Role of Energy Security Tradeoffs and Cooperation for Wireless Ad-Hoc Networks

Security and energy are the most important metrics in wireless ad hoc networks, which have been traditionally individually addressed in the research security attacks on these networks, can range from being cyber based to the physical attacks. Moreover, the security monitoring and attack response can also be managed at various layers of the protocol. While security is an important key performance metric and data manipulations which may put a high toll on the energy resource, which may put a high toll on the energy in mind. As being a part of a bigger network, nodes can cooperate for better overall performance efficiency. In a relatively densely deployed network, multiple nodes will detect the same security event. It becomes apparent that not all nodes should be required to monitor and report, but reporting events from multiple nodes can be aggregated by a sink node to obtain a more accurate and On Energy-Security Tradeoffs and Cooperation for Wireless Ad Hoc Networks 55robust detection and localization of the intruder. The main goal for our security monitoring task is to accurately, timely and robustly detect and localize an intruder in the network, while optimizing the energy efficiency of the system. Energy and security issues have been traditionally investigated as independent subjects in the wireless networks literature. There is a significantly rich literature on developing effective intrusion detection algorithms and hard to attack encryption/decryption protocols. Similarly, energy efficiency for limited battery devices has been extensively studied especially in the context of wireless sensor networks. There is very little work however, in understanding the cross-coupling between these two key metrics (Futaci, et. al., 2008), (Li, et. al., 2006), (Otrok, et. al., 2008), (Hodjat and Andverbauwhede, 2002. Potlapally, et. al., 2003. Chandramouli, et. al., 2006) for wireless networks. In recent years, there has been an increased interest on developing more energy efficient security methods (Chich-Chun, et. al., 2007. Bidi, et. al., 2006. Lai, et. al., 2004. Trakadas, et. al., 2008. Lei and Spy Mon, 2008. Jain and Vokkrane, 2008. Chandramouli, et. al., 2006), as well as on exploiting cooperation for more efficient monitoring in networks (Inverardi, et. al., 2006. Techateerawat and Jennings, 2006. Huang and Lee, 2003. Kachirski and Guha, 2002). More recently, an increased interest has risen on quantifying the energy/power tradeoffs for various encryption algorithms (Hodjat and Andverbauwhede, 2002. Potlapally, et. al., 2003. Chandramouli, et. al., 2006), but to the best of our knowledge no work has addressed this issue in the context of cooperation across nodes in a network, except for our preliminary work in (Futaci, et. al., 2008). In this paper we analyze the problem of cooperative intrusion detection for wireless ad hoc networks, and we propose a game theoretic framework to determine equilibrium monitoring strategies for individual nodes, and to analyze the achievable energy-security tradeoffs in the network. We address two different security breaches scenarios which require intrusion detection monitoring at the physical layer and at network layer, respectively.

We consider a wireless ad hoc network in which IDSs (intrusion detection systems) are deployed at individual nodes to detect malicious behavior in the network. One of the scenarios considers the task of illicit wireless transmission detection in an ad hoc network in which nodes may behave selfishly. The other scenario considers denial of service attacks (DoS) which require monitoring at the network level. For the first scenario, monitoring implies continuous spectrum sensing to determine the presence of illicit

A game theoretic formulation can be proposed to analyses the energy-security tradeoffs for the intrusion detection monitoring problem. These tradeoffs can be captured by appropriately defining a utility function that incorporates the cost of monitoring and the security gains. A simple finite strategic form game can illustrate the tradeoffs involved and can be used to design a distributed Monitoring algorithm for the network that achieves a prescribed security energy tradeoff. The intrusion detection game can be set-up as an adversarial game, in which the players are the nodes in the network defending the network security against a potential malicious node in the system. The players‘ actions can be defined as {monitor, not monitor} for the defending nodes, and {attack, not Attack}, for the malicious node. For illustration purposes we assume that users know that an attacker is present in the system, and thus the game becomes a complete information game, which can be modeled as a finite strategic game. We note that more complex scenarios with incomplete information can be analyzed as presented in our previous work in (Futaci, et. al., 2008), but for illustrating the energy-security tradeoffs involved in the intrusion detection monitoring problem, and for analyzing the effect of nodes‘ cooperation, the simplest case will suffice. We assume that users decide to monitor or not, based on their desired security level expressed as a security gain (s > 0), their current cost of monitoring (m > 0), and their defined utility function for each option. Assuming then Energy-Security Tradeoffs and Cooperation for Wireless Ad Hoc Networks 57 Table 1 An example security monitoring game model.

Malicious node is present in the system and has only one strategy: attack, two defending players i, j, can play against each other as illustrated in Table 1. If one of the players monitors, both players gain in security, while if none of then monitors they get zero utility by losing the security value. For the above game, under the assumption that s >m, we have two Nash equilibrium (monitor, not monitor) and (not monitor/monitor) characterized by the utilities (s, s − m) and (s − m,s).We can see that we do not know which equilibrium will be played in practice. There is also a mixed strategy equilibrium, determined based on the indifference principle (Fudenberg and Levine, 1998), such that the players are indifferent between we impose that players play a mixed strategy equilibrium, i.e., each player will monitor with a probability p. Expanding the game to M potential defender players that see similar events, the equilibrium for the game can be derived as follows. Let p be the probability of contributing to the monitoring for an arbitrary defending node. The probability of no contribution by a node is (1 − p). The expected payoff that player (node) i will receive by monitoring is ui(monitor) = si − mi + ri . (1) The expected payoff that player I will receive if it does not monitor can be Determined as: ui (not monitor) = si(1 − (1 − p)M−1), (2) which is computed by observing that a si security value is gained if at least one node is contributing, and a zero utility is achieved if nobody monitors. Using the indifference principle (Fudenberg and Levine, 1998), we can find the equilibrium strategy, i.e., the equilibrium probability that a node will monitor will be given as:

To achieve fairness across nodes, the rewards can be chosen such that all users monitor with the same probability, and thus use the same amount of resources for monitoring purposes. The probability of monitoring influences the overall detection probability, which can be computed as the probability that at least one node is contributing to the monitoring activities in the cluster. PD = (1 − (1 − p) M). (4) As a final observation, we note that a mathematical value for the security gain is usually hard to determine in practice, and as such, a practical approach would be to express the equilibrium probability as a function of the monitoring versus security cost ratio (which characterizes the relative importance the application has on energy or security), as well as a function of reward versus security gain ratio, which can be treated as a parameter and adjusted accordingly for a desired performance.

The two intrusion detection scenarios described in the previous section can be treated similarly, except that for the first one, the monitoring is done by

analyzed using a computationally intensive algorithm. With this respect, the two monitoring game formulations differ solely by the computation of the monitoring cost. In our paper (Shi and Comaniciu, 2010), we have shown that the monitoring cost for the physical layer spectrum sensing monitoring can be readily determined based on the specifications of the receiver.For the latter scenario, our goal is to determine a generic formula for the energy consumption associated with a computational algorithm running on embedded systems (e.g., intrusion detection monitoring algorithms — IDS) based on the complexity and type of instructions involved in the algorithm‘s implementation. In our previous work in (Futaci, et. al., 2008), we have proposed a first order approximation model for energy consumption estimation for a C based implementation code on a typical wireless ad hoc network microcontroller (Freescale Semiconductor‘s MC9S08GT60). Our model is based on the observation in (Sinha and Chandrakasan, 2001) that, to a first order approximation, the current consumption of a piece of cod On Energy-Security Tradeoffs and Cooperation for Wireless Ad Hoc Networks 59 is independent of the code, and depends only on the operating voltage and frequency of the processor. The first order software energy estimation model is then simply Etot = VddI0(Vdd,f)_t, (5) where, Etot is the total energy consumed in executing the program, Vdd is the supply voltage, _t is the program execution time, and I0(Vdd,f ) is the supply current at the given Vdd level and the given operating frequency f . We have verified that this equation holds for a general class of microcontrollers used in wireless ad-hoc sensor networks, by extensive experimentation using Freescale Semiconductor‘s MC9S08GT60 Microcontroller. These results naturally lead to the energy consumption metric being determined mainly as a function of the execution time _t of the programs, given Vdd and I0 (Vdd,f ) in (5). The execution time _t of a specific program is directly related to the time complexity of the associated algorithm. The time complexity function t(n) of an algorithm takes the problem size (instance characteristic) n as the argument and returns the number of program steps as the result. A program step is loosely defined as a syntactically or semantically meaningful segment of a program that has an execution time that is independent of the instance characteristics counts (a step could be an addition, a multiplication, a comparison, etc.). The element array being sorted‖. Using the time complexity function, we can use the following equation for finding the execution time _t of a program written in a high level language (e.g. C programming language): _t = t(n)Ncf, (6)

Etot = VDDI0(VDD,f ) t(n)Ncf (7)

Since this formula uses an average value for N, it only gives a first approximation of the energy consumption. However, to get a more precise estimation, the value of t (n) can be modified to account for the different number of instructions a statement is using on the targeted CPU. Equation (7) will allow us to predict the energy consumption of a program for different problem sizes, as a function of the complexity of the algorithm. It can be used to determine the energy cost metric for an IDS monitoring implemented in C on a microcontroller in sensor networks. In our previous work in (Futaci, et. al., 2008), we have determined the energy consumption for a particular cross-feature IDS monitoring for Denial-of Service Attacks. To determine the impact of the IDS on the battery life of a wireless node, we used the ―Battery Life Estimation Model‖ (Seminar Notes, 2005) of a ZigBee Wireless ad-hoc network node using the same microcontroller (MC9S08GT60) and Freescale Semiconductor‘s MC13192 RF transceiver. Our comparison findings illustrate that a ZigBee node consumes roughly three times more energy when runningan IDS algorithm.

We illustrate with a simple example the energy-security tradeoffs that can be achieved in a wireless network with 10 trusted nodes that participate in the monitoring game. In Figure 1 we show how the security level (probability of detection) for the cluster changes based on the selection of the Figure 1 Detection probability as a function of nodes‘ monitoring probability. 0 20

80

100 120 0 0.2 0.4 0.6 0.8 1 1.2

Figure 2 Energy-security tradeoffs for intrusion detection monitoring. Monitoring probability p. As we have mentioned earlier, specific p values can be imposed by selecting appropriate rewards for each node. The probability of detection is then calculated for different values of p by using Equation (3). It can be seen that high security levels (between 0.89 and 0.99) can be achieved for low monitoring probabilities (between 0.2 and 0.4). In Figure 2 we illustrate how the expected total energy consumption of the cluster changes with the change of the prescribed security level for the cluster. For these results we assume that the energy spent by the IDS for each of the IDS nodes is 10 unit of battery capacity in the selected unit time frame (time slot). Expected total energy of the cluster for each time slot can be calculated as:

where up to k nodes may contribute to the monitoring, each spending ε units f energy. It can be seen from the Figure 2 that as the required probability of detection value gets closer to 1 the expected total energy consumption increases rapidly.

In this paper we have illustrated the energy-security tradeoffs that are inherently associated with any security monitoring problem, using some simple classic examples of intrusion detection in wireless ad hoc networks. Our presented analysis was based on a game theoretic formulation that allows for the design of a distributed monitoring algorithm which achieves a prescribed security level for the network while preserving the energy resources of individual nodes. The proposed reward function played a dual role of incentivizing cooperation, as well as serving as a tuning parameter to adjust the network operation point for a desired energy-security tradeoff. energy cost of secrets in ad-hoc networks. IEEE Circuits and Systems Workshop on Wireless Communications and Networking. A. Sinha and P.A. Chandrakasan (2001). Joule Track a web based tool for software energy profiling. ACM Design Automation Conference, June 2001. B.-C.C. Lai, D.D. Hwang, S.P. Kim, and I. Verbauwhede (2004). Reducing radio energy consumption of key management protocols for wireless sensor networks. IEEE International Symposium on Low Power Electronics and Design, ISLPED, pp. 351–356. C. Chich-Chun, S. Muftic, and D.J. Nagel (2007). Measurement of energy costs of security in wireless sensor nodes. IEEE 18th International Conference on Computer Communications and Networks, August 2007, pp. 95–102. D. Fudenberg and D. Levine (1998). The Theoryof Learning in Games. MIT Press. D. Jain and V.M. Vokkrane (2008). Energy-efficient target monitoring in wireless sensor networks. IEEE Conference on Technologies for Homeland Security. H. Otrok, N. Mohammed, L. Wang, M. Debbabi, and P. Bhattacharya (2008). A moderate to robust game theoretical model for intrusion detection in MANETs, International Conference on Wireless and Mobile Computing, Networking and Communications (WIMOB), October 2008, pp. 608–612. N. Potlapally, N. Ravi, S. Raghunathan, and N. Jha (2003). Analyzing the energy consumption of security protocols. International Symposium on Low Power Electronics and Design, pp. 30–35. O. Kachirski and R. Guha (2002). Intrusion detection using mobile agents in wireless ad hoc networks. In Proceedings of the IEEE Workshop on Knowledge Media Networking, pp. 153–158, July 2002.

P. Techateerawat and A. Jennings (2006). Energy efficiency of intrusion detection systems in wireless sensor networks. IEEE/WIC/ACMInternational Conference onWeb Intelligence and Intelligent Agent Technology Workshops, pp. 227–230. P. Trakadas, T. Zahariadis, H.C. Leligou, S. Voliotis, and K. Papadopoulos (2008). Analyzing energy and time overhead of security mechanisms in wireless sensor networks. IEEE International Conference on Systems, Signals and Image Processing (IWSSIP), June 2008, pp. 137–140. Q. Shi and C. Comaniciu (2010). Efficient cooperative detection in wireless sentinel networks. In Proceedings of CISS, March 2010, Princeton, NJ. R. Chandramouli, S. Bapatla, K.P. Subbalakshmi, and R.N. Uma (2006). Battery power-aware encryption. ACM Trans. on Information and Systems Security (TISSEC), On Energy-Security Tradeoffs and Cooperation for Wireless Ad Hoc Networks 63. R. Chandramouli, S. Bapatla, K.P. Subbalakshmi, and R.N. Uma (2006). Battery power-aware encryption. ACM Trans. on Information and Systems Security (TISSEC). S. Mehmet Futaci, K. Jaffres Runser, and C. Comaniciu (2008). On modeling energysecurity trade-offs for distributed monitoring in wireless ad hoc networks, MILCOM, November 2008, pp. 1–7.

Y. Huang and W. Lee (2003). A cooperative intrusion detection system for ad hoc networks. In Proceeding of the 1st ACM Workshop on Security of Ad Hoc and Sensor Networks, pp. 135–147, October 2003.

Y. Li, H. Man, and C. Comaniciu (2006). A game theoretic approach to efficient mixed strategies for intrusion detection. Proceedings of IEEE International Conference on Communications (ICC 2006). Y. Liu, C. Comaniciu, and H. Man (2006). A bayesian game approach for intrusion detection in wireless ad hoc networks. In Proceedings of GameNets (Workshop on Game Theory for Networks), October 2006, Pisa, Italy. Y. Liu, C. Comaniciu, and H. Man (2006). Modeling misbehavior in ad hoc networks: A game theoretic approach for intrusion detection. International Journal of Security and Networks (IJSN).

Assistant Professor, PG Department of Computer Science, Dev Samaj College for Women, Ferozepur City E-Mail – vinodkumarkamboj@gmail.com