64 4. RISK ASSESSMENT IN A SENSOR CLOUD
4.3.2 TIME FRAME ESTIMATIONS
Computing the MI of the attacks whose attack pattern is confidentiality (Table 4.2), we have
two sets of impact for our use case scenario—0.14 and 0.33 (Table 4.6 and (4.7)), along with
service levels SL
0
(fully operational) and SL
x
(total degradation). e attacks having an impact
of 0.14 are grouped into service level SL
1
and those having an impact of 0.33 are grouped into
service level SL
2
. Confidentiality degrades and reaches an irreparable state, as we traverse from
SL
0
to SL
x
. e service levels for WSN security parameters is summarized in Table 4.8.
Table 4.8: Service levels for WSN security parameters using Table 4.2
Service Levels Attacks Attack Pattern
SL0(0.0) - -
- -
SL1(0.14)
Node subversion, spoofi ng, node replication,
malware attack, wormhole, selective forwarding
C; I
SL2(0.33)
Eavesdropping, sybil, selective forwarding,
spoofi ng, alter/replay, acknowledgment spoof-
ing, node malfunction
C; I
SL3(0.50) Frequency jamming, denial of service A
SLx(1.0)
Computing State Transition Rates
Once the service levels are generated, we compute the rate transition matrix using MF estimates
(Table 4.5 and (4.3)). e transition rates for the service level are illustrated in Table 4.9. In this
regard, we generally assume that a transition from a higher service level to a lower service level is
not feasible to decrease the complexity in computations. Also, we assume that a network cannot
reach SL
x
directly from SL
0
or SL
1
, since SL
0
is a fully operational level with no harmful
attacks. Furthermore, execution of attacks in SL
1
will result in a transition to the next service
level (SL
2
and not SL
x
, since the impact of attacks in SL
1
is lower that of attacks in SL
2
).
e network would be functioning in SL
0
in the absence of attacks. Execution of an attack
belonging to SL
1
causes a traversal from SL
0
to SL
1
, and so forth. e transition from SL
1
to SL
2
is dependent on the transition rate for SL
0
to SL
1
and is computed as MF(SL1SL2)j
MF(SL0SL1).
e output of rate transition matrix as shown in Table 4.9 is interpreted as follows. Given
a time frame of say 30 days, a WSN in absence of security measures will have its confidentiality
fully compromised in about 13 days. Since the probability of full compromise, reaching SL
x
,
is around 0.44, which translates to 13 days (44% of 30 days). We also conclude that in such a
WSN there is 66.27% chance that the data will be fully compromised. Integrity, in close co-