HELLO Flood Attacks Research Articles

C-FPA: A Cloud-Based FPA Novel Approach to Defend Hotspot Issues and Attacks in WSN

Wireless Sensor Network (WSN) is a distributed network formed by sensor nodes that perform a specific sensing task like temperature, humidity, fire attacks, and so on. Used in all sorts of application like military, medical, industrial, scientific, and so on, WSN’s are well known for high performance operations. Till date, power conservation and sensor node lifetime remained as the major drawback in such networks where the development of optimization techniques and routing protocols were proposed to overcome them. Also, attacks like DoS (Denial Of Service), Sybil attack, wormhole attack, HELLO flood attack, and identity replication attack are mostly common in a WSN. At present, Hotspot-based issues and attacks is found as one of the major and performance-degrading factor in wireless sensor network. In this paper, we propose a novel cloud-based FPA scheme or approach to defend and withstand such hotspot-related issues and attacks in WSN. Developed with the principle of Cloud, the simulation results prove that the proposed scheme offer high privacy, and routing stability.

Clustering and Securing IoT Wireless Sensor Network

One of the future rising technologies is Internet of Things (IoT) that will play a significant role in linking the world. IoT is a group of a huge number of interrelated networks including Wireless Sensor Network (WSN). IoT makes use of speedily developing devices and technologies. A large number of unlimited interconnections of numerous technologies in IoT makes privacy and safety of data as a matter of concern. WSN makes use of Low Energy Adaptive Clustering Hierarchy (LEACH) for the purpose of construction of sensor networks that are energy-efficient. These networks are likely to a huge number of attacks including HELLO flood attack. This paper presents a novel protocol named CS-LEACH (Cyclic Secure LEACH) for securing cluster head from Hello flood attack as an extension to LEACH protocol. CS-LEACH makes use a unique Cyclic number, an exclusive ID and RBG color cube numbers for each sensor node so as to authenticate one of the nodes as CH. The CS-LEACH is executed by making use of NS2 simulator for the purpose of proving its efficiency.

Intelligent Network Layer for Cyber-Physical Systems Security

The cyber-physical system (CPS) has made tremendous progress in recent years and also disrupting technical fields ranging from health, transportation, industries, and more. However, CPS security is still one of the concerns for wide adoption owing to the high number of devices connecting to the internet and the traditional security solutions may not be suitable to protect the advanced, application-specific attacks. This paper presents a programmable device network layer architecture to combat attacks and efficient network monitoring in heterogeneous environment CPS applications. The authors leverage industrial control systems (ICS) to discuss the existing issues, highlighting the importance of advanced network layers for CPS. The programmable data plane language (P4) is introduced to detect well known HELLO flood attacks with minimal effort in the network level and show that programmable switches are suitable to implement security solutions in CPS applications.

Security, usability, and biometric authentication scheme for electronic voting using multiple keys

We propose electronic voting authentication scheme, which is a key management mechanism for electronic voting system intended to limit the number of attacks on a polling station and strengthen the security control. The motivation is to diversify security requirements of messages exchanged between polling stations. There are different types of messages exchanged between polling stations and each type of message has different security needs. A security mechanism developed on the basis of a single key is not enough to ensure the diverse security needs of voting network. In electronic voting authentication scheme, every polling station is responsible to support three different types of keys. These are global key, pairwise key, and individual key. The global keys are public keys shared with all polling stations in the voting network. The pairwise key can be used for communication with polling stations. Individual keys will be used for communication with the server. To ensure authentication of local broadcast, electronic voting authentication scheme uses one-way key chains in a well-organized way. The support of source authentication is a visible advantage of this scheme. We examine the authentication of electronic voting authentication scheme on numerous attack models. The measurement demonstrates that electronic voting authentication scheme is very operative in protecting against numerous elegant attacks such as wormhole attack, Sybil attack, and HELLO Flood attack. The proposed system is evaluated and the results demonstrate that the proposed system is practical and secure as compared to the direct recording electronic and manual systems.

A novel and secure attacks detection framework for smart cities industrial internet of things

New trend of smart cities has changed the life with more equipped and integrated systems. Various new technologies have adopted for sustainable and improved smart cities infrastructure. Internet of Thing (IoT) is a rapidly evolving technology for sustainable and improved smart cities infrastructure that is revealing its manifestations to facilitate mankind. Numerous privileges and easily adaptable nature of the IoT applications makes it a core component of smart cities. IoT is also implemented in the industrial sector referred to as the Industrial Internet of Things (IIoT) where various diverse services related to operation technologies, manufacturing, utilities, machines monitoring have been applied to connected devices. This phenomenon also makes it susceptible to a variety of crucial security concerns that need to be addressed. IPV6 based Routing Protocol for Low Power and Lossy Networks (RPL) is an ideal choice to ensures effective data communication in resource constraint IIoT environments. By using basic concepts of genetic programming, this paper proposes a novel and secure framework to detect the presence of security threats in RPL based IoT and IIoT networks. The proposed framework possesses the capability to detect HELLO-Flood attack, Version number attack, Sinkhole attack, and Black hole attack. The performance of proposed framework is evaluated at various performance parameters including attack detection accuracy, true positive rate, false-positive rate, throughput, and end-to-end delay. Favorable results appear to support the proposed framework and makes it a best choice for RPL based IIoT environments.

Prevention of Hello Flood Attack in IoT using combination of Deep Learning with Improved Rider Optimization Algorithm

IoT are prone to vulnerabilities as a result of a lack of centralized management, dynamic topologies, and predefined boundary. There are diverse attacks that affect the performance of IoT network. Flooding attack is a DoS attack that brings down the network by flooding with a huge count of HELLO packets, routed to a destination that does not exist. The main intent of this paper is to develop a novel robust model for detecting and preventing HELLO flooding attacks using optimized deep learning approach. In this proposed research model, the steps like Cluster head selection, k-paths generation, HELLO flooding attack detection and prevention, and optimal shortest path selection are employed. Once after the random cluster head selection and k-paths generation, few Route Discovery Frequency Vectors like Route Discover Time and Inter Route Discovery Time of each node is determined for detecting the HELLO flooding attack. Initially, a threshold function is used to match with the computed Received Signal Strength (RSS) of each node to detect the stranger node. Further, the HELLO flood attack is confirmed by the optimized Deep Belief Network (DBN), which is removed from the network subsequently. Once after securing the network, the shortest route path selection is done optimally by the improved meta-heuristic algorithm. Here, improved Rider Optimization Algorithm (ROA) termed as Bypass-Linked Attacker Update-based ROA (BAU-ROA) is used for performing the optimal DBN as well as optimal shortest path selection. The objective constraints like node trust, distance between the nodes, delay of transmission, and packet loss ratio are considered for performing the optimal shortest path selection. Finally, the experimental evaluation of various performance measures validates the fruitful performance of the proposed model. Based on the analysis, the const function of proposed BAU-ROA is 28.1% superior to D-DHOA, 34.1% superior to DHOA, and 39.2% superior to WOA at 5th iteration. When considering the 10th iteration, the developed BAU-ROA is 12.2% superior to DHOA, 19.3% superior to D-DHOA, 28.1% superior to ROA, and 39.2% superior to WOA.

Аналіз проблем безпеки IoT пристроїв

The paper considers the problems securing of protection of access to IoT-devices and their networks. A study by Microsoft experts, who found that the biggest problems in IoT networks are related to network-level security, was analyzed. The presence of a large number of insufficiently protected devices facilitates DDoS-attacks, in which home devices can be used to attack corporate systems. The main reason for the failure of IoT component manufacturers to implement security features is the high computational costs that reduce the service life of device batteries. HPE (Hewlett Packard Enterprise) experts recommend paying attention to both device owner issues and developer issues, and provide some tips on setting up IoT devices. HPE experts have identified about 25 different vulnerabilities in each of the studied devices (TVs, door locks, household scales, home security systems, electrical outlets, etc.) and their mobile and cloud components, compiled a list of major vulnerabilities and made a disappointing conclusion: a safe ecosystem IoT does not exist today. The statistics of attacks on IoT devices recorded during the last 2 years with the help of honeypots, collected by Kaspersky Lab specialists, are considered. It turned out that the number of attacks increases with the number of IP addresses. A list has been compiled of the countries with the highest number of attempted attacks. The largest number of attacks came from China and Brazil. The list of threats provided by Trend Micro is considered. The most common attack technologies, which can cause significant damage, are analyzed. Such technologies include: amplification, change of route information, selective mailing, bottomless funnel Sinkhole Attack, shamanic attack Sybil attack, wormhole attack Wormhole attack, flood attack HELLO flood attack. The list of basic recommendations for security in the IoT system is presented, namely: password protection, use of separate networks, refusal of automatic connection to the network. Keywords: Internet of Things (IoT), industrial devices of the Internet of Things (IIoT), inter-machine interaction (M2M), smart home, smart city, information security (IS), DDoS-attack.

Wormhole Attack: a Major Security Concern in Internet of Things (Iot)

The Internet of Things (IoT) is nothing but a collection of wireless and wired devices, commonly termed as nodes operated remotely. This operation is done by assuming these nodes as the sensors in a wireless sensor network (WSN) administered through a base station. We start with briefing about IoT and then briefing IoT layer models. After this, we discuss attacks with regard to IoT namely Sinkhole attack, Sybil attack, HELLO flood attack, Acknowledgement spoofing attack and their respective detection methods. This paper is systematic review of existing mechanism for the detection of wormhole attack and a new method is proposed.

A review of channel estimation and security techniques for CRNS

Cognitive Radio Network (CRN) is an intelligent wireless communication system that adapts itself to variations in the incoming radio frequency stimuli by modifying the operating parameters. Using the spectrum sensing techniques, the idle channels are detected, and allocated to the Secondary Users (SUs). The existing cooperative spectrum sensing techniques such as centralized sensing technique, Distributed sensing technique, and External sensing technique exploit efficient prediction models for allocating the frequency spectrum to SUs. For an optimal assignment of the channel using channel parameters, the channel estimation techniques such as pilot-assisted channel estimation, blind and semi blind estimation technique, and decision directed channel estimation technique are analyzed. The flexible nature of the CRN introduces various security attacks such as Primary User Emulation Attack, Objective Function Attack, Jamming Attack, Spectrum Sensing Data Falsification (SSDF), Control Channel Saturation DoS Attack (CCSD), Selfish Channel Negotiation (SCN), Sinkhole Attacks, HELLO Flood Attacks and Lion Attack. From the surveyed results, it is observed that the existing spectrum sensing, and prediction-based techniques consume more energy, and minimal data transmission rate for detecting the idle channel. Further, the end-to-end delay, energy consumption, end-to-end delay, and bandwidth are not minimized by the existing techniques.

Cost-Effective Encryption-Based Autonomous Routing Protocol for Efficient and Secure Wireless Sensor Networks.

The deployment of intelligent remote surveillance systems depends on wireless sensor networks (WSNs) composed of various miniature resource-constrained wireless sensor nodes. The development of routing protocols for WSNs is a major challenge because of their severe resource constraints, ad hoc topology and dynamic nature. Among those proposed routing protocols, the biology-inspired self-organized secure autonomous routing protocol (BIOSARP) involves an artificial immune system (AIS) that requires a certain amount of time to build up knowledge of neighboring nodes. The AIS algorithm uses this knowledge to distinguish between self and non-self neighboring nodes. The knowledge-building phase is a critical period in the WSN lifespan and requires active security measures. This paper proposes an enhanced BIOSARP (E-BIOSARP) that incorporates a random key encryption mechanism in a cost-effective manner to provide active security measures in WSNs. A detailed description of E-BIOSARP is presented, followed by an extensive security and performance analysis to demonstrate its efficiency. A scenario with E-BIOSARP is implemented in network simulator 2 (ns-2) and is populated with malicious nodes for analysis. Furthermore, E-BIOSARP is compared with state-of-the-art secure routing protocols in terms of processing time, delivery ratio, energy consumption, and packet overhead. The findings show that the proposed mechanism can efficiently protect WSNs from selective forwarding, brute-force or exhaustive key search, spoofing, eavesdropping, replaying or altering of routing information, cloning, acknowledgment spoofing, HELLO flood attacks, and Sybil attacks.

An energy efficient encryption method for secure dynamic WSN

AbstractClustering methods have been developed to improve network life of wireless sensor network (WSN), yet the dynamic nature of sensor clusters and limited memory and processing power make security a much more challenging problem, and most conventional cryptography methods are ill suited to WSNs. In this paper, we propose a novel encryption method to secure data transmission in WSN with dynamic sensor clusters. Our method leverages elliptic curve cryptography algorithm to generate binary strings for each sensor and combines with node ID, distance to the cluster head, and the index of transmission round to form unique 176‐bit encryption keys. Using exclusive OR, substitution, and permutation operations, encryption and decryption are achieved efficiently. Compared with the state‐of‐the‐art methods, our simulation results demonstrated that the proposed method exhibited much improved network lifetime and reduced the energy consumption most evenly among all sensor nodes. More importantly, it overcame many security attacks including brute‐force attack, HELLO flood attack, selective forwarding attack, and compromised cluster head attack. Copyright © 2016 John Wiley & Sons, Ltd.

English

ABSTRACT:In many wireless sensor network (WSN) applications uses hierarchical routing protocol for routing sensed data to the sink, among them LEACH is the first and most widely used hierarchical distributed clustering protocol in WSN. Security is important in wireless sensor networks as they are prone to various network threats and intrusion. In LEACH, Nodes decides to join a cluster head based on Received Signal Strength (RSS) of receiving HELLO packets from CHs making it vulnerable to HELLO Flood attack. Detection of HELLO Flood attack can be done either cryptographic approach which are less suitable in terms of memory and battery power or non-cryptographic which involves sending the test packet for detection which increases communication overhead as the energy required for transmission of the packet is far more than the energy required for processing/calculation. Based on these facts a non-cryptographic and cryptographic solution for detection HELLO Flood attack is proposed in this paper in which by considering RSS and distance calculation and by comparing both test packet approach is done hence the number of times the test packet is transmitted is greatly reduced and providing security by using location dependent key(LDK) management scheme where it involves loading random set of keys to the nodes prior to deployment, and also LDK doesn’t require any knowledge of node deployment, eventually provides better connectivity and containment of node compromise.

An Energy Efficient Countermeasure Against Multiple Attacks of the False Data Injection Attack and False Hello Flood Attack in the Sensor Networks

Nodes are easily exposed from generated attacks on var ious layers because they compose simple functions in sensor networks. The false data injection attack drains finite energy resource in a compromised node, and the false HELLO flood attack threatens constructed routing paths in an adversary node. A localize d encryption and authentication protocol (LEAP) was developed to prevent the aforementioned attacks through the use of four keys. However, when these attacks occur simultaneously, LEAP may not prevent damage from spreading rapidly throughout the network. I n this paper, we propose a method that addresses these attacks through the use of four types of keys, including two new keys. We also improve energy consumption while maintaining a suitable security level. The effectiveness of the proposed method was evaluated relative to that of LEAP when multiple attacks occur. The experimental results reveal that the proposed method enhances energy saving by up to 12% while maintaining sufficient detection power.

SERA: a secure energy reliability aware data gathering for sensor networks

Wireless sensor networks are used in many applications in military, ecology, health, and other areas. These applications often include the monitoring of sensitive information making the security issue one of the most important aspects to consider in this field. However, most of protocols optimize for the limited capabilities of sensor nodes and the application specific nature of the networks, but they are vulnerable to serious attacks. In this paper, a Secure Energy and Reliability Aware data gathering protocol (SERA) is proposed, which provides energy efficiency and data delivery reliability as well as security. The proposed protocol's security was confirmed by a formal verification carried out using the AVISPA tool and analysis of the most common network layer attacks such as selective forwarding, sinkhole, Sybil, wormhole, HELLO flood, and acknowledgment spoofing attacks. Additionally, a visual simulation environment was developed to evaluate the performance of the proposed protocol.

SCODE: A Secure Coordination-Based Data Dissemination to Mobile Sinks in Sensor Networks

For many sensor network applications such as military, homeland security, it is necessary for users (sinks) to access sensor networks while they are moving. However, sink mobility brings new challenges to secure routing in large-scale sensor networks. Mobile sinks have to constantly propagate their current location to all nodes, and these nodes need to exchange messages with each other so that the sensor network can establish and maintain a secure multi-hop path between a source node and a mobile sink. This causes significant computation and communication overhead for sensor nodes. Previous studies on sink mobility have mainly focused on efficiency and effectiveness of data dissemination without security consideration. In this paper, we propose a secure and energy-efficient data dissemination protocol — Secure COodination-based Data dissEmination (SCODE) — for mobile sinks in sensor networks. We take advantages of coordination networks (grid structure) based on Geographical Adaptive Fidelity (GAF) protocol to construct a secure and efficient routing path between sources and sinks. Our security analysis demonstrates that the proposed protocol can defend against common attacks in sensor network routing such as replay attacks, selective forwarding attacks, sinkhole and wormhole, Sybil attacks, HELLO flood attacks. Our performance evaluation both in mathematical analysis and simulation shows that the SCODE significantly reduces communication overhead and energy consumption while the latency is similar compared with the existing routing protocols, and it always delivers more than 90 percentage of packets successfully.

An Energy-Efficient Secure Routing and Key Management Scheme for Mobile Sinks in Wireless Sensor Networks Using Deployment Knowledge

For many sensor network applications such as military or homeland security, it is essential for users (sinks) to access the sensor network while they are moving. Sink mobility brings new challenges to secure routing in large-scale sensor networks. Previous studies on sink mobility have mainly focused on efficiency and effectiveness of data dissemination without security consideration. Also, studies and experiences have shown that considering security during design time is the best way to provide security for sensor network routing. This paper presents an energy-efficient secure routing and key management for mobile sinks in sensor networks, called SCODEplus. It is a significant extension of our previous study in five aspects: (1) Key management scheme and routing protocol are considered during design time to increase security and efficiency; (2) The network topology is organized in a hexagonal plane which supports more efficiency than previous square-grid topology; (3) The key management scheme can eliminate the impacts of node compromise attacks on links between non-compromised nodes; (4) Sensor node deployment is based on Gaussian distribution which is more realistic than uniform distribution; (5) No GPS or like is required to provide sensor node location information. Our security analysis demonstrates that the proposed scheme can defend against common attacks in sensor networks including node compromise attacks, replay attacks, selective forwarding attacks, sinkhole and wormhole, Sybil attacks, HELLO flood attacks. Both mathematical and simulation-based performance evaluation show that the SCODEplus significantly reduces the communication overhead, energy consumption, packet delivery latency while it always delivers more than 97 percent of packets successfully.

LEAP+

We describe LEAP+ (Localized Encryption and Authentication Protocol), a key management protocol for sensor networks that is designed to support in-network processing, while at the same time restricting the security impact of a node compromise to the immediate network neighborhood of the compromised node. The design of the protocol is motivated by the observation that different types of messages exchanged between sensor nodes have different security requirements, and that a single keying mechanism is not suitable for meeting these different security requirements. LEAP+ supports the establishment of four types of keys for each sensor node: an individual key shared with the base station, a pairwise key shared with another sensor node, a cluster key shared with multiple neighboring nodes, and a global key shared by all the nodes in the network. LEAP+ also supports (weak) local source authentication without precluding in-network processing. Our performance analysis shows that LEAP+ is very efficient in terms of computational, communication, and storage costs. We analyze the security of LEAP+ under various attack models and show that LEAP+ is very effective in defending against many sophisticated attacks, such as HELLO flood attacks, node cloning attacks, and wormhole attacks. A prototype implementation of LEAP+ on a sensor network testbed is also described.