ETH Zurich : Computer Science : Pervasive Computing : Distributed Systems : Education : Student Projects : Abstract

Intrusion Detection and Failure Recovery in Sensor Networks (M)

Status: Abgeschlossen

A distributed sensor network consists of many (mostly wirelessly) communicating sensor nodes. Essentially, these are microcontrollers including a communication unit and a power supply as well as several attached sensors to examine the environment. Sensor nodes typically have very limited computing and storage capacities and can only communicate with their direct eighborhood.

More and more, sensor networks are also used in hostile environments, where their communication might be overheard and nodes can be removed or manipulated. Cryptographic methods as encrypting or signing messages are an effective protection against attacks from outside the network, so called outsider attacks, are, however, of only limited help against insider attacks, in which the attacker is a member of the sensor network. Intrusion detection systems (IDS) and node recovery mechanisms make it possible to detect corrupt nodes and to take appropriate countermeasures. The aim is to limit or even completely eliminate the damage caused by attackers or (byzantine) hard and software faults and to extend the lifetime of the network.

In this thesis an intrusion detection and node recovery system for sensor nodes was developed and implemented for the BTnodes in form of several ibraries. In addition, an implementation of the well-known B-MAC protocol for the communication among the nodes had to be created, which by now has already been included into the official BTnode software. All created algorithms and methods were examined both analytically as well as by means of extensive simulations and test, and where not obvious, their correctness was prooven. A distributed demo application, which is based on the game Senso, is used to demonstrate the discussed intrusion detection and node recovery system.

Due to the limited resources of sensor nodes, conventional intrusion detection systems and mechanisms can only be conditionally applied to them. As result of an extensive investigation concerning the requirements of an IDS for sensor networks, the IDS suggested in this thesis uses a modular, components oriented, and on event processing based approach. IDS capable applications do notonly consist of the actual application code, but also contain the associated routines for monitoring them. The IDS itself offers only the basic framework for the administration and coordination of the detected events and abberant behaviors, and is responsible for the execution and supervision of the recovery measures as well as for the communication with the neighboring IDS.

Possible recovery measures are: to restart a node, to switch it off, or to update its program code. The last one is a complex and cooperative procedure which is executed by the neighbors of the malicious node by copying their own program memory. If a node does not respond to any of the measures, it is still possible to exclude it from the cluster or sensor network, respectively, by means of a majority decision. To all mentioned recovery measures applies that they are only applicable, if at least the therefore needed systems of the corrupt node still work correctly and autonomously. It is shown, how the relevant parts of the hard- and software are to be logically and physically

protected and what else has to be considered.