UNIT- 4

SENSOR NETWORK SECURITY

Network Security Requirements, Issues and Challenges in Security
Provisioning, Network Security Attacks, Layer wise attacks in
wireless sensor networks, possible solutions for jamming,
tampering, black hole attack, flooding attack. Key Distribution and
Management, Secure Routing – SPINS, reliability requirements in
sensor networks.

TABLE OF CONTENTS
4.1 Introduction: Security in Wireless Sensor Networks 4.1

4.2 Network Security Requirements 4.2

4.3 Issues and Challenges in Security Provisioning 4.4

4.4 Network Security Attacks 4.7

4.5 Layer wise Attacks in Wireless Sensor Networks 4.9

4.6 Possible Solutions for Jamming 4.14

4.7 Tampering Attack and its Countermeasures 4.16

4.8 Block Hole Attack and its Countermeasures

4.9 Flooding Attack and its Countermeasures

4.10 Key Distribution and Management

4.11 Secure Routing in Wireless Sensor Networks

4.12 Security Protocols for Sensor Networks (SPINS)

4.13 Reliability Requirements in Sensor Networks

4.1 Introduction: Security in Wireless Sensor Networks

 WSN is a special type of network. The sensor networks, based on an inherently
broadcast wireless medium, are vulnerable to a variety of attacks.

 Security is of prime importance in sensor networks because the absenc e of central

authority, random deployment of nodes in the network and nodes assume a large
amount of trust among themselves during data aggregation and event detection.

 From a set of sensor nodes in a given locality, only one final aggregated message may
be sent to the BS, so it is necessary to ensure that communication links are secure for
data exchange.

 Cryptographic solutions based on symmetric or public key cryptography are not

suitable for sensor networks, due to the high processing requirements of the
algorithms. So, need special type of protocol to ensure the security in sensor networks.

4.2 Network Security Requirements

 The security services in a WSN should protect the information communicated over the
network and the resources from attacks and misbehaviour of nodes.

 The most important security requirements in WSN are listed below:

 Data Confidentiality

 Authentication

 Data Integrity

 Data Freshness
 AD HOC and Wireless Sensor Networks 4.2

 Availability

 Self-Organization

 Time synchronization

 Source Localization

 Scalability

Data Confidentiality

 Data Confidentiality requirement is required to ensure that sensitive information is

well protected and not revealed to unauthorized third parties.

 The confidentiality objective helps to protect information traveling between the sensor
nodes of the network or between the sensors and the base station from disclosure, since
an adversary having the appropriate equipment may eavesdrop on the communication.

 By eavesdropping, the adversary could overhear critical information such as sensing

data and routing information. Based on the sensitivity of the data stolen, an adversary
may cause severe damage since he can use the sensing data for many illegal purposes
i.e. sabotage, blackmail.

 Furthermore, by stealing routing information the adversary could introduce his own
malicious nodes into the network in an attempt to overhear the entire communication.

 If we consider eavesdropping to be a network level threat, then a local level threat

could be a compromised node that an adversary has in his possession. Compromised
nodes are a big threat to confidentiality objective since the adversary could steal
critical data stored on nodes such as cryptographic keys that are used to encrypt the
communication.

Authentication

 It ensures that the communicating node is the one that it claims to be. An adversary
can not only modify data packets but also can change a packet stream by injecting
fabricated packets.

 It is, therefore, essential for a receiver to have a mechanism to verify that the received
packets have indeed come from the actual sender node.

 In case of communication between two nodes, data authentication can be achieved

through a message authentication code (MAC) computed from the shared secret key.
 AD HOC and Wireless Sensor Networks 4.3

Data Integrity

 The mechanism should ensure that no message can be altered by an entity as it

traverses from the sender to the recipient.

Data Freshness

 It implies that the data is recent and ensures that no adversary can replay old messages.

 This requirement is especially important when the WSN nodes use shared-keys for
message communication, where a potential adversary can launch a replay attack using
the old key as the new key is being refreshed and propagated to all the nodes in the
WSN.

 A nonce or time-specific counter may be added to each packet to check the freshness
of the packet.

Availability

 Availability ensures that services and information can be accessed at the time that they
are required.

 In sensor networks, there are many risks that could result in loss of availability such as
sensor node capturing and denial of service attacks.

 Lack of availability may affect the operation of many critical real-time applications
like those in the healthcare sector that require a 24/7 operation that could even result in
the loss of life.

 Therefore, it is critical to ensure resilience to attacks targeting the availability of the

system and find ways to fill in the gap created by the capturing or disablement of a
specific node by assigning its duties to some other nodes in the network.

Self-Organization

 In WSN no fixed infrastructure exists, hence, every node is independent having

properties of adaptation to the different situations and maintains self-organizing and
self-healing properties. This is a great challenge for security in WSN.

Time synchronization

 Most of the applications in sensor networks require time synchronization. Any security
mechanism for WSN should also be time-synchronized. A collaborative WSN may
require synchronization among a group of sensors.
 AD HOC and Wireless Sensor Networks 4.4

Source Localization

 For data transmission some applications use location information of the sink node. It is
important to give security to the location information.

 Non-secured data can be controlled by the malicious node by sending false signal
strengths or replaying signals.

Scalability

 Hundreds of thousands of nodes are deployed in a network carrying out distributed

operations. Because of this explosive proliferation of sensor nodes, scalability is
becoming an important requirement in WSN.

 WSN must be scalable to provide capacity for additional nodes. New nodes inser tion
and old nodes removal should be easy with no bad impact over the network operations.

4.3 Issues and Challenges in Security Provisioning

 A strong routing protocol can only protect the network from various malicious
activities. Designing a strong security routing protocol for wireless sensor network is a
very challenging task.

 WSN must have the richest set of different protocols to carryout application
requirements; a WSN protocol must handle a hostile environment.

 Routing protocol should provide a high throughput, and a decrease packet loss ratio.
Routing algorithm should handle mobility and dynamic changing behavior in WSNs.

 Unreliable wireless media can drop packets; routing protocols should prevent packet
loss. Designing a new routing protocol for WSN should consider the following
security and privacy issues.

 Node Mobility

 Coverage Problem

 Shared Broadcast Radio Channel

 Insecure Operational Environment

 Lack of Central Authority

 Lack of Association
 AD HOC and Wireless Sensor Networks 4.5

 Limited Resource Availability

 Physical Vulnerability

 Quality of Service

 Programming Wireless Sensor Networks

Node Mobility

 The mobility sink node is used to collect data from all sensors. A static sink node
collects data from all sensors without changing its constant position. A mobile sink
node has its own effects on the network, e.g., performance and dynamic change
behavior. Routing protocols must provide better connectivity, an efficient energy
consumption, a controlled flooding mechanism, etc.

Coverage Problem

 Coverage is an important performance metric in WSNs; it reflects how well the

environment is monitored. The surrounding vicinity should be monitored all times to
collect data; a dead node cannot forward any packets; consequently, it degrades
network services.

Shared Broadcast Radio Channel

 Unlike in wired networks where a separate dedicated transmission line can be provided
between a pair of end users, the radio channel used for communication in wireless
sensor networks is broadcast in nature and is shared by all nodes in the network.

 Data transmitted by a node is received by all nodes within its direct transmission range.
So a malicious node could easily obtain data being transmitted in the network. This
problem can be minimized to a certain extent by using directional antennas.

Insecure Operational Environment

 The operating environments where wireless sensor networks are used may not always
be secure.

 One important application of such networks is in battlefields. In such applications,

nodes may move in and out of hostile and insecure enemy territory, where they would
be highly vulnerable to security attacks.
 AD HOC and Wireless Sensor Networks 4.6

Lack of Central Authority

 In wired networks and infrastructure-based wireless networks, it would be possible to

monitor the traffic on the network through certain important central points (such as
routers, base stations, and access points) and implement security mechanisms at such
points. Since wireless networks do not have any such central points, these mechanisms
cannot be applied in wireless sensor networks.

Lack of Association

 Since these networks are dynamic in nature, a node can join or leave the network at
any point of the time. If no proper authentication mechanism is used for associating
nodes with a network, an intruder would be able to join into the network quite easily
and carry out his/her attacks.

Limited Resource Availability

 Resources such as bandwidth, battery power, and computational power are scarce in
wireless sensor networks. Hence, it is difficult to implement complex cryptography-
based security mechanisms in such networks.

Physical vulnerability

 Nodes in these networks are usually compact and hand-held in nature. They could get
damaged easily and are also vulnerable to theft.

Quality of Service

 QoS is the function of its application. The proper congestion control provide s better
QoS. In WSNs, there is a minimum chance of congestion outside the base station area.
Congestion near the base station results into: channel occupancy, buffer overflow,
packet collision, channel contention, high data rate, and minimum node’s life.

 For better services, minimum congestion in the network is necessary. Congestion

avoidance ensures high throughput, better link utilization, minimum delay, energy
efficiency, and minimum data rate error. Control packets are used to prevent
congestion.

Programming Wireless Sensor Networks

 Programming a large network of highly resource-constraint devices that are self-

organized and globally consistent, with a robust behavior and a dynamically changing
environment, is a big challenge.
 AD HOC and Wireless Sensor Networks 4.7

 Programming in a hostile or un-secure environment, to monitor the surroundings, is a

daunting task. Programming WSNs must be equipped with proper software
engineering principles; it must be well coded, tested, debugged, and should provide a
flawed free design.

4.4 Network Security Attacks

 Wireless networks are vulnerable to security attacks due to the broadcast nature of the
transmission medium. Furthermore, WSNs have an additional vulnerability because
nodes are often placed in a hostile or dangerous environment where they are not
physically protected.

 For a large-scale sensor network, it is impractical to monitor and protect each

individual sensor from physical or logical attack. Attackers may device different types
of security attacks to make the WSN system unstable.

4.4.1 Based On the Capability of the Attacker

Outsider versus insider (node compromise) attacks

 Outside attacks are defined as attacks from nodes, which do not belong to a WSN;
insider attacks occur when legitimate nodes of a WSN behave in unintended or
unauthorized ways.

Passive versus Active attacks

 Passive attacks include eavesdropping on or monitoring packets exchanged within a

WSN; active attacks involve some modifications of the data steam or the creation of a
false stream.

Mote-class versus laptop-class attacks

 In mote-class attacks, an adversary attacks a WSN by using a few nodes with similar
capabilities to the network nodes; in laptop-class attacks, an adversary can use more
powerful devices (e.g., a laptop) to attack a WSN. These devices have greater
transmission range, processing power, and energy reserves than the network nodes.

4.4.2 Attacks on Information in Transit

 In a sensor network, sensors monitor the changes of specific parameters or values and
report to the sink according to the requirement. While sending the report, the
information in transit may be attacked to provide wrong information to the base
stations or sinks. The attacks are:
 AD HOC and Wireless Sensor Networks 4.8

 Interruption: Communication link in sensor networks becomes lost or

unavailable. This operation threatens service availability. The main purpose is to
launch denial-of service (DoS) attacks. From the layer-specific perspective, this is
aimed at all layers.

 Interception: Sensor network has been compromised by an adversary where the

attacker gains unauthorized access to sensor node or data in it. Example of this
type of attacks is node capture attacks. This threatens message confidentiality. The
main purpose is to eavesdrop on the information carried in the messages.

 Modification: Unauthorized party not only accesses the data but also tampers
with it. This threatens message integrity. The main purpose is to confuse or
mislead the parties involved in the communication protocol. This is usually aimed
at the network layer and the application layer, because of the richer semantics of
these layers.

 Fabrication: An adversary injects false data and compromises the trustworthiness

of information. This threatens message authenticity. The main purpose is to
confuse or mislead the parties involved in the communication protocol. This
operation can also facilitate DOS attacks, by flooding the network.

 Replaying existing messages: This operation threatens message freshness. The

main purpose of this operation is to confuse or mislead the parties involved in the
communication protocol that is not time- aware.

4.4.3 Host Based Vs Network Based

 Host-based attacks: It is further broken down in to User compromise: This

involves compromising the users of a WSN, e.g. by cheating the users into
revealing information such as passwords or keys about the sensor nodes.
Hardware compromise: This involves tampering with the hardware to extract the
program code, data and keys stored within a sensor node. The attacker might also
attempt to load its program in the compromised node. Software compromise: This
involves breaking the software running on the sensor nodes. Chances are the
operating system and/or the applications running in a sensor node are vulnerable
to popular exploits such as buffer overflows.

 Network-based attacks: It has two orthogonal perspectives layer-specific

compromises, and protocol-specific compromises. This includes all the attacks on
information in transit. Apart from that it also includes Deviating from protocol:
When the attacker is, or becomes an insider of the network, and the attacker’s
 AD HOC and Wireless Sensor Networks 4.9

purpose is not to threaten the service availability, message confidentiality,

integrity and authenticity of the network, but to gain an unfair advantage for itself
in the usage of the network, the attacker manifests selfish behaviours, behaviours
that deviate from the intended functioning of the protocol.

4.5 Layer wise Attacks in Wireless Sensor Networks

 This section discusses about the WSN layer wise attack.

4.5.1 Physical Layer Attacks

4.5.1.1 Jamming

 This is one of the Denial of Service Attacks in which the adversary attempts to disrupt
the operation of the network by broadcasting a high-energy signal.

 Jamming attacks in WSNs, classifying them as constant (corrupts packets as they are
transmitted), deceptive (sends a constant stream of bytes into the network to make it
look like legitimate traffic), random (randomly alternates between sleep and jamming
to save energy), and reactive (transmits a jam signal when it senses traffic).

 To defense against this attack, use spread-spectrum techniques for radio

communication. Handling jamming over the MAC layer requires Admission Control
Mechanisms.

4.5.1.2 Radio Interference

 Here, adversary either produces large amounts of interference intermittently or

persistently. To handle this issue, use of symmetric key algorithms in which the
disclosure of the keys is delayed by some time interval.

4.5.1.3 Tampering or Destruction

 Given physical access to a node, an attacker can extract sensitive information such as
cryptographic keys or other data on the node.

 One defense to this attack involves tamper-proofing the node’s physical package.

 Self-Destruction (tamper-proofing packages) – whenever somebody accesses the

sensor nodes physically the nodes vaporize their memory contents and this prevents
any leakage of information.
 AD HOC and Wireless Sensor Networks 4.10

4.5.2 Data Link Layer Attacks

4.5.2.1 Continuous Channel Access (Exhaustion)

 A malicious node disrupts the Media Access Control protocol, by continuously

requesting or transmitting over the channel. This eventually leads a starvation for other
nodes in the network with respect to channel access.

 One of the countermeasures to such an attack is Rate Limiting to the MAC admission
control such that the network can ignore excessive requests, thus preventing the energy
drain caused by repeated transmissions.

 A second technique is to use time division multiplexing where each node is allotted a
time slot in which it can transmit.

4.5.2.2 Collision

 This is very much similar to the continuous channel attack. A collision occurs when
two nodes attempt to transmit on the same frequency simultaneously. When packets
collide, a change will likely occur in the data portion, causing a checksum mismatch at
the receiving end. The packet will then be discarded as invalid. A typical defense
against collisions is the use of error-correcting codes.

4.5.2.3 Unfairness

 Repeated application of these exhaustion or collision based MAC layer attacks or an

abusive use of cooperative MAC layer priority mechanisms, can lead into unfairness.

 This kind of attack is a partial DOS attack, but results in marginal performance
degradation.

 One major defensive measure against such attacks is the usage of small frames, so that
any individual node seizes the channel for a smaller duration only.

4.5.2.4 Interrogation

 Exploits the two-way request-to-send/clear-to-send (RTS/CTS) handshake that many

MAC protocols use to mitigate the hidden-node problem.

 An attacker can exhaust a node’s resources by repeatedly sending RTS messages to

elicit CTS responses from a targeted neighbour node.
 AD HOC and Wireless Sensor Networks 4.11

 To put a defense against such type of attacks a node can limit itself in accepting
connections from same identity or use Anti replay protection and strong link-layer
authentication.

4.5.2.5 Sybil Attack

 In this attack, a single node presents multiple identities to all other nodes in the WSN.
This may mislead other nodes, and hence routes believed to be disjoint with respect to
node can have the same adversary node.

 A countermeasure to Sybil Attack is by using a unique shared symmetric key for each
node with the base station.

4.5.3 Network Layer Attacks

4.5.3.1 Sinkhole Attack

 Sinkhole attacks normally occur when compromised node send fake routing
information to other nodes in the network with aim of attracting as many traffic as
possible.

4.5.3.2 Hello Flood

 This attack exploits Hello packets that are required in many protocols to announce
nodes to their neighbors. A node receiving such packets may assume that it is in radio
range of the sender.

 A laptop class adversary can send this kind of packet to all sensor nodes in the network
so that they believe the compromised node belongs to their neighbors. This causes a
large number of nodes sending packets to this imaginary neighbour and thus into
oblivion. Authentication is the key solution to such attacks. Such attacks can easily be
avoided by verify bi-directionality of a link before taking action based on the
information received over that link.

4.5.3.3 Node Capture

 Node capture attack is a serious attack through which an intruder can performs various
operations on the network and can easily compromise the entire network. It is one of
the hazardous attack in WSNs.

 A single node capture is sufficient for an attacker to take over the entire network.
 AD HOC and Wireless Sensor Networks 4.12

4.5.3.4 Selective Forwarding/ Black Hole Attack

 In Black Hole attack, a malicious node falsely advertises good paths (e.g., shortest path
or most stable path) to the destination node during the path-finding process (in on-
demand routing protocols) or in the route update messages (in table-driven routing
protocols). The intention of the malicious node could be to hinder the path -finding
process or to intercept all data packets being sent to the destination node concerned.
Malicious or attacking nodes can however refuse to route certain messages and drop
them. If they drop all the packets through them, then it is called a Black Hole Attack.

 However if they selectively forward the packets, then it is called selective forwarding.

 To overcome this, Multi path routing can be used in combination with random
selection of paths to destination, or braided paths can be used which represent paths
which have no common link or which do not have two consecutive common nodes, or
use implicit acknowledgments, which ensure that packets are forwarded as they were
sent.

4.5.3.5 Wormhole Attacks

 An adversary can tunnel messages received in one part of the network over a low
latency link and replay them in another part of the network. This is usually done with
the coordination of two adversary nodes, where the nodes try to understate their
distance from each other, by broadcasting packets along an out-of-bound channel
available only to the attacker.

 To overcome this, the traffic is routed to the base station along a path, which is always
geographically shortest or use very tight time synchronization among the nodes, which
is infeasible in practical environments.

4.5.3.6 Spoofed, Altered, or Replayed Routing Information

 The most direct attack against a routing protocol in any network is to target the routing
information itself while it is being exchanged between nodes. An attacker may spoof,
alter, or replay routing information in order to disrupt traffic in the network. These
disruptions include the creation of routing loops, attracting or repelling network traffic
from select nodes, extending and shortening source routes, generating fake error
messages, partitioning the network, and increasing end-to-end latency.

 A countermeasure against spoofing and alteration is to append a message

authentication code (MAC) after the message. Efficient encryption and authentication
techniques can defend spoofing attacks.
 AD HOC and Wireless Sensor Networks 4.13

4.5.3.7 Misdirection
 This is a more active attack in which a malicious node present in the routing path can
send the packets in wrong direction through which the destination is unreachable. In
place of sending the packets in correct direction the attacker misdirects those and that
too towards one node and thus this node may be victimized.

4.5.3.8 Homing

 In a homing attack, the attacker looks at network traffic to deduce the geographic
location of critical nodes, such as cluster heads or neighbors of the base station. The
attacker can then physically disable these nodes. This leads to another type of black
hole attack.

4.5.4 Transport layer Attacks

4.5.4.1 Flooding
 Sometime, the malicious node can cause immense traffic of useless messages on the
network. This is known as the flooding. Sometimes, malicious nodes replay some
actual broadcast messages, and hence generating useless traffic on the network. This
can cause congestion, and may eventually lead to the exhaustion of complete nodes.
This is a form of Denial of Service attack.

4.5.4.2 De-synchronization Attacks

 In this attack, the adversary repeatedly forges messages to one or both end points
which request transmission of missed frames. Hence, these messages are again
transmitted and if the adversary maintains a proper timing, it can prevent the end points
from exchanging any useful information.

4.5.5 Application layer Attacks

4.5.5.1 Overwhelm Attack

 An attacker might attempt to overwhelm network nodes with sensor stimuli, causing
the network to forward large volumes of traffic to a base station. This attack consumes
network bandwidth and drains node energy.

4.5.5.2 Path-based DOS Attack

 It involves injecting spurious or replayed packets into the network at leaf nodes. This
attack can starve the network of legitimate traffic, because it consumes resources on
the path to the base station, thus preventing other nodes from sending data to the base
station.
 AD HOC and Wireless Sensor Networks 4.14

4.5.5.3 Deluge (reprogram) Attack

 Network programming system let you remotely reprogram nodes in deployed

networks. If the reprogramming process isn’t secure, an intruder can hijack this
process and take control of large portions of a network. It can use authentication
streams to secure the reprogramming process.

4.6 Possible Solutions for Jamming

 Jamming in wireless networks is defined as the disruption of existing wireless
communications by decreasing the signal-to-noise ratio at receiver sides through the
transmission of interfering wireless signals.

 Jamming can be done at different levels, from hindering transmission to distorting

packets in legitimate communications.

 Jamming makes use of intentional radio interferences to harm wireless

communications by keeping communicating medium busy, causing a transmitter to
back-off whenever it senses busy wireless medium, or corrupted signal received at
receivers. Jamming mostly targets attacks at the physical layer but sometimes cross-
layer attacks are possible too.

4.6.1 Types of Jammers

 Jammers are malicious wireless nodes planted by an attacker to cause intentional

interference in a wireless network. Depending upon the attack strategy, a jammer can
either have the same or different capabilities from legitimate nodes in the network
which they are attacking.

 The jamming effect of a jammer depends on its radio transmitter power, location and
influence on the network or the targeted node. A jammer may jams a network in
various ways to make the jamming as effective as possible. Basically, a jammer can be
either Proactive and Reactive

Proactive jammer

 Proactive jammer transmits jamming (interfering) signals whether or not there is data
communication in a network. It sends packets or random bits on the channel it is
operating on, putting all the others nodes on that channel in non-operating modes.
However, it does not switch channels and operates on only one channel until its energy
is exhausted. There are three basic types of proactive jammers: constant, deceptive and
random
 AD HOC and Wireless Sensor Networks 4.15

 Constant jammer, emits continuous, random bits without following the CSMA
protocol. A constant jammer prevents legitimate nodes from communicating with each
other by causing the wireless media to be constantly busy. This type of attack is energy
inefficient and easy to detect but is very easy to launch and can damage network
communications.
 Deceptive jammer, sends a constant stream of bytes into the network to make it look
like legitimate traffic.
 Random jammer, intermittently transmits either random bits or regular packets into
networks. It continuously switches between two states: sleep phase and jamming
phase. It sleeps for a certain time of period and then becomes active for jamming
before returning back to a sleep state.
Reactive Jammer
 Reactive jammer starts jamming only when it observes a network activity occurs on a
certain channel. As a result, a reactive jammer targets on compromising the reception
of a message. It can disrupt both small and large sized packets. Since it has to
constantly monitor the network, reactive jammer is less energy efficient than random
jammer. However, it is much more difficult to detect a reactive jammer than a
proactive jammer because the Packet Delivery Ratio (PDR) cannot be determined
accurately in practice. There are two different ways to implement a reactive jammer
 Reactive RTS/CTS jammer, jams the network when it senses a request-to-send
(RTS) message is being transmitted from a sender. It starts jamming the channel as
soon as the RTS is sent. In this way, the receiver will not send back clear-to-send
(CTS) reply because the RTS packet sent from a sender is distorted. Then, the sender
will not send data because it believes the receiver is busy with another on-going
transmission.
 Reactive Data/ACK jammer, jams the network by corrupting the transmissions of
data or acknowledgement (ACK) packets. This type of jammer can corrupt data
packets, or it waits until the data packets reach the receiver and then corrupts the ACK
packets. The corruptions of both data packets and ACK messages will lead to re-
transmissions at the sender end.
4.6.2 Countermeasures for Proactive Jammer
 In proactive jamming, the jammer chokes the bandwidth so that a transmitter is unable
to transmit. Therefore, carrier-sensing thresholds can be used to detect such type of
jammers. When jamming is detected, nodes in the network can map the jammed area
and re-route traffic, switch channel, or perform spatial retreat to counteract this
jamming act.
 AD HOC and Wireless Sensor Networks 4.16

4.6.3 Countermeasures for Reactive Jammer

 Reactive Jamming detection using BER. It is used to detect jamming using the bit error
rate (BER) for reactive jammers that keep the received signal strength (RSS) low while
introducing disruption in a packet.

 By looking at the RSS of each bit during the reception, it identifies the cause of bit
errors for individual packet using predetermined knowledge, error correcting codes
(ECC), or wired node chain systems. If the error is due to weak signal, the RSS should
be low. .

 If the RSS value is high for a bit error, there are external interference or jamming.
Assuming nodes can assess the expected local interference, the sequential jamming
probability test calculates the marginal likelihood of errors due to 10 unintentional
collisions. If this value is less than the log of the r atio of targeted probability for a
missed alarm to the targeted probability, then there is jamming and an alarm is raised.

 If the marginal likelihood is less than the ratio, there is no jamming and the sequence is
reset. There is also a possibility that no conclusion is made until there are more
conclusive evidences for jamming.

4.7 Tampering Attack and its Countermeasures

 An attacker can damage or replace sensor and computation hardware and the program
codes or remove sensitive materials like cryptographic keys to allow unrestricted
access to higher levels of communication (Figure4.1). Thereby these tampering nodes
interfere in the physical access of sensor nodes.

Figure 4.1 Tampering Attack

Countermeasures
 Some attacks in the physical layer are quite hard to cope with. For example, after
sensors are deployed in the field, it is difficult or infeasible to prevent every single
sensor from device tampering. Therefore, although there are some mechanisms that
attempt to reduce the occurrences of attacks, more of them focus on protecting
information from divulgence.
 AD HOC and Wireless Sensor Networks 4.17

Access Restriction
 Obviously, restricting adversaries from physically accessing or getting close to sensors
is effective on tampering attacks. It is good to have such restrictions if we can, but
unfortunately, they are either difficult or infeasible in most cases. Therefore, we
usually have to fall back on another type of restrictions: communication media access
restriction.
 A few techniques exist nowadays that prevent attackers from accessing the wireless
medium in use, including sleeping/hibernating and spread spectrum communication.
 This technique uses either analog schemes where the frequency variation is
continuous, or digital schemes (e.g. frequency hopping) where the frequency variation
is abrupt.
 By this way, attackers cannot easily locate the communication channel, and are thus
restrained from attacking. The spread spectrum communications are not yet feasible
for WSNs that are usually constrained in resources. Directional antenna is another
technique for access restriction. By confining the directions of the signal propagation,
it reduces the chances of adversaries accessing the communication channel.
Encryption
 In general, cryptography is the all-purpose solution to achieve security goals in WSNs.
To protect data confidentiality, cryptography is indispensable.
 Cryptography can be applied to the data stored on sensors. Once data are encrypted,
even if the sensors are captured, it is difficult for the adversaries to obtain useful
information. A more costly encryption can yield higher strength, but it also drains the
limited precious energy faster and needs more memory. More often, cryptography is
applied to the data in transmission.
 There are basically two categories of cryptographic mechanisms: asymmetric and
symmetric. In asymmetric mechanisms (e.g. RSA), the keys used for encryption and
decryption are different, allowing for easier key distribution. It usually requires a third
trusted party called Certificate Authority (CA) to distribute and check certificates so
that the identity of the users using a certain key can be verified. However, due to the
lack of a priori trust relationship and infrastructure support, it is infeasible to have CAs
in WSNs.
 Furthermore, asymmetric cryptography usually consumes more resources such as
computation and memory.
 AD HOC and Wireless Sensor Networks 4.18

 In comparison, symmetric mechanisms are more economical in terms of resource

consumption. As long as two nodes share a key, they can use this key to encrypt and
decrypt data and securely communicate with each other.

4.8 Block Hole Attack and its Countermeasures

 Black Hole attack occurs under Dos (Denial of service) attack in the network layer of
OSI Model. In this kind of attacks the malicious node forgery other nodes by
announcing a shortest false route to the destination then attracts additional traffic and
drops continually the packets.

 During data transmission the source node sends a Route REQuest (RREQ) message to
all the nodes including malicious node. Given that a malicious node may become
active by receiving RREQ message and replies using Route REPly (RREP) message.

 It attracts additional traffic by falsely claiming the shortest route to the destination.
This causes blocking and increasing the energy consumption in each node, leading to
the formation of routing holes which disturb or stop the network functionality.

 The Fig. 4.3 illustrates the Black hole attack: while the source node A broadcasts an
RREQ messages to discover the route for sending packets to destination node C. An
RREQ broadcast from node A is received by neighbouring nodes B, D and the
malicious node E. The RREP message sent by the malicious attacker node E is the first
message reaching the source node. This last updates its routing table for the new route
to the intended node destination, discarding any RREP message from other
neighbouring nodes including the actual node destination and starts sending the
buffered data packets immediately. In the same time the Black hole node drops all
coming data packets rather than forwarding.

Figure 4.2 Black hole Attack schematic illustration using RREQ and RREP Packet

Source : Protocol and Architecture for Wireless Sensor Networks by Holger Karl ,
Andreas willig
 AD HOC and Wireless Sensor Networks 4.19

Figure 4.3 Black Hole Attaack

Source : Protocol and Architecture for Wireless Sensor Networks by Holger Karl ,
Andreas willig

Countermeasures

Routing Access Restriction

 Routing may be one of the most attractive attack targets in WSNs. If we can exclude
attackers from participating in the routing process, i.e. restrict them from accessing
routing, a large number of attacks in the network layer will be prevented or alleviated.

 Multi-path routing is one of the methods to reduce the effectiveness of attacks

launched by attackers on routing paths. In these schemes, packets are routed through
multiple paths. Even if the attacker on one of the paths breaks down the path, the
routing is not necessarily broken as other paths still exist.

 This alleviates the impact of routing attacks, although does not prevent these attacks. A
general way is to use authentication methods. With authentication, it can be easily
determined whether a sensor can participate in routing or not.

 Authentication can be either end-to-end or hop-to-hop. In end-to-end authentication,

the source and destination share some secret and can thus verify each other. When a
node receives a routing update, it always verify the sender of the update before
accepting the update.

 In hop-to-hop authentication, each message in transmission is authenticated hop by

hop. Therefore, the trust between the source and the destination is built upon the trust
on all the intermediate nodes in the path.

 Data are authenticated hop by hop between associated nodes until they reach the base
station. Hop-to-hop authentication can be combined with mu lti-path routing. This
paths can be physical, meaning that messages are routed through multiple physically
different communication paths.
 AD HOC and Wireless Sensor Networks 4.20

False Routing Information Detection

 Sometimes attackers do have chances to send false routing information into the
network, e.g. during route discovery stages. If the false information does not lead to
network failure such as broken routes, we really cannot do much about it. Otherwise,
we can apply the idea of misbehaviour detection method.

 For example, watchdog or IDS (Intrusion Detection System) may find that some node
fails to route messages along the routing path due to the wrong information it keeps.
This anomaly of route failure may trigger out an alarm.

 Nodes can start to trace the source of false routing information. The Reputation can
also be maintained, depending on whether nodes are providing valid routing
information.

4.9 Flooding Attack and its Countermeasures

 Many protocols require nodes to broadcast HELLO packets to announce themselves to
their neighbors, and a node receiving such a packet may assume that it is within
(normal) radio range of the sender (Figure 4.4).

 This assumption may be false: a laptop-class attacker broadcasting routing or other

information with large enough transmission power could convince every node in the
network that the adversary is its neighbour.

 For example, an adversary advertising a very high-quality route to the base station to
every node in the network could cause a large number of nodes to attempt to use this
route, but those nodes sufficiently far away from the adversary would be sending
packets into oblivion. The network is left in a state of confusion.

Figure 4.4 Flooding Attacks

Source : Protocol and Architecture for Wireless Sensor Networks by Holger Karl ,
Andreas willig
 AD HOC and Wireless Sensor Networks 4.21

Countermeasures

Using Secret Keys Method

 In multi-path multi-base station data forwarding technique, each sensor node maintains
number of different secrets (keys) in a multiple tree.

 Sensor node can forward its sensed data to multiple routes by using these secrets.
There are multiple base stations in the network that have control over specific number
of nodes and also, there are common means of communication among base stations.

 Each base station has all the secrets that are shared by all the sensor nodes, covered by
it, according to the key assignment protocol.

Using Threshold Method

 A threshold based solution is used to defend against flooding attacks in WSN.

 The mobile nodes use a threshold value to check whether its neighbors are intruders or
not.

 When the number of route request packets broadcasted by a node exceeds the
predefined threshold value, it is treated as an intruder and the node stops providing its
services to the intruder.

4.10 Key Distribution and Management

4.10.1 Key Management

 Cryptography is one of the most common and reliable means to ensure security. It is
the study of the principles, techniques, and algorithms by which information is
transformed into a disguised version which no unauthorized person can read, but
which can be recovered in its original form by an intended recipient.

 In cryptography, the original information to be sent from one person to another is

called plaintext. This plaintext is converted into ciphertext by the process of
encryption, that is, the application of certain algorithms or functions.

 An authentic receiver can decrypt/decode the ciphertext back into plaintext by the
process of decryption. The processes of encryption and decryption are governed by
keys, which are small amounts of information used by the cryptographic algorithms.

 When the key is to be kept secret to ensure the security of the system, it is called a
secret key. The secure administration of cryptographic keys is called key management.
 AD HOC and Wireless Sensor Networks 4.22

 The four main goals of cryptography are confidentiality, integrity, authentication (the
receiver should be able to identify the sender and verify that the message actually came
from that sender), and non-repudiation.

 There are two major kinds of cryptographic algorithms: symmetric key algorithms,
which use the same key for encryption and decryption, and asymmetric key
algorithms, which use two different keys for encryption and decryption.

 Symmetric key algorithms are usually faster to execute electronically, but require a
secret key to be shared between the sender and receiver. If the same key is used among
more than two parties, a breach of security at any one point makes the whole system
vulnerable.

 The asymmetric key algorithms are based on some mathematical principles which
make it infeasible or impossible to obtain on e key from another; therefore, one of the
keys can be made public while the other is kept secret (private). This is called public
key cryptography.

Symmetric Key Algorithms

 Symmetric key algorithms rely on the presence of the shared key at both the sender
and receiver, which has been exchanged by some previous arrangement.

 There are two kinds of symmetric key algorithms, one involving block ciphers and the
other stream ciphers. A block cipher is an encryption scheme in which the plaintext is
broken into fixed-length segments called blocks, and the blocks are encrypted one at a
time.

 The simplest examples include substitution and transposition. In substitution, each

alphabet of the plaintext is substituted by another in the ciphertext, and this table
mapping the original and the substituted alphabet is available at both the sender and
receiver.

 A transposition cipher permutes the alphabet in the plaintext to produce the ciphertext.
Figure 4.5 (a) illustrates the encryption using substitution, and Figure 4.5 (b) shows a
transposition cipher. The block length used is five.
 AD HOC and Wireless Sensor Networks 4.23

Figure 4.5 Substitution and Transposition

Source : Protocol and Architecture for Wireless Sensor Networks by Holger Karl ,
Andreas willig

 A stream cipher is a symmetric key cipher where plaintext digits are combined with a
pseudorandom cipher digit stream. In a stream cipher, each plaintext digit is encrypted
one at a time with the corresponding digit of the keystream, to give a digit of the
ciphertext stream

 One of the simplest stream ciphers is the Vernam cipher, which uses a key of the same
length as the plaintext for encryption. For example, if the plaintext is the binary string
10010100, and the key is 01011001, then the encrypted string is given by the XOR of
the plaintext and key, to be 11001101. The plaintext is again recovered by XOR the
ciphertext with the same key. If the key is randomly chosen, transported securely to
the receiver, and used for only one communication, this forms the one-time pad which
has proven to be the most secure of all cryptographic systems.
 AD HOC and Wireless Sensor Networks 4.24

Asymmetric Key Algorithms

 Asymmetric key (or public key) algorithms use different keys at the sender and
receiver ends for encryption and decryption, respectively.

 Let the encryption process be represented by a function E, and decryption by D. Then

the plaintext M is transformed into the ciphertext C as C = E ( M).

 The receiver then decodes C by applying D. Hence, D is such that M = D(C) = D (E

(M)). When this asymmetric key concept is used in public key algorithms, the key E is
made public, while D is private, known only to the intended receiver. Anyone who
wishes to send a message to this receiver encrypts it using E. Though C can be
overheard by adversaries, the function E is based on a computationally difficult
mathematical problem, such as the factorization of large prime numbers.

 Hence, it is not possible for adversaries to derive D given E. Only the receiver can
decrypt C using the private key D.

 A very popular example of public key cryptography is the RSA system d eveloped by
Rivest, Shamir, and Adleman, which is based on the integer factorization problem.

 Digital signatures schemes are also based on public key encryption. In these schemes,
the functions E and D are chosen such that D (E ( M)) = E (D (M)) = M for any message
M. These are called reversible public key systems.

 In this case, the person who wishes to sign a document encrypts it using his/her private
key D, which is known only to him/her. Anybody who has his/her public key E can
decrypt it and obtain the original document, if it has been signed by the corresponding
sender.

4.10.2 Key Distribution (Management) Approaches

 The primary goal of key distribution is to share a secret among a specified set of
participants. There are several methods that can be employed to perform this
operation, all of them requiring varying amounts of initial configuration,
communication, and computation. The main approaches to key distribution are

 Key Pre-distribution

 Pairwise Key Generation

 Key Transport

 Key Agreement
 AD HOC and Wireless Sensor Networks 4.25

Key Pre-distribution
 Key pre-distribution, as the name suggests, involves distributing keys to all interested
parties before the start of communication. This method involves much less
communication and computation, but all participants must be known a priori, during
the initial configuration.

 Once deployed, there is no mechanism to include new members in the group or to

change the key. As an improvement over the basic pre-distribution scheme, sub-groups
may be formed within the group, and some communication can be restricted to a
subgroup. However, the formation of sub-groups is also an a priori decision with no
flexibility during the operation.

Pairwise Key Generation

 In WSN, if it is known which nodes will be in the same neighbourhood before
deployment, pairwise keys can be established between these nodes a priori. Any pair
of nodes can use this master secret key to achieve key agreement

Key Transport
 In key transport systems, one of the communicating entities generates keys and
transports them to the other members. The simplest scheme assumes that a shared key
already exists among the participating members.

 This prior shared key is used to encrypt a new key and is transmitted to all
corresponding nodes. Only those nodes which have the prior shared key can decrypt it.
This is called the key Encrypting Key (KEK) method. However, the existence of a
prior key cannot always be assumed. If the public key infrastructure (PKI) is present,
the key can be encrypted with each participant's public key and transported to it.

Key Agreement
 Most key agreement schemes are based on asymmetric key algorithms. They are used
when two or more people want to agree upon a secret key, which will then be used for
further communication.

 Key agreement protocols are used to establish a secure context over which a session
can be run, starting with many parties who wish to communicate and an insecure
channel.

 In group key agreement schemes, each participant contributes a part to the secret key.
These need the least amount of pre-configuration, but such schemes have high
computational complexity. The most popular key agreement schemes use the Diffie-
Hellman exchange, an asymmetric key algorithm based on discrete logarithms.
 AD HOC and Wireless Sensor Networks 4.26

4.11 Secure Routing in Wireless Sensor Networks

 Routing is one of the most important operations in wireless sensor networks (WSNs)
as it deals with data delivery to base stations.

 Routing attacks can cripple it easily and degrade the operation of WSNs significantly.
Hence, providing security becomes a challenging task in the networks.

 Various other factors which make the task of ensuring secure communication in
wireless sensor networks difficult include the mobility of nodes, a promiscuous mode
of operation, limited processing power, and limited availability of resources such as
battery power, bandwidth, and memory.

 The secure routing protocol should be resilient in the presence of malicious nodes that
may launch various types of attacks. Some of the mechanisms proposed for secure
routing.

4.11.1 Requirements of a Secure Routing Protocol for Wireless Sensor Networks

The fundamental requisites of a secure routing protocol for wireless sensor networks
are listed as follows:

Detection of malicious nodes

 A secure routing protocol should be able to detect the presence of malicious nodes in
the network and should avoid the participation of such nodes in the routing process.
Even if such malicious nodes participate in the route discovery process, the routing
protocol should choose paths that do not include such nodes.

Guarantee of correct route discovery

 If a route between the source and the destination nodes exists, the routing protocol
should be able to find the route, and should also ensure the correctness of the selected
route.

Confidentiality of network topology

 Information disclosure attack may lead to the discovery of the network topology by the
malicious nodes. Once the network topology is known, the attacker may try to study
the traffic pattern in the network.

 If some of the nodes are found to be more active compared to others, the attacker may
try to mount (e.g., DoS) attacks on such bottleneck nodes. This may ultimately affect
the on-going routing process.
 AD HOC and Wireless Sensor Networks 4.27

 Hence, the confidentiality of the network topology is an important requirement to be

met by the secure routing protocols.

Stability against attacks

 The routing protocol must be self-stable in the sense that it must be able to revert to its
normal operating state within a finite amount of time after a passive or an active attack.
The routing protocol should take care that these attacks do not permanently disrupt the
routing process.

 The protocol must also ensure Byzantine robustness, that is, the protocol should work
properly even if some of the nodes, which were earlier participating in the routing
process, turn out to become malicious at a later point of time or are intentionally
damaged.

4.12 Security Protocols for Sensor Networks (SPINS)

 Security protocols for sensor networks (SPINS) consists of a suite of security protocols
that are optimized for highly resource-constrained sensor networks. SPINS consists of
two main modules:

 Sensor Network Encryption Protocol (SNEP)

 Micro-version of Timed Efficient Stream Loss-Tolerant Authentication protocol

(µTESLA)

4.12.1 Sensor Network Encryption Protocol (SNEP)

 SPIN is abbreviation of sensor protocol for information via negotiation. This protocol
is defined to use to remove the deficiency like flooding and gossiping that occurs in
other protocols.

 The main idea is that the sharing of data, which is sensed by the node, might take more
resources as compare to the meta-data, which is just a descriptor about the data sensed,
by the node.

 The resource manager in each node monitors its resources and adapts their
functionality accordingly.

 SNEP is sensor network encryption protocol. The SNEP protocol offers the following
nice properties:
 AD HOC and Wireless Sensor Networks 4.28

 Semantic security: Since the counter value is incremented after each message,
the same message is encrypted differently each time. The counter value is long
enough that it never repeats within the lifetime of the node.

 Data authentication: If the MAC verifies correctly, a receiver can be assured that
the message originated from the claimed sender.

 Replay protection: The counter value in the MAC prevents replaying old
messages. Note that if the counter were not present in the MAC, an advers ary
could easily replay messages.

 Weak freshness: If the message verified correctly, a receiver knows that the
message must have been sent after the previous message it received correctly (that
had a lower counter value). This enforces a message ordering and yields weak
freshness.

 Low communication overhead: SNEP has low communication overhead since it

only adds 8 bytes per message. The counter state is kept at each end point and
does not need to be sent in each message

4.12.1.1 Key Generation /Setup

 Nodes and base station share a master key pre-deployment

 Other keys are bootstrapped from the master key:

 Encryption key

 Message Authentication code key

 Random number generator key

Figure 4.6 SNEP Key Generation

Source : Protocol and Architecture for Wireless Sensor Networks by Holger Karl ,
Andreas willig
 AD HOC and Wireless Sensor Networks 4.29

4.12.1.2 Authentication, Confidentiality

 The two communicating parties A and B share a master secret key XAB, and they derive
independent keys using the pseudorandom function F: encryption keys KAB = FX (1) and
KBA = FX (3) for each direction of communication, and MAC keys K’AB = FX (2) and
K’BA = FX (4) for each direction of communication.

 The combination of these mechanisms form our Sensor Network Encryption Protocol
SNEP.

 The encrypted data has the following format: E = {M} (K, C), where M is the data, the
encryption key is K, and the counter is C. The MAC is M = MAC (K’, C||E). The complete
message that A sends to B is

A → B: {M} (KAB, CA), MAC ( K’AB CA || {M} (KAB,CA)

Figure 4.7 SNEPAuthentication, Confidentiality

Source : Protocol and Architecture for Wireless Sensor Networks by Holger Karl ,
Andreas willig

4.12.1.3 Strong Freshness

 Node A achieves strong data freshness for a response from node B through a nonce NA.
Node A generates NA randomly and sends it along with a request message RA to node B.
The simplest way to achieve strong freshness is for B to return the nonce with the response
message RB in an authenticated protocol.
 AD HOC and Wireless Sensor Networks 4.30

Figure 4.8 SNEP Strong Freshnes

Source : Protocol and Architecture for Wireless Sensor Networks by Holger Karl ,
Andreas willig

4.12.1.4 Counter exchange protocol

 To achieve small SNEP messages, we assume that the communicating parties A and B
know each other’s counter values CA and CB and so the counter does not need to be added
to each encrypted message.

Figure 4.9 SNEP Counter Exchange

Source : Protocol and Architecture for Wireless Sensor Networks by Holger Karl ,
Andreas willig

 If party A realizes that the counter CB of party B is not synchronized any more, A can
request the current counter of B using a nonce NA to ensure strong freshness of the
reply:
 AD HOC and Wireless Sensor Networks 4.31

4.12.2 Micro Timed Efficient Stream Loss-tolerant Authentication (µTESLA)

 Micro Timed Efficient Stream Loss-tolerant Authentication delivers broadcast

authentication. The pure TESLA is not practical for a node to broadcast authenticated
data.

Problems with TESLA

 Digital Signature for initial packet authentication

 µTESLA uses only symmetric mechanism

 Overhead of 24 bytes per packet

 µTESLA discloses key once per epoch

 One way key chain is too big

 µTESLA restricts number of authenticated senders

4.12.2.1 Authentication

 To send an authenticated packet, the base station simply computes a MAC on the
packet with a key that is secret at that point in time.

 When a node gets a packet, it can verify that the corresponding MAC key was not yet
disclosed by the base. Since a receiving node is assured that the MAC key is known
only by the base station, the receiving node is assured that no adversary could have
altered the packet in transit.

 The node stores the packet in a buffer. At the time of key disclosure, the base station
broadcasts the verification key to all receivers. When a node receives the disclosed
key, it can easily verify the correctness of the key. If the key is correct, the node can
now use it to authenticate the packet stored in its buffer

4.12.2.2 Key Setup

 Each MAC key is a key of a key chain, generated by a public one-way function F. To
generate the one-way key chain, the sender chooses the last key Kn of the chain randomly,
and repeatedly applies F to compute all other keys: K i = F (Ki+1).

 Each node can easily perform time synchronization and retrieve an authenticated key
of the key chain for the commitment in a secure and authenticated manner.
 AD HOC and Wireless Sensor Networks 4.32

 For example, Figure 4.10 shows an example of µTESLA. Each key of the key chain
corresponds to a time interval and all packets sent within one time interval are
authenticated with the same key. The time until keys of a particular interval are
disclosed is 2 time intervals in this example.

Figure 4.10 Key setup

 Assume that the receiver node is loosely time synchronized and knows K0 (a commitment
to the key chain) in an authenticated way. Packets P1 and P2 sent in interval 1 contain a
MAC with key K1. Packet P3 has a MAC using key K2. So far, the receiver cannot
authenticate any packets yet. Let us assume that packets P4, P5, and P6 are all lost, as well
as the packet that discloses key K1, so the receiver can still not authenticate P1, P2, or P3.
In interval 4 the base station broadcasts key K2, which the node authenticates by verifying
K0 = F (F (K2)), and hence knows also K1 = F (K2), so it can authenticate packets P1, P2
with K1, and P3 with K2.

 Instead of adding a disclosed key to each data packet, the key disclosure is independent
from the packets broadcast, and is tied to time intervals. Within the context of
µTESLA, the sender broadcasts the current key periodically in a special packet. 

4.12.2.3 µTESLA Detailed Description

 µTESLA has multiple phases:

 Sender setup: The sender first generates a sequence of secret keys (or key chain). To
generate the one-way key chain of length n, the sender chooses the last key Kn
randomly, and generates the remaining values by successively applying a one-way
function F.

 Sending authenticated packets: Time is divided into time intervals and the sender
associates each key of the one-way key chain with one time interval. In time interval
t, the sender uses the key of the current interval, Kt, to compute the message
authentication code (MAC) of packets in that interval.
 AD HOC and Wireless Sensor Networks 4.33

 Bootstrapping new receivers: The important property of the one-way key chain is
that once the receiver has an authenticated key of the chain, subsequent keys of the
chain are self-authenticating, which means that the receiver can easily and efficiently
authenticate subsequent keys of the one-way key chain using the one authenticated
key. For example, if a receiver has an authenticated value K i of the key chain, it can
easily authenticate Ki+1, by verifying Ki = F (Ki+1). Therefore to bootstrap µTESLA,
each receiver needs to have one authentic key of the one-way key chain as a
commitment to the entire chain

 Authenticating packets: When a receiver receives the packets with the MAC, it
needs to ensure that the packet could not have been spoofed by an adversary. The
threat is that the adversary already knows the disclosed key of a time interval and
so it could forge the packet since it knows the key used to compu te the MAC.
Hence the receiver needs to be sure that the sender did not disclose the key yet
which corresponds to an incoming packet, which implies that no adversary could
have forged the contents. This is called the security condition, which receivers
check for all incoming packets.

4.13 Reliability Requirements in Sensor Networks

 The sensor networks are not designed with the goal of transporting multiple
independent data streams. Sensor networks are data-centric and rely on in-network
processing. The reliability requirements are pretty much application specific and the
protocols can take advantage of this;

4.13.1 Single packet versus block versus stream delivery

 The cases of delivering only a single packet on the one hand and of delivering a
number or even an infinite stream of packets on the other hand differ substantially in
the protocol mechanisms usable in either case.

 In the single packet delivery problem, a single packet must be reliably transported
between two nodes.

 In the block delivery problem, a finite data block comprising multiple packets must be
delivered to a sensor or a set of sensors.

 In the stream delivery problem, a theoretically unbounded number of packets has to be

transported between two nodes.
 AD HOC and Wireless Sensor Networks 4.34

4.13.2 Sink-to-sensors versus sensors-to-sink versus local sensor-to-sensor

 It can be assumed that most communications in sensor networks are not between
arbitrary peer nodes, but information flows either from sensor nodes towards a single
or a few sink/gateway nodes or in critical environments such as military applications,
it is necessary that the sink is able to transmit the data to the sensors in the least
possible time.

 In the case of sensor to sensor communications, the sensors monitor a region and
transmit the collected data packets through routes (intermediate sensor nodes) to the
sinks.

4.13.3 Guaranteed versus stochastic delivery

 In the case of guaranteed delivery, it is expected that all transmitted packets reach the
destination; anything else is considered a failure. In general, guaranteed delivery is
challenging and costly in terms of energy and bandwidth expenditure, specifically over
links with sometimes high error rates like wireless ones.

 The concept of stochastic delivery guarantees allows a limited amount of losses. There
are several ways to specify stochastic guarantees. For example, one might specify that
for periodic data delivery within every k subsequent packets at least m packets must
reach the destination; any number below m is considered a failur
AD HOC and Wireless Sensor Networks 4.35