Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

Share this Page URL
Help

10 Defending Against Physical Attacks in... > 10.6 Open Issues - Pg. 274

274 CHAPTER 10 Defending Against Physical Attacks in Wireless Sensor Networks outside the attack notification range dangerous, thus decreasing the AC . However, the AC in this case is still much better than that when U th is too small because the AC improvement in this case comes from the state switching corresponding to both types of notification messages. The bene- fit of one attack notification message usually is more than that of one sacrificial node notifica- tion message because more sensors are notified, and those sensors are more likely to be detected if they do not schedule a state switching. Although it is hard, if not impossible, to derive the opti- mal utility threshold, the good news is that the AC keeps in a relatively high value for a wide range of U th . In this range, the benefit of large U th , which is fewer number of sacrificial nodes potentially being detected, is lessened by the loss in terms of number of sensors protected outside of the attack notification area. In practice, we can first choose a U th close to half U max and adjust the value when time goes on, during which we may be able to gain some knowledge about the attacker param- eters. The way to incrementally gain and propa- gate attacker parameters and the internal relation between attack parameters and optimal U th are part of our future work. Similarly, we observe that AC increases with T at first and decreases after some threshold. The reason is that when T is small, many sen- sors switch back to sensing/sending state before an attacker leaves. Thus, increasing T in this case helps to improve AC significantly. However, a too large T is not only unnecessary because the attacker has left long before the timers expire but also affects the network performance in terms of coverage and packet throughput/- delay. Discussion. The parameters we have chosen cover most of the practical network scenario, attacker technology, and defense mechanism. It is clearly shown that the performance improve- ment by our defense protocol is between 50% and 150% under most normal situations, which demonstrates the validity and effectiveness of our defense protocol in protecting sensor networks' performance even under search-based physical attacks, further highlighting the significance of our study in this chapter. 10.6. OPEN ISSUES In this section, we present a list of opening issues in defending against physical attacks in WSNs. 10.6.1. Systematically Understanding Physical Attacks Physical attacks are a new type of attack salient to sensor networks. In defending against physical attacks, it is very important to first systemati- cally understand physical attacks from the per- spectives of attacker rationale, attack execution, and overall impacts of physical attacks on sensor networks. A thorough understanding of physical attacks will make corresponding defenses easier to design and more robust. Understanding Attacker Basics. In Ref. [63], we identified three critical features of physical attacks: attacker's searching capacity, attacker's motion, and attacker's destruction method. The attacker's searching capacity includes the tar- get of search, searching method, and ability of search. The attacker's motion includes how the attacker moves in the network when it searches and destroys sensors. The destruction method includes the methods the attacker uses to destroy sensors and the end effects of the destruction. Understanding Variations of Physical At- tacks. It is possible that multiple attackers con- duct physical attacks. Also, in some situations, it may happen that the attacker wants a blind (brute force) destruction of sensors. The result of the targeting phase here is just a rough idea of the network boundaries. Destruction can pro- ceed using bombs/ grenades, driving a tank in the network, etc., where the sensors are physi- cally destroyed. In some cases, physical attacks can be combined with other attacks. For instance, some malicious sensors may eavesdrop on the communication between sensors to identify crit- ical sensors (e.g., cluster heads or data aggrega- tors). Another instance is: if the attacker cannot physically destroy a sensor (e.g., it is encapsu- lated under a rock), the attacker can possess an equipment to jam the sensor frequencies making it nonfunctional. Analyzing the Impacts of Physical Attacks. The next issue is how to thoroughly analyze the