Wireless Threats and Defenses
With the continued advancements in the field of technology and the apparent increasing performance/price advantages, the use of wireless accessibility has increasingly been deployed in public environments and organizational offices. The main aim of a wireless sensor network or accessibility is to collect information from or pertaining to the environment they have been deployed in (Dener). Owing to the fact that they can be used in many applications, the wireless access ability has attracted lots of attention in the recent years. They can be used in devices with communication components, data processing and computing.
The wireless accessibility functions through the scattering of sensor nodes, which then serves to connection of a network (Dener). However, the sensor networks as used in a wireless system are often faced with two glaring challenges. First, often, the sensors are highly resource constrained. The second challenge pertains to the random deployment of the sensor nodes, a characteristic witnessed in many applications. As such, owing to the random deployment of the sensors results in the difficulties in dimensioning of the network. On one hand, if few sensor nodes are scattered, it might result in a lack of coverage that translates to a disconnected network (Hu, Perrig & Johnson 51). Still, when too many or excessive nodes are scattered, the medium access control interference and collision results in a too efficient network.
Despite the flexibility and the convenience of wireless networks, there is a big security price that organizations face when they fail to secure their networks. This is because of inherent weaknesses and characteristics of wireless accessibility (Bajwa 21). Mostly, this can be attributed to the density and size of the networks, the constrained resources in the sensor nodes, the physical vulnerability of unattended sensors, and the fact that the sensor might venture into an unknown typology (Bajwa 21). As such, it is important for organizations to venture into the field of wireless security in a bid to understand and eliminate the threats that may be targeted towards their systems. From a marketing perspective, securing one’s systems from attacks that start from the wireless accessibility will ensure that important client information and valuables are protected. This is a key way in retaining the existing customers and attracting more. This paper delves into wireless threats and explains the type of dangers that an organization might face. First, the paper will identify the security requirements of a wireless system and the broad categorization of the security classes. This will then be followed by the attacks that can be launched to a wireless networks. Finally, the paper recommends the specific methods through which organizations can avert the attacks as well as preemptive collective measures that are imperative in helping an organization to avoid any attacks
Wireless Networks Security Requirements
Understanding the security requirements of a wireless network is imperative in getting the basic factors that protect the system. One of the main requirements is authentication (Dener). It is important to note that the network system sends sensed data that might be part of a crucial decision-making process. As such, an individual has to approve whether such communication is from a correct or trusted source. Integrity is another component of the requirements. Owing to the harsh environments that the information is passed through, individuals have to ascertain that the data they have has not been tampered with in any way.
Confidentiality is also a key component of the wireless security (Bajwa 33). Information that is passed in these securities is sometimes too crucial to fall in the hands of a third party. Many hackers or infringers of wireless networks often target the information that is passed through it. Confidentiality is an important measure of just how secure a wireless network is. Also, data freshness can be used in gauging the security of the same. It pertains to making sure that the information or data provided is not replayed from old ones (Bajwa 34). At times, networks are infringed upon to relay substances that had been provided before as a cover for a malicious attack. A good system should be able to decipher the old information from the current ones.
Network availability is also another imperative measure of its security (Dener). While at other times the sensor nodes may become unavailable owing to lack of power and excessive communication or computation, at other times, they might be jammed by third parties in an attempt to make them unavailable. Lastly, secure location is a security requirement for a wireless accessibility. A wireless network always automatically recognizes location information. Non-secured information locations can easily be manipulated by attackers through replaying signals or presenting fake signals.
Security Risks and Threats
The attacks and risks that can be launched on a wireless system can broadly be categorized into interception, fabrication, modification and interruption. Interruption pertains to an attack that results in unavailability of the entire wireless network (Newsome et al 23). This can be done, for instance, through the corruption of the message; the insertion of various malicious codes as well as capturing the nodes that are used in the wireless network. Interception attacks the confidentiality of the wireless network (Wood & Stankovich, 53). In this sense, an attacker or a hacker may use means to gain access to data stored in the system or the sensor nodes. Modification is an attack that pertains to the integrity of the system. This is where the attacker or hacker not only has an access to the system, but also has the capabilities of tampering with it. For instance, a hacker can opt to flood the system with useless data once they have access to it. Lastly, fabrication is where an attacker or a hacker tampers with the authentication of the wireless network (Newsome et al 54). It is where the attacker opts to supply the system with false or cooked data that compromises with its truthfulness. All these attacks are dangerous and need to be acted upon or measures taken that will ensure that such are averted before they commence.
Parking Lot/Access Point Attack
The wireless network access point emits signal in radio form that are circular in pattern (Mamatha & Sharma 71). In most cases, the wireless signals can be relayed beyond a certain physical boundary that marks the end of an organization’s areas of operation or a home. As such, these signals can be accessed beyond a certain point that they are required to cover by an individual or an organization. In a multi-storey building, the signals can sometimes be accessed on the other floors. In certain circumstances, depending on the strengths of the wireless device or signal, they can be picked in adjacent buildings. Owing to these, attackers can launch an attack from a near distance where the signals can be accessed from easily. Because some of these attacks that use access points have been launched from parking lots, the name parking lot attack was coined.
A network can be compromised allowing an attacker or a hacker to achieve a level of penetration into the internal host of the organization through the firm’s wireless connection (Mamatha & Sharma 73). The attacker can easily go through the firewall and gain the same level of access like the employees that work in the organization. In other circumstances, the attacker is the one who fools an individual to connect through their wireless system. This can be done by having an unauthorized access point (Bajwa 43). When an attacker uses a strong signal that can be accessed by an individual or a corporation through their employee, such individuals may be tempted to connect to the broadcasting signal. These rogue servers allow a hacker to access important information that might be in a user’s machine or they may capture the user’s password when they login into various accounts. This form of attack is the easiest since the attacker only needs to trick a user into trying to connect to their wireless network.
Shared Key Authentication Attack
Shared key authentication is another major attack that can be launched on a wireless network (Bajwa 43). A hacker can launch a passive attack through eavesdropping on the response as well as the challenge between the authenticating client and the access point. This attack is made possible by the fact that a hacker can have the ability to capture the ciphertext, the response, as well as the plaintext, or challenge (Hu, Perrig & Johnson 31).
The process of attacking through the shared key authentication starts by having the knowledge on how the wireless equivalent privacy operates. In wireless systems, the equivalent privacy uses the stream cipher method as the key encryption algorithm. This stream cipher functions by generating a specific key stream (Wood & Stankovich, 56). The key streams, for instance sequences of random bits, are based on secret keys that are shared by the stream cipher and the installation vector. The produced key stream is just XORed on the challenge for the purposes of receiving the response or the ciphertext (Wood & Stankovich, 57). One of the elements of the stream cipher pertains to the fact that one can access the key stream if they have both the response and its corresponding challenge. A hacker than manages to get the ciphertext and the plaintext can then XOR them against each other for the purposes of producing the corresponding key stream used in the system. The key stream is an important feature that can help the hacker to authenticate their access point. Once they recover the key stream, a hacker can use it in encrypting similar challenges that are produced by the same access point.
The service set identifier is another key area through which an attack can be launched by an attacker. In many wireless devices, the access points are availed with a default service set identifier. When a user fails to change the SSID to their preferred one, it attracts more attacks from hackers as the system recognizes them due to their poor configuration (Wood & Stankovich, 59). In addition, the SSID are also lodged in management frames. These are then broadcasted in the form of a clear text that can be deciphered by the attackers. Even if the access point might have been configured to enable encryption or disable the broadcasting of the SSID, and they remained to be unchanged, the SSID will be broadcasted to unauthorized individuals. After obtaining the wireless network SSID, a hacker can be at will to conduct other attacks in the system and obtain the information they require.
When the equivalent privacy is disabled, the data or information that passes through the wireless system is open to modification attacks as well as eavesdropping. Even still, when the wired equivalent privacy is enabled, there are a number of weaknesses that it possesses that makes it insecure for the data that passes through it. The WEP can be under attack in several ways. First, an attacker who knows a certain plaintext can conduct passive attacks through the use of chosen or random ciphertext until they manage to get a matching one. Hackers can also launch passive attacks in a bid to decrypt the system through the conduction of statistical analysis on the cyphertexts. Another weakness that characterizes the WEP is its inability to stop or note that active attacks that can be launched for the purposes of launching unauthorized traffic (Singh, Gupta & Kaur 66). Also, the system can be tricked into re-directing traffic from the system to a hacker’s device. Lastly, through the WEP, an attacker can launch attacks that are meant to modify the information or data in the system.
The temporal key integrity protocol attack aims at applying the same tactics as used in the WEP attacks. This involves the use of multiple replays and trials and monitoring the success of each over a period of time. The hacker can then decode various small packets in the system. In the event that the Quality of Service in the network has been enabled, the hacker can conduct other manipulations such as the denial of service, DNS manipulation as well as the ARP poisoning (Wood & Stankovich, 62).
Mode of Attacks and Defenses
It is important to note that all the detailed attacks are made possible by interfering with the nodes. The hacker starts an attack through infringing on the nodes that make up the wireless network. The defense of the different types of attacks will depend on how an individual chooses to attack the system and the vulnerabilities that are present.
Spoofed Rooting Information
This attack takes place in the routing protocol. The hacker targets the data being exchanged between the different nodes making up the WSN. There are various methods through which an attacker launches this method of infringement. They can opt to come up with error messages that are not authentic in a bid to alter the operation of the nodes. The attacker can also repel or attract the network traffic, shorten or extend the source routes, increase the between ends delay, create a partitioning of the network (Dener). Mostly, these attacks take place at the physical layer of the system. There is one effective method of defending the system against this type of attack, authenticating. When authenticating is activated, the router will accept only the information from the valid and recognized routers. This will prevent a hacker from introducing information that dispels the normal operation of the nodes in transferring information.
Selective Forwarding Attack
This is an attack where an attacker introduces a malicious node in the system or the network in a bid to interfere with the forwarding of the data packets. A wireless network functions through the multi hop mode system. This is where information that is carried in data packets is passed to the next through successive nodes (Dener). Each node trusts the next node to receive and pass on the data packets to the next one until they are retrieved or stored. An attacker can interfere with this process by using a malicious node that is not part of the system. As such, the node can basically refuse to accept the data packets that are passed on to them or they can simply opt not to pass them off to the next node. The information or the data in the data pockets is then simply lost. This attack can be difficult to look for or identify. However, an individual should look out for the sequence number of the data package. The selective forwarding attacks take place in the network level of the WSN (Dener). Assigning numbers will be instrumental in understanding where the cycle was broken and which node has been affected (Dener). This serves to highlight the malicious ones. Assigning packet header is also another way of discouraging such type of attack.
Node Replication Attack
Nodes in the wireless sensory network have different identities. In this attack, an attacker disrupts the functioning of the system by having more than one node with the same identity mounted at different areas of the network. First, the attacker may opt to capture one node in an entire network and clone it. They then mount the cloned node in different paths of the network, hence creating a disrupting effect where the data or information cannot be passed through the system (Bajwa). Alternatively, the attacker can create a false node by trying to replicate the features of an existing one. This node will then generate unauthentic data in a bid to still disrupt how the network functions. This attack is undertaken on the application layer of the wireless network. The best bet of ending such an attack is to first detect the cloned or false nodes. A trustworthy node can be used in identifying similar nodes while detecting the ones that are infringing the system (Bajwa). This form of attack can also prevented by having a central path for computing data. This will ensure that when unauthentic information is relayed by introduced node, a red flag can be raised ensuring that important data is not infringed upon.
Black Hole Attack
This form of attack looks to creating a discontinuity that results in loss of network. An attacker can achieve this in two ways. First, they can geographically locate all the critical nodes in a system. These might include the cluster heads. A hacker can then disable all these nodes physically (Dener). Specifically, the hacker aims at creating a traffic stop which allows them to launch other attacks. Alternatively, the attacker can introduce their rogue node into the system. This then position itself as the shortest means through which the data packets can be transferred. When these nodes receive the packets, it can then drop them, hence isolating the other nodes resulting in a discontinuity in connectivity (Dener). This type of attack is launched on the physical layer of the wireless network. The prevention of this type of attack would be to ensure that the system does not allow any rogue or unidentified nodes in the network.
One of the most constrained resources in a wireless network is its energy. This is also one of the areas that attackers often look out to. Wasting or draining more of the energy in the system serves to disrupt the operations of the system. The attacker may opt to inject enormous traffic or made up reports in the network system (Mamatha & Sharma). The injected new reports will result in the raising false alarms that will have to be responded against hence wasting energy that could be used in the transmission of real data. Through this form of attack, the hacker is then able to degrade the effective performance of the network or destroy the sensor nodes. Also, the attacker can ultimately split the grid and take control of the entire network (Mamatha & Sharma). This allows them to launch other attacks that they desire. This attack also takes place in the physical layer of the wireless network. The damage that is done by the newly injected and fabricated reports can be minimized by dropping the false data as soon as they are detected in the system.
Data Integrity Attack
This attack looks out to compromising the information that is passed down between the nodes in the network. An attacker can be successful in doing this by injecting new false data into the system or completely altering the data that is carried in the data packets (Bajwa). To be successful, an attacker has to ensure that the node that they introduce the false information with is stronger in terms of energy and memory as compared to the ones contained in the wireless network. This will allow the attacker to infiltrate the victim’s information and alter them (Bajwa). The attack takes place on the physical layer of the wireless network. The best way of defending against such an attack is adopting the use of digital signatures for encryption. Encryption can also be achieved by the use of asymmetric key systems that will prevent the attacker from injecting false data into the system.
This is an example of a listening in or an interception channel attack. Here the attacker simply places their node near the sensor grid to intercept the data that passes through the node (Bajwa). However, this introduced node does not interfere with the functioning of the network’s node, and as such, they are not easy to detect. The data that is collected by the attacker’s node can then be processed by other means and devices in a bid to decipher them into useful items. Often, such attacks are possible because of the apparent vulnerability of the networks used in wireless systems in that they have shared and unsecured medium. This type of attack is also launched on the physical layer of the wireless system. Typically, they can be undertaken for the purposes of intersecting industrial secrets or military secrets. They can be reduced or eliminated by ensuring that the communication channels in the wireless networks are secured through trusted encryptions (Bajwa).
In a wireless system, the protocols may require the transmission of HELLO packets to be discovered by the neighbor nodes. Any node that receives or acknowledges such data packages operate with the assumption that it is within the sender’s radio range (Dener). To launch this attack, a hacker would typically use large transmission power into tricking the nodes in a wireless system that the attacker’s nodes are its neighbor. Responding to the message presented by the attacker’s nodes will in turn waste the energy of the nodes in the wireless network (Dener). Attackers could also trick the nodes by positioning themselves as low costs or the shortest route to transmitting information. The nodes would then forward messages to the nodes controlled by the hacker. The HELLO attack is launched on the network layer of the wireless network. There are two defenses to this type of an attack. Corporations can use the authenticated broadcast protocols to protect against nodes sending messages to attacker’s nodes. Also, one can ensure that the system verifies all the bi-directional of the local links before choosing to use them. This method is especially effective in the case an attacker is employing the use of reception capabilities that are the same as that of the sensor device or network.
This attack is launched from the network layer of the wireless network. In this type of attack, a hacker produces an effect that serves to deceive nodes that they are only a few hops away from station considered as the base (Hu, Perrig & Johnson). In normal circumstances, multiple and numerous hopes exist from the base station to where data is being transmitted. An attacker can be successful in using such an attack by creating a node and placing it between two or more legitimate functioning nodes. The wormhole attack in the form of the introduced nodes will then function to convince distant existing nodes that they are right next to each other. An attempt to transmit data to this distance node will result in the exhaustion of the energy that a node has (Hu, Perrig & Johnson). Wormhole attacks are more effective when the routing information is authenticated or encrypted. This attack is very difficult to stop or restrict especially when used in unison with the selective forwarding attack mechanism. However, its applicability in a wireless network can be limited through the use of accurate location verification and clock synchronization.
This is another attack that is launched on the network layer of the wireless sensor network. It is an attack that is characterized by the diversion of traffic from the sensor nodes before it reaches the base station (Mamatha & Sharma). The attacker places a compromised mode at central location in the network where it is guaranteed to attract all the traffic. The compromised node acts as a big influence, and is often placed near the base station. The transmitting nodes will be tricked into thinking the node is the base station and transmit the data to it (Mamatha & Sharma). This attack can be defended by ensuring that a unique key is provided to every node. As such, these keys will be the ones used in the spread of the communication spectrum or in initializing frequency hopping.
In a wireless sensor network, the routing protocols used function on the assumption that each and every node that makes up the network has its different identity. The Sybil attack is designed in such a way that an attack is able to appear at different places during similar periods of time (Newsome et al). The hacker accomplishes this by ensuring that they create multiple fake nodes identities. Also, the attacker can opt to steal legitimate nodes and clone them. The multiple nodes are then placed in the system at the same time resulting in the disruption of the geographical routing protocol used by the wireless sensor networks (Newsome et al). The network uses a location aware routing in which the neighboring nodes share coordinate information to form part of a larger network. As such, the network recognizes the modes that as a single coordinate. The Sybil attack places these unique coordinates, cloned or fabricated throughout different areas in a network. This serves to ‘confuse’ the network. The Sybil attack is launched from the network layer of the wireless sensors. It is important to note that this attack is made possible by identity fraud. As such, it can only be defended through proper authentication (Newsome et al).
Effective Practices in Deployment of Wireless Sensor Networks
The identified defenses are the very specific ways through which an individual at home or a corporation can solve the attacks that might be launched on their network. However, it is also important to come up with measures that can be used in ensuring that a network is not susceptible to frequent attacks, or one that would notify an individual in case of an attack. First, a corporation needs to keep track of the changing development for security requirements in a wireless network. Corporations also need to perform risk assessments to be able to determine security vulnerabilities that it might face. Most importantly, it is imperative that corporations have a separate firewall for the different networks and functions that they use. For instance, the wired and the wireless networks ought to have separated firewalls for protection of crucial information.
Dener, Murat. “Security analysis in wireless sensor networks.” International Journal of Distributed Sensor Networks 2014 (2014). Print.
Bajwa, Mohammad. “Wireless Network Security Threats and Mitigation—A Survey.” Open Journal of Business and Management 2014 (2014). Print.
Hu, Yih-Chun, Adrian Perrig, and David B. Johnson. “Packet leashes: a defense against wormhole attacks in wireless networks.” INFOCOM 2003. Twenty-Second Annual Joint Conference of the IEEE Computer and Communications. IEEE Societies. Vol. 3. IEEE, 2003. Print.
Mamatha, G. S., and Dr SC Sharma. “Network Layer Attacks and Defense Mechanisms in MANETS-A Survey.” International Journal of Computer Applications (0975–8887) Volume (2010). Print.
Newsome, James, et al. “The sybil attack in sensor networks: analysis & defenses.” Proceedings of the 3rd international symposium on Information processing in sensor networks. ACM, 2004. Print.
Wood, Anthony D., and John A. Stankovic. “Denial of service in sensor networks.” Computer 35.10 (2002): 54-62. Print.
Singh, Jatinder, Savita Gupta, and Lakhwinder Kaur. “A MAC Layer Based Defense Architecture for Reduction of Quality (RoQ) Attacks in Wireless LAN.” arXiv preprint arXiv:1002.2423 (2010). Print.