• No se han encontrado resultados

EL FRESNO DE MONTAÑA (Fraxinus excelsior L.)

4. SELVICULTURA DE LAS ESPECIES PRINCIPALES

4.3. EL FRESNO DE MONTAÑA (Fraxinus excelsior L.)

Communications" at" the" link" layer" in" WSN" support" mechanisms" for" neighboring" nodes" to" access"a"shared"wireless"communication"medium,"using"access"rules"defined"in"the"context" of"techniques"such"as"Time"Division"Multiple"Access"(TDMA)"or"Carrier"Sense"Multiple"Access" with"collision"avoidance"(CSMA/CA)."At"this"layer,"the"attacker"seeks"to"exploit"vulnerabilities" of" the" MAC" protocol," which" may" allow" him" to" induce" malicious" collisions," to" exhaust" the" energy" of" nodes" by" continuously" forcing" retransmissions," or" to" get" an" unfair" share" of" the" communications"medium"by"simply"not"following"the"MAC"rules,"as"analyzed"in"[8]."

Induced" collisions" may" be" considered" a" type" of" link" layer" jamming," in" which" the" attacker" usually" explores" particularities" of" the" functioning" of" the" MAC." The" insertion" of" bogus" ACK" messages" can" lead" to" an" exponential" back" off" of" the" MAC" protocol," effectively" denying" access"of"legitimate"sensor"nodes"to"the"WSN."Frames"injected"can"also"provoke"collisions" and"contention."In"this"context,"Wood"and"Stankovic"[8]"propose"the"employment"of"error" correction" codes" against" collision" attacks," and" another" possibility" is" to" employ" collision" detection" techniques." The" former" involves" the" use" of" extra" bits" and" is" not" immune" to" corruption,"while"the"later"is"currently"not"proved"to"be"an"effective"solution"for"WSN." The"exhaustion"attack"consists"in"forcing"a"node"to"continuously"retransmit"frames"due"to" collisions"until"its"battery"is"exhausted."A"variant"of"this"attack"is"when"a"selfNsacrificing"node" continuously" sends" acknowledgment" (ACK)" messages," forcing" neighbors" to" respond" with" clearNtoNsend" (CTS)" messages." Possible" solutions" against" this" type" of" attack" consist" on" the" usage" of" time" division" multiplexing" techniques" to" avoid" indefinite" postponements" during" collisions," and" the" modification" of" the" MAC" protocol" to" limit" the" rate" of" requests" [8]." An" attacker" may" unfairly" obtain" access" to" the" communications" medium" by" abusing" the" MAC" priority"schemes."One"possible"and"partial"solution"against"this"threat"consists"in"the"usage" of"small"frames"in"order"to"capture"the"channel"for"smaller"periods"of"time."

One"may"consider"that"research"concerning"prevention"or"avoidance"of"attacks"against"the" physical" and" link" layers" can" also" result" in" the" design" of" new" secure" MAC" protocols." These" protocols"can"employ"mechanisms"that"allow"the"detection"and"isolation"of"regions"targeted" by"jamming"attacks,"allowing"the"network"to"route"around"the"compromised"area"[8]."On"the" other" hand," the" design" of" Internet" communication" technologies" for" lowNenergy" WSN" environments"calls"for"the"adoption"of"particular"MAC"solutions"that"may"not"support"many" of"the"proposed"mechanisms"against"security"threats"at"the"MAC"layer."This"is"visible"in"the" current" adoption" of" IEEE" 802.15.4" for" the" design" of" 6LoWPANNbased" communication" technologies," which" we" discuss" later" in" the" present" chapter." Also" in" this" context," security" mechanisms"designed"for"upper"layers"of"the"stack"can"contribute"to"indirectly"avoid"security" threats"against"the"normal"functioning"of"the"MAC"layer.""

2.2.3 P

ROPOSALS!AT!THE!

N

ETWORK!AND!

R

OUTING!LAYERS

!

In" the" following" discussion" we" focus" on" research" proposals" targeting" security" mechanisms" designed" for" communications" at" the" network" and" routing" layers" in" isolated" WSN" environments." As" the" networkNlayer" may" enable" endNtoNend" communications" with" devices" external" to" the" WSN," we" also" analyze" research" proposals" on" networkNlayer" security" in" the" context" of" InternetNintegrated" WSN" later" in" this" chapter." As" for" other" communication" technologies,"networkNlayer"communication"technologies"and"routing"protocols"designed"for" WSN"have"to"be"energy"and"memory"efficient,"while"at"the"same"time"providing"resistance" against" security" attacks" or" sensing" node" failures." In" the" context" of" previous" research" proposals" for" WSN," there" have" been" many" powerNefficient" routing" protocols" proposed" for" WSN"environments"as"discussed"in"[16],"although"many"of"them"haven’t"been"designed"with" security"in"mind.""

As"discussed"in"[17],"the"main"attacks"against"the"security"and"normal"functioning"of"routing" protocols" in" WSN" are" black" holes," wormholes," spoofing," selective" forwarding," sinkholes," hello"floods"and"acknowledgment"spoofing"attacks,"that"we"proceed"to"analyze."In"black"hole" attacks"a"compromised"node"advertises"a"very"low"or"zero"cost"route"to"its"neighbors,"with" the"purpose"of"attracting"and"discarding"network"packets."Black"hole"attacks"are"particularly" effective" with" distance" vector" routing" protocols." In" the" wormhole" attack" messages" are" tunneled"over"a"low"latency"link"to"another"part"of"the"network"and"then"replayed"there."It"is" usually" considered" that" geographical" routing" protocols" are" in" principal" resistant" to" these" attacks,"and"tight"time"synchronization"is"important"to"fight"them."A"solution"to"this"attack" has"been"proposed"in"the"form"of"packet"leashes"[18],"which"consists"in"adding"additional" information" to" the" packet" in" order" to" restrict" the" maximum" distance" that" the" packet" can" travel"in"a"given"amount"of"time."Another"solution"has"been"proposed"in"[19]"where"a"graph" theoretic" framework" for" modeling" wormholes" allows" the" detection" and" defense" against" wormhole"attacks."Nevertheless,"in"this"work"the"authors"don’t"present"technical"details"for" the"proposed"solution."

In" spoofing" attacks" packets" containing" routing" information" are" altered" and" replayed," with" the" purpose" of" creating" routing" loops" or" of" increasing" the" endNtoNend" delay" of" communications."Link"layer"encryption"and"authentication"helps"against"outsider"attackers" trying"to"inject"such"falsified"messages,"but"as"previously"discussed"is"not"effective"against" insider"attacks."In"selective"forwarding"attacks"the"attacker"is"able"to"include"himself"in"the" data"flow"and"to"chose"which"packets"should"be"forwarded"or"dropped,"thus"creating"a"black" hole"or"preventing"data"from"reaching"specific"nodes."An"example"of"a"selective"forwarding" attack"is"the"DoS"attack"against"broadcast"messages"in"WSN."Proposed"solutions"include"the" employment" of" redundancy," for" example" via" the" employment" of" multiNpath" routing" techniques."

In"the"sinkhole"attack"an"adversary"tries"to"attract"traffic"towards"the"compromised"nodes," with" the" goal" of" discarding" it." This" attack" can" work" as" the" launching" block" for" selective"

forwarding,"making"a"node"attractive"to"its"neighbors"by"adverting"high"quality"routes"or"low" latency" links." Attacks" of" the" hello" flood" type" consist" of" an" attacker" with" a" high" power" antenna"convincing"a"large"number"of"other"nodes"that"he"is"its"neighbor"[8]."This"attacks" works"as"a"broadcast"wormhole,"convincing"nodes"to"send"their"packets"to"nowhere."Routing" protocols"dependent"on"localized"information"are"vulnerable"to"this"class"of"attack."Proposed" solutions"are"to"employ"mechanisms"that"employ"verification"of"the"biNdirectionally"of"links," such" as" with" the" NeedhamNSchroeder" Symmetric" Key" Protocol" [20]," and" limitation" of" the" number"of"verified"neighbors"by"the"base"station."Finally,"in"the"acknowledgment"spoofing" attack"an"attacker"spoofs"a"bad"link"or"a"dead"node"using"the"link"layer"acknowledgment"for" the" packets" it" overhears" for" those" nodes." The" solution" to" this" threat" is" to" employ" authentication"and"encryption"of"all"transmitted"packets,"including"of"packet"headers." In" general," malicious" packets" at" the" network" layer" can" be" detected" by" using" appropriate" authentication" mechanisms," and" in" the" same" context" message" freshness" can" provide" protection" against" replayed" messages." Attacks" can" be" perpetrated" against" networkNlayer" communications"but"also"against"routing"protocols."Multipath"routing"techniques"have"been" proposed"in"[16]"against"WSN"routing"attacks."The"basic"idea"behind"multipath"routing"is"to" use"multiple"disjoint"paths"to"route"a"message"such"that"it"is"unlikely"that"all"wireless"sensor" nodes" in" the" path" are" compromised." Another" approach" is" to" use" secure" localization" determination" mechanisms" in" securing" geographic" routing" protocols." Secure" localization" mechanisms"also"allow"the"detection"of"nodes"compromised"by"wormhole"and"Sybil"attacks." Other"than"the"previously"discussed"proposals"to"target"security"attacks"at"the"network"and" routing" layers" in" WSN" environments," the" integration" of" WSN" with" the" Internet" via" WSN" Internet" communication" technologies" will" also" call" for" mechanisms" designed" to" work" in" tandem"with"such"technologies."Mechanisms"designed"in"this"context"can"provide"resistance" against"DoS"attacks,"injection"of"malicious"routing"information,"replay"of"routing"messages" and" node" capture," among" other" security" threats." New" routing" protocols" may" also" be" designed" to" be" dataNcentric," and" currently" there" seems" to" be" no" such" protocol" available" supporting"security"mechanisms."On"the"other"hand,"proposals"for"ad"hoc"networks"such"as" Ariadne"[21]"are"usually"considered"too"heavy"for"WSN"environments."

Documento similar