Accurate and scalable security evaluation of wireless sensor networks

As the use of wireless sensor networks (WSNs) for security-critical applications, such as battlefield surveillance and health care monitoring, expands, ensuring their security emerges as an important concern. Due to the resource limitations of the sensor nodes in WSNs and their deployment in open environments, WSNs must be secured in order to trust the information they gather. However, developing and evaluating secure WSNs is a complex process that involves careful design of attack test cases and security countermeasures, as well as meaningful evaluation of the impact of the attack and effectiveness of the countermeasure. A contribution of this dissertation is the design and implementation of SenSec, a scalable framework that facilitates the development and evaluation of secure sensor networks and applications. We demonstrate the key benefits of SenSec: (1) it allows security evaluation using real sensor applications that, once evaluated, can then be deployed, without modification, on real networks, (2) it can be easily extended to any discrete event simulator, (3) it provides a modular structure for defining attack cases that can be extended to a broad set of attacks, (4) it supports automatic generation of sophisticated and previously unconsidered attack cases, and (5) it facilitates the analysis and identification of vulnerabilities in security systems and quantitative evaluations of the impact of attacks and countermeasures in WSNs. Through a number of experiments, we show SenSec accurately predicts the behavior of real WSNs, can scale to networks with over a thousand nodes, and facilitates the evaluation and development of secure WSNs.Another contribution is a survey of existing approaches to detecting compromised nodes in WSNs, a challenging security issue for WSNs. Through analysis and experimental results, we show the limitations of existing approaches: (1) they perform poorly in lossy environments (if channel loss is increased from 0% to 20%, the detection rate of compromised nodes in these systems drop from over 80% to less than 20% and the ratio of false positives rise from less than 10% to over 95%) and (2) they do not guard against slander attacks, so attackers can use the detection system to implicate legitimate nodes as compromised.To overcome these limitations, we developed ComSen, an accurate and lightweight intrusion detection system for identifying compromised nodes in WSNs. Using quantitative results from SenSec, we demonstrate the benefits of ComSen: (1) it is not vulnerable to slander attacks, (2) it provides detection rates of 99% and false positive ratios of less than 2% in environments with loss rates of 30%, which cannot be achieved by existing systems, (3) it can be deployed in most WSNs because it uses common network features (sensor readings, receive power, send rate, and receive rate) and can adjust its detection behavior based on the characteristics the WSN, and (4) it has low memory, computation, and communication overheads that allow it to scale to networks of over thousands of nodes.