Secure Routing Protocols and Attacks On Arduino Jeenode: Masaryk University

Masaryk University
Faculty of Informatics
Secure routing protocols and

attacks on Arduino JeeNode
Master’s Thesis
Bc. Martin Sárkány
Brno, Spring 2018

Masaryk University
Faculty of Informatics
Secure routing protocols and

attacks on Arduino JeeNode
Master’s Thesis
Brno, Spring 2018

This is where a copy of the official signed thesis assignment and a copy of the
Statement of an Author is located in the printed version of the document.
Declaration
Hereby I declare that this paper is my original authorial work, which
I have worked out on my own. All sources, references, and literature
used or excerpted during elaboration of this work are properly cited
and listed in complete reference to the due source.
Advisor: RNDr. Petr Švenda, Ph.D.
i
Acknowledgements
I would like to express my sincere gratitude to my thesis supervi-
sor RNDr. Petr Švenda, Ph.D. for his professional guidance, valuable
advice and feedback provided during my work on this thesis.
iii
Abstract
The thesis is focused on secure routing in wireless sensor networks.
Survey of secure routing protocols is presented, including an eval-
uation from security point of view. Three attacks were selected to
demonstrate possible attack scenarios on secure routing protocols,
utilizing Arduino-based JeeNode devices. The last part of the thesis
aims to port WSNProtectLayer project, the TinyOS library for secure
communication in wireless sensor networks, to Arduino platform.
iv
Keywords
wireless sensor network, Sybil, relay, capture and brute-force, attacks,
WSNProtectLayer
v
Contents
Introduction 1
1 Routing in wireless sensor networks 3

1.1 WSN Routing protocols . . . . . . . . . . . . . . . . . . . . 3
1.2 Types of attacks on WSN routing protocols . . . . . . . . . . 5
1.2.1 Jamming . . . . . . . . . . . . . . . . . . . . . . . 5
1.2.2 Selective forwarding . . . . . . . . . . . . . . . . 5
1.2.3 Black hole attack . . . . . . . . . . . . . . . . . . 6
1.2.4 Sinkhole attack . . . . . . . . . . . . . . . . . . . 6
1.2.5 HELLO flood . . . . . . . . . . . . . . . . . . . . 6
1.2.6 Blackmail attack . . . . . . . . . . . . . . . . . . 7
1.2.7 Exhaustion . . . . . . . . . . . . . . . . . . . . . . 7
1.2.8 Identity replication . . . . . . . . . . . . . . . . . 8
1.2.9 Tampering . . . . . . . . . . . . . . . . . . . . . . 8
1.2.10 Sybil and Relay/wormhole attack . . . . . . . . 8
2 Secure routing protocols 9

2.1 Data-centric . . . . . . . . . . . . . . . . . . . . . . . . . . 9
2.1.1 ESDDP . . . . . . . . . . . . . . . . . . . . . . . . 10
2.1.2 SeRINS . . . . . . . . . . . . . . . . . . . . . . . . 11
2.1.3 SPINS . . . . . . . . . . . . . . . . . . . . . . . . 12
2.1.4 Conclusion . . . . . . . . . . . . . . . . . . . . . 13
2.2 Cluster-based protocols . . . . . . . . . . . . . . . . . . . . 13
2.2.1 SLEACH . . . . . . . . . . . . . . . . . . . . . . . 14
2.2.2 SecLEACH . . . . . . . . . . . . . . . . . . . . . . 15
2.2.3 S-LEACH (SLEACH) . . . . . . . . . . . . . . . . 16
2.2.4 MS-LEACH . . . . . . . . . . . . . . . . . . . . . 17
2.2.5 SS-LEACH . . . . . . . . . . . . . . . . . . . . . . 17
2.2.6 LS-LEACH . . . . . . . . . . . . . . . . . . . . . . 18
2.2.7 ESRP . . . . . . . . . . . . . . . . . . . . . . . . . 19
2.2.8 SCMRP . . . . . . . . . . . . . . . . . . . . . . . . 19
2.2.9 TEESR . . . . . . . . . . . . . . . . . . . . . . . . 20
2.2.10 TTSR . . . . . . . . . . . . . . . . . . . . . . . . . 21
2.2.11 Conclusion . . . . . . . . . . . . . . . . . . . . . 22
2.3 Geographical protocols . . . . . . . . . . . . . . . . . . . . 25
vii
2.3.1 SIGF . . . . . . . . . . . . . . . . . . . . . . . . . 25
2.3.2 SEAR . . . . . . . . . . . . . . . . . . . . . . . . . 27
2.3.3 Conclusion . . . . . . . . . . . . . . . . . . . . . 27
2.4 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . 28
3 Selected attacks 31
3.1 Sybil attack . . . . . . . . . . . . . . . . . . . . . . . . . . 31
3.1.1 Sybil attack on WSN routing algorithms . . . . . 31
3.1.2 Implementation . . . . . . . . . . . . . . . . . . . 32
3.2 Relay attack . . . . . . . . . . . . . . . . . . . . . . . . . . 33
3.2.1 Relay attack on WSN routing algorithms . . . . 35
3.2.2 Implementation . . . . . . . . . . . . . . . . . . . 36
3.3 Capture & brute-force attack . . . . . . . . . . . . . . . . . 39
3.3.1 Attack overview . . . . . . . . . . . . . . . . . . . 39
3.3.2 Implementation . . . . . . . . . . . . . . . . . . . 39
3.4 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
4 Arduino port of WSNProtectLayer 43

4.1 Arduino and JeeNode . . . . . . . . . . . . . . . . . . . . . 43
4.1.1 Platform differences . . . . . . . . . . . . . . . . 43
4.2 Issues faced . . . . . . . . . . . . . . . . . . . . . . . . . . 44
4.3 Final design . . . . . . . . . . . . . . . . . . . . . . . . . . 45
4.3.1 Single-hop message protection . . . . . . . . . . 46
4.3.2 Node-to-BS message protection . . . . . . . . . . 47
4.3.3 Authenticated broadcast . . . . . . . . . . . . . . 49
4.3.4 Neighbor discovery with key derivation . . . . . 49
4.3.5 Stripped-down CTP protocol . . . . . . . . . . . 49
4.3.6 Configurator for key predistribution and node
configuration . . . . . . . . . . . . . . . . . . . . 50
4.4 Testing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
5 Evaluation on testbed 53
6 Conclusion 55
6.1 Future work . . . . . . . . . . . . . . . . . . . . . . . . . . 55
Bibliography 57
A Data attachment 67
viii
List of Tables
1.1 WSN routing protocol types with examples 5
2.1 Possible outsider attacks on reviewed hierarchical
secure WSN routing protocols 24
3.1 Vulnerability of reviewed protocols to Sybil and relay
attacks 36
4.1 Comparison of selected sensor node hardware 44
ix
List of Figures
3.1 Network state without attacker’s presence 34
3.2 Sybil attack 34
3.3 Relay attack 38
3.4 Capture & brute-force attack 41
4.1 Message sending 47
4.2 Message receiving 48
4.3 Session key establishment 50
xi
Introduction
Wireless sensor networks are a relatively new area of research with
increasing popularity. The idea is to have a highly distributed network
consisting of hundreds, possibly thousands of cheap nodes running on
battery and communicating over radio. Due to limited power source,
most of the research is focused on power efficiency and only after this is
achieved, the security is considered. Computing resources are limited
to prolong the network lifetime by decreasing energy consumption.
Low resources, random geographical distribution and other compli-
cating factors like possible mobility make securing sensor networks a
difficult challenge.
This thesis focuses on message routing in wireless sensor networks
as it is essential for the network security. A survey of routing protocols
is presented in the first part, focusing on supposedly secure ones and
shows that it is nearly impossible to create a perfectly secure routing
protocol while maintaining all WSN characteristics like high number
of low-cost nodes, random distribution, decentralized topology or low
power consumption.
Second part of the thesis discusses three types of attacks, namely
Sybil attack, relay attack and capture and brute-force attack. Their
impact is demonstrated on practical implementation using Arduino-
compatible JeeNode devices.
The last part consists of Arduino port of WSNProtectLayer, TinyOS
library for securing WSN communication. It features message protec-
tion, authenticated broadcast, neighbor discovery with session key
agreement and a simplified CTP protocol.
1
1 Routing in wireless sensor networks
Routing in WSN differs from traditional networks in almost every
aspect. Sensors are often deployed randomly, recognizing their neigh-
bors and possibly location only after being deployed. Once deployed,
they need to be able to create or join the network autonomously. Their
computational power and memory size do not allow for complex
operations like asymmetric cryptography. Nodes in WSN tend to be
battery-powered. This causes reliability issues because every node
eventually runs out of battery, some sooner than others. Sending a
message over radio drains the battery much faster than CPU oper-
ations [1]. Therefore a trade-off between reliability (or security and
other features) and network lifetime must be set. Although single-hop
protocols exist (e.g. single-hop star), most of the WSN routing pro-
tocols are based on multi-hop communication due to the scalability
problem [2]. While the single-hop network topology is a nice solu-
tion for small networks thanks to its simplicity, low latency and small
amount of messages transmitted, range of the single node’s radio is
insufficient when covering area of most of the real-world networks
[3].
1.1 WSN Routing protocols
Routing protocols in WSN can be divided into categories by their

approach to data collection [4, 5, 6]:
Data-centric
The data is always sent from each node to sink. Aggregation may be
performed on intermediate nodes to preserve energy by decreasing
the number of transmissions. Data may be queried by a base station
or sent to the base station on periodic or event basis.
Hierarchical
Hierarchical (cluster-based) routing was introduced to increase energy
efficiency [7]. Nodes form groups, each group contains a leader node
3
1. Routing in wireless sensor networks
(cluster head). These are mostly chosen randomly and/or alternate in

time, otherwise cluster heads would run out of battery very quickly.
Nodes within a group communicate exclusively with cluster head.
In addition to regular nodes in its group, cluster head either com-
municates directly with the base station or with other cluster heads
with which it forms a new cluster, while one of them behaves as a
cluster head for this second-level cluster. Top-level cluster head always
communicates with the base station. Most routing protocols of this
type assume that all nodes are able to communicate with the base
station directly but it requires high amount of energy and therefore it
would be inefficient.
Geographic
Geographic (location/position-based) routing protocols in WSN use
node’s location as its identification. This allows nodes to compute
distance and direction of other nodes in the network. Information
about the distance may be used to adjust signal strength to optimal
level to conserve energy.
Multipath-based
The aim of this type of protocols is to reduce data loss probability and
increase reliability by sending all data over multiple paths or dividing
them evenly amongst these paths to balance the load. In the best case,
these paths should not share same nodes or at least links between
them. Even though this approach increases the number of messages
that are transferred, it reduces the number of messages that need to
be retransmitted in case of failure.
QoS-based
QoS-based routing protocols for WSN aim to improve reliability, band-
width, delay, jitter and introduce other features like high priority data,
while still minimizing the energy cost. It is usually handled through a
resource reservation and often includes multipath routing.
These categories are common for every reviewed paper but some
literature lists even more categories (query-based, etc.). A protocol
can fit into more categories. For example, MMSPEED [8] is multipath-
4
Table 1.1: WSN routing protocol types with examples

Directed diffusion [9], Rumor routing [10],
Data-centric
SPIN [11], CTP [12]
Hierarchical LEACH [13], PEGASIS [14], TEEN [15], HEED [16]
Geographic IGF [17], GSPR [18], GEAR [19], GAF [20], Span [21]
Multipath SAR [22], M-MPR [23], MMSPEED
QoS-based SAR, MCMP [24], SPEED [25], EQSR [26]
based routing protocol that guarantees delivery within a given time

and increases the probability of a successful delivery, which makes
it also QoS-based. Table 1.1 shows some examples of listed protocol
types.
1.2 Types of attacks on WSN routing protocols

Attacks on WSN routing protocols or WSN, in general, can be divided
into several categories. The most common are:
1.2.1 Jamming
Basic attack on WSN associated with the physical layer, prevents any
communication on the disturbed channel. In context of routing, this
attack can prevent nodes to discover their neighbors and therefore
establish routing tables. This renders network unusable.
A standard defense mechanism to prevent jamming is spread-spectrum
communication.
1.2.2 Selective forwarding

In most WSN routing protocols, messages are passed from one node to
another until the destination is reached. Selective forwarding is done
by an intermediate node. A malicious node may refuse to forward
message and drop it instead. Alternatively, it can jam communication
between two nearby nodes when it overhears traffic. However, this
may be difficult when spread-spectrum communication is involved. It
can be used to affect paths for message routing.
5
This behavior can be detected by transmitting or neighbor node. Reac-

tive solution is to reroute the traffic through another node. Example
of proactive defense are multipath routing protocols. They increase
the chance of avoiding malicious nodes and eliminate it in an ideal
case. However, completely disjoint paths are hard to achieve.
1.2.3 Black hole attack

Black hole attack is a special kind of selective forwarding, where all
messages are dropped. Compared to the case, when only a fraction
of messages is dropped, this is even easier to detect as there is no
outgoing traffic from a malicious node.
1.2.4 Sinkhole attack

Attacker node tries to attract all the traffic from a particular area to
itself [28], e.g. by offering the most attractive path to a base station
(e.g. shortest path or high remaining energy). This attack is seldom
executed alone but is rather used to enable further attacks, e.g. selective
forwarding.
One way to defend against this kind of attack is to deny malicious node
to join the network, i.e. by node authentication. SeRINS [29] prevents
sinkhole attack by its neighbor report system. Route advertisement
is verified by neighbor nodes and a malicious node is reported to the
base station. Multipath protocols may also help to detect sinkhole
attack in case the content of the packet is altered on attacker’s node.
1.2.5 HELLO flood

In many protocols, sensors send "HELLO" packets to acquaint their
neighbors with their presence. Nodes receiving these messages as-
sume that they are within radio range of the sender (and vice versa).
Hello flood attack, introduced in [28] abuses this by sending "HELLO"
with high transmission power to all (or at least many) nodes in the
network. They then falsely assume attacker’s presence within their
radio range. An attacker can advertise high-quality (low distance, low
latency, high energy, . . . ) route to a base station. Nodes will then try
to forward traffic through him and will obviously fail. In some situa-
6
tions, the attacker does not even need to be part of the network or to
understand the traffic, he may simply resend eavesdropped packets
with high transmission power and convince other nodes that he is a
legitimate party.
Basic countermeasure against this class of attacks consists of acknowl-
edgements. If the attacker is too far away to receive a message, he will
not send back the acknowledgement and therefore a node can con-
sider a link broken (not necessarily malicious). This is useless against
the attacker with a highly sensitive receiver. In this case, Needham-
Schroeder-like protocol can be used to verify identity as described by
Karlof and Wagner in [28].
1.2.6 Blackmail attack
This attack only works in protocols, where malicious nodes may be

reported to a base station. In this case, malicious node reports legit-
imate node as malicious. If there are enough malicious nodes, they
may succeed and the legitimate node is excluded from the network.
To create multiple personalities, Sybil attack can be performed. The
attacker may use this to remove nodes that forward traffic he is inter-
ested in so his node, that is placed near the excluded node, takes its
place.
One way to prevent this attack, or at least reduce consequences, is to
exclude also reporting node. This way, the attacker needs the same
amount of nodes as the amount being affected by the attack.
1.2.7 Exhaustion
Because wireless sensor networks have a tendency to be battery-powered,

they can be disrupted by draining nodes’ batteries. This can be done by
forcing them to perform useless, unnecessary computation or commu-
nication with high rate. Both attack and defense mechanisms highly
depend on protocol used. Because nodes often use a sleep mode to
preserve power when they do not transmit or receive data, one way to
do this is to keep sending the data so the node never switches to sleep
mode. In context of routing, purpose of this attack can be the same as
in blackmail attack.
7
1.2.8 Identity replication

In this attack, same identity is used by multiple nodes within a net-
work [30]. These nodes may be clones of existing legitimate node or
they can be all created by an attacker. The difference between identity
replication and Sybil attack is that identity replication assigns single
identity to multiple nodes, while in Sybil attack, attacker assigns mul-
tiple identities to a single node. An attacker may be able to attract
more traffic using multiple clones.
To defend against such an attack, location of the nodes may be reg-
istered. That way, each identity belongs to a single location. When
location is impossible to track, the number of each node’s connections
to other nodes may be counted. Node with too many connections can
be then revoked.
1.2.9 Tampering
Unlike the abovementioned attacks, tampering is a physical kind of
attack. An attacker may be able to recover cryptographic keys or other
sensitive data from a captured node as shown in [31]. Tamper-resistant
nodes may be manufactured but they are costly, which is against WSN
principles. Yet there exist protocols that depend on such property (e.g.
secure CTP protocol described in [32]). This is not a direct attack on
routing protocols but may serve as a way to add malicious node into
an existing network.
Defense against tampering cannot be solved in a software way and
therefore is beyond scope of this thesis.
1.2.10 Sybil and Relay/wormhole attack

These attacks are described in detail in chapter 3.
8
2 Secure routing protocols
All protocols listed in Section 1.1 are insecure. This is a common prop-
erty of many well-known WSN routing protocols. It is partially caused
by the fact that, when initially proposed, performance of sensor de-
vices was low and users were often willing to sacrifice security for
increased network lifetime.
In last few years, the number of WSN applications has been in-
creasing. They are deployed in fields that have high security demands,
like military or healthcare. This implies the need to secure the commu-
nication. Sensors use a wireless radio which makes it easy to capture
or create false traffic and may be distributed in a large area without
physical security. This creates an opportunity for attackers to steal
them, extract data including cryptographic keys or reprogram them.
They possess low resources so the traditional security mechanisms are
useless or at least ineffective in WSNs. Designing a secure routing pro-
tocol for this type of network is relatively new and difficult challenge
that requires trade-offs between the cost and the achieved security.
Overview of attacks on common WSN routing protocols is given
in [28]. It demonstrates that almost all protocols that were not designed
with security in mind are subject to multiple kinds of attacks and
shows the need for the secure ones. It also proposes basic threat model
and security goals for WSN routing protocols.
To prevent these attacks, secure routing protocols were proposed,
most of which are derivatives of existing insecure routing protocols,
mostly those focused on efficiency. Some of the secure routing proto-
cols are described in following sections. These should give a general
overview of the current state of secure routing in WSNs. Many other
protocols exist but are not included in this work due to nature and
scope of this thesis or their unavailability in university information
sources or other free channels (e.g. Secure-CTP).
2.1 Data-centric
Data-centric routing protocols are the most intuitive type. Sensors col-
lect data and route them to single or multiple sinks/base stations (BS).
Data can be queried (e.g. by BS) or sent automatically after a thresh-
9
2. Secure routing protocols
old is reached or a timer goes off. Sensors can be queried by their

attributes instead of IDs. To increase reliability, data might be sent
through multiple paths. Sensors also serve as routers for the data from
other sensors. One of the well-known examples is directed diffusion.
In this case, BS sends a query to the network and a node fulfilling the
condition replies with data.
2.1.1 ESDDP [33]
Directed diffusion works in a query-response manner. BS queries the

network with interest packet for the data by sensor’s or data attributes
and nodes respond with the actual data.
Energy-efficient secure directed diffusion is a protocol based on
directed diffusion that aims to provide authentication, data integrity,
freshness and confidentiality while also being energy efficient. It uti-
lizes LEAP protocol for key management and distribution but only
uses 3 out of 4 keys:
• pairwise key shared with a BS,
• pairwise key shared with neighbor,
• global key shared between all the nodes in the network.
The pairwise key shared with the BS and a global key are predis-
tributed before the deployment. Pairwise keys shared with neighbors
are established after the deployment.
Interest messages from the BS are encrypted by the global key.
Interest packet integrity is achieved by using MAC with the global
key, data packet integrity by using MAC with the pairwise key for
each pair of nodes. A timestamp is used to achieve message freshness.
Sensor nodes are meant to be cheap and therefore not tamper-proof.
In case of physical key extraction, interest packets can be easily forged
by an attacker. Authors did not take this scenario into account.
In general, timestamp is not a good idea in sensor networks as they
might easily get desynchronized.
10
2.1.2 SeRINS
Unlike majority of secure routing protocols for WSN, SeRINS focuses

on insider attacks. It makes assumptions that attacker is able to cap-
ture a small amount of nodes and extract keys but it takes longer to
extract keys than for a node to complete neighbor discovery phase.
SeRINS uses key management and distribution scheme to establish
keys between neighboring nodes. There are multiple to pick from. Two
keys are pre-shared with BS, one serves to establish a secure channel
between neighboring nodes and is erased after some time period.
SeRINS works in rounds, a new topology is established for every
round. Topology update is initiated by BS. Hash chain is used to
prove that the update originates in BS. The routing tree is established
similarly to CTP protocol. Each node records a first parent node and
few or none alternative normal parent nodes. Normal parent nodes
are those that advertised themselves after the node advertised itself.
When sending the message, the node selects one of the parents in a
round-robin manner to avoid attacker with some probability.
To protect from bogus routing information broadcasted when es-
tablishing the routing tree, SeRINS employs its neighbor report system:
if the node receives suspicious hop count (distance from BS), it reports
it to the BS. BS then asks every neighbor node of the suspicious node
to report suspicious node’s hop count to prevent blackmail attack. If
they all agree on the suspicious value, BS broadcasts message to the
whole network to revoke suspicious node’s key ring.
To authenticate routing advertisement messages, ARMS [34] is
used. These messages are locally broadcasted and need immediate
authentication (so µTESLA is not an option) to prevent DoS attacks.
ARMS utilizes hash function to create a relation between consecutive
broadcasts that can be verified.
Most of the WSN routing protocols do not handle insider attacks.
SeRINS is designed with an assumption that it is easy to extract data
including cryptographic material from a node and therefore the proto-
col needs to work even if a number of nodes are compromised. It can
prevent all the investigated attacks, most of them directly and relay
attack indirectly by employing packet leashes.
11
2.1.3 SPINS [35]

While not being its primary target, SPINS proposes authenticated
routing protocol as an application of its two building blocks: SNEP
and µTESLA.
SNEP (Sensor Network Encryption Protocol) is intended to provide
data confidentiality, authentication, integrity and freshness. It reuses a
block cipher for all cryptographic primitives (encryption, MAC, hash,
random number generator) to save space. It is not itself a routing
protocol, though. It only serves as a building block for more complex
protocols. SNEP can provide a secure channel between two parties
within the WSN.
µTESLA is another building block for WSN protocols that is widely
used in many different secure routing protocols for WSNs. It proposes
efficient method for authenticated broadcast. Most of the other solu-
tions rely on asymmetric cryptography or cause high packet overhead.
As mentioned earlier, this is not suitable for sensor networks as they
are made of battery-powered devices with low performance. µTESLA,
however, uses only a hash function to create a hash chain and a sym-
metric cipher. It works in rounds with different key used for each
round. First, a random secret is chosen and the hash function is ap-
plied multiple times, depending on the number of rounds. The last
output of this function is predistributed to all the nodes. When the BS
broadcasts a message, it includes the MAC computed with preceding
element of the hash chain. After a round passes, BS broadcasts the
key. All the nodes can now verify the key by computing its hash. If
the result matches the previous key, it indeed is the correct one. This
protocol is not suitable when immediate authentication of messages
is required due to nature of usage scenario.
Authenticated routing
One of the usages for SNEP and µTESLA protocols is authenticated
routing that is proposed by their authors. Unlike most of the protocols
designed for WSNs, it is not meant to be energy-efficient which renders
it unusable in battery-powered networks.
This protocol works in rounds. In each round, nodes form a routing
tree. This is useful when the nodes are likely to fail or move. First, BS
broadcasts a beacon for the new round. When the node receives it,
12
it registers its originator as a parent node and sends it further. This

approach is very similar to CPT but the beacon is protected by MAC.
This protocol seems to be vulnerable to sinkhole attack achieved by
executing a relay attack. Sinkhole attack allows execution of selective
forwarding and therefore also black hole attack.
2.1.4 Conclusion
Three data-centric protocols were presented in this section. They vary
in purpose and quality. ESDDP relies on tamper-proof nodes and
SPINS focuses on protocol building blocks, while it proposes a rout-
ing protocol only as a usage scenario. Overall, SeRINS seem to be the
best option out of these protocols, defending even against insider at-
tacks. Outsider attacks were only executable on SPINS protocol. These
attacks include sinkhole attack, relay attack and selective forwarding
as well as black hole attack.
2.2 Cluster-based protocols

Cluster-based protocols were introduced to decrease delay and in-
crease throughput and also network lifetime by aggregating data from
sensors. The most cited cluster-based routing protocol for WSN is
LEACH. Most of the other cluster-based protocols are either based on
LEACH or are at least inspired by it. The same holds for the majority of
secure hierarchical routing protocols for WSN. This section discusses
some LEACH-based protocols and also 3 hierarchical protocols that
are not directly based on LEACH but still share some similarities with
it.
LEACH is a cluster-based protocol that aims to provide high ef-
ficiency. The main assumption of this protocol is that every node is
within radio range of every other node but the power used to com-
municate rises with the distance. Like every other pioneering routing
protocol for WSN, it lacks security features. Many authors try to fix
this by modifying this protocol to provide at least integrity and au-
thenticity. Some of these protocols are presented in this section.
LEACH protocol is vulnerable to a number of possible attacks,
such as selective forwarding, HELLO flood, replay attack, etc. LEACH-
13
based secure routing protocols improve the overall security but most
of them achieve this only under certain circumstances. Majority of
them assume that the sensors are tamper-resistant or do not consider
physical key extraction at all. However, sensors in WSN are meant to
be cheap so they can be deployed in hundreds, possibly thousands.
Protecting them against this type of attack would be expensive, which
makes this assumption unreasonable. None of the LEACH-based pro-
tocols maintain the security of the rest of the network in case of physi-
cal key extraction from a compromised node. In some of the protocols,
this does not compromise the whole network but the significant part
of the network is still affected. This proves that secure protocol must be
designed with security in mind right from the beginning, rather than
adding some degree of security to already existing protocols. This
is the case of the cluster-based protocol described in Section 2.2.10,
which is indeed designed as secure routing protocol from scratch.
There were many attempts to secure LEACH protocol that vary in
design quality considerably. The main goal of this section is to describe
most cited or interesting protocols that aim to improve security as-
pects of hierarchical protocols that standard LEACH protocol does not
handle. Various protocols with different approaches were chosen to
give a general overview of possible solutions and their advantages or
disadvantages. This section, however, does not describe all the LEACH
modifications that aim to increase security. Protocols that do not seem
to increase security or are not properly described (e.g. RLEACH[36])
are also omitted.
2.2.1 SLEACH [37]

SLEACH uses symmetric cryptography and TESLA-based protocol to
improve the security of LEACH.
Advertisement phase is modified to authenticate broadcast from
cluster-head (CH) using the base station. Apart from the fact, that
all the communication is a broadcast on the physical layer, CH does
not broadcast its advertisement message directly. Instead, it sends
encrypted message to a BS, which subsequently uses TESLA-based
[38] protocol to broadcast the message in an authenticated way. After
the sensor chooses its CH for the next round, it, again, does not imme-
diately communicate directly with the CH. It sends the information
14
to the sink instead. Let me remind that basic assumption in LEACH is

that all the nodes are able to communicate directly with the sink but
it costs more energy. The sink computes the key for the sensor from
the secret that is shared by both sensor and the BS and sends it to CH.
Therefore, sensor already possesses this key and can authenticate the
CH by having it. When both of them share the same key, they can
communicate in a secure way.
To protect against laptop-class attackers, sensor node does not
choose the CH based on the signal strength only but rather uses prob-
abilistic way to avoid having the same CH for all the rounds. This
decreases the probability of attacker capturing the data if he does not
compromise too many nodes.
In case of failure, sensor node chooses other CH to protect against
DoS attack by initiating communication with all the nodes.
This protocol is secure against most of the attacks. Relay attack
could be possible but randomized way of choosing CH significantly
decreases the probability of success. Even in case of successful relay
attack, data confidentiality is still maintained so packet modification
is not possible.
This protocol does not consider physical attacks. In case that at-
tacker captures the node and extracts the secrets, he is able to decrypt
all the data that were and will be sent from/to this node. He can also
become a CH which means he can alter the data and send it to the
sink.
2.2.2 SecLEACH [39]

Authors claim that SecLEACH provides authenticity, integrity, confi-
dentiality, and freshness.
SecLEACH is based on F-LEACH [40], an attempt to secure LEACH
protocol that is based on a hash chain. It supports authenticated broad-
cast from both BS and also CH. CH broadcast is done by sending the
message protected by a pairwise key shared with BS to BS and BS
broadcast. F-LEACH does not provide message authentication from
nodes to CHs. It is also vulnerable to physical attacks.
SecLEACH secures F-LEACH by using modified random key pre-
distribution proposed in [41]. The pool of random keys with their IDs
is generated in the same way as in the original solution. Each node is
15
then assigned fixed number of keys. When a node becomes a CH can-

didate, nodes can compute the list of keys it possesses. Nodes choose
closest CH candidate with which they share a key. The communication
with CH is then protected by the key they share. At the end of cluster
formation, number of regular nodes are paired with CH. The rest of
the nodes do not belong to any CH. These can be treated in multiple
ways but authors do not describe any. The clusters may be different
from those in regular LEACH protocol due to nodes not sharing a key.
Because of that, efficiency may be affected and is dependent on chosen
protocol parameters - number of all nodes, number of cluster heads,
number of keys, number of keys possessed by each node.
In this protocol, a node chooses closest CH candidate with common
key for its CH. If this is attacker’s node, even without knowledge of
any key, it can pretend to be part of the network and will make the
closest nodes join it. A node joining the cluster does not verify whether
CH candidate is legitimate which could lead to DoS attack. Although
authors do not describe this situation, it can be solved.
Security against physical attacks is not described in the paper.
The fact that keys are predistributed randomly means that to ensure
high probability of nodes sharing the key, each sensor must possess
multiple keys. If the attacker manages to obtain keys from one node,
he can immediately communicate with multiple nodes in the network.
The trade-off must be set to balance security and connectivity.
2.2.3 S-LEACH (SLEACH) [42]
S-LEACH (also dubbed SLEACH) is the first attempt to secure the

LEACH protocol. It was proposed the same year as SLEACH.
S-LEACH, like few other protocols, uses symmetric cryptography
and µTESLA protocol. In pre-deployment phase, nodes are given mas-
ter key shared with BS and the last element of µTesla hash chain. Each
node generates its own key for MAC computation from the master key.
In advertisement phase, CH candidate advertises its ID together with
MAC of the ID. When BS receives all of them, it broadcasts the list of
all legitimate CHs authenticated by µTesla. A node can now authenti-
cate the message and choose its CH in an ordinary way. Schedule for
each cluster can be authenticated in a similar way if required. Data
16
from nodes are authenticated by MAC using key shared with BS. CH
cannot verify it but BS does when it reaches it.
The big disadvantage of this protocol is that, if an attacker sends
arbitrary data to a CH, it is forwarded to BS without verification and
when it reaches BS, it is already aggregated so the BS must discard it.
The intruder is then reported to CH. This approach is vulnerable to
DoS attack. DoS can be also achieved by generating a big amount of
requests to join a cluster. Authors claim that reported malicious node
will be excluded from the network but an attacker can choose any ID
(Sybil attack) so he either will not be excluded or may cause exclusion
of every node in the network by stealing identity (blackmail attack).
I agree with authors that S-LEACH secures the network against
selective forwarding, sinkhole attack and HELLO flood attack unless
there are insider attackers. However, it seems to be vulnerable to
identity replication of end nodes and either Sybil or blackmail attack.
2.2.4 MS-LEACH [43]
MS-LEACH aims to improve S-LEACH in terms of data confidentiality

and node-to-CH authentication. It also moves the data authentication
from BS to CH which prevents discarding all the data in case that
some bogus data were sent by an attacker.
It introduces a new pairwise key between a node and a CH. How-
ever, this key is generated from the initial hash chain value and node’s
ID only. This means that if the attacker learns this value, he can gener-
ate all the keys used for MAC computation for all the nodes. CH will
accept the data because the MAC will be correct. That means that it will
also be accepted by the BS. If the attacker learns the initial hash value,
confidentiality in the whole network is discarded too. And because
sensors in WSN are meant to be cheap and not tamper-resistant, this
may even degrade the level of security in original S-LEACH instead
of improving it.
2.2.5 SS-LEACH
SS-LEACH [44] also improves S-LEACH but in a different, more rea-

sonable way. It uses self-localization of the nodes and a key predistri-
17
bution. It forms dynamic stochastic multi-paths cluster-heads chains.

It aims to improve both security and energy efficiency.
The key predistribution works similarly to S-LEACH. The differ-
ence is that after the nodes are deployed, they broadcast their keys’
IDs. This way, each node can find neighbors it can communicate with.
Nodes determine their relative position to other nodes in the network.
After this, periodicity phase starts, when the clusters are formed and
data are being sent and aggregated.
To form a cluster, each node sends its remaining energy to the BS
together with the longest distance it can transmit to. BS chooses the
first CH based on this information. This CH chooses the second-level
CH in a similar way. CH broadcasts that it becomes the CH and all the
nodes choose their CH based on the shared keys and signal strength.
The communication between nodes is secured by pre-shared keys.
Physical tampering issue with pre-deployed keys from the S-LEACH
was not improved. However, the overall security of the protocol is def-
initely better.
2.2.6 LS-LEACH [45]
LS-LEACH is the last LEACH-based protocol listed here. It uses a

symmetric key with two pre-shared keys on each node. One of them is
a pairwise key shared with the BS, the second one is shared between
all the nodes in the network. Authors name the key shared with the
BS a private key. However, the content of the paper suggests this is a
symmetric key. They also claim to use this key to encrypt a message
with MAC algorithm. In this protocol, BS sends new shared password
after each round to be used in the next one. According to the protocol,
if the number of attempts to communicate with any node reaches a
defined threshold, this node will inform its CH which will then inform
BS that will perform necessary actions. However, these actions are
not defined in the paper. It is also not clear who tries to communicate
with the node if CH is the one to be informed and sensors do not
communicate with each other. As this protocol does not make much
sense, it is not included in table 2.1.
After physically extracting keys for a current round from a node,
key for the next round is obtained in accordance with the protocol so
18
the security of the whole network is compromised. Keys for commu-

nication with BS can be also used to forge data.
2.2.7 ESRP [46]

In contrast with the majority of LEACH-based protocols, ESRP is in-
tended for networks with deterministic node location and the clusters
are formed by BS.
After deployment, nodes report their positions and energy levels
to a BS. Authors did not describe the process to secure this information.
After position and energy have been reported, BS chooses the node
with the the highest amount of energy as CH1. The farthest node from
CH1 with highest amount of energy is selected as CH2. Authors did
not describe the situation when the farthest node from CH1 is close
to BS. This could mean that the node next to a BS sends information
through CH2 and CH1. Ordinary cluster members are assigned to clus-
ters based on their number and position. BS distributes information
about clusters and CHs to all nodes. It also generates and distributes a
secret key to a CH and a public key to all nodes. The process of doing
this is yet again not described. TDMA and intra-cluster routing work
in the same way as ordinary LEACH protocol. When a CH wants to
send a packet to its upstream CH, they will perform Prover - Verifier
protocol. Prover (downstream CH) will prove its identity to the verifier
(upstream CH) through a zero-knowledge protocol. It will then hear
in promiscuous mode whether the upstream CH sends it further. I
suspect this verification only proves knowledge of the secret in time
of the verification.
According to original protocol proposal [47], keys are only 8-bit
long and they last through the whole protocol run so they can be easily
brute-forced. The data is not encrypted and the authenticity within
intra-cluster routing is not guaranteed. The intrusion detection system
does not consider that attacker can forge arbitrary nodes IDs.
2.2.8 SCMRP [48]

SCMRP is one of the few WSN routing protocols that use public key
cryptography. Even though this design choice allows to create simpler
protocols, it is not suitable for WSN due to its high CPU demands. In
19
pre-deployment phase, every node receives its ID, a secret key shared
with BS, a certificate signed by BS and a public key.
Nodes broadcast their ID together with their certificate. They also
listen for others’ IDs and verify certificates. When it is done, they all
send their neighbors table to the BS, encrypted and protected by MAC
with the key shared with BS.
BS creates network topology based on the neighbor information
from nodes and calculates paths. It generates a pairwise key for all
neighboring pairs of nodes based on their IDs and a secret. It then
sends the pairwise key to a node and also the same key, encrypted
with the key that the neighbor shares with the BS, encrypted and
authenticated by MAC, together with the BS certificate. When the
node verifies it, it sends the pairwise key protected by the key that the
neighbor shares with the BS and a nonce to its neighbor as a challenge
and waits for the incremented nonce protected by their pairwise key.
If the node does not receive the response, it reports suspicious node
to the BS. Cluster formation is done by BS. It sends routing paths to
CHs, protected by encryption and MAC. CHs are never neighbors of
each other. The rest of the protocol is similar to LEACH, the difference
is that encryption and MAC are used when sending or forwarding the
data and a new node can join the network in runtime in a similar way
to the node discovery phase.
The overall security looks better than in most of the LEACH-based
secure routing protocols. Relay attack may be possible when attacker
replays the neighbor discovery message, but the impact should not be
critical. The biggest setback of this protocol is the public key cryptog-
raphy that makes it inapplicable to networks with low-end nodes.
2.2.9 TEESR [49]

TEESR is a routing protocol intended for heterogeneous sensor net-
works. A network is divided into clusters. Cluster consists of SF (Sens-
ing and Forwarding) sensors and CH sensors. CHs have more energy,
high data rate and longer transmission range. In pre-deployment
phase, each node is assigned a pairwise key shared with the BS.
TEESR protocol is not based on LEACH but consists of similar
phases. Neighbor discovery phase involves broadcasting node’s ID
and a nonce. Integrity is protected by MAC but the key that is used is
20
not mentioned. I assume that a pre-shared global key is used for that.
After nodes find all their neighbors, they report the neighbor table
to BS. BS creates a neighbor matrix with multiple paths to each node.
It also calculates pairwise keys for each pair of neighboring nodes
and sends it to them. The confidentiality of these messages was not
mentioned and it seems like they are sent in plaintext.
The protocol is described poorly. MAC is, in most cases, calculated
from original message concatenated with a nonce but the nonce is
not included in the plaintext so the receiving party should not know
it. To solve this, the nonce needs to be included in the message or a
counter may be used. In case of counter, synchronization problems
can occur. The protocol does not mention predistributing this values.
It also does not mention predistributing keys used in the neighbor
discovery phase. This protocol, as described in the paper, should not
work. However, it is possible to make it work with few modifications,
like including nonces in messages. Security would be still questionable,
though.
The security of this protocol does not seem reasonable as the keys
seem to be sent in plaintext. The protocol is not included in the table
with possible attacks (2.1) as I cannot evaluate it based on the paper
only.
2.2.10 TTSR [50]

TTSR is a secure routing protocol for heterogeneous sensor networks.
Unlike the rest of the protocols listed in this section, it is designed
as a secure routing protocol right from the beginning. The network
consists of high-end nodes (H-nodes) and low-end nodes (L-nodes)
that are randomly, uniformly distributed. H-nodes make up 2% of
the network and serve as CHs. They are static, location-aware and
tamper-resistant. L-nodes possess neither of those features.
For intra-cluster routing, key management scheme for HSNs (Het-
erogeneous sensor networks) is used to distribute pairwise keys be-
tween all neighboring pairs of L-sensors. Authors mention the one
proposed in [51] as an example. Each pair of neighboring L-sensors
performs a two-way handshake. That ensures that connection works
both ways and they both share the same key. It uses a nonce, encryp-
tion and MAC with their pairwise key. The CH creates a tree cluster
21
with itself as a root. This is described in [52]. Each L-sensor has also
a backup parent in cluster tree and also backup CH in case of node
failure. Data packets are encrypted and integrity is protected by MAC.
After sending, sensor listens whether the packet was further propa-
gated by its parent. If it was not and retransmission also fails, the node
will switch to its backup parent. Parent forwards it further the same
way. Parent can be either L-sensor or CH. CH is a final destination
within intra-cluster routing. After successful delivery to a CH, data
is aggregated if required and forwarded to the BS. To achieve this,
CH chooses other CHs that are closer to the BS to forward the data.
The choice is made based on a position of clusters. If the cluster lays
between the CH and the BS, CH of this cluster is included in the path.
If any of the intermediate CHs fails, new route is created in a similar
way.
This protocol does not seem to suffer to any security vulnerabilities
in case of outsider attacker. Insider attacks should only affect single
branch in the network. This protocol provides a graceful degradation
and should be still secure enough even if the attacker captures multiple
nodes. Of course, when the majority of the network is compromised,
it cannot stay secure anymore. The only obvious disadvantage of this
protocol is higher cost of H-nodes.
2.2.11 Conclusion
Majority of hierarchical secure routing protocols are modifications

of the LEACH protocol. Most of the papers do not mention possible
attacks in case of the physical tampering. They either claim these
protocols only protect from outsider attacks or do not consider this
possibility at all. None of these maintain security if the sensors are not
tamper-resistant. Some of them achieve partial security (e.g. S-LEACH,
SS-LEACH, . . . ) after compromising few nodes. The impact can depend
on chosen parameters. However, many of them are vulnerable even in
scenarios where all the nodes are physically secure. From a security
point of view, the best option is clearly the TTSR protocol. Unlike
LEACH-based protocols, it does not suffer from obvious attacks. 2% of
all nodes need to be tamper-resistant but that ensures that compromise
of a node does not affect the rest of the network.
22
Table 2.1 summarizes attacks that are possible on reviewed hierar-

chical routing protocols for WSN. These attacks are mostly determined
by myself while reviewing protocols and might be inaccurate. They
also do not take physical tampering into account. This table makes MS-
LEACH protocol look like one of two best options while its security is
completely eliminated by extracting the secret from whichever node
and therefore should not be considered a final conclusion. There is a
high probability that these protocols contain even more vulnerabilities.
23
24
Table 2.1: Possible outsider attacks on reviewed hierarchical secure WSN routing protocols
Selective Black HELLO Sink Identity Relay/
Exhaustion Sybil Blackmail

forwarding hole flood hole replication wormhole
SLEACH NO NO NO NO NO NO NO NO NO
SecLEACH NO NO NO NO YES NO NO YES NO
S-LEACH NO NO YES NO NO YES YES NO YES
MS-LEACH NO NO NO NO NO NO NO NO NO
SS-LEACH NO NO NO NO NO NO NO NO YES
ESRP YES YES NO NO NO YES YES NO YES
SCMRP NO NO NO NO NO NO NO YES NO
TTSR NO NO NO NO NO NO NO NO NO
2.3 Geographical protocols
In geographical routing algorithms, a node does not need to know

network topology. Instead, it needs to be able to determine its own
location, for example using GPS. The routing is done based on sending
and receiving nodes’ location. In hierarchical routing protocols, the
final destination of the packet was always the sink. In case of geo-
graphical protocols, thanks to routing based on location rather than
ID, ordinary sensor node may also become a packet destination.
Many geographical routing protocols use greedy algorithms. The
downside of this approach are situations when all the neighboring
nodes are farther from the destination but the sender does not have a
direct communication link to the destination.
Geographical routing protocols tend to be resilient against attacks
that utilize hello messages (e.g. HELLO flood, relay attack) thanks
to nodes not creating routing tables at the beginning of the protocol
run. However, they may be susceptible to Sybil attack, in which case
attacker’s node claims multiple locations and thus attracts a lot of
traffic.
2.3.1 SIGF [53]
Secure Implicit Geographic Forwarding (SIGF) is a family of three

configurable secure routing protocols based on IGF protocol.
IGF is a stateless routing protocol that is susceptible to number
of attacks (e.g. Sybil attack, CTS rushing attack [54]). In this protocol,
when sender sends ORTS (open request to send) message with destina-
tion coordinations, each node within 60° angle calculates its response
time based on their distance, energy and perpendicular distance to a
line from the sender to the destination. The more suitable node, the
shorter response time. When the response time expires, the node re-
sponds with CTS (clear to send) message. The first one to respond will
forward the data. The rest of the nodes do not respond after they hear
the response from another node. This allows new nodes to enter the
network and avoids sending data to a dead, sleeping or missing node.
But it also enables selective forwarding attack by sending immediate
CTS to all messages by an attacker node.
25
SIGF family consists of three protocols: SIGF-0, SIGF-1 and SIGF-2,

each inheriting features from the previous one and further improving
the security at cost of higher complexity end resource consumption.
They are designed to be compatible so the network can switch from
lower to higher security at runtime. SIGF-0 and SIGF-1 are not meant
to protect from every attack. They are designed to be used to conserve
energy unless an attack is discovered. When the attack occurs, the
network should switch to higher security level (SIGF-0 to SIGF-1 or
SIGF-1 to SIGF-2). SIGF-2 protocol is not vulnerable to any of the
attacks listed in table 2.1.
SIGF-0 and SIGF-1 protocols do not handle node-to-BS authenti-
cation. For example, one can create a bogus message and the nodes
will happily forward it to its destination. This can be implemented
transparently to SIGF protocols, for example by employing pairwise
keys with the BS.
SIGF-0
The most energy-efficient protocol of SIGF family. It is completely
stateless and provides only probabilistic defenses against an attack.
The difference between this protocol and IGF is in the selection of the
next-hop candidate. While IGF chooses the first node to reply with
CTS, SIGF-0 collects all the responses and then selects one based on
configurable options. This fixes the CTS rushing attack vulnerability
that IGF suffers to.
SIGF-1
SIGF-1 aims to further defend against selective forwarding, black hole
attack and Sybil attack by keeping information about neighbors. This
information contain the number of messages sent to each neighbor,
number of messages forwarded by the neighbor (obtained by overhear-
ing after transmission), last location of the neighbor and delay between
sending a message to the neighbor and forwarding the message by
the neighbor. Other values are also derived from this information, like
success ratio, location consistency, fairness and performance. All these
values are used to compute node’s reputation. Only nodes with repu-
tation exceeding set threshold may be chosen for message relaying.
26
SIGF-2
SIGF-2 adds cryptographic security to SIGF-1 to provide message
authenticity, integrity, confidentiality and freshness. It requires key
establishment protocol. Authors mention LEAP [55] as one of the
possibilities but more options are available. It uses MAC for message
authentication and integrity, message sequence number for freshness
and encryption for confidentiality.
2.3.2 SEAR [56]

SEAR protocol focuses on hiding message originator. It offers paramet-
rized energy balance control and security level. This provides a way
to trade off energy for source location privacy. The only destination is
the sink which can effectively determine data source.
A pairwise key with the sink can be used for confidentiality. PIKE
protocol is used for key management and distribution. This protocol
only considers passive attackers.
I did not do the full analysis of this protocol as it was performed
by Tang et al. in [57]. Results of this analysis prove that this protocol
provides excellent source-location privacy.
SEAR shares two authors with newer CASER [58] protocol. These
protocols are almost identical with respect to security measures.
2.3.3 Conclusion
Geographical protocols may be immune to attacks that are based
on forged routing information due to nature of their routing path
selection. However, they tend to be vulnerable to Sybil attacks with
attacker presenting multiple locations as they cannot easily verify
them.
Two protocols were presented, each focusing on the different area.
SIGF protocol family improves IGF routing by eliminating its vulner-
abilities, while SEAR presents a new design of securing data origin
location. Both of them try to increase efficiency when possible and
only use more demanding security features when needed.
The overall security of SIGF family seems to be better than in
hierarchical protocols, with exception of TTSR, but it comes with the
price of positioning system requirement.
27
2.4 Conclusion
Multiple secure routing protocols were described in this chapter, most
of which were hierarchical. This uneven distribution is caused by the
fact that many existing protocols are modifications of LEACH protocol.
LEACH is attractive as base protocol for further securing thanks to
its energy efficiency. It is also immune to few attacks unless a sensor
was physically compromised which narrows the number of attacks to
protect from. However, with respect to security, none of the LEACH
modifications were close to best routing protocols that are designed to
be secure in the first place and improve other qualities only if it does
not affect security.
As stated by Karlof and Wagner in [28], confidentiality and fresh-
ness are not responsibilities of the secure routing protocol. Despite
that, most of the secure routing protocols incorporate these features,
sometimes giving them high priority. Although it is a nice feature,
these protocols are often vulnerable to attacks and could rather im-
prove different security aspects, like authentication. Confidentiality
could be added on the higher network layer.
Some protocols strictly focus on defense against single kind of
attacks. For example, HSRBH [59] only protects against black hole
attacks but does not consider other attacks. Some aim to achieve a
sole security goal, like preventing an attacker from determining the
data source, e.g. CASER. Even though these protocols manage to
achieve these goals, their application is restricted to scenarios where
the attacker is unable to launch different kinds of attacks due to reasons
unrelated to routing protocols.
Wood et al. claim that no perfect solution exists for secure routing
protocols. Whether or not this is true, there is not any known yet.
However, there are three outstanding protocols within those described
in this chapter, each belonging to a different category. Unlike the rest
of them, two of these even consider insider attacks and protect from
them with reasonable probability.
Out of all data-centric protocols, SeRINS achieves the highest se-
curity. It is one of two abovementioned protocols that handle insider
attacks. Among hierarchical protocols, TTSR is the most promising
protocol. Like SeRINS, it considers insider attacks but comes with
the price of higher sensor cost as 2% of the nodes need to be tamper-
28
resistant. Geographic protocols contradict theory mentioned earlier,

that secure protocols should not build on insecure ones but should be
designed as secure right from the beginning. The SIGF family, namely
SIGF-2 seems to be the best option within this category.
All the evaluation and recommendations in this thesis are done
strictly from the security point of view. Energy efficiency, packet over-
head and other aspects are not considered as I do not feel confident
enough in this area to make any conclusions. Nevertheless, SIGF and
mostly TTSR seem to offer higher energy efficiency than SeRINS which
makes it more interesting for real-life scenarios with battery-powered
sensors.
29
3 Selected attacks
3.1 Sybil attack

Sybil attack is a relatively new type of attack based on presenting mul-
tiple "personalities" for a single unit in order to benefit from having
increased significance within a group. For example, claiming multiple
identities to outvote the rest of the legit users or tricking a reputa-
tion system to disrupt a communication. It is named after the main
character of the book Sybil and was first described by L. Detweiler
under term pseudospoofing in 2002. Sybil attack can be used in many
different systems and scenarios to achieve various goals, including
attacks on WSN routing algorithms.
The basic idea of the Sybil attack within WSN is to present many
IDs for a single device. This makes it a very powerful attack because in
most cases, the identity can only be verified by utilizing cryptographic
mechanisms which are not employed in most of the protocols yet.
Newsome et al. described various attack scenarios and goals of
Sybil attack in WSN in [30]. These include distributed storage, routing,
data aggregation, voting, fair resource allocation and misbehavior
detection.
3.1.1 Sybil attack on WSN routing algorithms

Karlof and Wagner pointed out the severity of Sybil attack on routing
algorithms in WSNs. They inspected multiple routing protocols and,
among other attacks, their vulnerability to Sybil attack. They found
the majority of routing protocols vulnerable.
The attack can look different in case of different types of protocols.
One of the most vulnerable categories are geographical protocols that
rely on nodes claiming just single location. Sensor node does not
have any direct method to verify other node’s location. This allows
an attacker to claim arbitrary location as long as it is within radio
range of a victim node. This leads to an attacker node being virtually
in multiple places at once.
Another kind of protocols are multipath routing protocols. These
rely on high probability of data delivery thanks to utilizing more than
31
3. Selected attacks
one (disjoint) routing path. However, if the attacker offers attractive

routes through multiple Sybil nodes, all the disjoint paths may actually
lead through a single attacker’s node.
A similar result is achieved by executing Sybil attacks on routing
protocol with probabilistic selection of a next-hop neighbor. These
protocols try to increase delivery ratio in case of attacker’s presence by
choosing different neighbor for packet forwarding each time. In this
case, the attacker can dramatically increase the number of captured
messages.
Even though Karlof and Wagner claim that hierarchical routing
protocols are not vulnerable to Sybil attack, I suspect it may be used
to present multiple cluster heads to the network. In some cases, nodes
choose their CH randomly. If the attacker presents many identities as
CHs, he should be able to attract higher number of nodes compared
to presenting a single identity.
Table 3.1 summarizes vulnerability of reviewed protocols to Sybil
and relay attacks.
3.1.2 Implementation
To present a basic idea behind Sybil attacks on routing protocols, one
was implemented as a part of this thesis. Overall, three attacks are
presented in this thesis. Because of this and the complexity of secure
routing protocols, the attacked routing protocol is not a secure one.
The chosen routing protocol is a modified CTP.
The difference between this protocol and vanilla CTP lies in parent
selection. While each node has only a single parent in CTP, this modi-
fication lets each sensor keep multiple parents. When the message is
being forwarded or a new message is being sent, the node chooses one
of the parent nodes for the next hop. This can be selected randomly
or in a round-robin manner. Maximum number of nodes and parent
selection method are chosen in compile time.
Even though this protocol does not mean to be secure, similar strate-
gies are used in few secure routing protocols. For example, SeRINS
uses multiple parent nodes with round-robin next-hop-node selec-
tion to protect from selective forwarding. Random node selection is
utilized to hide message originator in the SEAR protocol. However,
this implementation does not attempt to achieve a similar level of
32
3. Selected attacks
security but rather to demonstrate how these security measures can

be overcome in simple scenarios.
In this scenario, legitimate nodes try to defend themselves against
selective forwarding in case of attacker’s presence by alternating their
next-hop parents. If the attacker was not able to launch Sybil attack,
the probability of the message being forwarded (and therefore possi-
bly modified or dropped) by the attacker decreases with increasing
number of parents. However, if the attacker successfully executes the
Sybil attack, he can drastically increase the number of captured mes-
sages by letting legitimate nodes register him as multiple parents
simultaneously, all of them in the ideal case.
The implementation consists of three types of nodes: base station,
legitimate sensor nodes and an attacker node. Scenario run contains
two phases: routing table establishment phase and a message exchange
phase. These are same as in vanilla CTP protocol with the abovemen-
tioned difference of keeping multiple parent nodes with the lowest
distance to the BS. The attacker node launches the attack during the
first phase. He presents short paths (e.g. 1 hop) to the BS for multiple
Sybil nodes (fake identities) so the legitimate nodes register them as
parent nodes. In the message exchange phase, when the nodes route
their messages, attacker node launches the black hole attack by drop-
ping all of the received messages. If the BS does not receive expected
message, there is a high probability that it was caused by the Sybil
attack.
Figure 3.1 depicts possible network state without attacker’s inter-
vention. Figure 3.2 shows one of the possible outcomes of an attack.
3.2 Relay attack

Relay attack is another type of attacks executable, among other targets,
on routing algorithms. Relay attack aims to form a tunnel between two
legitimate parties and convince them they communicate directly with
each other. This way, the attacker gets hold of all the traffic between
these parties. Attacker’s motive does not always need to be to possess
the transmitted data. These attacks allow the attacker to disrupt and
restore the communication at his will or convince the system about a
physical presence of a device.
33
3. Selected attacks
Figure 3.1: Network state without attacker’s presence
Figure 3.2: Sybil attack
34
3. Selected attacks
3.2.1 Relay attack on WSN routing algorithms
When the WSN routing is targeted, the goal is to convince the network
nodes they are each other’s neighbors, within each other’s radio range.
This may affect the network’s topology. Relay attack on WSN routing
is also called a wormhole attack [60] because it creates a "wormhole"
between two parties, which is able to transfer the data logically faster
(less number of hops).
Relay attack is similar to the man-in-the-middle attack but these
two attacks differ in their goal. Man-in-the-middle attack is executed in
order to modify the data before it reaches its destination but the relay
attack only causes the traffic to be routed through the attacker’s device.
After this is achieved, further attacks can be executed, including man
in the middle attack, selective forwarding/black hole, etc.
Even though a tunnel can be created between any two nodes, with
respect to WSN, the data is usually routed from all the nodes to the
base station. One of the reasonable scenarios is when the topology is
created dynamically by passing a beacon or a distance message in a
data-centric protocol, e.g. CTP.
Even though the message manipulation is not a direct goal of this
attack, it is still a serious threat as it is fairly hard to defend against it.
If the node receives a relayed message, it has no direct way to detect
it. Measuring the latency between sending and receiving of a packet
and comparing it to expected delay might prevent these attacks but
it would require the nodes to be able to determine their position and
a tight time synchronization that is highly impractical or impossible
to implement on such low-level devices. Another way to avoid this
attack is to use a protocol that is immune by its nature. Geographic
routing protocols are good examples. Hierarchical protocols also may
be immune but also may not if the protocol allows to often choose
the same cluster head. In this case, the CH announcement may be
relayed to the whole network which would lead to high amount of
nodes choosing the same node as their CH.
Involving cryptography to form a secure routing protocol does not
always help either. The attacker does not need to know the message
content in many scenarios. This is the case mostly when using relay
attack to execute a selective forwarding or a black hole attack.
35
3. Selected attacks
Vulnerability to relay attack of reviewed protocols is shown in

table 3.1.
Table 3.1: Vulnerability of reviewed protocols to Sybil and relay attacks

Protocol Sybil attack Relay attack
ESDDP NO NO
SeRINS NO NO
SPINS NO YES
SLEACH NO NO
SecLEACH NO YES
S-LEACH YES NO
MS-LEACH NO NO
SS-LEACH NO NO
ESRP YES NO
SCMRP NO YES
TTSR NO NO
SIGF (SIGF-2) NO NO
To demonstrate the impact of this kind of attack on routing protocols,
authenticated routing protocol from SPINS protocol suite was imple-
mented together with the attack. This routing is based on µTESLA
authenticated broadcast protocol and is similar to CTP. While CTP
uses distance messages to establish a routing tree, authenticated rout-
ing proposed in SPINS relies on a single repeated message. It works in
rounds identical to µTESLA rounds and uses µTESLA key disclosure
message as a beacon. Thanks to µTESLA, the beacon is provable to
originate in the base station and also to be fresh. To ensure the shortest
path is chosen, only the sender of a first captured beacon is set as a
parent in each node. Authors claim that it is impossible for an attacker
to reroute arbitrary links within the sensor network.
However, apart from the fact that the sender’s identity is not easily
verifiable, this protocol is vulnerable to a relay attack. If the attacker
36
3. Selected attacks
manages to relay the beacon to a node far enough from the BS before
it reaches this node through the legitimate channel, he will convince it
that the message came directly from the BS. The node will seemingly
communicate with the BS and the attacker will be able to launch
further attacks, e.g. selective forwarding. Figure 3.3 shows the protocol
run including the attack.
This specific implementation uses µTESLA key disclosure packets
for beacons and packets with node’s and its parent’s ID as the data
messages. To mark the relayed messages, parent’s ID is substituted.
For a relay tunnel, UDP protocol over standard network was chosen
as an out-of-band channel. Therefore attacker’s devices consist of two
computers running standard OS (e.g. Linux) and two nodes with a
radio for in-band communication.
37
3. Selected attacks
Figure 3.3: Relay attack
38
3. Selected attacks
3.3 Capture & brute-force attack

WSN sensor nodes are very limited devices. They tend to contain
low-level, typically 8-bit MCU with low frequency, ones of kilobytes
of RAM and a battery that further limits the performance to increase
the node lifetime. This makes them unsuitable for demanding compu-
tations, including cryptography. A short-range radio with very simple
medium access control features, also combined with the battery limita-
tions, causes the network transmission to be as brief as possible, using
at most few tens of bytes per single transmission. Longer messages
cause frequent reception errors which are followed by retransmissions
that cause battery to drain faster.
When the cryptography is involved, both processor and radio are
under significantly higher load and keys occupy considerable amount
of available memory. This is also the main reason why public key
cryptography is sometimes completely excluded from use in WSN
and protocols from traditional networks are not employed.
This obviously leads to usage of as simple cryptographic algo-
rithms as possible or attempts to simplify existing algorithms. Input
(e.g. key) and output (e.g. MAC, hash) sizes are also considered in
order to decrease message size and memory usage.
3.3.1 Attack overview

This attack demonstrates the impact of an inappropriate algorithm or
key size. The idea behind it is simple, an attacker exploits improper al-
gorithm settings (e.g. short key) to calculate MAC for a forged message.
The key is found by capturing and processing a legitimate message.
Attacker’s message is then sent back to the network and accepted by
other parties.
To perform the attack on protocol, vulnerable protocol is required.
In this case, µTESLA was picked despite being secure when used
properly. To perform brute-force key search, either MAC key or hash
chain key needs to be chosen for the attack. This implementation
meant to perform the attack on each message separately and thus
39
3. Selected attacks
MAC key was chosen. In case of breaking the hash chain, this would be
performed only once per protocol run. To make the key searchable by
brute force, it needs to be short enough. This can be achieved either by
deliberately overwriting part of the key with constants or by choosing
an algorithm with short enough key. RC2 algorithm was chosen as
the second option seems more reasonable, it a has key with variable
size and the implementation is available with public domain license.
Both hash and MAC functions were derived from this algorithm to
save the memory.
The scenario consists of several µTESLA runs, each with message
broadcast from BS. The attacker node captures the message and sends
it to an application running on Linux host. Application finds the key,
modifies the message and computes the new MAC for the modified
data. It is then transferred back to attacker’s node which sends it
further to the network. The whole process takes up to hundreds of
milliseconds while µTESLA round lasts at least few seconds so the
MAC key is still valid with a very high probability. Figure 3.4 depicts
the scenario run.
3.4 Summary
Three attacks on WSN routing were presented, each aiming at different
vulnerability. To emphasize their real-world impact, they were all
implemented, each targeting different vulnerability of the respective
protocol.
The first examined protocol was multipath CTP - modification of
basic CTP using multiple paths to decrease the chance of attacker’s
node being chosen for the next hop in message delivery. This simple
strategy is used in multiple routing protocols. The attack implemen-
tation demonstrates that Sybil attack is an effective way to overcome
this kind of security features.
The second protocol is µTESLA-based authenticated routing from
SPINS protocol suite. Authors designed it to present possible usage sce-
nario for their protocols. It uses µTESLA key announcement messages
as beacons to form a routing tree. Authors claim that the freshness
and origin of the message can be verified by each node, which is a
valid statement, but the relay (wormhole) attack enables the attacker
40
3. Selected attacks
Figure 3.4: Capture & brute-force attack
to create a link between arbitrary nodes that are far enough from each
other by relaying the beacon before it arrives in a legitimate way. The
link is then controlled by the attacker that can launch at least black
hole attack even if the traffic is encrypted.
The last example attack is demonstrating the possibility to offload
heavy computation from node to more powerful device like laptop
and is demonstrated on the weakened version of µTesla protocol.Both
hash and MAC functions are based on RC2 encryption algorithm with
a short key. The attack demonstrates laptop-class attacker’s possibility
of breaking security that would not be feasible on sensors themselves
and shows the need to select the right algorithms and their parameters
in such limited environments.
41
4 Arduino port of WSNProtectLayer
[61, Chapter 5] [62]
WSNProtectLayer is a security layer for wireless sensor networks run-
ning TinyOS [63]. It is implemented in nesC, a C-based event-driven
language designed for TinyOS.
WSNProtectLayer substitutes basic send and receive interfaces with
its own, secure variants. It features key distribution, message encryp-
tion and MAC, authenticated broadcast, CTP, phantom routing pro-
tocol and an intrusion detection system. ProtectLayerConfigurator
application handles key predistribution and configuration.
4.1 Arduino and JeeNode
One of the main goals of this thesis is to port WSNProtectLayer from

TinyOS to Arduino, namely JeeNode [64] devices. JeeNode is a mi-
crocontroller board inspired by Arduino. Its main components are
16 MHz, 8-bit ATmega 328p microcontroller unit and an RFM12B
wireless module for network communication. For testing purposes,
JeeLink [65] devices were used instead of JeeNode. They are almost
identical but JeeLink features a USB port for serial communication
with a host device that is more convenient.
JeeNode is compatible with Arduino platform. It runs C/C++ code
compiled with Atmel AVR toolchain, using Arduino libraries.
4.1.1 Platform differences
Even though JeeNode devices are roughly similar to devices supported

by TinyOS in terms of features, it would be a non-trivial task to imple-
ment a full hardware support. There were attempts to port TinyOS to
Arduino platform (i.e. [66, 67]) but they were abandoned few years
ago and never finished. Basic support for ATmega 328p is finished in
[66] but some crucial features would still need a lot of development.
Vanilla WSNProtectLayer on TinyOS platform running on JeeNode
was therefore not an option.
43
4. Arduino port of WSNProtectLayer
Table 4.1: Comparison of selected sensor node hardware

JeeNode MICAz TelosB
Processor 8-bit 16 Mhz 8-bit 8 MHz 16-bit 8 MHz
RAM 2 kB 4 kB 10 kB
ROM 1 kB 4 kB 16 kB
Program Memory Size 32 kB 128 kB 48 kB
Another difference between JeeNode and devices targeted by

WSNProtectLayer are hardware resources, mainly RAM and EEPROM
sizes. The comparison is shown in table 4.1. Considering the key man-
agement and computational constants like AES S-box that need to
fit into RAM, tradeoffs need to be made to sacrifice computational
complexity for memory gains.
While TinyOS has the same interface for radio communication
for every supported device regardless of the manufacturer, JeeNode
devices use the JeeLib library. This library already handles CRC and a
message header. It also limits number of nodes to 30 and the message
size to 66 bytes. However, the reliability is very low even when the
message size reaches 60 or fewer bytes.
4.2 Issues faced
As described in above section, the biggest issue was the RAM size.
Original WSNProtectLayer uses more performance-oriented AES im-
plementation while using more precomputed constants that occupy
RAM space. Switching to memory-oriented implementation saved
approximately 250 bytes, which is 1/8 of the whole RAM space. On
the downside, computational-heavy function that is called multiple
times for every sent and received message is not a desired design in
WSN context but the RAM is still more precious.
The whole design was affected by memory limitations. In addition
to AES implementation swap, all the log messages have been removed
as these constants also reside in memory. Some components were
made selectable at compile time to save memory space by removing
44
them if not used. Other adjustments concerning low RAM size were
also made and are discussed in section 4.3.
Regarding key management, it is impossible to keep all keys in
RAM at the same time. As shown later in section 4.4, this library
consumes most of the RAM space while there should be at least some
space for an application using it. This is solved by storing all keys in
EEPROM and only loading them before actually using them. However,
there is a counter assigned to each key. As the frequent writes into
EEPROM memory would wear it out fast, all counters need to be
kept in RAM. As mentioned before, JeeLib limits number of nodes
to 30. However, this is not a real issue considering there are always
two keys associated with every node. Each key being 16 bytes long,
keys occupy 960 out of 1024 bytes of EEPROM memory. Even though
implementation counts on eventually circumventing the JeeLib library
to decrease message overhead, higher number of nodes is therefore
not applicable.
4.3 Final design

Because some of the base station computations are too heavy on mem-
ory or processor, implementation has been broken down into three
main components:
• Base station
– Linux host - master

– JeeNode - slave
• Regular node
Base station slave only relies the communication from a serial

port to RF12 radio and vice versa. The host runs on standard Linux
operating system and uses the slave as a radio. Regular node naturally
does not need to be connected to anything except power source.
Following features have been implemented:
• Single-hop message protection
• Node-to-BS message protection
45
• Authenticated broadcast
• Neighbor discovery with key derivation
• Stripped-down CTP protocol
• Configurator for key predistribution and node configuration
4.3.1 Single-hop message protection
All wireless communication, except several special cases, is encrypted

with a symmetric pairwise key using AES in CTR mode and the au-
thenticity is ensured by using AES-based MAC. As already mentioned
above, AES implementation for a single block has been swapped for
another one but CTR encryption mode, MAC and AES-based hash
algorithm were taken from original WSNProtectLayer implementation
and were kept almost unchanged. This creates message overhead of 16
bytes for MAC but CTR mode effectively transforms AES into stream
cipher which does not further increase the overhead. Every message
also includes three bytes long header that is authenticated with MAC
but not encrypted. These three bytes represent a message type, sender
and a recipient. Further overhead of three bytes is added with usage
of a JeeLib library for radio communication.
For two nodes to exchange messages in this way, they need to per-
form a handshake first to establish a new session key. This is described
in section 4.3.4.
CTR mode requires a counter that needs to be synchronized. To
reduce the message size, the counter is not explicitly sent over the
radio but rather kept on both ends separately. Message delivery is
likely to fail in any WSN setup and JeeNode’s radio reliability is not
any better. To overcome this, nodes keep a window of several counter
values to synchronize after a transmission failure. This is also a case
with the base station.
Figures 4.1 and 4.2 illustrate processes of sending and receiving
messages.
46
Figure 4.1: Message sending
4.3.2 Node-to-BS message protection
The message can also be routed towards the base station, as it is in

majority of WSN use case scenarios. In this case, the message is pro-
tected (i.e. encrypted and a MAC is concatenated) with the pairwise
key shared with the base station and sent to a node’s parent. If a node
receives this message, it sends it to its parent, towards the base station
without any modification. Base station is the only party able to decrypt
the message.
A drawback of a current implementation is that the only way to
determine a parent is to use unprotected CTP protocol. This creates an
opportunity for routing (e.g. Sybil or relay) attacks but the message
content is still hidden from the attacker. Secure protocol for routing
tree establishment should be implemented in future work.
47
Figure 4.2: Message receiving
48
4.3.3 Authenticated broadcast

µTESLA protocol has been implemented for authenticated broadcast.
Base station precomputes the whole hash chain from the initial key
stored in configurator’s output file. Each node is predistributed with
last hash chain element. Similarly to counters in message protection
described in section 4.3.1, nodes can synchronize in case of missed key
broadcast. However, they refuse the new key if it arrives after expected
time period so the attacker cannot prevent the key from reaching a
node, misuse it and then replay it.
µTESLA has been implemented as a separate class in a way that
it can be easily disabled during compile time if the authenticated
broadcast is not required. This saves approximately 100 bytes of RAM
even if it is not used at all.
4.3.4 Neighbor discovery with key derivation

Each node is preconfigured with long-term pairwise keys for commu-
nication with every other node in the network. These keys are used
only for key derivation for current session. Node refuses communica-
tion other than key agreement if they have not established a session
key before. To do this, point-to-point key update mechanism described
in Handbook of Applied Cryptography, Chapter 12[68] has been imple-
mented with an acknowledgement added in the end to increase the
chance both nodes are aware of finishing. Both nodes participate in
key derivation as each of them generates one half of a random input.
This protocol also guarantees freshness and should protect against
eavesdropping, modification, replay and reflection attacks. The set-
back of the current implementation is a very weak random number
generator which is not an easy task to improve. After performing
neighbor discovery phase, each node shares a new key with every
neighbor within its range. The process of session key establishment is
shown in figure 4.3.
4.3.5 Stripped-down CTP protocol

In order to be able to forward data to a base station, a node needs to
identify a neighbor that is closer to the target. CTP is a basic routing
protocol that creates a routing tree with a base station as a root. A
49
Figure 4.3: Session key establishment
stripped-down version has been implemented, each node keeping

only a single parent with the lowest distance to a base station. Due to
great amount of traffic resulting from using a pairwise key for each
node in the network to announce the distance, the decision has been
made to keep the whole protocol in plaintext. More complex variant
with intrusion detection system is one of the possible solutions but
this is hardly achievable with such limited memory space. Solving
this is an idea for future work. The traffic routed towards the base
station is still protected by encryption and MAC with pairwise key
shared only with the base station.
It is possible to disable this functionality in the same way as µTESLA.
4.3.6 Configurator for key predistribution and node

configuration
Keys and IDs are preconfigured using the configurator. It consists of

application for Linux host and JeeNode application that reads data
from serial port and saves it in EEPROM.
Linux application reads configuration file with devices’ paths and
their corresponding IDs. It generates pairwise keys and µTESLA hash
chain. Then it can upload the configuration to nodes, save it in a file
or both, depending on command line arguments. Number of µTESLA
rounds and key size are configurable.
50
4.4 Testing
Static analysis was performed using Cppcheck tool and revealed no
issues. Linux part of the base station has been tested on various laptops
running Ubuntu-based operating systems and an ARM-based Orange
Pi Zero with Allwinner H2+ SoC running Armbian. Dynamic analysis
of Linux application has been performed with Valgrind.
Each feature has been tested in separate tests. The implementation
contains three demo applications:
• all nodes perform neighbor discovery and then each node sends
and receives messages to/from other nodes without base sta-
tion involvement,
• nodes form a CTP tree and forward messages to the base station,
• nodes perform neighbor discovery and receive authenticated

broadcast messages from the base station.
Other functionality tests were performed as well but are not part of
the project structure.
In terms of performance, all actions associated with message send-
ing take approximately seven milliseconds. Message reception takes
similar amount of time as it involves the same operations - loading
the key from EEPROM, decryption (which is the same operation as
encryption) and MAC computation. The difference occurs only if the
first attempt fails and another decryption with different counter must
be performed together with MAC verification. This takes shorter time
as the key is already loaded. Number of executions depends on the
counter synchronization window. However, decryption or MAC verifi-
cation failure should not happen if only honest parties are involved as
messages modified by noise are filtered out by JeeLib itself by verifying
message CRC. The attacker could use this to exhaust a battery-powered
node or cause a denial of service but there are still easier ways to do
that.
Regarding the memory limitations, during AES computations
when processing message to be sent, almost 1800 bytes of memory are
consumed, corresponding to 90% of total RAM space. This means that
application using this library can only use something above 200 bytes.
51
This can be pushed to approximately 350 bytes by disabling µTESLA

and CTP features if not needed. Some memory savings can certainly
be done but would not be overly significant.
Testing also revealed a slightly higher packet loss that is likely to
be caused by prolonging the messages by 19 bytes compared to plain-
text. Longer packets have naturally higher probability of transmission
failure.
52
5 Evaluation on testbed
Attacks presented in chapter 3 and WSNProtectLayer port have been
tested on laboratory testbed[69], wireless sensor network consisting
of JeeLink devices. Compared to tests mentioned in section 4.4, this
network consists of higher number of nodes. However, maximum
distance between two nodes in the network is two hops. This implies
a need to artificially adapt the protocols to enable attacks.
In case of Sybil attack, most of the nodes can receive transmission
directly from a base station. Since Sybil node never imitates a base
station, only a fraction of nodes communicated with a Sybil node.
However, this can still be considered a success.
The relay attack is based on transmitting a packet through a low-
latency channel faster than it would normally propagate through the
network. The attack implementation is designed to work on two sepa-
rate devices, utilizing UDP communication as out-of-band channel.
The channel delay combined with serial communication and retrans-
mission overhead and a low size of the network cause the packet to
reach all nodes in legitimate way faster than through the out-of-band
channel. Therefore, an artificial delay has been introduced to make
an opportunity for the attack. As most of the nodes can communicate
directly with the base station, only a low fraction of nodes was affected
by the attack.
Only the capture and brute-force attack was not affected by a net-
work size since it does not rely on message forwarding. In this case,
the attacker performs key search by brute force for each µTESLA mes-
sage and sends his own packet into the network. All the nearby nodes
receive the message. It is not forwarded by each node to prevent un-
necessary packet loss as the point of the attack is already presented
on most of the nodes.
WSNProtectLayer has been also tested within the testbed. Multi-
ple tests were performed to ensure functionality. Higher packet loss
was observed, compared to previous testing environment involving
lower number of nodes. However, this packet loss seems to be caused
by poor medium access control rather than added security features.
Randomizing message transmissions fixed these problems in all test
cases.
53
6 Conclusion
Routing protocol survey has been presented in first two chapters. It
shows that secure protocols that were derived from insecure ones by
adding security features tend to be vulnerable to various attacks. In
general, protocols designed to be secure right from the beginning offer
significantly better security but tradeoffs, like several tamper-proof
nodes need to be made even in this case. It also shows that there is
no universal panacea for all scenarios and the protocol needs to be
picked that suits the requirements.
In most cases, even if authors of WSN routing protocols name them
"secure", these protocols defend only against selected types of attacks
and do not consider any other threats.
Third chapter presents three attacks on this kind of WSN routing
algorithms. A protocol has been implemented for each attack, uti-
lizing security features from secure routing protocols discussed in
chapter 2. It shows the possibility of attacks even on secure protocols
and demonstrates the impact on practical examples.
The last part is dedicated to Arduino port of WSNProtectLayer
project. The basic functionality has been implemented, taking low
resources into account and thus leaving some advanced features out.
The library has been tested on laboratory testbed in various use case
scenarios.
6.1 Future work

Implementation of Arduino port of WSNProtectLayer could be im-
proved in a follow-up work. The RAM usage could be somewhat de-
creased to make space for a full-blown secure variant of CTP protocol.
Cryptographic random number generator should be employed instead
of a basic, insecure implementation with amount of entropy close to
zero. Furthermore, phantom routing, intrusion detection system and
other features from WSNProtectLayer could be added.
55
Bibliography
1. MOHAJERZADEH, A. H.; YAGHMAEE, M. H.; YAZDI, H. S.; REZAEE,
A. A. A fair routing protocol using generic utility based approach in
Wireless Sensor Networks. In: 2009 International Conference on Ultra
Modern Telecommunications Workshops. 2009, pp. 1–4. ISSN 2157-0221.
Available from DOI: 10.1109/ICUMT.2009.5345348.
2. KARL, Holger; WILLIG, Andreas. Protocols and Architectures for Wire-
less Sensor Networks. John Wiley & Sons, 2005. ISBN 0470095105.
3. KAUR, Gurwinder. Energy Efficient Topologies For Wireless Sensor
Networks. 2012, vol. 3, pp. 179–192.
4. GOYAL, D.; TRIPATHY, M. R. Routing Protocols in Wireless Sen-
sor Networks: A Survey. In: 2012 Second International Conference on
Advanced Computing Communication Technologies. 2012, pp. 474–480.
ISSN 2327-0632. Available from DOI: 10.1109/ACCT.2012.98.
5. KUMAR SINGH, Shio; P SINGH, M; SINGH, Dharmendra. Routing
Protocols in Wireless Sensor Networks - A Survey. 2010, vol. 1.
6. MATIN, M.A.; ISLAM, M.M. Overview of Wireless Sensor Network. In:
MATIN, Mohammad A. (ed.). Wireless Sensor Networks - Technology
and Protocols. Rijeka: InTech, 2012, chap. 01. Available from DOI:
10.5772/49376.
7. SHARMA, Suraj; JENA, Sanjay Kumar. A Survey on Secure Hierarchi-
cal Routing Protocols in Wireless Sensor Networks. In: Proceedings of
the 2011 International Conference on Communication, Computing &
Security. Rourkela, Odisha, India: ACM, 2011, pp. 146–151. ICCCS
’11. ISBN 978-1-4503-0464-1. Available from DOI: 10.1145/1947940.
1947972.
8. FELEMBAN, E.; LEE, Chang-Gun; EKICI, E. MMSPEED: multipath
Multi-SPEED protocol for QoS guarantee of reliability and. Timeli-
ness in wireless sensor networks. IEEE Transactions on Mobile Com-
puting. 2006, vol. 5, no. 6, pp. 738–754. ISSN 1536-1233. Available
from DOI: 10.1109/TMC.2006.79.
57
BIBLIOGRAPHY
9. INTANAGONWIWAT, Chalermek; GOVINDAN, Ramesh; ESTRIN,

Deborah. Directed Diffusion: A Scalable and Robust Communica-
tion Paradigm for Sensor Networks. In: Proceedings of the 6th Annual
International Conference on Mobile Computing and Networking. Boston,
Massachusetts, USA: ACM, 2000, pp. 56–67. MobiCom ’00. ISBN
1-58113-197-6. Available from DOI: 10.1145/345910.345920.
10. BRAGINSKY, David; ESTRIN, Deborah. Rumor Routing Algorthim for
Sensor Networks. In: Proceedings of the 1st ACM International Work-
shop on Wireless Sensor Networks and Applications. Atlanta, Georgia,
USA: ACM, 2002, pp. 22–31. WSNA ’02. ISBN 1-58113-589-0. Avail-
able from DOI: 10.1145/570738.570742.
11. HEINZELMAN, Wendi Rabiner; KULIK, Joanna; BALAKRISHNAN,
Hari. Adaptive Protocols for Information Dissemination in Wire-
less Sensor Networks. In: Proceedings of the 5th Annual ACM/IEEE
International Conference on Mobile Computing and Networking. Seattle,
Washington, USA: ACM, 1999, pp. 174–185. MobiCom ’99. ISBN
1-58113-142-9. Available from DOI: 10.1145/313451.313529.
12. GNAWALI, Omprakash; FONSECA, Rodrigo; JAMIESON, Kyle; MOSS,
David; LEVIS, Philip. Collection Tree Protocol. In: Proceedings of the
7th ACM Conference on Embedded Networked Sensor Systems. Berkeley,
California: ACM, 2009, pp. 1–14. SenSys ’09. ISBN 978-1-60558-519-2.
Available from DOI: 10.1145/1644038.1644040.
13. HEINZELMAN, Wendi Rabiner; CHANDRAKASAN, Anantha; BAL-
AKRISHNAN, Hari. Energy-Efficient Communication Protocol for
Wireless Microsensor Networks. In: Proceedings of the 33rd Hawaii
International Conference on System Sciences-Volume 8 - Volume 8. Wash-
ington, DC, USA: IEEE Computer Society, 2000, pp. 8020–. HICSS
’00. ISBN 0-7695-0493-0. Available also from: http://dl.acm.org/
citation.cfm?id=820264.820485.
14. LINDSEY, S.; RAGHAVENDRA, C. S. PEGASIS: Power-efficient gath-
ering in sensor information systems. In: Proceedings, IEEE Aerospace
Conference. 2002, vol. 3. Available from DOI: 10.1109/AERO.2002.
1035242.
15. MANJESHWAR, Arati; AGRAWAL, Dharma P. TEEN: ARouting Pro-
tocol for Enhanced Efficiency in Wireless Sensor Networks. In: Pro-
ceedings of the 15th International Parallel &Amp; Distributed Processing
58
BIBLIOGRAPHY
Symposium. Washington, DC, USA: IEEE Computer Society, 2001,

pp. 189–. IPDPS ’01. ISBN 0-7695-0990-8. Available also from: http:
//dl.acm.org/citation.cfm?id=645609.663269.
16. YOUNIS, Ossama; FAHMY, Sonia. HEED: A Hybrid, Energy-Efficient,
Distributed Clustering Approach for Ad Hoc Sensor Networks. IEEE
Transactions on Mobile Computing. 2004, vol. 3, no. 4, pp. 366–379.
ISSN 1536-1233. Available from DOI: 10.1109/TMC.2004.41.
17. M. BLUM, Brain; HE, Tian; SON, Sang; A. STANKOVIC, John. IGF:
A State-Free Robust Communication Protocol for Wireless Sensor
Networks. 2003.
18. HAN, Wei or initial); ZHANG, Naiqian; ZHANG, Y. A two-layer wire-
less sensor network for remote sediment monitoring. 2008, vol. 9,
pp. 5401–5418.
19. YU, Yan; GOVINDAN, Ramesh; ESTRIN, Deborah. Geographical and
Energy Aware Routing: a recursive data dissemination protocol for
wireless sensor networks. 2001, vol. 463.
20. XU, Ya; HEIDEMANN, John; ESTRIN, Deborah. Geography-informed
Energy Conservation for Ad Hoc Routing. In: Proceedings of the 7th
Annual International Conference on Mobile Computing and Networking.
Rome, Italy: ACM, 2001, pp. 70–84. MobiCom ’01. ISBN 1-58113-
422-3. Available from DOI: 10.1145/381677.381685.
21. CHEN, Benjie; JAMIESON, Kyle; BALAKRISHNAN, Hari; MORRIS,
Robert. Span: An Energy-efficient Coordination Algorithm for Topol-
ogy Maintenance in Ad Hoc Wireless Networks. Wirel. Netw. 2002,
vol. 8, no. 5, pp. 481–494. ISSN 1022-0038. Available from DOI:
10.1023/A:1016542229220.
22. SOHRABI, K.; GAO, J.; AILAWADHI, V.; POTTIE, G. J. Protocols for
self-organization of a wireless sensor network. IEEE Personal Com-
munications. 2000, vol. 7, no. 5, pp. 16–27. ISSN 1070-9916. Available
from DOI: 10.1109/98.878532.
23. DE, Swades; QIAO, Chunming; WU, Hongyi. Meshed multipath rout-
ing with selective forwarding: an efficient strategy in wireless sensor
networks. Computer Networks. 2003, vol. 43, no. 4, pp. 481–497. ISSN
1389-1286. Available from DOI: https://doi.org/10.1016/S1389-
1286(03)00355-4. Wireless Sensor Networks.
59
BIBLIOGRAPHY
24. HUANG, Xiaoxia; FANG, Yuguang. Multiconstrained QoS Multipath

Routing in Wireless Sensor Networks. Wirel. Netw. 2008, vol. 14, no. 4,
pp. 465–478. ISSN 1022-0038. Available from DOI: 10.1007/s11276-
006-0731-9.
25. HE, Tian; STANKOVIC, J. A.; LU, Chenyang; ABDELZAHER, T. SPEED:
a stateless protocol for real-time communication in sensor networks.
In: 23rd International Conference on Distributed Computing Systems,
2003. Proceedings. 2003, pp. 46–55. ISSN 1063-6927. Available from
DOI: 10.1109/ICDCS.2003.1203451.
26. BEN-OTHMAN, Jalel; YAHYA, Bashir. Energy efficient and QoS based
routing protocol for wireless sensor networks. Journal of Parallel and
Distributed Computing. 2010, vol. 70, no. 8, pp. 849–857. ISSN 0743-
7315. Available from DOI: https://doi.org/10.1016/j.jpdc.
2010.02.010.
27. MESSAI, Mohamed Lamine. Classification of Attacks in Wireless Sen-
sor Networks. 2014.
28. KARLOF, C.; WAGNER, D. Secure routing in wireless sensor net-
works: attacks and countermeasures. In: Proceedings of the First IEEE
International Workshop on Sensor Network Protocols and Applications,
2003. 2003, pp. 113–127. Available from DOI: 10.1109/SNPA.2003.
1203362.
29. LEE, Suk-Bok; CHOI, Yoon-Hwa. A Secure Alternate Path Routing in
Sensor Networks. Comput. Commun. 2006, vol. 30, no. 1, pp. 153–165.
ISSN 0140-3664. Available from DOI: 10.1016/j.comcom.2006.08.
006.
30. NEWSOME, James; SHI, Elaine; SONG, Dawn; PERRIG, Adrian. The
Sybil Attack in Sensor Networks: Analysis & Defenses. In: Proceed-
ings of the 3rd International Symposium on Information Processing in
Sensor Networks. Berkeley, California, USA: ACM, 2004, pp. 259–268.
IPSN ’04. ISBN 1-58113-846-6. Available from DOI: 10.1145/984622.
984660.
31. HARTUNG, Carl; BALASALLE, James; HAN, Richard. Node Com-
promise in Sensor Networks: The Need for Secure Systems. In:
Computer Science Technical Reports. 2005. Available also from: https:
//scholar.colorado.edu/csci_techreports/926.
60
BIBLIOGRAPHY
32. PECHO, Peter; NAGY, Jan; HANÁČEK, Petr; DRAHANSKÝ, Martin.

Secure Collection Tree Protocol for Tamper-Resistant Wireless Sen-
sors. In: Proceedings of International Conference SecTech 2009. Berlin,
DE: Springer Verlag, 2009, pp. 217–224. Communications in Com-
puter and Information Science 58. ISBN 978-3-642-10846-4. Available
also from: http://www.fit.vutbr.cz/research/view_pub.php?
id=9127.
33. BELKADI, Malika; AOUDJIT, Rachida; DAOUI, Mehammed; LALAM,
Mustapha. Energy-efficient Secure Directed Diffusion Protocol for
Wireless Sensor Networks. 2014, vol. 6, pp. 50–56.
34. LEE, Suk-Bok; CHOI, Yoon-Hwa. ARMS: An Authenticated Routing
Message in Sensor Networks. In: Proceedings of the First International
Conference on Secure Mobile Ad-hoc Networks and Sensors. Singapore:
Springer-Verlag, 2006, pp. 158–173. MADNES’05. ISBN 3-540-36646-
6, 978-3-540-36646-1. Available from DOI: 10.1007/11801412_15.
35. PERRIG, Adrian; SZEWCZYK, Robert; TYGAR, J. D.; WEN, Victor;
CULLER, David E. SPINS: Security Protocols for Sensor Networks.
Wirel. Netw. 2002, vol. 8, no. 5, pp. 521–534. ISSN 1022-0038. Avail-
able from DOI: 10.1023/A:1016598314198.
36. ZHANG, K.; WANG, C.; WANG, C. A Secure Routing Protocol for
Cluster-Based Wireless Sensor Networks Using Group Key Man-
agement. In: 2008 4th International Conference on Wireless Communi-
cations, Networking and Mobile Computing. 2008, pp. 1–5. ISSN 2161-
9646. Available from DOI: 10.1109/WiCom.2008.889.
37. XIAO-YUN, Wang; LI-ZHEN, Yang; KE-FEI, Chen. SLEACH: Secure
low-energy adaptive clustering hierarchy protocol for wireless sen-
sor networks. Wuhan University Journal of Natural Sciences. 2005, vol. 10,
no. 1, pp. 127–131. ISSN 1993-4998. Available from DOI: 10.1007/
BF02828633.
38. PERRIG, Adrian; CANETTI, Ran; D. TYGAR, J; SONG, Dawn. The
TESLA broadcast authentication protocol. 2002, vol. 5.
39. OLIVEIRA, L. B.; WONG, H. C.; BERN, M.; DAHAB, R.; LOUREIRO,
A. A. F. SecLEACH - A Random Key Distribution Solution for Secur-
ing Clustered Sensor Networks. In: Fifth IEEE International Sympo-
sium on Network Computing and Applications (NCA’06). 2006, pp. 145–
154. Available from DOI: 10.1109/NCA.2006.48.
61
BIBLIOGRAPHY
40. FERREIRA, Adrian Carlos; VILAÇA, Marcos Aurélio; OLIVEIRA,

Leonardo B.; HABIB, Eduardo; WONG, Hao Chi; LOUREIRO, Anto-
nio A. On the Security of Cluster-Based Communication Protocols
for Wireless Sensor Networks. In: LORENZ, Pascal; DINI, Petre
(eds.). Networking - ICN 2005. Berlin, Heidelberg: Springer Berlin
Heidelberg, 2005, pp. 449–458.
41. ESCHENAUER, Laurent; GLIGOR, Virgil D. A Key-management Scheme
for Distributed Sensor Networks. In: Proceedings of the 9th ACM Con-
ference on Computer and Communications Security. Washington, DC,
USA: ACM, 2002, pp. 41–47. CCS ’02. ISBN 1-58113-612-9. Available
from DOI: 10.1145/586110.586117.
42. FERREIRA, Adrian Carlos; VILAÇA, Marcos Aurélio; OLIVEIRA,
Leonardo B.; HABIB, Eduardo; WONG, Hao Chi; LOUREIRO, Anto-
nio A. On the Security of Cluster-Based Communication Protocols
for Wireless Sensor Networks. In: LORENZ, Pascal; DINI, Petre
(eds.). Networking - ICN 2005. Berlin, Heidelberg: Springer Berlin
Heidelberg, 2005, pp. 449–458. ISBN 978-3-540-31956-6.
43. EL, M.; SHAABAN, E. Enhancing S-LEACH security for wireless sen-
sor networks. In: 2012 IEEE International Conference on Electro/Infor-
mation Technology. 2012, pp. 1–6. ISSN 2154-0357. Available from
DOI: 10.1109/EIT.2012.6220698.
44. WU, D.; HU, G.; NI, G. Research and Improve on Secure Routing Pro-
tocols in Wireless Sensor Networks. In: 2008 4th IEEE International
Conference on Circuits and Systems for Communications. 2008, pp. 853–
856. Available from DOI: 10.1109/ICCSC.2008.186.
45. ALSHOWKAN, M.; ELLEITHY, K.; ALHASSAN, H. LS-LEACH: A
New Secure and Energy Efficient Routing Protocol for Wireless
Sensor Networks. In: 2013 IEEE/ACM 17th International Symposium
on Distributed Simulation and Real Time Applications. 2013, pp. 215–
220. ISSN 1550-6525. Available from DOI: 10.1109/DS-RT.2013.31.
46. SUBRAMANIAN, Ganesh; AMUTHA, R. Efficient and secure rout-
ing protocol for wireless sensor networks. In: 2013 International
Conference on Recent Trends in Information Technology (ICRTIT). 2013,
pp. 631–637. Available from DOI: 10.1109/ICRTIT.2013.6844274.
47. SUBRAMANIAN, Ganesh. Efficient and secure routing protocol for wire-
less sensor networks. 2009. PhD thesis. Sathyabama University.
62
BIBLIOGRAPHY
48. KUMAR, S.; JENA, S. SCMRP: Secure cluster based multipath rout-
ing protocol for wireless sensor networks. In: 2010 Sixth Interna-
tional conference on Wireless Communication and Sensor Networks. 2010,
pp. 1–6. Available from DOI: 10.1109/WCSN.2010.5712294.
49. DURRANI, N. M.; KAFI, N.; SHAMSI, J.; HAIDER, W.; ABBSI, A. M.
Secure multi-hop routing protocols in Wireless Sensor Networks: Re-
quirements, challenges and solutions. In: Eighth International Confer-
ence on Digital Information Management (ICDIM 2013). 2013, pp. 41–
48. Available from DOI: 10.1109/ICDIM.2013.6694001.
50. DU, X.; GUIZANI, M.; XIAO, Y.; CHEN, H. H. Two Tier Secure Routing
Protocol for Heterogeneous Sensor Networks. IEEE Transactions on
Wireless Communications. 2007, vol. 6, no. 9, pp. 3395–3401. ISSN
1536-1276. Available from DOI: 10.1109/TWC.2007.06095.
51. DU, Xiaojiang; XIAO, Yang; GUIZANI, Mohsen; CHEN, Hsiao Hwa.
An effective key management scheme for heterogeneous sensor
networks. Ad Hoc Networks. 2007, vol. 5, no. 1, pp. 24–34. ISSN 1570-
8705. Available from DOI: 10.1016/j.adhoc.2006.05.012.
52. KARP, Brad; KUNG, H. T. GPSR: Greedy Perimeter Stateless Rout-
ing for Wireless Networks. In: Proceedings of the 6th Annual Interna-
tional Conference on Mobile Computing and Networking. Boston, Mas-
sachusetts, USA: ACM, 2000, pp. 243–254. MobiCom ’00. ISBN 1-
58113-197-6. Available from DOI: 10.1145/345910.345953.
53. WOOD, Anthony D.; FANG, Lei; STANKOVIC, John A.; HE, Tian.
SIGF: A Family of Configurable, Secure Routing Protocols for Wire-
less Sensor Networks. In: Proceedings of the Fourth ACM Workshop on
Security of Ad Hoc and Sensor Networks. Alexandria, Virginia, USA:
ACM, 2006, pp. 35–48. SASN ’06. ISBN 1-59593-554-1. Available
from DOI: 10.1145/1180345.1180351.
54. HU, Yih-Chun; PERRIG, Adrian; JOHNSON, David B. Rushing At-
tacks and Defense in Wireless Ad Hoc Network Routing Protocols.
In: Proceedings of the 2Nd ACM Workshop on Wireless Security. San
Diego, CA, USA: ACM, 2003, pp. 30–40. WiSe ’03. ISBN 1-58113-769-
9. Available from DOI: 10.1145/941311.941317.
63
BIBLIOGRAPHY
55. ZHU, Sencun; SETIA, Sanjeev; JAJODIA, Sushil. LEAP: Efficient Secu-
rity Mechanisms for Large-scale Distributed Sensor Networks. In:
Proceedings of the 10th ACM Conference on Computer and Communica-
tions Security. Washington D.C., USA: ACM, 2003, pp. 62–72. CCS ’03.
ISBN 1-58113-738-9. Available from DOI: 10.1145/948109.948120.
56. TANG, D.; JIANG, T.; REN, J. Secure and Energy Aware Routing
(SEAR) in Wireless Sensor Networks. In: 2010 IEEE Global Telecom-
munications Conference GLOBECOM 2010. 2010, pp. 1–5. ISSN 1930-
529X. Available from DOI: 10.1109/GLOCOM.2010.5685225.
57. TANG, D.; LI, T.; REN, J. Quantitative security and efficiency analysis
of SEAR in wireless sensor networks. In: 2012 IEEE International
Conference on Communications (ICC). 2012, pp. 944–948. ISSN 1550-
3607. Available from DOI: 10.1109/ICC.2012.6364386.
58. TANG, D.; LI, T.; REN, J.; WU, J. Cost-Aware SEcure Routing (CASER)
Protocol Design for Wireless Sensor Networks. IEEE Transactions
on Parallel and Distributed Systems. 2015, vol. 26, no. 4, pp. 960–973.
ISSN 1045-9219. Available from DOI: 10.1109/TPDS.2014.2318296.
59. YIN, Jian; MADRIA, S. K. A hierarchical secure routing protocol
against black hole attacks in sensor networks. In: IEEE International
Conference on Sensor Networks, Ubiquitous, and Trustworthy Comput-
ing (SUTC’06). 2006, vol. 1. Available from DOI: 10 . 1109 / SUTC .
2006.1636203.
60. HU, Yih-chun; PERRIG, Adrian; B. JOHNSON, David. Wormhole
Detection in Wireless Ad Hoc Networks. 2002.
61. MATYÁŠ, Vashek; ŠVENDA, Petr; STETSKO, Andriy; KLINEC, Dušan;
JURNEČKA, Filip; STEHLÍK, Martin. Securing Cyber-Physical Sys-
tems. WSNProtectLayer: Security Middleware for Wireless Sensor
Networks. Ed. by PATHAN, Al-Sakib Khan. CRC Press, Inc., 2015.
ISBN 1498700985, 9781498700986.
62. CENTRE FOR RESEARCH ON CRYPTOGRAPHY AND SECURITY.
WSNProtectLayer [online] [visited on 2018-05-09]. Available from:
https://github.com/crocs-muni/WSNProtectLayer.
63. LEVIS, P. et al. TinyOS: An operating system for sensor networks. In:
in Ambient Intelligence. Springer Verlag, 2004.
64
BIBLIOGRAPHY
64. JeeNode - Hardware - JeeLabs . net. Available also from: https://jeelabs.

net/projects/hardware/wiki/JeeNode.
65. JeeLink - Hardware - JeeLabs . net. Available also from: https://jeelabs.
net/projects/hardware/wiki/JeeLink.
66. JOHNY MATTSSON. tinyos-arduino [online] [visited on 2018-05-09].
Available from: https://github.com/jmattsson/tinyos-arduino.
67. MARKUS BECKER. tinyos-arduino-MRF24J40MA [online] [visited on
2018-05-09]. Available from: https : / / github . com / markushx /
tinyos-arduino-MRF24J40MA.
68. MENEZES, Alfred J.; VANSTONE, Scott A.; OORSCHOT, Paul C. Van.
Handbook of Applied Cryptography. 1st. Boca Raton, FL, USA: CRC
Press, Inc., 1996. ISBN 0849385237.
69. NĚMEC, Lukáš. Experimental and educational platform for wireless ad-
hoc networking [online]. 2017 [cit. 2018-05-12]. Available also from:
Dostupn % C3 % A9 % 20z % 20WWW % 20 % 3Chttps : / / is . muni . cz / th /
zblxs/%3E. Diplomová práce. Masarykova univerzita, Fakulta infor-
matiky, Brno. Supervised by Petr ŠVENDA.
65
A Data attachment
Source code attachment contains following directories:
attacks\ - source code of attack scenarios
Sybil_routing\ - Sybil attack on multipath CTP
Relay_SPINS\ - relay attack on SPINS protocol
CBF\ - capture & brute-force attack
aes\ - AES implementation
rc2\ - RC2 implementation
uTESLA_AES\ - AES-based µTESLA implementation
wsnpl_arduino\ - source code of WSNProtectLayer port

ProtectLayer\ - library implementation
Configurator\ - application for JeeLink
configuration
There are additional directories containing source code:

attacks\Sybil_voting\ - Sybil attack on voting utilizing CTP
attacks\Relay_CTP\ - relay attack on CTP
attacks\blake224\ - BLAKE-224 implementation
attacks\uTESLA\ - BLAKE-224-based µTESLA implementation
67

Secure Routing Protocols and Attacks On Arduino Jeenode: Masaryk University

Uploaded by

Copyright:

Available Formats

You might also like

Secure Routing Protocols and Attacks On Arduino Jeenode: Masaryk University

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Secure Routing Protocols and Attacks On Arduino Jeenode: Masaryk University

Uploaded by

Copyright:

Available Formats

Masaryk University

Secure routing protocols and

Bc. Martin Sárkány

Brno, Spring 2018

Secure routing protocols and

Bc. Martin Sárkány

Brno, Spring 2018

Bc. Martin Sárkány

Advisor: RNDr. Petr Švenda, Ph.D.

1 Routing in wireless sensor networks 3

2 Secure routing protocols 9

4 Arduino port of WSNProtectLayer 43

1.1 WSN Routing protocols

Routing protocols in WSN can be divided into categories by their

(cluster head). These are mostly chosen randomly and/or alternate in

Table 1.1: WSN routing protocol types with examples

based routing protocol that guarantees delivery within a given time

1.2 Types of attacks on WSN routing protocols

1.2.2 Selective forwarding

This behavior can be detected by transmitting or neighbor node. Reac-

1.2.3 Black hole attack

1.2.4 Sinkhole attack

1.2.5 HELLO flood

1.2.6 Blackmail attack

This attack only works in protocols, where malicious nodes may be

Because wireless sensor networks have a tendency to be battery-powered,

1.2.8 Identity replication

1.2.10 Sybil and Relay/wormhole attack

old is reached or a timer goes off. Sensors can be queried by their

2.1.1 ESDDP [33]

Directed diffusion works in a query-response manner. BS queries the

• pairwise key shared with a BS,

• pairwise key shared with neighbor,

• global key shared between all the nodes in the network.

Unlike majority of secure routing protocols for WSN, SeRINS focuses

2.1.3 SPINS [35]

it registers its originator as a parent node and sends it further. This

2.2 Cluster-based protocols

2.2.1 SLEACH [37]

to the sink instead. Let me remind that basic assumption in LEACH is

2.2.2 SecLEACH [39]

then assigned fixed number of keys. When a node becomes a CH can-

2.2.3 S-LEACH (SLEACH) [42]

S-LEACH (also dubbed SLEACH) is the first attempt to secure the

2.2.4 MS-LEACH [43]

MS-LEACH aims to improve S-LEACH in terms of data confidentiality

SS-LEACH [44] also improves S-LEACH but in a different, more rea-

bution. It forms dynamic stochastic multi-paths cluster-heads chains.

2.2.6 LS-LEACH [45]

LS-LEACH is the last LEACH-based protocol listed here. It uses a

the security of the whole network is compromised. Keys for commu-

2.2.7 ESRP [46]

2.2.8 SCMRP [48]

2.2.9 TEESR [49]

2.2.10 TTSR [50]

Majority of hierarchical secure routing protocols are modifications

Table 2.1 summarizes attacks that are possible on reviewed hierar-