A System for Response and Prevention of Security Incidents in Wireless Sensor Networks

Abstract

Resource constraints, unattended operating environments, and communication phenomena make Wireless Sensor Networks (WSNs) susceptible to operational failures and security attacks. However, applications often impose stringent requirements on data reliability and service availability, due to the deployment of sensor networks in various critical infrastructures. Given the failure- and attack-prone nature of sensor networks, enabling sensor networks to continuously provide their services as well as to effectively recover from attacks is a crucial requirement. We present Kinesis, a security incident response system designed to keep WSNs functional despite anomalies or attacks and to recover from attacks without significant interruption. Kinesis is quick and effective in responding to incidents, distributed in nature, dynamic in selecting response actions based on the context, and lightweight in terms of response policy specification, communication, and energy overhead. A per-node single timer-based distributed strategy to select the most effective response executor in a neighborhood makes the system simple and scalable, while achieving load balancing and redundant action optimization. We implement Kinesis in TinyOS and measure its performance for various application and network layer incidents. Extensive TOSSIM simulations and testbed experiments show that Kinesis successfully counteracts anomalies/attacks and behaves consistently under various attack scenarios and rates.