mainly the current solution to these types of attacks [23].

2.3.4. Transport Layer

Flooding. An attacker may make new connection requests over and over until the resources required by each connection are depleted or reached a maximum limit [24]. Solution of this problem is to require each connecting client to evidence its dedication to the connection by solving a puzzle.

Desynchronization. The adversary repetitively pushes messages which convey sequence numbers to one or both of the endpoints. Requiring authentication of all packets communicated between hosts is one of the possible solutions to this type of attack [24].

3. Encryption Algorithms and Operation Modes

In this chapter, encryption algorithms to ensure the data confidentiality in WSNs and modes of operation are described.

3.1. Encryption Algorithms

Secure encryption is divided into two types as symmetric cryptography and asymmetric cryptography. While in asymmetric cryptography encryption and decryption processes are done by different keys, in symmetric cryptography, encryption and decryption are done by the same key. Although public key encryption is more robust and provides better security than secret-key encryption, it is not used in WSNs directly because of its slow performance and requirement of more memory. Symmetric cryptography algorithms are discussed mainly in two classes as block and bit stream encryption algorithms. Block encryption algorithms take fixed-length blocks of data to be encrypted into the encryption function and generate encrypted data blocks with the same length. As an example for these algorithms, AES, DES, Skipjack, RC5, and so forth can be given. However, bit-stream encryption algorithms take data as a streaming series of bits. In these Vernam-type algorithms, the random bit stream generation must not be in a self-repeating structure. Example algorithms are RC2, RC4, and so forth.

There are a number of widely used symmetric algorithms, which are listed and briefly described and analyzed as follows. Also, Comparison of encryption algorithms is given in Table 1.

Table 1

Comparison of encryption algorithms.

Algorithm name	Key size (bit)	Block size (bit)	Round
DES	56	64	16
3DES	168, 112, 56	64	48
DES-X	184	64	16
Blowfish	32–448, 8–128	64	16
Twofish	128, 192, 256	128	16
TEA, XTEA	128	64	64
XXTEA	128	64	It depends on the block size
AES	128, 192, 256	128	It depends on the key size
Skipjack	80	64	32
HIGHT	128	64	32

3.1.1. Data Encryption Standard (DES)/3DES/DES-X

DES is a block cipher, one form of symmetric cryptography algorithms, which was devised by IBM and selected by the National Bureau of Standards (NBS) in the early 70s. Almost for over 25 years, it has been the standard encryption algorithm for civilian applications. It has been considered completely to be insecure because it has a short key length. Triple DES (3DES) is deemed to be temporarily secure enough and still has a wide usage. DES-X is another variant on the DES block cipher which is intended to enhance the complexity of a brute force attack utilizing a technique that is referred to as key whitening. Another reason for DES-X is that the speed of 3DES is unallowable in many cases. Thus, there is a need for an efficient way to fortify the DES [25].

3.1.2. Blowfish/Twofish

Blowfish was designed by Schneier in 1994 [26]. Since there is no effective cryptanalysis found, Blowfish is still considered to be secure. In addition, it provides a proper encryption performance in software implementation. However, Bruce Schneier himself recommended using a more advanced version, Twofish instead. Twofish is another block cipher published in 1998 by Counterpane Labs. One of the five advanced encryption standard (AES) finalists was Twofish. However, it was not chosen by NIST as AES because the winner of AES (Rijndael) was considered to have better performance than other finalists in both hardware and software in average. Twofish allows a wide range of tradeoffs between the size and speed. It is also designed to be efficient on a wide range of platforms. Even though it was not selected as AES, it may still be a suitable choice in our case due to the different platform.

3.1.3. Tiny Encryption Algorithm (TEA)/XTEA/XXTEA

The TEA is a block cipher presented in 1994 [27]. Minimizing the memory footprint and maximizing the speed is the aim of TEA. It is a Feistel type cipher that utilizes operations from mixed (orthogonal) algebraic groups. There are two variants of TEA—extended TEA (XTEA) and corrected block TEA (XXTEA), which were designed to correct weaknesses in the original TEA.

3.1.4. Rijndael Algorithm (AES)

The winner of AES selected by NIST in 2000 was Rijndael. Substitution permutation network is a design principle that Rijndael is based on. It is fast in both software and hardware. Different from its predecessor DES, Rijndael does not use a Feistel network.

3.1.5. Skipjack Algorithm

Skipjack was developed by the U.S National Security Agency (NSA). It is one of the simplest and fastest block cipher algorithms, which is critical to embedded systems. Skipjack or a variant of Skipjack is now used in TinySec, SenSec, and MiniSec in wireless sensor networks [28–30].

3.1.6. Scalable Encryption Algorithm (SEA)

Designed for processors with a limited instruction set, the scalable encryption algorithm was proposed by Standaert et al. The proposed design is parametric in the text, key, and processor size and provably secure against linear/differential cryptanalysis, allowing efficient combination of encryption/decryption and “on-the-fly” key derivation. Target applications for such routines include any context requiring low-cost encryption and/or authentication [31].

3.1.7. HIGHT Algorithm

HIGHT is another block cipher proposed by Hong, allowing low-resource hardware implementation, which is suitable for ubiquitous computing devices, for example, a sensor in wireless sensor network (WSN) or a RFID tag. HIGHT does not only perform simple operations to be ultralight but also contains sufficient security as a good encryption algorithm [32].

3.2. Operation Modes

Together with the selection of the correct encryption algorithm to ensure data confidentiality, the selection of operation mode is also important. Operating modes in cryptography are methods allowing safe repetitive usage of a block password under a single key. Data must be divided into separate parts in order to process variable length messages. The last part should be extended with a completion scheme accordingly to fit the block length of the password. An operation mode defines the way of encryption of every one of these blocks and, for this purpose, usually it uses a randomly generated extra value named initialization vector (IV).

Six commonly used modes of operation are defined by NIST, which are listed in Table 2 [33, 34].

Table 2

Description of operation modes.

Mode	Description	Typical application
Electronic codebook (ECB)	By using the same key, each block of 64 plaintext bits is encoded independently.	Secure transmission of single values

Cipher block chaining (CBC)	The input to the encryption algorithm is the XOR of the next 64 bits of plaintext and the preceding 64 bits of ciphertext.	General-purpose block-oriented transmission Authentication

Cipher feedback (CFB)	Input is processed j bits at a time. Preceding ciphertext is used as input to the encryption algorithm to generate pseudorandom output, which is XORed with plaintext to create next unit of ciphertext.	General-purpose stream-oriented transmission Authentication

Outback feedback (OFB)	Like CFB, except that the input to the encryption algorithm is the preceding DES output.	Stream-oriented transmission over noisy channel

Counter (CTR)	Each block of plaintext is XORed with an encrypted counter. The counter is increased for each subsequent block.	General-purpose block-oriented transmission Useful for high-speed requirements

Output codebook block (OCB)	Each block of plaintext is XORed with a NONCE and L values. Tag value is produced for privacy.	Authentication Privacy

Operation modes are created specifically to be used in encryption and identity authentication. Historically, operating modes are studied extensively under a variety of data exchange scenarios in terms of error propagation. Integrity protection emerged for an entirely different cryptographic purpose other than encryption. Some modern operation modes like OCB integrated encryption and identity authentication efficiently.

4. Security Protocols

In this chapter, TinySec, MiniSec, IEEE 802.15.4, SPINS, Lsec, LLSP, LISA, and LISP are described.

4.1. TinySec

TinySec [29] developed by the University of Berkeley is a link layer security architecture that has been included in the TinyOS version. Its design is based on ease of use and minimal load brought on sensor network. TinySec supports two different security options: encryption with identity authentication and only authentication. In identity authentication encryption, data is encrypted and an identity authentication code (MAC) is added to the package. However, in only authentication method, data is not encrypted but only authentication of the package is realized with a MAC. As it is understood from this, in TinySec, the identity authentication is a must for each package but encrypting the data is an option that can be decided according to the application. In encryption of messages, Skipjack block encryption, 8-bit initialization vector (IV), and code block chaining (CBC) are used. There is no restriction on keying method; in practice, a single key pair (one for the encryption of data and the other for the calculation of MACs) is selected for the whole network according to the desired level of security. TinySec at the tightest security level where identity authentication encryption is used brings 10% extra load on energy, delay, and band width. However, in cases where only authentication is used, this ratio drops to 3%.

4.2. SPINS

SPINS [35], developed by Berkeley University, consists of μTESLA protocol used in identity authentication broadcasting, SNEP protocol providing confidentiality, identity authentication between two nodes and data freshness, and a routing protocol based on these. SNEP offers the below possibilities: (i)

semantic security: semantic security, meaning an attacker listening to the network cannot obtain any information about the plain text even if more than one encrypted copy of the same plain text is received, is realized by a counter shared between the receiver and the sender and incremented in each message exchange;

(ii)

identity authentication: the receiving node verifies the identity of the sender with the MAC used;

(iii)

recursion protection: the counter in MAC prevents old messages to be sent again;

(iv)

weak freshness: the counter used between the receiver and sender for semantic security ensures the message received is sent after the previous one;

(v)

low communication overhead: keeping the counter on receiver and sender, not placing it in the message, reduces communication overhead.

In conventional approaches, identity authentication is done by asymmetrical methods. However, hardware restrictions of sensors are highly insufficient for the quite expensive asymmetrical methods. μTESLA gives the logic of asymmetry to identity authentication with symmetric methods. The sender creates a MAC for the message packages to be broadcasted by using a key known by only itself and by using a one-way function. It broadcasts the key of the message a certain time after the message is sent. Thus, the possibility of changing the contents of the package is removed. At the receiver end, the package kept in a buffer memory is authenticated by using this key. RC5 is used in encryption. For all this identity authentication process, μTESLA needs synchronization between the receiver and the sender even if it is loose.

4.3. LISP

LISP aims security solutions in large-scale wireless networks consisting of a large number of nodes with limited resources. To scale networks consisting of a large number of nodes Park and Shin divide them into clusters, select a head for each cluster, and create a key server. LISP [36] (lightweight security protocol) has a new switching mechanism. It uses switching mechanism by using head cluster and key servers. Below are the advantages of this method: (i)

it uses an effective key broadcast which do not need ACKs to be sent;

(ii)

it uses check bits created without adding them to the data message;

(iii)

it might recover the lost keys;

(iv)

it refreshes key without data encryption or decryption.

The benefits of LISP in protecting critical information against attacks can be summarized as follows. (i)

Data integrity prevents tampering of data that is sent.

(ii)

Access control is achieved by controlling the inputs to the network.

(iii)

Key refreshing provides protection against nodes that may jeopardize the network.

LISP protocol may combine together with security the other services (routing, data distribution, and location). LISP is a flexible and energy-sensitive protocol. In addition, because it does not need ACK and other control packages, it is quite strong against DoS [37] attacks.

4.4. IEEE 802.15.4

IEEE 802.15.4 [38, 39] defines medium access and physical layers for wireless private area networks (WPANs). Although this protocol was not developed for WSN, it is used in WSNs because of its low power consumption, low cost, and flexibility. Currently, this protocol works on Micaz, TelosB nodes produced by the company CrossBow. ZigBee strong encryption AES-128 is used. Zigbee provides freshness. Controlling freshness prevents repeated attacks. Counter is reset when a new key is created. Zigbee provides integrity and prevents an attacker from changing the message. Integrity options are 0, 32, 64, and 128 bit, by default 64 bit. Zigbee provides authentication. Authentication tests whether the right person is reached or not and prevents the attacker showing the device like another one. Authentication is possible at the network and device levels. Authentication at the network level is achieved by using a public network key. Authentication at device level is achieved by using the unique link key between devices. Zigbee provides encryption and prevents an attacker from intercepting and listening. Zigbee uses 128-bit AES encryption. Encryption security is provided at the network and at the device level A public key used at the network level encryption. It prevents attacks because of very low memory usage. Device level encryption uses a common link key. Zigbee uses three types of keys. Master key provides long term security between two devices. Link key provides security between two devices. Network key provides security on the network.

4.5. LSec

LSec [40] provides authentication and authorization with simple key exchange scheme. Furthermore, it has protection mechanisms against data confidentiality, breaches, and illegal events. There is variety of security attacks on sensor networks. As examples of DoS, eavesdropping, replay attacks, tempering the message, and malicious nodes can be mentioned. To defend against these types of attacks, LSec uses data confidentiality, identity authentication, data integrity, defense against intruders, and some security mechanisms. These problems can be solved partially when the communication among the nodes is encrypted but a complete solution requires a strong key exchange and distribution scheme. LSEc provides identity authentication and authorization, simple secure key exchange, defense mechanism against breaches, data privacy, and usage of asymmetrical and symmetrical encryption together. LSec protocol is simulated on sensor network simulator and emulator (SENSE). There is no application of it.

4.6. LISA

LISA [41] includes security solutions listed below: (i)

semantic security: the same data is encrypted in different ways by increasing the value of the counter after each data;

(ii)

identity authentication: it ensures that the data is from the right node;

(iii)

protection against replay attacks: it prevents old messages from being repeated;

(iv)

weak freshness: base station verifies that the message generated is after the previous one.

4.7. MiniSec

MiniSec [42] is implemented on Telos platform. While TinySec provides low security at low power consumption, ZigBee [43] provides high security at high power consumption. According to the authors, MiniSec provides high security at low power consumption. Three techniques are used to achieve this. First, block encryption method is used to provide privacy and authentication. But there is only one pass over the data. Second, initialization vector (or IV) used as a very few bits. Third, basic gaps are used during unicast and broadcast communication. In the unicast mode, the power consumption of radio is reduced by making extra computations and using synchronized counters. In the broadcast mode, bloom filter mechanism is used. SkipJack is used as the encryption algorithm and OCB as the encryption mode. It is defenseless against DoS attacks.

4.8. LLSP

LLSP [44] provides minimum cost identity authentication, data integrity, and semantic security by using only symmetric security algorithms. The key mechanism determines key management issues in WSNs. It includes the questions of how the cryptograph keys are distributed, shared, and updated. An appropriate keying mechanism depends on the factors such as the target hazard model, the network communication in practice, security requirements, and ease of use. Keying mechanism is not discussed in the paper.

5. Recommendation and Discussion

General evaluation is seen in Table 3. Within the solutions in the literature TinySec, MiniSec, SPINS, Lsec, LLSP, LISA, LISP, only TinySec, and MiniSec have been implemented on sensor nodes. Despite the fact that it has been developed for wireless private networks, IEEE 802.15.4 has been used in WSN due to its low energy consumption, low cost, and flexibility. Other security protocols have not been implemented on sensor nodes. In order to guarantee data confidentiality, TinySec and MiniSec have used the Skipjack algorithm of 80-bit size. Yet, past research has shown that, for data confidentiality, the key size should be at least 128 bits. TinySec cannot prevent message retransmission attacks while MiniSec cannot guarantee data integrity. Also, this protocol cannot provide availability criteria. The nonfulfillment of availability criteria means that the specified procedure will be unguarded against DoS attacks. Although Lisp protocol provides to availability criteria, it is not implemented on sensor nodes.

Table 3

Security requirements/protocols.

Security requirements/protocols	TinySec	SPINS	MiniSEC	LSec	LLSP	LISA	IEEE 802.15.4	LISP
Data confidentiality	+	+	+	+	+	+	+	+
Data integrity	+	+	−	−	+	+	+	+
Data authentication	+	+	+	+	+	+	+	+
Data freshness	−	+	+	−	+	+	+	−
Data availability	−	−	−	−	−	−	−	+
Implementation	TinyOS (Mica2)	−	TinyOS (TelosB)	−	−	−	TinyOS (MicaZ, TelosB)	−

6. Conclusion

When developing a security approach, the capacities of resources (memory, processor, and power supply) of wireless sensor nodes should be taken into consideration. It is an expected result that additional encryption mechanisms to increase security in WSN applications increase the node power consumption amounts and the average end-to-end delay times. Here it is important to determine the requirements of the application very well. In a simple large-scale or industrial WSN application, security is not so important, whereas power consumption is very significant. On the other hand, security is very crucial in military and health care applications while power consumption can be relatively ignored. For this reason, it is important to select an encryption algorithm and an encryption mode appropriate for the security solutions developed to be used in military and health care applications. According to experimental results, the encryption algorithms using 64-bit keys for data privacy can be broken in 3.5 months with super computers which can try 10¹² passwords in a second. This time value is 5.4 × 10¹⁸ years for the ones using 128-bit encryption algorithms [45]. Here, although it may seem reasonable to use 128-bit encryption algorithm, it may not be correct to use it because the memory required for this algorithm or the password encryption/decryption time will be more. Nevertheless, the operation mode (CBC, OBC, etc.) required for the encryption algorithm to be used is also important. It means that even to provide only data privacy, it should be considered which algorithm and which operating mode to be used in detail. The security solution developed should be modular. It means that if the new encryption algorithms and modes appearing in the literature are better in terms of security, power consumption, memory usage, and delay issues, they must be able to be integrated into the developed security solution directly. It is needed to develop a security solution which conforms with every aspect of the security requirements (data privacy, data integrity, data freshness, identity authentication, and availability) of WSN, but by taking into account the idea of high security and low power consumption for each requirement. Also, it is a drawback for researches that most of the recommended security solutions remained in the simulation environment, and they are not tried on sensor platforms. For this reason, it is necessary that, for the recommended protocols to be used directly in applications requiring security, they should not only remain in the simulation environments but also applied on sensor nodes. When developing a security solution, the most appropriate one must be selected by taking into consideration the WSN characteristics, the security requirements, the attacks, and the current encryption algorithms and modes. However, the strategies applying the security protocols in the literature may also help the researchers. It is expected that this study help guiding the people working on the security issues in WSNs.

Footnotes

Conflict of Interests

The author declares that there is no conflict of interests regarding the publication of this paper.

References

Akyildiz

I. F.

Sankarasubramaniam

Cayirci

A survey on sensor networks

IEEE Communications Magazine 2002 40 8 102 105

10.1109/MCOM.2002.1024422

2-s2.0-0036688074

Özdemir

Secure data aggregation in wireless sensor networks via homomorphic encryption

Journal of the Faculty of Engineering and Architecture of Gazi University 2008 23 2 365 373

2-s2.0-47649087093

Chong

C.-Y.

Kumar

S. P.

Sensor networks: evolution, opportunities, and challenges

Proceedings of the IEEE 2003 91 8 1247 1256

10.1109/JPROC.2003.814918

2-s2.0-2942686425

Çakiroǧlu

Özcerit

A. T.

Denial of service attack resistant MAC protocol design for wireless sensor networks

Journal of the Faculty of Engineering and Architecture of Gazi University 2007 22 4 697 707

2-s2.0-38549122458

Kavitha

Sridharan

Security vulnerabilities in wireless sensor networks: a survey

Journal of Information Assurance and Security 2010 5 31 44

Chan

Perrig

Security and privacy in sensor networks

Computer 2003 36 10 103 105

10.1109/MC.2003.1236475

2-s2.0-0142103313

Çam

Özdemir

Nair

Muthuavinashiappan

Ozgur Sanli

Energy-efficient secure pattern based data aggregation for wireless sensor networks

Computer Communications 2006 29 4 446 455

10.1016/j.comcom.2004.12.029

2-s2.0-32644435647

Bandirmali

Erturk

WSNSec: a scalable data link layer security protocol for WSNs

Ad Hoc Networks 2012 10 1 37 45

10.1016/j.adhoc.2011.04.013

2-s2.0-79961022677

Erboral

Kablosuz Duyarga Ağlarında Veri Birleştirilmesi Ve Değerlendirilmesi 2008

Yüksek Lisans Tezi, İstanbul Teknik Üniversitesi Fen Bilimleri Enstitüsü

10.

Meghdadi

Özdemir

Güler

İ.

Security in wireless sensor networks: problems and solutions

International Journal of Information Technologies 2008 1 35 40

11.

Carman

D. W.

Krus

P. S.

Matt

B. J.

Constraints and approaches for distributed sensor network security

2000 00-010

Glenwood, Md, USA

NAI Labs, Network Associates, Inc.

12.

Sarma

H. K. D.

Kar

Security threats in wireless sensor networks

Proceedings of the 40th Annual IEEE International Carnahan Conference on Security Technology (ICCST ′06)

October 2006

IEEE

243 251

10.1109/CCST.2006.313457

2-s2.0-46149091509

13.

Raymond

D. R.

Midkiff

S. F.

Denial-of-service in wireless sensor networks: attacks and defenses

IEEE Pervasive Computing 2008 7 1 74 81

10.1109/MPRV.2008.6

2-s2.0-38349154579

14.

Bandirmali

Ertürk

Increasing the reliability of security protocols for WSNs

Proceedings of the International Conference on Application of Information and Communication Technologies (AICT ′09)

October 2009

Baku, Azerbaijan

10.1109/ICAICT.2009.5372620

2-s2.0-77749340613

15.

Ozdemir

Wireless sensor network security: a comprehensive overview

Journal of Politecnic 2008 217 244

16.

Shi

Perrig

Designing secure sensor networks

IEEE Wireless Communications 2004 11 6 38 43

10.1109/MWC.2004.1368895

2-s2.0-11144340927

17.

Sen

Security in wireless sensor networks

Wireless Sensor Networks: Current Status and Future Trends 2012

18.

Venkatraman

Vijay Daniel

Murugaboopathi

Various attacks in wireless sensor network: survey

International Journal of Soft Computing and Engineering 2013 3 1

19.

Karlof

Wagner

Secure routing in wireless SensorNetworks: attacks and countermeasures

Proceedings of the 1st IEEE International Workshop on Sensor Network Protocols and Applications

May 2003

113 127

20.

Soni

Modi

Chaudhri

Detecting Sinkhole attack in wireless sensor network

International Journal of Application or Innovation in Engineering & Management 2013 2 2

21.

Padmavathi

Shanmugapriya

A survey of attacks, security mechanisms and challenges in wireless sensor networks

International Journal of Computer Science and Information Security 2009 4 1-2

22.

Rao

T. K.

Sharma

Saradhi

M. V.

Wormhole attacks in Ad-Hoc networks

International Journal of Latest Trend in Computing 2013 4 2

23.

Wang

Attebury

Ramamurthy

A survey of security issues in wireless sensor networks

IEEE Communications Surveys and Tutorials 2006 8 2 2 22

10.1109/COMST.2006.315852

2-s2.0-56949088196

24.

Chaudhari

H. C.

Kadam

L. U.

Wireless sensor networks: security, attacks and challenges

International Journal of Networking 2011 1 1 4 16

25.

Poschmann

Leander

Schramm

Paar

New light-weight DES variants suited for RFID applications

Proceedings of 14th Annual Fast Software Encryption Workshop (FSE ′07)

March 2007

Luxembourg, Germany

26.

Schneier

Description of a new variable-length key, 64-bit block cipher (Blowfish)

Fast Software Encryption 1994 809

Berlin, Germany

Springer

191 204 Lecture Notes in Computer Science

10.1007/3-540-58108-1_24

27.

Wheeler

D. J.

Needham

R. M.

TEA (tiny encryption algorithm)

Proceedings of Fast Software Encryption: Second International Workshop. Leuven, Belgium, 14-16 December 1994 1994 1008 363 366 Lecture Notes in Computer Science

28.

Wang

Bao

SenSec Design Technical Report-TR v1.1 2005

InfoComm Security Department, Institute for Infocomm Research

29.

Karlof

Sastry

Wagner

TinySec: a link layer security architecture for wireless sensor networks

Proceedings of the 2nd International Conference on Embedded Networked Sensor Systems (SenSys ′04)

November 2004

Baltimore, Md, USA

162 175

2-s2.0-26444574670

30.

Luk

Mezzour

Perrig

Gligor

MiniSec: a secure sensor network communication architecture

Proceedings of the 6th International Symposium on Information Processing in Sensor Networks (IPSN ′07)

April 2007

ACM

479 488

10.1145/1236360.1236421

2-s2.0-35348897342

31.

Standaert

F. X.

Piret

Gershenfeld

Quisquater

J. J.

SEA: a scalable encryption algorithm for small embedded applications

Workshop on RFIP and Light weight Crypto

2005

Graz, Austria

32.

Hong

HIGHT: a new block cipher suitable for low-resource device

Cryptographic Hardware and Embedded Systems—CHES 2006: 8th International Workshop, Yokohama, Japan, October 10–13 2006 4249

Berlin, Germany

Springer

46 59 Lecture Notes in Computer Science

10.1007/11894063_4

33.

Stallings

Cryptography and Network Security 2005 4th

Prentice Hall

34.

Kodaz

Cryptography for security on data communication [M.S. thesis] 2002

Selçuk University, Institue of Science and Technology

35.

Perrig

Szewczyk

Tygar

J. D.

Wen

Culler

D. E.

SPINS: security protocols for sensor networks

Wireless Networks 2002 8 5 521 534

10.1023/A:1016598314198

2-s2.0-0036738266

36.

Park

Shin

K. G.

LiSP: a lightweight security protocol for wireless sensor networks

ACM Transactions on Embedded Computing Systems 2004 3 3 634 660

37.

Wood

A. D.

Stankovic

J. A.

Denial of service in sensor networks

Computer 2002 35 10 54 62

10.1109/MC.2002.1039518

2-s2.0-0036793924

38.

IEEE-TG15.4 PART 15.4: Wireless Medium Access Control (MAC) and Physical Layer (PHY) Specifications for Low-Rate Wireless Personal Area Networks (LR-WPANs) 2003

IEEE Standard for Information Technology

39.

Koubaa

Alves

Tovar

IEEE 802.15.4: a federating communication protocol for time-sensitive wireless sensor networks

Sensor Networks and Configurations: Fundamentals, Tecniques, Platforms and Experiments 2007

Berlin, Germany

Springer

19 49

40.

Shaikh

R. A.

Lee

Khan

M. A.

Song

Y. C.

LSec: lightweight security protocol for distributed wireless sensor network

Personal Wireless Communications 2006 4217 367 377 Lecture Notes in Computer Science

10.1007/11872153_32

41.

Tripathy

LISA: lightweight security algorithm for wireless sensor networks

Proceeding of Distributed Computing and Internet Technology, 4th International Conference, ICDCIT 2007, Bangalore, India, December 17-20 2007 4882 129 134 Lecture Notes in Computer Science

10.1007/978-3-540-77115-9_13

42.

Luk

Mezzour

Perrig

Gligor

MiniSec: a secure sensor network communication architecture

Proceedings of the 6th International Conference on Information Processing in Sensor Networks (IPSN ′07)

April 2007

479 488

10.1145/1236360.1236421

2-s2.0-35348897342

43.

ZigBee Alliance

Zigbee specification

Technical Report Document 2005 053474r06

Version 1.0, ZigBee Alliance

44.

Lighfoot

L. E.

Ren

An energy efficient link-layer security protocol for wireless sensor networks

Proceedings of the IEEE International Conference on Electro/Information Technology (EIT ′07)

May 2007

Chicago, Ill, USA

233 238

10.1109/EIT.2007.4374458

2-s2.0-47649113722

45.

Kodaz

Cryptography for security on data communication [M.S. thesis] 2002

Selçuk University Institue of Science and Technology