Security of Software-defined Wireless Sensor Networks
MetadataShow full item record
Wireless Sensor Network (WSN) using Software Defined Networking (SDN) can achieve several advantages such as flexible and centralized network management and efficient routing. This is because SDN is a logically centralized architecture that separates the control plane from the data plane. SDN can provide security solutions, such as routing isolation, while handling the heterogeneity, scalability, and the limited resources of WSNs. However, such centralized architecture brings new challenges due to the single attack point and having non-dedicated channels for the control plane in WSNs. In this thesis, we investigate and propose security solutions for software-defined WSNs considering energy-efficiency and resource-preservation. The details are as follows. First, the functionality of software-defined WSNs can be affected by malicious sensor nodes that perform arbitrary actions such as message dropping or flooding. The malicious nodes can degrade the availability of the network due to in-band communications and the inherent lack of secure channels in software-defined WSNs. Therefore, we design a hierarchical trust management scheme for software-defined WSNs (namely TSW) to detect potential threats inside software-defined WSNs while promoting node cooperation and supporting decision-making in the forwarding process. The TSW scheme evaluates the trustworthiness of involved nodes and enables the detection of malicious behavior at various levels of the software-defined WSN architecture. We develop sensitive trust computational models to detect several malicious attacks. Furthermore, we propose separate trust scores and parameters for control and data traffic, respectively, to enhance the detection performance against attacks directed at the crucial traffic of the control plane. Additionally, we develop an acknowledgment-based trust recording mechanism by exploiting some built-in SDN control messages. To ensure the resilience and honesty of the trust scores, a weighted averaging approach is adopted, and a reliability trust metric is also defined. Through extensive analyses and numerical simulations, we demonstrate that TSW is efficient in detecting malicious nodes that launch several communication and trust management threats such as black-hole, selective forwarding, denial of service, bad and good mouthing, and ON-OFF attacks. Second, network topology obfuscation is generally considered a proactive mechanism for mitigating traffic analysis attacks. The main challenge is to strike a balance among energy consumption, reliable routing, and security levels due to resource constraints in sensor nodes. Furthermore, software-defined WSNs are more vulnerable to traffic analysis attacks due to the uncovered pattern of control traffic between the controller and the nodes. As a result, we propose a new energy-aware network topology obfuscation mechanism, which maximizes the attack costs and is efficient and practical to be deployed. Specifically, first, a route obfuscation method is proposed by utilizing ranking-based route mutation, based on four different critical criteria: route overlapping, energy consumption, link costs, and node reliability. Then, a sink node obfuscation method is introduced by selecting several fake sink nodes that are indistinguishable from actual sink nodes, according to the k-anonymity model. As a result, the most suitable routes and sink nodes can be selected, and a highest obfuscation level can be reached without sacrificing energy efficiency. Finally, extensive simulation results demonstrate that the proposed methods strongly mitigate traffic analysis attacks and achieve effective network topology obfuscation for software-defined WSNs. In addition, the proposed methods reduce the success rate of the attacks while achieving lower energy consumption and longer network lifetime. Last, security networking functions, such as trust management and Intrusion Detection System (IDS), are deployed in WSNs to protect the network from multiple attacks. However, there are many resource and security challenges in deploying these functions. First, they consume tremendous nodes’ energy and computational resources, which are limited in WSNs. Another challenge is preserving the security at a sufficient level in terms of reliability and coverage. Watchdog nodes, as one of the main components in trust management, overhear and monitor other nodes in the network. Accordingly, a secure and energy-aware watchdog placement optimization solution is studied for software-defined WSNs. The solution balances the required energy consumption, computational resource, and security in terms of the honesty of the watchdog nodes. To this end, a multi-population genetic algorithm is proposed for the optimal placement of the watchdog function in the network given the comprehensive aspects of resources and security. Finally, simulation results demonstrate that the proposed solution robustly preserves security levels and achieves energy-efficient deployment. In summary, reactive and proactive security solutions are investigated, designed, and evaluated for software-defined WSNs. The novelty of these proposed solutions is not only efficient and robust security but also their energy awareness, which allows them to be practical on resource-constrained networks. Thus, this thesis is considered a significant advancement toward more trustworthy and dependable software-defined WSNs.
Cite this version of the work
Manaf Ben Yahya (2022). Security of Software-defined Wireless Sensor Networks. UWSpace. http://hdl.handle.net/10012/18302