4.3. USE CASE SCENARIO DEPICTING THE RISK ASSESSMENT FRAMEWORK 63
Table 4.7: Use Case Scenario—evaluation of misuse frequency of attacks on WSN
Attack Name
Base_Metrics
(B_AR
, B_AC, B_AU)
Temporal Metrics
(T_E, T_RL, T_RC)
MF
init
MF
uFac
Eavesdropping
Node S
ubversion
Sinkhole/Selective
Forwarding
Adj, Low, None
Network, Medium, Single
Network, Medium, MI
F, W, C
POC, W, C
FEE, W, C
0.686
0.723
0.686
0.966
0.95
0.966
(TD) and adversary within communication range (ACR) attacks conjunctively (Figure 4.5). We
compute the unconditional probability of eavesdropping attack node using (4.9) and MF of these
three attack nodes (Eav: 0.82, TD: 0.74, ACR: 0.825). en, we compute the unconditional
probability for Eav using (4.9) as follows:
D Pr.Eav/
T
Pr.TD/
T
Pr.ACR/
T
D .0:82 0:825 0:74/
Pr.Eav/
uncond:
D 0:50:
Similarly, the attack node, node subversion (NS), can be exploited via successful execution of
either malware attack (MA) or node replication (NR) attack node. e MF of NS, NR, and
MA is 0.83, 0.413, and 0.86, respectively. Since we have a disjunctive join in the attack graph,
the unconditional probability for node subversion will be computed using (4.10) as follows:
X
.NR;MA/2fT;F g
.Pr.NS/
T
Pr.NR/ Pr.MA//
Pr.NS/
uncond:
D 0:761:
Similar computations are done for other attack nodes. We see from Figure 4.5 that an attacker
can exploit confidentiality of a totally unprotected WSN by executing Eavesdropping, Sybil,
Blackhole, or Selective forwarding, either individually or in combination, giving them 2
4
attack
options. But some of these combinations will not contribute toward the exploitation of confi-
dentiality. For example, Blackhole attack is a successful consequence of Selective Forwarding. If
Selective Forwarding does not contribute toward the exploitation of confidentiality, then there
will be no contribution from Blackhole. Hence, for an expected threat level of 50%, the com-
puted net threat level for confidentiality will be 20.3%. Since it is very hard to get hold of the
information unless the adversary knows the location of the sensor nodes and can closely moni-
tor and capture the traffic. Given the protective measures used, this can be challenging since the
adversary must decipher the captured information.
64 4. RISK ASSESSMENT IN A SENSOR CLOUD
4.3.2 TIME FRAME ESTIMATIONS
Computing the MI of the attacks whose attack pattern is confidentiality (Table 4.2), we have
two sets of impact for our use case scenario—0.14 and 0.33 (Table 4.6 and (4.7)), along with
service levels SL
0
(fully operational) and SL
x
(total degradation). e attacks having an impact
of 0.14 are grouped into service level SL
1
and those having an impact of 0.33 are grouped into
service level SL
2
. Confidentiality degrades and reaches an irreparable state, as we traverse from
SL
0
to SL
x
. e service levels for WSN security parameters is summarized in Table 4.8.
Table 4.8: Service levels for WSN security parameters using Table 4.2
Service Levels Attacks Attack Pattern
SL0(0.0) - -
- -
SL1(0.14)
Node subversion, spoofi ng, node replication,
malware attack, wormhole, selective forwarding
C; I
SL2(0.33)
Eavesdropping, sybil, selective forwarding,
spoofi ng, alter/replay, acknowledgment spoof-
ing, node malfunction
C; I
SL3(0.50) Frequency jamming, denial of service A
SLx(1.0)
Computing State Transition Rates
Once the service levels are generated, we compute the rate transition matrix using MF estimates
(Table 4.5 and (4.3)). e transition rates for the service level are illustrated in Table 4.9. In this
regard, we generally assume that a transition from a higher service level to a lower service level is
not feasible to decrease the complexity in computations. Also, we assume that a network cannot
reach SL
x
directly from SL
0
or SL
1
, since SL
0
is a fully operational level with no harmful
attacks. Furthermore, execution of attacks in SL
1
will result in a transition to the next service
level (SL
2
and not SL
x
, since the impact of attacks in SL
1
is lower that of attacks in SL
2
).
e network would be functioning in SL
0
in the absence of attacks. Execution of an attack
belonging to SL
1
causes a traversal from SL
0
to SL
1
, and so forth. e transition from SL
1
to SL
2
is dependent on the transition rate for SL
0
to SL
1
and is computed as MF(SL1SL2)j
MF(SL0SL1).
e output of rate transition matrix as shown in Table 4.9 is interpreted as follows. Given
a time frame of say 30 days, a WSN in absence of security measures will have its confidentiality
fully compromised in about 13 days. Since the probability of full compromise, reaching SL
x
,
is around 0.44, which translates to 13 days (44% of 30 days). We also conclude that in such a
WSN there is 66.27% chance that the data will be fully compromised. Integrity, in close co-
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.117.153.38