A Secure Directed Diffusion Routing Protocol for Wireless Sensor Networks

Nashwa El-Bendary1 , Omar S. Soliman 2 , Neveen I.Ghali 3 , Aboul Ella Hassanien2 , Vasile Palade4 Hongbo Liu5
1

Arab Academy for Science,Technology, and Maritime Transport, Cairo, Egypt Email: nashwa m@aast.edu 2 Faculty of Computers and Information, Cairo University, Cairo, Egypt Email: dr.omar.soliman@gmail.com & aboitcairo@gmail.com 3 Faculty of Science, Al-Azhar University, Cairo, Egypt Email:nev ghali@yahoo.com 4 Computing Laboratory, Oxford University, UK Email:vasile.palade@comlab.ox.ac.uk 5 School of Computer, Dalian University of Technology,China Email:lhb@dlut.edu.cn

AbstractThis paper presents a secure routing protocol for wireless sensor networks based on the recognized directed diffusion algorithm. The proposed secure routing protocol uses the TESLA (micro Timed, Efcient, Streaming, Losstolerant Authentication) algorithm in order to authenticate acknowledgement messages sent from the sink to the source nodes for conrming delivery of data-event messages. A simulation based implementation and performance evaluation for the proposed protocol was conducted against black hole and acknowledgement-spoong attacks. Simulations show that the proposed secure routing protocol achieved better event-delivery and event-dropping ratios compared to the original directed diffusion protocol. However, it resulted higher cost in the mean dissipated energy and average delay in some situations due to acknowledgements and authentication processes for delivered events and also due to the retransmissions of non-acknowledged events. Keywords-Directed Diffusion; TESLA; Wireless Sensor Network (WSN).

I. INTRODUCTION Wireless Sensor Networks (WSNs) are known for their reliability, accuracy, exibility, and ease of deployment; as a result they are being widely used for various monitoring systems, data collection, and process control applications [1]. Because of the small size, limited processing power, and unattended deployment of individual sensor nodes, they are greatly prone to security compromises. Therefore, it is important to build security within the network architecture and protocols, so that a WSN can successfully operate in the presence of component failures or malicious attacks or both. Directed diffusion [2] is one of the fundamental data dissemination protocols developed for WSNs. It consists of three main phases, namely, interest propagation phase, path establishment (gradients setup and reinforcement) phase, and data-event transmission phase. In directed diffusion,

the sink nodes, which are data collection points, initiate data dissemination by ooding the query interest in the network in order to establish gradients at each sensor node. These gradients move the desired sensing data down to each sink, initially at a low rate. Based on the delivery quality, the sink selects one specic path to reinforce via a hopby-hop approach. This feedback-based data-quality-control is performed continuously to receive high quality of data. Many WSN applications run in untrustworthy environments, which require secure communication against different types of attacks [3], [4], [5]. However, traditional security protocols are designed for resource rich machines with large computation, which are not applicable to WSNs due to resource limitation. Secure routing in WSNs presents challenges due to low computing power, small memory, limited bandwidth, and especially very limited energy [6]. Many Denial-of-Service (DoS) attacks, which are the result of any action that prevents any part of a WSN from functioning correctly or in a timely manner [7], can be easily employed against routing in WSNs. Many current routing protocols in WSNs, which are not designed with security in mind, are susceptible to some types of DoS attacks, and directed diffusion is no exception. This paper proposes a secure routing protocol for wireless sensor networks based on the recognized directed diffusion routing protocol. The proposed secure routing protocol uses the TESLA (micro Timed, Efcient, Streaming, Loss-tolerant Authentication) algorithm [3], [8] in order to authenticate the acknowledgement messages sent from the sink to the source nodes for conrming the delivery of the data-event messages. It is believed that enhancing directed diffusion with the acknowledgement mechanism for data-event delivery at sink will be a good contribution and

- 149 -

the results can directly benet networks that use directed diffusion algorithm for data delivery. The proposed protocol is implemented in a WSN model and its performance is evaluated against black hole and acknowledgement-spoong DoS attacks. The rest of this paper is organized as follows. Section II introduces an overview of the directed diffusion routing protocol. Section III describes the TESLA broadcasting authentication protocol. Section IV presents the general structures and phases of the proposed secure routing protocol. Experimental results with simulation environment and attacker model are discussed in section V. Finally, Section VI discusses conclusions and future work. II. P ROPOSED S ECURE ROUTING P ROTOCOL Authenticated acknowledgement-based secure routing protocol proposed in this paper can ensure both network connectivity and authentication at the same time. That means disseminating high quality of sensing data from authenticated nodes to the sink, in the presence of compromised nodes. The proposed secure routing protocol inherits many design features from the original directed diffusion protocol and defends against black hole and acknowledgement-spoong attacks, and accordingly attains better network performance from both routing and security points of view. Broadcasting authentication mechanism depending on the procedure of the TESLA authentication protocol is used by the proposed secure protocol in order to authenticate the ACK messages sent from the sink to the source nodes for conrming the delivery of the data-event messages. Figure 1 illustrates the main phases of the proposed secure protocol, which are: Secret-key setup and broadcasting phase Interest propagation phase Path establishment and reinforcement phase Data-event delivery and authenticated acknowledgement phase 5) Disclosed key and buffered ACK-packets authentication phase To send an Authenticated Acknowledgement (Auth-ACK) packet, the sink simply computes a MAC (Message Authentication Code) on the ACK packet with a key (Ki ) that is secret at that point in time (Ti ). When the source node gets the Auth-ACK packet, it can verify that the corresponding MAC key was not yet disclosed by the sink (based on its loosely synchronized clock and because it knows the time schedule at which keys are disclosed). Since the receiving source node is assured that the MAC key is only known by the sink, it is assured that no adversary could have altered the packet in transit. So, the node stores the received AuthACK packets in a buffer. At the time of key disclosure (Tj ), the sink sends the verication key (Kj ) to all source nodes. 1) 2) 3) 4) Figure 1 Phases of the proposed protocol

When the node receives the disclosed key, it can easily verify the authenticity of the key by checking the security condition. If the key is authentic, the node can now use it to authenticate the ACK packets stored in its buffer. III. S IMULATION M ODEL The proposed protocol is implemented using C++ code. The main goal of conducting this performance evaluation study was to evaluate the performance of the proposed protocol, under normal conditions (without any DoS attacks) and against the existence of both black hole and acknowledgement-spoong DoS attacks, and to compare its performance with the performance of the original directed diffusion protocol. Four evaluating metrics were selected, namely: Mean dissipated energy, which measures the ratio of total dissipated energy per node in the network to the number of distinct events seen by sinks Average delay, which measures the average one-way end-to-end delay observed between transmitting an event and receiving it at each sink including retransmission, buffering, and authentication Distinct event delivery ratio, which is the ratio of the number of distinct events received at the sink to the number originally sent by source nodes Event packet dropping ratio, which is the ratio of the total number of dropped event data packets, due to DoSattacks or lack of paths to the sink, to the number of originally sent event data packets by source nodes In order to study the performance of proposed protocol as a function of network size, we generate four sensor elds of different sizes, ranging from 25 to 100 nodes in increments of 25 nodes. Each sensor eld was generated by randomly placing the nodes in a 100x100m square. One stationary sink sits in the center of the eld at location (50, 50).

- 150 -

Sensor nodes have initial positions at the beginning of the simulation, then, they moved according to a random-stepmobility model. Each node has a radio range of 30m. Energy consumption model for radio communication in simulations follows the Berkeley motes [9], which consume (0.025 mJoule) for transmitting and (0.0186 mJoule) for receiving a single byte. The event-area (phenomena region) has been chosen to be in 2 rectangles. Distance-varying bit-rate data sources were being used for simulations. That is the bit rate of each source varies with the distance between this data source sensor node and the destination sink node (distance-varying bit rate). The DoS attack is assumed to take place after the attacking node received the interest. Exploratory interests were initially broadcasted by the sink with a rate of one exploratory-interest per second. Interests with new tasks were periodically broadcasted then refreshed (updated) by the sink node every 100 milliseconds (interest interval) and last for 500 milliseconds. Each sensor node has an interest-cache with a size of 4 interest entries. The data-events have 5 retransmission trials for each data-event as a retransmission limit. The sizes of interest packet, data-event packet, CDM message, DM message, and Auth-ACK packet are 36 bytes, 64 bytes, 40 bytes, 16 bytes, and 14 bytes respectively. Each time interval (Ii ) lasts for 100 milliseconds and the disclosure delay time is 150 milliseconds. Each Auth-ACK packet lasts for 10 milliseconds then expires. This time also represents the acknowledgement duration the source node waits before re-sending another data-event through an alternative route to the sink. Each simulation runs 5 times and the result shown is an average of these runs. Two DoS attacks, namely, black hole attack and acknowledgement-spoong attack, will be simulated in the attacker model against the WSN in order to evaluate the proposed protocols performance. In a black hole attack [4], [5], an attacker drops the incoming packets from its previous-hop neighbor nodes. In order to remain unnoticed, the adversary keeps sending self-generated packets only; thus, the malicious node may appear normal to its next-hop neighbors, which makes it hard to gure out the cause of disconnection from a certain group of nodes to the sink node. In the acknowledgement-spoong attack [4], an adversary can spoof acknowledgements for packets addressed to neighboring nodes in order to convince the sender that the transmitted packet has delivered for its destination node or that a weak link is strong. The base station (sink node) is assumed to be secure and trusted. Sensor nodes are (unlike the sink node) not trusted. This is a common assumption in WSNs [3], [4], [9] because it is relatively easy for an adversary to capture and compromise sensor nodes. Figure 2 shows the simulated environment for the 100-nodes WSN model.

Figure 2 Simulation environment

IV. E XPERIMENTAL R ESULTS A. Mean dissipated energy For the proposed protocol, without any attacks, it dissipates more energy compared to the energy dissipated by the directed diffusion protocol due to the authentication process accomplished by the source nodes, for the buffered Auth-ACK packets, on receiving the disclosed key of the previous time interval after certain disclosure delay time. With black hole and the acknowledgement-spoong attacks taking place, the mean dissipated energy will increase due to the retransmission of nondelivered and consequently nonacknowledged data packets, because of attacks or path failure, by source nodes through alternative reinforced routes to the sink, instead of the failed original reinforced routes that pass through the attacker nodes, the case that results in more dissipated energy. B. Average delay For the proposed protocol compared to the directed diffusion, the main reason for the increase in the average delay is the time consumed in the acknowledgement process, by delivering Auth-ACK packets from the sink to source nodes conrming the delivery of data-event packets, and the acknowledgement waiting time, which is the time that source node waits till receiving ACK packet from the sink for the sent data-event packet. That is with addition to the time consumed in the authentication process for the buffered Auth-ACK in the source nodes after waiting for the disclosure delay time. With black hole and the acknowledgement-spoong attacks taking place, the average delay for the proposed secure protocol is higher than the average delay under normal conditions (without any attacks). That is due to the retransmission of the nondelivered (falsely acknowledged)

- 151 -

data packets to the sink through alternative routes after waiting for the disclosure delay time. C. Distinct event delivery ratio Assuming a congestion-free network, the proposed protocol achieves around 90%-98% delivery ratio for the data events sent from the source nodes to the sink as the network size increases. However, in some situations, the data-packets may not be delivered to the sink node because the source node has no route to the sink, the case that decreases the event delivery ratio even in the absence of any attacks. Retransmission of the non-acknowledged data-packets, due to data-events dropping by attacker nodes or due to path failure, also allows the proposed protocol to exhibit very good results concerning the distinct event delivery ratio. For the proposed protocol with black hole and the acknowledgement-spoong attacks, the achieved event delivery ratio will be slightly lower than the delivery ratio achieved by the same protocol under normal conditions. That is because in some situations there are no available alternative routes that are not passing through the attacker nodes, especially in small size networks, to be used for resending the nondelivered data-events to the sink. D. Event packet dropping ratio For the directed diffusion protocol, the event dropping ratio increases dramatically as a result for the black hole attack against data-event messages sent from source nodes toward the sink, compared to the dropping ratio achieved by the same protocol without any attacks. On the other hand, retransmission of the nonacknowledged data packets, due to data-events dropping by attacker nodes or due to path failure, allows the proposed protocol to exhibit the lowest event dropping ratio, under normal conditions. For the proposed protocol with black hole and the acknowledgement-spoong attacks, the event dropping ratio will be higher than the dropping ratio achieved by the same protocol under normal conditions. That is also due to absence of available alternative routes that are not passing through the attacker nodes to be used for re-sending the nondelivered data events to the sink, especially in small size networks. V. C ONCLUSIONS AND F UTURE W ORKS This paper proposes a secure routing protocol for wireless sensor networks based on the directed diffusion routing algorithm. Simulation results show that the storage space required increases with the increase in the number of nodes in the network. The proposed secure routing protocol inherits many design features from the original directed diffusion protocol with addition to authenticating data event delivery acknowledgement messages, and accordingly attains better network performance from both routing and security points

of view. Simulations show that the proposed secure routing protocol attains a very good performance against black hole and acknowledgement-spoong attacks by having a high delivery ratio and a low dropping ratio for data-events. But, that very good performance has been achieved with the cost of high delay and dissipated energy in some situations due to the retransmission of the non delivered data events to the sink node. In future work, we plan to use a simulation model containing obstacles or interference problems, or providing diversity in the capabilities of each sensor node in the provided simulations. R EFERENCES
[1] I. F. Akyildiz, W. Su, Y. Sankarasubramaniam, and E. Cayirci,Wireless Sensor Networks: A Survey, IEEE Computer Networks,Vol. 38, No. 4, March 2002, pp. 393-422. [2] Fabio Silva, John Heidemann, Ramesh Govindan, and Deborah Estrin, Directed Diffusion, Technical Report ISI-TR2004-586, USC/Information Sciences Institute, January 2004. [3] A. Perrig, R. Szewczyk, V. Wen, D. Culler, and J.D. Tygar, SPINS: Security Protocols for Sensor Networks, Mobile Computing and Networking Conference (ACMMobiCom01), Rome, Italy, 2001, pp.189-199. [4] Chris Karlof and David Wagner, Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures, First IEEE International Workshop on Sensor Network Protocols and Applications, May 2003. [5] J Yin and S. K. Madria, A Hierarchical Secure Routing Protocol Against black hole Attacks in Sensor Networks, IEEE Computer Society, Washington, USA, 2006, pp. 376 383. [6] M. Tubaishat, J. Yin, B. Panja, and S. Madria, A Secure Hierarchical Model for Sensor Network, ACM SIGMOD Record, Vol. 33, No. 1, March 2004. [7] Committee on National Security Systems (CNSS), National Information Assurance Glossary, NSTISSI No. 4009, May 2003. [8] Donggang Liu and Peng Ning, Multi-level TESLA: Broadcast Authentication for Distributed Sensor Networks, ACM Transactions on Embedded Computing Systems (TECS), Vol. 3, No. 4, November 2004, pp. 800 - 836. [9] Nachiketh R. Potlapally, Srivaths Ravi, Anand Raghunathan, and Niraj K. Jha, A Study of the Energy Consumption Characteristics of Cryptographic Algorithms and Security Protocols, IEEE Transactions on Mobile Computing, Vol. 5, No. 2, February 2006.

- 152 -