Embed Size (px)
Citation preview
1
Review of main security threats in Smart Home networks
Seminar I
Robert Eržen
Supervisor: Doc. Dr. Roman Novak
Approved by the supervisor: _____________________ (signature)
Study programme:
Information Communication Technology Doctoral degree
Ljubljana, 2012
2
Contents
1. Introduction ................................................................................ 4
2. Smart Home M2M security attacks ...................................................... 5
2.1 Eavesdropping attacks ............................................................... 6
2.2 Node compromise attacks .......................................................... 6
2.3 Node replication attacks ............................................................ 6
2.4 Selective forwarding attacks ....................................................... 7
2.5 Sybil attacks .......................................................................... 8
2.6 Rushing attacks ...................................................................... 10
2.7 Sinkhole attacks ..................................................................... 11
2.8 Wormhole attacks ................................................................... 12
3. Impact analysis of the attacks on SH environments ................................. 13
4. Countermeasures analysis and future work .......................................... 13
4.1 Selective forwarding attacks ...................................................... 13
4.2 Wormhole attacks ................................................................... 14
5. Conclusion ................................................................................. 14
3
Abstract In the future, Smart Homes will extensively rely on Machine-to-Machine
communication networks. These networks will have to provide efficient security
mechanisms against security attacks. The aim of this seminar work is to present the
main security attacks in Smart Home Machine-to-Machine networks. Eight attacks
are presented together with some countermeasures. Most severe threats for Smart
Home environments are identified. Countermeasures for two security attacks,
Selective forwarding and Wormhole attack are analyzed and possible improvements
identified.
Keywords: M2M, Smart Home, Security, Selective forwarding, Wormhole, Attacks
4
1. Introduction Smart Home (SH) environments will evolve from the current Machine-to-Human to the Machine-to-Machine (M2M) communication orientation in the future [1]. The latter is best characterized as communication with little or no human intervention. Beside this it is usually low power and low cost communication. M2M network is typically composed of a number of networked devices and a SH gateway as depicted on Figure 1 [1]. Devices includes sensors, actuators, household appliances, entertainment devices like TVs, surround sound systems, Set-top boxes, MP3 or MP4 players, smart phones, personal computers, laptops, air condition, surveillance devices and other.
Figure 1: Home M2M Network architecture Heterogeneous devices are interconnected with the several different subnetworks. The SH Gateway is responsible to interconnect all subnetworks and to provide connection to Internet via DSL, Ethernet, cable, optic fiber or even cellular connection [2]. Security is an important issue in SH environments, since all subnetworks of M2M network are connected to the Internet. Furthermore, most of the communication is done through the open wireless medium. This makes it very vulnerable to various kinds of attacks. Next, topology of the network is dynamic – not highly dynamic, but dynamic to some degree. Additionally, distributed and cooperative sharing of channels and other resources is used in M2M networks. And lastly, M2M network nodes are usually very energy and computation constrained. SH M2M networks are
5
therefore constrained in resources and highly exposed to various security risks. This seminar will be focused on wireless mesh and ad–hoc M2M networks in SH. These include most of SH M2M subnetworks. Specifically, I will focus on security attacks in these networks and present some recently proposed countermeasures. The rest of this seminar is organized as follows. In section 2 the main security attacks are presented with recently proposed countermeasures. Section 3 analyzes the impact of the attacks on SH environments. Countermeasures analysis for two attacks and possible improvements are presented in section 4. Section 5 concludes the seminar.
2. Smart Home M2M security attacks This section will first present general characteristics of security attacks. In the following subsections the main eight security attacks will be described and recently published countermeasures presented. Different security attacks are classified in [3] and [4] as shown on Table 1. In an external attack, the attacking node does not belong to a community of authorized nodes in a network. It does not have key materials for communication inside the network. By compromising the node the attacker can perform internal attacks. In an internal attack the attacker possesses a node with key materials. Internal attacks cause more serious damage to M2M networks than external attacks. Internal attacks are harder to detect and prevent in comparison to external attacks. In passive attacks the adversary monitors the traffic between two or more communicating nodes to collect and discover valuable information. This is an easy task, since wireless communication is open radio transmission. This kind of attack does not disrupt a M2M communication. In contrast, an active attack attempts to deliberately modify communication in M2M network. Security holes in the network are exploited to launch various attacks like packet modification, injection, or replaying. Passive attacks are very difficult to detect and prevent, but they cause less damage. Active attacks are, on the other hand, easier to detect, but damage is far bigger. Passive attacks usually lead to active attacks. Attacks External Internal Detection Impact/
Damage
Active Node
compromise, Wormhole
Node replication, Selective forwarding,
Sybil, Rushing, Sinkhole, Black hole,
Wormhole
Medium Higher
Passive Eavesdropping, Traffic analysis,
Wormhole
Eavesdropping, Traffic analysis,
Wormhole
Harder Lower
Detection Medium Harder
Impact/ Damage
Lower Higher
Table 1: Attacks classification All of the attacks described in the following subsections have many variants and many of them enables other attacks or can coexist in M2M networks.
6
2.1 Eavesdropping attacks Wireless communication broadcasts all data to be communicated into surrounding aerial space. Anyone with a good receiver can eavesdrop and intercept transmitted messages. The attacker could extract information like location of node, message IDs, node IDs, timestamps, application specific information and others [5]. Defense: Eavesdropping attack is very difficult to detect, due to of passive nature of this attack. But we have several countermeasures to be used against it. Strong encryption and authentication can protect M2M network against eavesdropping efficiently [6]. Another technique is to use directional antennas for communication [7]. Traditionally, omni-directional antennas are used in wireless M2M networks, which transmit or receive radio signal in all directions equally. In contrast, directional antennas propagate signal in only one direction. This way they provide better protection against eavesdropping. Network deployment also affects resilience to eavesdropping attack. If we have sparsely deployed network, transmission ranges of the nodes will be long. They will cover bigger area and possibility of eavesdropping from outside will be higher [8]. On the other hand, if we have a dense network, transmission ranges of nodes will be short. Therefore eavesdropping node will have smaller area of possible activity. And possibility of outside attack will be lower.
2.2 Node compromise attacks In this attack the adversary gain physical control over one or more nodes of the network. Even if nodes are constructed as tamper-resistant, a possibility that key materials will be extruded successfully cannot be neglected. When node’s keying material is extracted, attacker has everything needed to enter the network and perform internal attacks. Compromised nodes can be used to monitor and analyze network traffic with aim to prepare more destructive attacks. Defense: Location based key pre-distribution schemes [9] are used to minimize compromised node attack effect on the network. Key materials are distributed among nodes before deployment. In SH environments we know beforehand, which nodes will be located closely together. Therefore we deploy highly correlated key materials to nodes that are close to each other. Nodes that are far away from each other, in contrast have very different key materials. As a result we get a network, which is highly resilient to a node compromise attacks. Compromised nodes can only affect their close neighborhood.
2.3 Node replication attacks Replication or cloning of the successfully compromised node is a logical next step of the attacker. To accomplish this task, the attacker makes copies of key materials from compromised node to a multiple newly introduced nodes [10]. Cloning allows the attacker to maximize impact of the attack on the network. Successful node replication attack can affect data aggregation mechanisms, misbehavior detection, and voting protocols by injecting false data or suppressing legitimate one. The impact of this attack is similar as the impact of Sybil attack, described in subsection 2.5. Defense: Methods to detect a Node replication attack are based on registering each node’s location in the network [6]. Locations could be stored in a central location or using a distributed storage in many locations. First approach has an obvious deficiency of a single point of failure. A high communication cost is also a
7
problem of this approach. In the second approach each node is expected to know its own location, and send it to a set of witness nodes. If a witness node discovers a collision in this node and some other nodes location claims, suspicion is raised. A node claiming later is suspected to be a clone. The problem of this solution lies in its deterministic nature. The attacker can learn the witness selection process and eliminate all the witnesses of the replica node and protect it. Zeng et al. [10] proposed a non-deterministic and fully distributed protocol RAWL for witness nodes selection. RAWL makes several fully random walks in the network for each node N, and then selects the passed nodes as the witness nodes of node N. Zeng also defines a limited number of walk steps, which are sufficient to detect clone attacks with high probability. This protocol reduces communication and memory overhead regarding to previously proposed clone attack countermeasures. A similar protocol called RED was proposed by Conti et al. in [11]. RED protocol chooses a pseudo-random set of witness nodes to save a node’s location. These witness nodes could be anywhere in the network, not only in close neighborhood. And this set of witness nodes change at every protocol iteration in unpredictable way.
2.4 Selective forwarding attacks A basic responsibility of every node in mesh network like M2M network is to forward packets of neighboring nodes. In this attack the malicious node forwards only some of the received packets while discards the rest of them. It is considered as a variant of Denial of Service (DoS) attack and is also known as Gray Hole attack. If malicious node would drop all of the packets, this would be a Black hole attack. Defense: This kind of attack is hard to detect as legitimate nodes may, from time to time, also drop packets due to congestion or collision in the network. Xiao et al. [12] proposed CHEckpoint-based Multi-hop Acknowledgement security Scheme (CHEMAS) to detect Selective forwarding nodes. Acknowledge mechanism is traditionally used in networks to detect loss of packets. ACK packet is sent from receiving node to sending node on hop-by-hop basis. Proposed scheme randomly selects some nodes along the forwarding path as checkpoint nodes. These are responsible to generate acknowledgements for each packet they have received and send it back to first and second preceding checkpoint. If compromised node u6 on Figure 2 drops a packet, nodes u5 and u4 will not receive ACK from checkpoint u9. Because they received ACK from u6 they both know that one of the nodes from u6 to u8 is compromised. Therefore node u5 will suspect node u6 for dropping packets, generate an alert packet and send it to the source node. When enough evidence is collected against node u6, an alert packet will be broadcasted to finally exclude node u6 from the network.
Figure 2: Multi-hop acknowledgment scheme Another technique - Randomized dispersive routes [13] was also proposed to reduce the impact of Selective forwarding attacks. Packets sent from source node are first broken into x shares according to a (T,x)-threshold secret sharing
8
algorithm. Next, each of x shares is transmitted to one of randomly selected neighbors of the source node as presented in Figure 3.
Figure 3: The effect of route dispersing
That node will further relay the received packet share to next randomly selected node. The source node sets a TTL value included in each of x shares of a packet. In every random hop TTL value is reduced by 1. When TTL value reaches 0, second phase is finished and last one begins. In this part last nodes in random route perform min-hop routing to deliver packet shares to the destination (sink) node. When the sink collects at least T shares, it can reconstruct the original packet. This protocol mitigates Selective forwarding attack impact by sending packets shares through different routes and by enlarging the Random propagation radium as shown in Figure 4.
Figure 4: Enlarged propagation radium
2.5 Sybil attacks In this attack we have a malicious node which illegitimately acquires multiple identities and consequently presents itself as a group of nodes. This node is called a Sybil node. All the other nodes in the network are deceived about its real identity and real number of physical devices. False identities can be fabricated or stolen from other legitimate nodes. In latter case the attacker has to destroy or otherwise disable the attacked legitimate nodes. Sybil attack can severely impact many mechanisms and protocols in M2M network. These are distributed storage, routing protocols, data aggregation, voting, fair resource sharing, and misbehavior detection. In distributed storage, the data is kept in several nodes with help of replication and fragmentation mechanisms. The attacker’s aim is to collect as much data as possible in a single Sybil node. In routing protocols, the Sybil node with multiple identities tries to deceive the neighbor nodes to route as much traffic as possible through a Sybil node. This could easily lead to other attacks like Selective
9
forwarding or Sinkhole attack. Sybil node can corrupt data aggregation with virtual data sent from multiple virtual nodes. If Sybil node participates in a voting process, it has more votes than one. Therefore it can influence the voting result to suite the attacker’s needs. Fair resource sharing mechanism can be compromised in a similar way if Sybil node with multiple identities claims for a shared resource. The Sybil attack can result in Denial of Service situation in applications which relies on resource sharing. If the network has mechanisms to detect misbehavior of malicious nodes, Sybil node can decrease efficiency of these mechanisms. Due to its multiple identities, Sybil node can “spread the blame” or make some behavior usual in the network. Defense: Sybil nodes usually steal identity of other nodes and use a globally shared key to communicate in the network. The impact of Sybil attack can be mitigated, if every node in the network shares a unique symmetric key with the base station (gateway) [14]. Another approach was proposed by Wen et al. in [15]. TDOA-based Sybil attack detection is based on calculation of a Time Difference of Arrival – difference in signal traveling time from source node to three distinct beacon nodes. Beacon nodes are defined as nodes with a priori knowledge of their position – equipped with GPS or other localization technology. Beacon nodes are required for TDOA to work. Beacon nodes B1, B2 and B3 on Figure 5 hear a message from S. They calculate three times of arrival t1, t2 and t3 respectively. When the master beacon node B1 receives arrival times from B2 and B3, it can calculate the difference in arrival times and also a location of source node S. Later, when beacon nodes receive another message with the same source-ID, procedure is repeated and position of a source node S’ is calculated. If positions of the S and S’ node are not equal, S’ is suspected to be a Sybil node.
Figure 5: TDOA mechanism
A TARF mechanism, described in subsection 2.7, also prevents Sybil attacks. TARF is basically designed to protect multihop routing protocols from attacks which try to misdirect the traffic in the network e.g. Sybil attacks. With EnergyWatcher and TrustManager described in subsection 2.7, TARF monitors neighbor’s trustworthiness. In the next phase, routes are selected according to trustworthiness of nodes. Network traffic avoids Sybil nodes this way.
10
2.6 Rushing attacks Flooding Route Requests (RREQ) to find a route from source to destination node is widely used mechanism in on-demand routing protocols. The mechanism is presented on Figure 6. Source node S floods RREQ packet. When the destination node D is reached, optimal route is selected and Route Response (RREP) is returned to source node S. The lines between the nodes present neighborhood radio connection.
Figure 6: On demand route discovery
In a Rushing attack, the malicious node is able to forward RREQs faster than legitimate nodes. Because the malicious node’s RREQs are faster, all legitimate RREQs are discarded, as presented on Figure 7. The reason for discarding legitimate RREQs is a mechanism called duplicate suppression technique, which helps to reduce overhead in the network. But unfortunately also allows Rushing attacks. Faster malicious RREQs raises the possibility that route through the attacking node will be chosen as optimal one.
Figure 7: Rushing attack
Defense: Defense against Rushing attacks was traditionally based on Rushing Attack Prevention (RAP) mechanism [16]. RAP waits for up to m RREQs and then randomly selects one of them to forward it instead of forwarding the first one arrived. This approach eliminates the advantage of the RREQ which arrived first to a particular node. However, this mechanism has significant network overhead and works only if the adversary has compromised only a few nodes.
11
Another mechanism is Secure Dynamic Source Routing (SDSR) protocol [17]. Like RAP, SDSR also waits for some time, before forwarding RREQs. Waiting time is proportional to a distance of a specific node from the source node. During this time a node collects all the RREQs from all routes between a node and the source node. Then randomly selects a RREQ to be forwarded. With this procedure, RREQ forwarded by the attacker does not have any advantage any more. As the number of hops between source and destination node increases, the possibility of successful Rushing attack decreases. Functioning of SDSR is presented on Figure 8. Hops are labeled with passed route labels. Framed labels beside nodes shows collected routes in each node. One of them is randomly selected for forwarding. Malicious node route info has the same possibility to be transferred further as all other routes.
Figure 8: Secure Dynamic Source Routing protocol
2.7 Sinkhole attacks In a Sinkhole attack [14], the attacker’s goal is to lure as much traffic as possible from certain area to a route through a compromised node. This is done by bogus advertising that a route through attacking node(s) is a high-quality route to an important destination node. In addition, the attacker tries to convince other nodes that the current path to sink (parent) node is a very poor quality link. When he succeeds and traffic flows through the attacking node, the attacker has many possibilities. To begin with, he can eavesdrop to the traffic passing through. Secondly, he can drop some packets and forward others. This would be a Selective forwarding attack, described in subsection 2.4. Next, he can change information in packets and forward them. He can as well drop all packages and perform Black hole attack. And lastly, he can route all the collected traffic into a Wormhole, described later in subsection 2.8. Defense: Sinkhole attacks are very difficult to defend against. Despite this, there have been some recently published defensive mechanisms against them. First are Geographic routing protocols [18] which are resistant to this attack. These protocols use so called greedy forwarding mechanism to forward packets from the source to the destination node. This means that packets are forwarded to the neighbors which are closest to the destination node. Two prerequisites should be
12
fulfilled for Geographic routing to work: The network must be sufficiently dense and nodes should know their own location and their neighbors’ locations. Next countermeasure against Sinkhole attack is learning global map [4]. Nodes should know the locations of all nodes in the network. This approach is only possible if the network is static and nodes located at known locations. SH environment network is this kind of a network. Lastly, Sinkhole attack can be effectively mitigated using secure routing protocols. Recently proposed TARF mechanism [19] is one of them. It is a routing framework aimed not only for defense from Sinkhole attack but also from other routing attacks like Wormhole and Sybil attacks. It is based on node’s trustworthiness and energy efficiency. Each TARF enabled node runs two components: EnergyWatcher and TrustManager. EnergyWatcher in node N records energy behavior of N’s neighbors – how much energy they usually spend for transmission. This is called energy cost. Beside this TrustManager records trustworthiness of node N neighbors. Therefore each node N holds a table of trust values and energy costs for all its neighbors. A compromised node C may falsely advertise very low energy cost for its next hop. Because C’s neighbors have records of C’s usual energy costs, they can recognize its malicious behavior and lower its trustworthiness. Consequently they choose other nodes for forwarding packets and prevent Sinkhole attack this way.
2.8 Wormhole attacks In a Wormhole attack, two malicious nodes cooperate. They are connected with low latency RF or wired connection, called tunnel. The attacker receives packets at one point in the network, “tunnels” them to another point in the network, and then replays them into the network from that point. Tunneled connection is one hop and low latency connection, while normal multi-hop route have a higher delay. Therefore it is not hard for the attacker to attract and bypass a large amount of traffic between two distant parts of the network over his malicious two nodes and a tunnel connection. This puts the attacker into a very powerful position relative to other nodes in the network. Successful Wormhole attack enables other attacks like Eavesdropping, Selective forwarding, packet corruption and traffic analysis. Wormhole attack can be performed even if the attacker has no encryption keys and the network provides confidentiality and authenticity of communication. It could be therefore internal or external attack. Additionally it could be passive or active attack. Defense: Wormhole attack defense has been widely studied in a last decade and many solutions have been proposed. Most of them include extra hardware like GPS, directional antennas or special radio transceiver modules, which increases the cost of protection. Other solutions have been also proposed recently to reduce these extra costs. I will present two defense techniques. The first one was proposed by Jain and Jain [20]. It is based on a trust scheme for identifying and isolating malicious nodes that acts as entry into or exit from a Wormhole. Every node of the network measures the accuracy and sincerity of its neighbor nodes. This is done by monitoring their participation in the packet forwarding mechanism. The sending node S checks the message forwarded by S’s neighbor N. If integrity check succeeds, the S node confirms that node N acted trustworthy and N’s trustworthiness is increased. If the integrity check fails, trust value is decreased. These trust values are then used to influence the routing decisions. Low trusted nodes are avoided and Wormhole entry nodes as well.
13
Another Wormhole defense mechanism is TARF described in subsection 2.7. It also prevents Wormhole attacks with trust scheme, which is built with a different mechanism as a trust scheme in solution proposed by Jain and Jain.
3. Impact analysis of the attacks on SH environments Security risks have to be adequately addressed in SH environments. Unsecured M2M communication could be used in other applications, like environment monitoring or agriculture, but not in SH environments. The market will not accept SH M2M technology, if security problems are not well studied and solved. Internal active attacks like Node replication, Selective forwarding, Sybil, Rushing, and Wormhole attacks have the biggest impact on M2M networks. These attacks cause the biggest damage, when successfully accomplished. Node replication attack is not so acute threat in SH environments as the latter. M2M network in SH lives in a closed and physically protected area in contrast to open environments like forest or civil infrastructure monitoring. Therefore the risk of massive deployment of replicated nodes is not as high as in other environments. Selective forwarding attack could be very serious threat for SH. An example scenario would be: A visitor deploys a malicious node, controlled from outside the SH. When he succeeds to attract most of the traffic from a part of SH, he can selectively drop packets from surveillance sensors to hide burglar’s activities. Similarly as in Selective forwarding attack, Sybil attack is a high risk for SH environments. As Selective forwarding, Sybil attack could also be controlled from outside of SH. The Sybil node could be used to attract traffic, to collect distributed data or to determine voting in network and consequently enable other dangerous attacks like Selective forwarding. Rushing and Sinkhole attacks are also potent dangers for SH, because they enable other attacks. Wormhole attack is probably the most dangerous of all presented attacks. It is very difficult to detect if performed as an external and passive attack. On the other hand its impact and damage could be very high. This attack could be performed completely outside of physical space of SH, which makes it even bigger threat for SH. To conclude, Selective forwarding, Sybil, Rushing, Sinkhole and Wormhole attacks are the biggest threats for SH among presented attacks.
4. Countermeasures analysis and future work This section will focus on countermeasures in Selective forwarding and Wormhole attacks, since one of them will be in the focus of my future research work.
4.1 Selective forwarding attacks CHEMAS have two desirable features. First, checkpoint nodes, which send back upstream the ACK packets, are selected completely randomly. Therefore they cannot be easily discovered and compromised by the attacker. Second, source nodes can detect selective forwarding attack even if destination node is completely firewalled by attacker nodes. However, authors themselves highlight some weaknesses and points of possible improvement. First, checkpoints are selected randomly. Therefore there is no guaranty that enough of them will be selected to efficiently detect and prevent Selective forwarding attack. Next, it is possible that two compromised nodes,
14
connected with fast Wormhole tunnel and located far away from each other would cooperate and drop packets undetected. This scenario was not tested yet by authors. Lastly, this scheme sends ACK packets back to the source node i.e. upstream. This is called upstream detection. On that way back, malicious nodes could intercept and change ACK packets. Downstream detection would be another way. In that approach ACK packets would be send from checkpoint nodes to the destination node. RAD is based on much stronger assumptions than CHEMAS. It assumes that there is only small number of selective forwarding nodes and that malicious nodes are not coordinated to build a firewall around important destination nodes e.g. Smart Home Gateways. It is to be expected that without these assumptions, RAD would give worse results than CHEMAS. To conclude, CHEMAS shows more possibilities for improvements. It also has more prospects to efficiently counter Selective forwarding attacks.
4.2 Wormhole attacks Both presented mechanisms to defend against Wormhole attacks, Jain and Jain [20] and TARF are based on trust schemes. They differ only in procedures to build and maintain trust database. In both cases, routing decisions depends on trustworthiness of neighbor nodes. In TARF, TrustManager determines and holds trustworthiness of neighbor nodes. In a scenario where packets should run from the source node S through nodes A first and then node B to the destination D, false trustworthiness degradation could occur. If node B is corrupted and routes all packets to a Wormhole, source node S will detect that sent packets didn’t reach the destination node D. Consequently, node S will falsely degrade node A’s trustworthiness. This mistake occurs due to a fact that node S does not distinguish between mistakes in node A or node B. In both cases, if transmission is interrupted in node A or in node B, node A’s trustworthiness is lowered in node S. This could be a possible point of improvement in TARF.
5. Conclusion This seminar has presented eight main security attacks on SH M2M networks and some of the recently published countermeasures for each of them. Impact of all attacks on SH environments has been analyzed and most severe attacks on SH M2M networks were identified. For two of them, Selective forwarding and Wormhole attack, presented countermeasures were analyzed and possible improvements identified.
15
References:
[1] Y. Zhang, R. Yu, S. Xie, Y. Xiao, and M. Guizani, “Home M2M Networks:
Architectures, Standards , and QoS Improvement,” IEEE Communications Magazine,
vol. 49, no. 4, pp. 44-52, 2011.
[2] K. Gill, S.-H. Yang, F. Yao, and X. Lu, “A ZigBee-Based Home Automation System,”
IEEE Transactions on Consumer Electronics, vol. 55, no. 2, pp. 422-430, 2009.
[3] X. Chen, K. Makki, K. Yen, and N. Pissinou, “Sensor network security: a survey,”
IEEE Communications Surveys & Tutorials, vol. 11, no. 2, pp. 52-73, 2009.
[4] S. Mohammadi, R. E. Atani, and H. Jadidoleslamy, “A Comparison of Link Layer
Attacks on Wireless Sensor Networks,” Journal of Information Security, vol. 2, no. 2,
pp. 69-84, 2011.
[5] P. Baronti, P. Pillai, V. W. C. Chook, S. Chessa, A. Gotta, and Y. F. Hu, “Wireless
sensor networks: A survey on the state of the art and the 802.15.4 and ZigBee
standards,” Computer Communications, vol. 30, pp. 1655-1695, 2007.
[6] Y. Zhou, Y. Fang, and Y. Zhang, “Securing Wireless Sensor Networks: A suvey,”
IEEE Communications Surveys & Tutorials, vol. 10, no. 3, pp. 6-28, 2008.
[7] A. Mpitziopoulos, D. Gavalas, C. Konstantopoulos, and G. Pantziou, “A survey on
jamming attacks and countermeasures in WSNs,” IEEE Communications Surveys &
Tutorials, vol. 11, no. 4, pp. 42-56, 2009.
[8] Z. Liu, J. Ma, Q. Pei, L. Pang, and Y. Park, “Key Infection, Secrecy Transfer, and Key
Evolution for Sensor Networks,” IEEE Transactions on Wireless Communications, vol.
9, no. 8, pp. 2643-2653, Aug. 2010.
[9] T. Kwon, J. Lee, and J. Song, “Location-Based Pairwise Key Predistribution for
Wireless Sensor Networks,” IEEE Transactions on Wireless Communications, vol. 8,
no. 11, pp. 5436-5442, 2009.
[10] Y. Zeng, J. Cao, S. Zhang, S. Guo, and L. Xie, “Random-Walk Based Approach to
Detect Clone Attacks in Wireless Sensor Networks,” IEEE Journal of selected areas in
communications, vol. 28, no. 5, pp. 677-691, 2010.
[11] M. Conti, R. Di Pietro, L. V. Mancini, and A. Mei, “Distributed Detection of Clone
Attacks in Wireless Sensor Networks,” IEEE Transactions on Dependable and Secure
Computing, vol. 8, no. 5, pp. 685 - 698, 2011.
[12] B. Xiao, B. Yu, and C. Gao, “CHEMAS: Identify suspect nodes in selective forwarding
attacks,” Journal of Parallel and Distributed Computing, vol. 67, no. 11, pp. 1218-
1230, Nov. 2007.
[13] T. Shu, M. Krunz, and S. Liu, “Secure Data Collection in Wireless Sensor Networks
Using Randomized Dispersive Routes,” IEEE Transactions on Mobile Computing, vol.
9, no. 7, pp. 941-954, 2010.
16
[14] V. C. Giruka, M. Singhal, J. Royalty, and S. Varanasi, “Security in wireless sensor
networks,” Wireless Communications and Mobile Computing, vol. 8, no. 1, pp. 1-24,
Jan. 2008.
[15] M. Wen, H. Li, Y.-fei Zheng, and K.-fei Chen, “TDOA-based Sybil attack detection
scheme for wireless sensor networks,” Journal of Shanghai University (English
Edition), vol. 12, no. 1, pp. 66-70, 2008.
[16] D. M. Shila, Y. Cheng, and T. Anjali, “Mitigating Selective Forwarding Attacks with a
Channel-Aware Approach in WMNs,” IEEE Transactions on Wireless
Communications, vol. 9, no. 5, pp. 1661-1675, 2010.
[17] A. S. Al Shahrani, “Rushing Attack in Mobile Ad Hoc Networks,” in 2011 Third
International Conference on Intelligent Networking and Collaborative Systems, 2011,
pp. 752-758.
[18] J. Yick, B. Mukherjee, and D. Ghosal, “Wireless sensor network survey,” Computer
Networks, vol. 52, no. 12, pp. 2292-2330, Aug. 2008.
[19] G. Zhan, W. Shi, and J. Deng, “Design and Implementation of TARF: A Trust-Aware
Routing Framework for WSNs,” IEEE Transactions on dependable and secure
Computing, vol. 9, no. 2, pp. 184-197, 2012.
[20] S. Jain and S. Jain, “Detection and prevention of wormhole attack in mobile adhoc
networks,” International Journal of Computer Theory and Engineering, vol. 2, no. 1,
pp. 78-86, 2010.
