Attack resilient trust and signature-based intrusion detection systems (IDS)

Abstract

The Wireless Sensor Network (WSN) is one of the fastest growing networking sectors in real time monitoring applications mainly in industrial and military fields. The confidentiality of data and a secure communication channel for transmitting data to the destination is a needed requirement in WSN. The necessity of providing efficient security is also a significant concern in WSN based applications due to the physical factors such as the use of the wireless medium for data transmission and requirement of minimum utilization of sensor node resources. The routing and data aggregation protocols are developed to enhance the resource utilization in sensor nodes and achieving an efficient data delivery. Due to data transmission through untrustworthy nodes, the security parameters of WSN are affected by different types of active and passive attacks. The use of security mechanisms such as cryptographic keys, Intrusion Detection System (IDS) and trust management mechanisms can mitigate the problem of security attacks. The strength of the security mechanism in the network can be increased by combing the properties of different security schemes. The trust evaluation using single metrics often does not provide accurate trust value, which in turn leads to a severe impact on network performance. In the proposed IDS based Hierarchical Trust measurement (IDSHT) scheme, the evaluation and validation of sensor nodes during cluster head selection for achieving secure data aggregation is done using multidimensional factors to improve the accuracy of the trust value and prevent attacks such as impersonation attacks. The multidimensional factors used in the hierarchical based environment are Interactive Trust (IT), Content Trust (CT), and Honesty Trust (HT). The IT and HT is the network related trust while the CT is a data related trust. The two-tier hierarchical mechanism consists of two levels of trust evaluation, and they are sensor node level trust evaluation, and cluster head level trust evaluation. The multidimensional trust value for both sensor node level and cluster head level is obtained using direct evaluation between sensor node-cluster head and cluster head-base station respectively. The RSA based signature generation and verification are included in the hierarchical trust mechanism and is called as IDSHT with signature (IDSHT-S), to strengthen the security of the IDSHT scheme. The simulation scenario of the proposed IDSHT is constructed with data dropping, and modification attack scenarios and the performance analysis of IDSHT and IDSHT-S schemes are compared to prove the efficiency of detecting attacks without compromising the performance of the network.