Impacto Social

We have collected lot of experience during the work with evolutionary al- gorithms. We see the greatest potential of their use in optimization prob- lems. Thus in optimization of known attacks strategies rather than in gen- eration of novel attacks. We also have encountered an ability of evolution- ary algorithms to exploit the bugs in implementation. At the early phases of our experiments, the strategies were sometimes achieving unusually high fitness values. This was caused by unexpected constructions of strategies. These strategies have exploited incomplete specification of routing protocol and thus incomplete implementation or the fitness functions. The weird be- havior of an attacker has also revealed bugs in code, which led to massive memory leaks. Therefore we suggest using real system instead of simula- tor. Evolution could find out bugs in particular implementation or in the incomplete specification of the routing algorithm.

There is lot of space for future research in this area. We would like to focus on development of tools for better analysis of generated strategies. We have designed the architecture of a graphical module, which would display the routing and attacker actions in time step by step. Implemen- tation of this module is awaiting. Furthermore, we would like to design more complex fitness functions combining several metrics. Redefinition of elementary rules could also bring new results. There is also possibility to implement and test another routing protocols.

We are aware of the evolution power in optimization. Therefore we will try to formulate the task as an optimization problem in the future. It is chal- lenging for us to find out such problems in the area of secure routing.

We are also considering to generate the attack strategies against particu- lar defenses or detection mechanisms rather than routing protocols. Similar approach as for IDS testing [FL06] could be beneficial. Attacker is trying to

modify the appearance of known attack strategy to bypass particular IDS. Completely different idea is to automatically generate defensive strate- gies. We know that it is unlikely to evolve universal defense strategy, how- ever evolution could be useful in case of generating defensive strategy against particular attack. Evolution was already successful in this task [SM07].

Chapter 6

Conclusion

In this thesis, we have examined the security in the wireless sensor net- works with special emphasis on security of routing protocols. We have re- viewed two mechanisms for authenticated broadcast (µTesla, ARMS) and several secure routing protocols (SIGF, SDD, SeRINS, Clean Slate Approach). We also have considered their weaknesses and strong points. The results show, that these protocols are suitable for sensor networks and provide suf- ficient level of security for most of the applications.

In the second half of the thesis, novel concept for automatic design of attack strategies was described. This concept is a result of my joint work with Petr ˇSvenda. Usability of the concept was tested. New attack strategies on routing protocols for wireless sensor networks were generated using evolutionary algorithms. Several basic attacks were found. These attacks demonstrate the possibilities and potential of evolutionary algorithms.

We have also extended the Sensor Security Simulator and implemented two routing algorithms (Minimum cost forwarding, Implicit geographic routing).

We take the results of this thesis as a solid basis for further research in this field. Both, problematic of the secure routing in WSN and problematic of the automatic attack design, require novel research directions.

[AKK04] J. N. Al-Karaki and A. E. Kamal. Routing techniques in wireless sensor networks: a survey.IEEE Wireless Communications, vol. 11, issue 6, pages 6–28, 2004.

[ASSC02] I. F. Akyildiz, W. Su, Y. Sankarasubramaniam, and E. Cayirci. Wireless sensor networks: a survey. Comput. Netw., vol. 38, issue 4, pages 393–422, 2002.

[BHSS03] B. Blum, T. He, S. Son, and J. Stankovic. Igf: A state-free ro- bust communication protocol for wireless sensor networks. In Technical Report, CS-2003-11. Department of Computer Sci- ence, University of Virginia, USA, 2003.

[BNKF98] W. Banzhaf, P. Nordin, R.E. Keller, and F.D. Francone. Genetic Programming – An Introduction. Morgan Kaufmann Publish- ers, San Francisco, CA, 1998.

[DHM02] J. Deng, R. Han, and S. Mishra. Insens: Intrusion-tolerant rout- ing in wireless sensor networks. InTechnical Report CU CS- 939-02. Department of Computer Science, University of Col- orado, 2002.

[EG02] Laurent Eschenauer and Virgil D. Gligor. A key-management scheme for distributed sensor networks. InCCS ’02: Proceed- ings of the 9th ACM conference on Computer and communica- tions security, pages 41–47, New York, NY, USA, 2002. ACM. [FL06] Prahlad Fogla and Wenke Lee. Evading network anomaly de-

tection systems: formal reasoning and practical techniques. In CCS ’06: Proceedings of the 13th ACM conference on Com- puter and communications security, pages 59–68, New York, NY, USA, 2006. ACM.

[HPJ03] Y. C. Hu, A. Perrig, and D. B. Johnson. Packet leashes: a defense against wormhole attacks in wireless networks. In

6. CONCLUSION INFOCOM 2003. Twenty-Second Annual Joint Conference of the IEEE Computer and Communications Societies. IEEE, vol- ume 3, pages 1976–1986, 2003.

[HSW+00] Jason Hill, Robert Szewczyk, Alec Woo, Seth Hollar, David E. Culler, and Kristofer S. J. Pister. System architecture directions for networked sensors. InArchitectural Support for Program- ming Languages and Operating Systems, pages 93–104, 2000. [IEE99] Wireless LAN Medium Access Control (MAC) and Physical

Layer (PHY) Specifications. IEEE Standard 802.11, June 1999. [IGE00] Chalermek Intanagonwiwat, Ramesh Govindan, and Deborah

Estrin. Directed diffusion: a scalable and robust communication paradigm for sensor networks. InMobiCom ’00: Proceedings of the 6th annual international conference on Mobile computing and networking, pages 56–67, New York, NY, USA, 2000. ACM Press.

[KLP03] Chris Karlof, Yaping Li, and Joseph Polastre. Arrive: Algorithm for robust routing in volatile environments. Technical Report UCB//CSD-03-1233, Berkeley, CA, March 2003.

[Koz92] John R. Koza. Genetic Programming: On the Programming of Computers by Means of Natural Selection (Complex Adaptive Systems). The MIT Press, December 1992.

[KSW04] Chris Karlof, Naveen Sastry, and David Wagner. Tinysec: a link layer security architecture for wireless sensor networks. InSen- Sys ’04: Proceedings of the 2nd international conference on Em- bedded networked sensor systems, pages 162–175, New York, NY, USA, 2004. ACM Press.

[KW03] Chris Karlof and David Wagner. Secure routing in wireless sen- sor networks: Attacks and countermeasures. Elsevier’s AdHoc Networks Journal, Special Issue on Sensor Network Applica- tions and Protocols, vol. 1, issue 2-3, pages 293–315, September 2003.

[Lam81] Leslie Lamport. Password authentication with insecure com- munication. Communications of the ACM, vol. 24, issue 11, pages 770–772, 1981.

[LC06a] Suk-Bok Lee and Yoon-Hwa Choi. A secure alternate path rout- ing in sensor networks. Computer Communications, vol. 30, issue 1, pages 153–165, December 2006.

[LC06b] Suk-Bok Lee and Yoon-Hwa Choi. Secure Mobile Ad-hoc Net- works and Sensors, volume Volume 4074/2006 ofLecture Notes in Computer Science, chapter ARMS: An Authenticated Rout- ing Message in Sensor Networks, pages 158–173. Springer Berlin / Heidelberg, 2006.

[Mer80] Ralph C. Merkle. Protocols for public key cryptosystems. sp, vol. 00, page 122, 1980.

[MGL+_{06] Frederic Massicotte, Francois Gagnon, Yvan Labiche, Lionel} Briand, and Mathieu Couture. Automatic evaluation of intru- sion detection systems. InACSAC ’06: Proceedings of the 22nd Annual Computer Security Applications Conference on An- nual Computer Security Applications Conference, pages 361– 370, Washington, DC, USA, 2006. IEEE Computer Society. [NC07] Nidal Nasser and Yunfeng Chen. Secure multipath routing pro-

tocol for wireless sensor networks. InICDCSW ’07: Proceedings of the 27th International Conference on Distributed Computing Systems Workshops, page 12, Washington, DC, USA, 2007. IEEE Computer Society.

[NS78] Roger M. Needham and Michael D. Schroeder. Using encryp- tion for authentication in large networks of computers. Com- munications of the ACM, vol. 21, issue 12, pages 993–999, 1978. [NS08] The Network Simulator NS-2. http://www.isi.edu/

nsnam/ns/, (May 2008).

[NSSP04] James Newsome, Elaine Shi, Dawn Song, and Adrian Per- rig. The sybil attack in sensor networks: analysis & defenses. InIPSN’04: Proceedings of the third international symposium on Information processing in sensor networks, pages 259–268, New York, NY, USA, 2004. ACM Press.

[PCST01] Adrian Perrig, Ran Canetti, Dawn Song, and Doug Tygar. Effi- cient and secure source authentication for multicast. 2001.

6. CONCLUSION [PLGP06] Bryan Parno, Mark Luk, Evan Gaustad, and Adrian Perrig. Secure sensor network routing: a clean-slate approach. In CoNEXT, page 11, 2006.

[PPG05] Bryan Parno, Adrian Perrig, and Virgil Gligor. Distributed de- tection of node replication attacks in sensor networks. InSP ’05: Proceedings of the 2005 IEEE Symposium on Security and Pri- vacy, pages 49–63, Washington, DC, USA, 2005. IEEE Computer Society.

[PST+02] Adrian Perrig, Robert Szewczyk, J. D. Tygar, Victor Wen, and David E. Culler. Spins: security protocols for sensor networks. Wirel. Netw., vol. 8, issue 5, pages 521–534, 2002.

[SHJ+02] Oleg Sheyner, Joshua Haines, Somesh Jha, Richard Lippmann, and Jeannette M. Wing. Automated generation and analysis of attack graphs. InSP ’02: Proceedings of the 2002 IEEE Sympo- sium on Security and Privacy, page 273, Washington, DC, USA, 2002. IEEE Computer Society.

[SM07] Petr Svenda and Vaclav Matyas. Key distribution and secrecy amplification in wireless sensor networks. InTechnical Report, FIMU-RS-2007-05, Brno, ˇCR, 2007. Masaryk University.

[TM006] Tmote Sky: Datasheet. http://www.sentilla.com/pdf/ eol/tmote-sky-datasheet.pdf, 2006.

[WFSH06] Anthony D. Wood, Lei Fang, John A. Stankovic, and Tian He. Sigf: a family of configurable, secure routing protocols for wire- less sensor networks. InSASN ’06: Proceedings of the fourth ACM workshop on Security of ad hoc and sensor networks, pages 35–48, New York, NY, USA, 2006. ACM Press.

[WS02] Anthony D. Wood and John A. Stankovic. Denial of service in sensor networks.IEEE Computer, vol. 35, issue 10, pages 54–62, 2002.

[WYC04] Xiaoyun Wang, Lizhen Yang, and Kefei Chen. Sdd: Secure di- rected diffusion protocol for sensor networks. InSecurity in Ad- hoc and Sensor Networks, volume 3313/2005 ofLecture Notes in Computer Science, pages 205–214, First European Work- shop, ESAS 2004, Heidelberg, Germany, August 2004. Springer Berlin/Heidelberg.

[YCLZ01] F. Ye, A. Chen, S. Liu, and L. Zhang. A scalable solution to mini- mum cost forwarding in large sensor networks. InProceedings of Tenth International Conference on Computer Communica- tions and Networks, pages 304 – 309, 2001.

[YM06] Jian Yin and Sanjay Madria. Secrout: A secure routing protocol for sensor networks. InAINA ’06: Proceedings of the 20th In- ternational Conference on Advanced Information Networking and Applications - Volume 1 (AINA’06), pages 393–398, Wash- ington, DC, USA, 2006. IEEE Computer Society.

[ZSJ03] Sencun Zhu, Sanjeev Setia, and Sushil Jajodia. Leap: efficient se- curity mechanisms for large-scale distributed sensor networks. InCCS ’03: Proceedings of the 10th ACM conference on Com- puter and communications security, pages 62–72, New York, NY, USA, 2003. ACM.

Appendix A

Example of generated attack strategy

Here is the example of generated attack strategy after pruning. It does not use the conditional memory slots, hence the instructions do not contain all parameters that are showed in section 5.3.2. All presented instructions are necessary for achieving maximum fitness value. This strategy contains rushing attack (substrategy triggered by TRIG ORTS). It also disturb send- ing of selected messages by causing collisions on the medium (two mes- sages are send in the single substrategy – e.g. two subsequent SEND ORTS instructions in the last substrategy).

This example illustrates the hardness of the strategy analysis. We were not able to completely interpret this strategy.

TRIG CTS SEND ORTS GENERATE M 1 2 1 LOAD M 1 STORE M 1 SEND M 1 GENERATE M 0 0 1 *** TRIG CTS ME STORE M 0 LOAD M 0 SEND CTS 0 DROP M 1 SEND M 0 ***

TRIG COLLISION SEND ORTS LOAD M 1 SEND ACK 0 DROP M 1 GENERATE M 0 1 0 GET N 0 2 1 *** TRIG ORTS STORE M 1 LOAD M 1 GET N 1 0 1 SEND CTS 1 *** TRIG ACK GET N 0 1 0 SEND ORTS SEND ORTS GENERATE M 1 2 0