eHIP: An energy-efficient hybrid intrusion prohibition system for cluster-based wireless sensor networks

Verifying authenticity and integrity of delivered data is indispensable for security-sensitive wireless sensor networks (WSN). Unfortunately, conventional security approaches are unsuitable for WSN because energy efficiency is really not an important issue. However, energy conservation is truly a critical issue in WSN. In this paper, a proposed hybrid security system, called energy-efficient hybrid intrusion prohibition (eHIP) system, combines intrusion prevention with intrusion detection to provide an energy-efficient and secure cluster-based WSN (CWSN). The eHIP system consists of authentication-based intrusion prevention (AIP) subsystem and collaboration-based intrusion detection (CID) subsystem. Both subsystems provide heterogeneous mechanisms for different demands of security levels in CWSN to improve energy efficiency. In AIP, two distinct authentication mechanisms are introduced to verify control messages and sensed data to prevent external attacks. These two authentication mechanisms are customized according to the relative importance of information contained in control messages and sensed data. However, because the security threat from compromised sensor nodes cannot be fully avoided by AIP, CID is therefore proposed. In CID, the concept of collaborative monitoring is proposed to balance the tradeoff between network security and energy efficiency. In order to evaluate the performance of eHIP, theoretical analyses and simulations of AIP and CID are also presented in this paper. Simulation results fully support the theoretical analysis of eHIP.