security in industrial wireless networks

5 downloads 994 Views 1MB Size Report
Abstract. The security in industrial networks is most important because of critical information and data are transmitted over industrial networks. Industrial.
ISSN:2229-6093

J S Prasath, Int.J.Computer Technology & Applications,Vol 5 (3),1302-1308

SECURITY IN INDUSTRIAL WIRELESS NETWORKS J.S.Prasath Asst. Professor, Hindustan University, Chennai. [email protected]

Abstract The security in industrial networks is most important because of critical information and data are transmitted over industrial networks. Industrial communication networks are increasingly based on open protocols and platforms that are also used in the IT industry and Internet environment. Most of the industries use wireless networks for communicating information and data due to high cable cost. As the wireless networks are insecure, it is essential to secure the critical information and data during transmission. This paper analysis the various security issues and security attacks related to industrial control system. Key words – Wireless Sensor Networks, Security, Industrial Control system I. INTRODUCTION Industrial Control Systems are used in almost all infrastructures that handle physical processes, from petrochemical, power generation and distribution, to gas and water supplies, to production, food processing, telecommunications, traffic guidance systems and modern building management. Programmable Logic Controllers (PLC) and Distributed Control Systems (DCS) are widely used in all industries.PLC and DCS incorporate wireless networks for data transmission. In such systems, sensors, controllers and actuators exchange information over a wireless communication network. The industrial control systems communicates information and data between sensors, actuators and controllers that are to a large extent based on commercial IJCTA | May-June 2014 Available [email protected]

operating systems, protocol implementations and communication applications which are known to have vulnerabilities. By connecting to the Internet, or other public networks, these vulnerabilities are exposed to potential attackers. Although, wireless networks are insecure and there is a possibility of internal and external attacks. A number of secure and efficient routing protocols, secure data aggregation protocols have been proposed by several researchers in industrial wireless network security. II. WIRELESS SENSOR NETWORKS (WSN) A sensor is a device that produces a measurable response to variations in physical parameters. The sensor returns a value of a physical parameter and converts the value into electrical signal for processing, recording, visualization or automation. This information can be used to monitor the performance of industrial processes. Wireless Sensor Networks (WSNs) comprise of a large number of spatially distributed autonomous devices that may collect data using a wireless medium. They may be used to cooperatively control and monitor physical or environmental conditions, such as pressure, sound, temperature, vibration, motion at different locations. Wireless sensor networks exhibit several unique properties such as mobility of nodes, node failures, communication failures, large scale of deployment and dynamic network topologies. Each sensor node has constraints on resources such as energy, memory, computation speed and 1302

ISSN:2229-6093

J S Prasath, Int.J.Computer Technology & Applications,Vol 5 (3),1302-1308

bandwidth as a result of their constraints on size, battery life and cost. Wireless sensor networks have many applications in both military and civilian fields such as battle field surveillance, habitat monitoring, healthcare, and traffic control and so on. Many wireless sensor networks applications require secure communications. Due to absence of physical protection, the security in wireless sensor networks is extremely important. Each sensor node has resource constraints such as energy, computation power, amount of processing and memory. Sensor nodes are deployed in hostile environment and they are in direct contact with environment. The wireless medium is used for data communication between sensor nodes. Resources Limitation A certain amount of resources is required by various security approaches for the implementation, including processing power, memory storage and energy. In case of wireless sensor networks, sensor nodes have a limited amount of memory, storage, processing power and energy to run them. Unreliable Transfer The packet-based routing protocols are used in a wireless sensor network and these routing protocols are connectionless and unreliable. Because of channel errors, packet may be dropped or may get damaged in the path because of highly congested nodes. The results are lost due to dropped packets or damaged packets. The unreliable wireless communication channel results in damaged packets. So resources are used to avoid channel error and in wireless communication, channel error rate is very high. If proper error handling is not included in the protocol, security packets such as secret key may be lost.

IJCTA | May-June 2014 Available [email protected]

Latency Latency can be increased due to node processing, data transmission rate, network congestion and multi-hop routing, which will make it difficult in achieving synchronization among sensor nodes. The synchronization issues can make it hard for maintaining sensor security as security mechanism depends on event reports and cryptographic key distribution. Power Limitation The wireless sensor nodes have only limited processing power. It is difficult to replace sensors which have high operating cost. It is also difficult to recharge those sensors. In order to increase life of individual sensor nodes and the whole sensor network the amount of battery charge carried by those nodes must be conserved. While applying any cryptographic protocol within sensor node, energy impact due to those security enhancements on the sensor node must be considered. Extra power is needed for processing security functions like encryption, decryption, verifying signatures, signing data or transmitting data related to security. III. SECURITY ISSUES IN WIRELESS SENSOR NETWORKS The major challenge in industrial wireless networks is security. Security is the top most priority in any industrial control system. Many industrial networks uses internet to transmit the information and data. Industrial networks are insecure and there is a possibility of internal or external security attacks. The various security issues in wireless sensor networks are given below.

Authentication Authentication is related with identification of system user and mapping of

1303

ISSN:2229-6093

J S Prasath, Int.J.Computer Technology & Applications,Vol 5 (3),1302-1308

this identity to a system-internal principal by which this user is known to the system. Authentication is classified as device level authentication and group level authentication. Device level authentication means that the message is proven to originate from certain device. Group level authentication means that the message is proven to originate from a certain group of devices. Unicast means that the message is sent to one node. There is also multicast and broadcast authentication where the message is sent to many or all nodes respectively and is still authenticated. Multicast and broadcast authentication is even harder to provide without public key cryptography. In sensor networks it is usually assumed that public key cryptography can not be used because of the constraints. In that case authentication must be provided using symmetric cryptography. This means that the two communicating entities must agree on the symmetric key in a secure and trusted way. When using symmetric cryptography to provide authentication, a pair-wise key is used to create message authentication code, which is a cryptographic checksum that is appended to the message. The receiver generates a message authentication code from the message and compares it to the message authentication code included in the message. If they are the same and the receiver trusts that the key is shared with the correct sender, the message has been authenticated. In any decision making process, the receiving nodes need to ensure that the data originates from the reliable source. Similarly, authentication is necessary during an exchange of control information in the network. Data authenticity is an assurance of the identities of communicating nodes.

IJCTA | May-June 2014 Available [email protected]

Availability Availability means the required information and data should reach destination node without any interruption. It may happen that an attacker may jam communication to make sensors unavailable. The requirement of security not only affects the operation of the network, but is also highly important in maintaining the availability of the network. Availability refers to ensuring that unauthorized persons or systems cannot deny access or use to authorized users. For automation systems, this refers to all the IT elements of the plant, like control systems, safety systems, engineering workstations, operator workstations, manufacturing systems, as well as the communication systems and to the outside world. Violation of availability is also known as denial-ofservice (DOS). Data confidentiality The secret information, critical process data and key distribution need to rely on confidentiality. The confidentiality is achieved by the use of encryption. The major problem is that radio spectrum is an open resource and can be used by anyone equipped with proper radio transceivers. An attacker can eavesdrop on the packets transmitted in the air as long as he is able to keep track of the radio channels used in the communication. The attacker can also discover the secrets in a node without capturing it, which can be done by analyzing the secret data collected from other compromised nodes. Under the attacker's control, the new compromised node can be used to launch more malicious attacks. The objective of confidentiality is to prevent disclosure of information to unauthorized users or systems. For automation systems, this is relevant both with respect to domain specific information, such as plant performance and planning data

1304

ISSN:2229-6093

J S Prasath, Int.J.Computer Technology & Applications,Vol 5 (3),1302-1308

and to the secrets specific to the security mechanisms themselves, such as passwords and encryption keys. Data Integrity Attackers try to modify the data during transmission between sensor nodes. There are possibilities that adversary can change the data so that it can put the network in disarray. A malicious node may manipulate data or add some wrong fragments to the data within the packets. This new packet can then be sent to the original receiver. In some cases, data loss or damage can occur without the presence of a malicious node. Severe communication can also lead to data loss or damage. Data integrity ensures that any received data has not been altered during transmission. Violation of integrity may cause safety issues, that is, equipment or people may be harmed. Data Freshness The receiver doesn’t know that received messages are fresh ones. Data freshness ensures that received messages are not replayed and should be fresh and created recently. The shared keys are needed to change over time. However, to propagate these shared keys over the network will take time. The adversary can easily perform replay attack. If a sensor is unaware of the new key change time, then it makes an adversary to disrupt the normal work of sensors easily. To ensure data freshness a time stamp can be added to the packet. Data freshness refers that the data is recent, and it ensures that no old messages have been replayed. This requirement is especially important when the wireless sensor nodes use shared keys for message communication, where a potential adversary can launch a replay attack using the old key as the new key is being refreshed and propagated to all the nodes in the wireless

IJCTA | May-June 2014 Available [email protected]

sensor network. The out-dated information contained in the packet can cause many problems to the applications deployed in the network. Authorization The objective of authorization is to prevent access to the system by persons or systems without permission. It is a critical security task in Wireless Sensor Networks. WSN must be able to authorize and grant users the right to access to the network. Authorization refers to the mechanism that distinguishes between legitimate and illegitimate users for all other security objectives, e.g., confidentiality, integrity, etc. It refers to restricting the rights to issue commands to the plant control system. Violation of authorization may cause safety issues. Auditability Auditability refers to reconstruct the complete history of the control system behavior from historical records of all actions executed on it. It is relevant to discover and find reasons for malfunctions in the system and to establish the scope of the malfunction or the consequences of a security incident. Time Synchronization Time synchronization is essential while transmitting data from one node to another node. The speed of the source node should be matched with the destination node. To save power, a sensors radio may be turned off for periods of time. Sensors may wish to compute the end-to-end delay of a packet as it travels between two pair wise sensors. A sensor network may require group synchronization for tracking applications. Secure Localization A sensor network designed to locate faults will need accurate location information in order to find the particular

1305

ISSN:2229-6093

J S Prasath, Int.J.Computer Technology & Applications,Vol 5 (3),1302-1308

point of a fault. The attacker can easily change non-secured point of fault information by reporting wrong signal strengths and replaying network signals. IV. SECURITY ATTACKS WIRELESS SENSOR NETWORKS

IN

External versus internal attacks The external attacks come from nodes which do not belong to a WSN. An external attacker or outsider has no access to most cryptographic materials in sensor network. External attacks may cause passive eavesdropping on data transmissions as well as can extend to inject bogus data into the network to consume network resources and raise denial of service attack. Internal attacker or insider is an authorized participant in the sensor network who seeks to disrupt operations or exploit organizational assets. Passive versus active attacks Passive attacks include eavesdropping or monitoring packets exchanged within a WSN whereas active attacks involve some modifications of the data stream or the creation of a false stream. Host-based attacks It is further divided into three types: software compromise, hardware compromise and user compromise. Software compromise involves breaking the software running on the sensor nodes. Hardware compromise involves tampering with the hardware to extract the program code, data and keys stored within a sensor node. User compromise involves compromising the users of a WSN, e.g., by cheating the users into revealing information such as passwords or keys about the sensor nodes. Network-based attacks It has two perspectives: layerspecific compromises and protocol-specific

IJCTA | May-June 2014 Available [email protected]

compromises. This includes all the attacks on information in transit. Apart from that it also includes deviating from protocols. Attacker gains an unfair advantage for itself in the usage of the network. Layering based Attacks Physical Layer Attacks Jamming This type of attack interferes with the radio frequencies a WSN uses. A typical jamming attack can disrupt the entire WSN with a few randomly distributed jamming nodes. This type of attack is simple to implement and is very effective against single frequency networks. There are two types of jamming, constant jamming and sporadic jamming. Both these attacks can cause major disruptions to networks, particularly if the communication is sensitive or time critical. A sensor node can easily distinguish jamming from other natural causes of communication disruption by determining that constant energy, not lack of response, impedes communication. Tampering Sensor networks typically operate in outdoor environments. Due to unattended and distributed nature, the nodes in a WSN are highly susceptible to physical attacks. The physical attacks may cause irreversible damage to the nodes. The adversary can extract cryptographic keys from the captured node, tamper with its circuitry, modify the program codes or even replace it with a malicious sensor. Data Link Layer Attacks Collision An attacker can induce a collision in the WSN to create a costly exponential back-off in some MAC protocols. The energy spent by an attacker is minute compared to the amount of energy that will be expanded by the WSN. The use of errorcorrecting codes can minimize collision

1306

ISSN:2229-6093

J S Prasath, Int.J.Computer Technology & Applications,Vol 5 (3),1302-1308

errors, but they are very simple so as to reduce processing costs. Unfairness Intermittent application of these attacks or abusing a cooperative MAC-layer priority scheme can cause unfairness, a weaker form of denial of service. This threat may not entirely prevent legitimate access to the channel, but it could degrade service. Network Layer Attacks Wormhole Attack A wormhole is a low latency link between two portions of the network over which an attacker replays network messages. This link may either be a single node forwarding messages between two adjacent but otherwise non-neighboring nodes or a pair of nodes in different parts of the network with the ability to communicate between each other. A wormhole attack is one in which a malicious node eavesdrops on a packet or series of packets, tunnels them through the sensor network to another malicious node, and then replays the packets. This can be done to misrepresent the distance between the two colluding nodes. It can also be used to more generally disrupt the routing protocol by misleading the neighbor discovery process. Acknowledgment Spoofing Routing algorithms used in sensor networks sometimes require acknowledgments to be used. An attacking node can spoof the acknowledgments of overheard packets destined for neighboring nodes in order to provide false information to those neighboring nodes.

desynchronization. In this attack, the adversary repeatedly forges messages to one or both end points. These messages carry sequence numbers or control flags that cause the end points to request retransmission of missed frames. HELLO Flood Attack An attacker sends or replays a routing protocol’s HELLO packets from one node to another with more energy. This attack uses HELLO packets as a weapon to convince the sensors in WSN. In this type of attack an attacker with a high radio transmission range and processing power sends HELLO packets to a number of sensor nodes that are isolated in a large area within a WSN. As a result, while sending the information to the base station, the victim nodes try to go through the attacker as they know that it is their neighbor and are ultimately spoofed by the attacker. V. CONCLUSION The various security issues and security attacks are analyzed in this paper. Industrial networks use internet and wireless medium for data communication between sensor, actuator and controller. As the wireless networks are insecure, there is no guarantee for data security and it may cause equipment damage. The operators working in the plant also have no safety because any time security attack is possible. It is essential that every industry should follow security standard and security mechanisms in order to protect the industrial equipment and should assure safety to the operators.

Transport Layer Attacks Desynchronization An existing connection between two end points can be disrupted by

IJCTA | May-June 2014 Available [email protected]

1307

ISSN:2229-6093

J S Prasath, Int.J.Computer Technology & Applications,Vol 5 (3),1302-1308

REFERENCES 1. Madhumita Panda, Security in Wireless Sensor Networks using Cryptographic Techniques, American Journal of Engineering Research (AJER) e-ISSN: 2320-0847 pISSN: 2320-0936 Vol. 3, Issue-01, pp-50-56, 2014.

7. Pedram Radmand, Alex Talevski, Stig Petersen and Simon Carlsen, Taxonomy of Wireless Sensor Network Cyber Security Attacks in the Oil and Gas Industries, 24th IEEE International Conference on Advanced Information Networking and Applications, pp. 949-957, 2010.

2. Idrees S. Kocher, Chee-Onn Chow, Hiroshi Ishii, and Tanveer A. Zia, Threat Models and Security Issues in Wireless Sensor Networks, International Journal of Computer Theory and Engineering, Vol. 5, No. 5, October 2013. 3. Mahfuzulhoq Chowdhury, Md Fazlul Kader and Asaduzzaman, Security Issues in Wireless Sensor Networks: A Survey, International Journal of Future Generation Communication and Networking Vol. 6, No.5, pp.97-116, 2013. 4. Youssou Faye, Ibrahima Niang, and Thomas Noel. A survey of access control schemes in wireless sensor networks. Proc. World Acad. Sci. Eng. Tech, 59:814–823, 2011. 5. Dr. Manoj Kumar Jain, Wireless Sensor Networks: Security Issues and Challenges, IJCIT, ISSN 2078-5828 (print), ISSN 2218-5224 (online), Vol. 2, Issue 01, 2011. 6. Vishal Rathod, Mrudang Mehta, Security in Wireless Sensor Network: A survey, Ganpat University Journal of Engineering & Technology, Vol. 1, Issue-1, Jan-Jun-2011.

IJCTA | May-June 2014 Available [email protected]

1308