A Study of IEEE 802.15.4 Security Framework for Wireless Body Area Network

A Study of IEEE 802.15.4 Security Framework for Wireless Body Area Networks Shahnaz Saleem, Sana Ullah, and Kyung Sup Kwak Graduate School of Information & Communication Engineering, Inha University, 253 Yonghyun-dong, Nam-gu, Incheon 402-751, Korea Email: {roshnee13, sanajcs}@h otmail.c om, kskwak@inha.ac.kr Abstract: A Wire less Body Area Network (WBAN) is a collec tion of low-power and lightweight wireless sensor nodes tha t are used to monitor the human body functions and the surrounding environment. It supports a number of innovative and interest ing applica tions , including ubiquitous healthcare and Consumer Electronics (CE) applications. Since WBAN nodes are used to collect sensitive (life-crit ical) information an d may operate in hostile environm ents, they require st rict security me chanisms to prevent m alicious interact ion with the system. In this pa per, we first highlig ht major security requirem ents and Denial of Service (D oS) attacks in WBAN at Physical, Medium Access Control (MAC), Network, and Transport layers . Then we discuss the IEEE 802.15.4 security framework a nd identify the security vulne rabilities and major attacks in the context of WB AN. Different types of a ttacks on the Contention A ccess Period (CAP) and Content ion Free Perio d (CFP) parts of the superfra me are analyzed and discussed . It is observed that a sma rt attacker can successfully corrupt an increa sing number of GTS slot s in the CFP period and ca n considerably affect the Quality of Se rv ice (QoS) in WBAN (since most of the data is carried in CFP period). A s we increase the number of s mart attackers the corrupted GTS slots are eventually increased, which prevents the legitimate nodes to utilize th e bandwidth efficientl y. This means th at the direct adaptation of IEEE 8 02.15.4 secu rity framewor k for WBAN i s not totally secure for certain WBAN applications. New solutio ns are required to in tegrate high level security in WBAN. Keywords: se curity; IEEE 802.15.4; WBAN; attacks Note: This article is an open access article distri buted under the terms and conditions of the Creative Common s Attribution license. It has be en published in Sensors Journal on 26 January 2011 (http://www.mdpi.com/journal/sensors ). 2 1. Introduction A Wireless Body Area Network (WBAN) allows the integration of intelligent, miniaturized, low-power sensor nod es in, on, or around a human body to monitor body functions and the surrounding environment. It has great potential to revolutionize the future of healthcare technology and has attr acted a number of res earch ers both from the academia and industry in the past few years. WBANs support a wide ra nge of medical and Consumer Electronics (CE) applications. For example, WBANs provide remote health monitoring of patients for a long period of time withou t any restriction on his/her normal activities [1,2]. Different no des such as Electrocardiogram (ECG), Electromyography (EMG), and Electroe ncep halography (EEG) are deployed on th e human body to coll ect the physio logica l parameters and f orward them t o a remot e medical server for further analysis as given in Figure 1. General ly WBAN consist s of in- body and on-body area networks. An in-b ody area network allows communication between invasive/implanted devices and a base station. An on-body area network, on the other hand, allows communication between non- invasive/wearable devices and a base station. Figure 1. WBAN architecture f or medical app lications. The consideration o f WBANs for medi cal an d non-medical a pplications must satisfy string ent sec urity and priv acy requir ements. These r equire ments ar e based on differ ent applications ranging from med ical (heart monitoring) to non-medical (listening to MP4) applications [3]. In case of medical a pplications, the security t hreats may lead a pa tient 3 to a dangerous condition, and sometimes to death. Thus, a strict and scalable secu rity mechanism is required to prevent malicious interaction with WBAN. A secure WBAN should include confidentiality and priv acy, integrity and authentication, key establishment and trust set-up, secure group management and data aggregation. However, the integration of a high-level security mechanism in a low-power and resource-constra ined sensor n ode increa ses the computational, communication and manageme nt cost s. In WBANs, b oth secu rity and system performance are equally important, and thus, designing a low-power and secure WBAN system is a fundamental challen ge to the desig ners. In this pa per, w e pres ent a brie f disc ussion on the ma jor security requirem ents and threat s in WBANs a t the Physi cal, Medium Acce ss Control (MAC), Network, and Transpor t layers. We analyze the performance of IEEE 802.15.4 [4,5] security framework for WBAN using extensive simulations. Different type s of attack on IEEE 802.15.4 superframe are cons idered in the simulations. The results are presented for smart, random , and weak at tackers in te rms of probab ility of failed Guaranteed Time Slots (GTS) requests (due to backoff manipulation atta cks) in the Contention Access Period (CAP) period, numb er of corrupted slots in the Contention Free Period (CFP) period, and decrease in bandwidth uti lization. It is concl uded that smart attackers can successfully disrup t the entire communication ch annel in the network. The rest of the paper is categorized into six sections. Section 2 and Secti on 3 outline the major security issues and t hreats in WBAN. Section 4 des cribes the IEEE 802.15.4 security framework for WBAN. In Section 5, we ide ntify possible attacks on the IEEE 802.15.4 s uperframe structure . Section 6 pre sents simula tion results. T he final section concludes our work. 2. Security Issues and Requirements A WBAN is a special type of networ k which shares some chara cteristics wit h traditional WSNs but differs in many others such as strict security and low-power consumption. It is mandatory to understand the type of WBAN applications before the integration of a suitable security mechanism. The co rrect understandi ng will lead us towards a st rong security mechanism that will prote ct the system from possible threats. The key security requirements in WBANs are discus sed below. 2.1. Data Confi dentialit y Like WSNs, Data confidentiality is co nsidered to be the mo st important issue in WBANs. It is required to protect the data from disclosure. WBANs should not leak patient’s vital information to ex ternal or ne ighbouring networks. In medical applications, the nodes collect and forward sensitive data to the coordinator. A n adversary can eavesdrop on the communi cation, and can o verhear the critical in formation. This eavesdropping may cause severe dama ge to the patient since the adversary can use the acquired data for many illegal purposes. The standard approach to pr otect the data secure is to encrypt it with a secure key that ca n only be decrypted by the inten ded 4 receivers. The use of symmetri c key encr yption is the most reliable for WB ANs since public-key cryptography is too costly fo r the energy-constraint sensor nodes. 2.2. Data Integrity Keeping the data confidential does not prot ect it from ex tern al modifi catio ns. An adversary can always alter the data by a ddi ng some fragments or by manipulati ng the data within a p acket. This packet can later be forwarded to the coordi nator. La ck of data integrity mechanism is sometimes very da ngerous especially in case of life-critical events (when emergency data is altered). Data loss can also occur due to bad communication environment. 2.3. Data Authentication It confirms the identity of the o riginal source node . Apart from modifying the data packets, the adversary can also cha nge a packet stream b y integrating fabricated packets. The coordinato r must have the capab ility to verify the ori ginal source of data. Data authentication can be achieved using a Message Authentication Code ( MA C ) (to differentiate it from Medium Access Cont rol (MAC), the Messa ge Authentication Code ( MAC ) is represented by bold letters) that is gene rally computed from the shared secret key. 2.4. Data Freshne ss The adversar y may sometimes c apture data in tr ansit and replay them later using the old key in order to confuse the coordina tor. Data freshness implies that the da ta is fresh and that no one can replay old messages. Th ere are two types of data freshness: weak freshness, which guarantees partial da ta fram es ordering but does not guarantee delay, and strong freshness, which guarantees data frames ordering as well as delay. 2.5. Secure Lo calization Most WBAN ap plications require accurate esti mation of the patient’s location. Lack of smart track ing mechanisms allow an attacker to send incorrect repor ts about the patient’s location either by reporting false sign al strengths or by using replaying signals. 2.6. Availability Availability implies efficient availabil ity of patient’s information to the physi cian. The adversary may ta rget the availability of WBA N by capturing o r disabling a particula r node, which may someti mes result in loss of life. One of t he best ways is to switch the operation of a node that has been attacked to another node in the networ k. 5 2.7. Secure Management Secure management is req uired at the coo rdinator to provide key di stribution to the nodes for encryption and decryption operation. In case of association and disassociation, the coordinator a dds or remove s the nodes in a secu re manner. 3. Possib le Security Threats a nd Attacks A WBAN is vulnerab le to a considerable number of key att acks. These attacks are conducted in different ways, i.e. , Denial of Serv ice (DoS ) attacks , privacy viol ation, and physical attacks. Due to restrictions on the powe r consumption of the sensor n odes, protection against these types of attacks is a challenging task. A powe rful sensor can easily jam a sens or node and c an prevent it from c ollect ing patien t’s data o n regu lar basis. Attacks on WBAN can be cla ssified into three m ain categories [6]: (a) a ttacks on secrecy and authentication, wh ere an adversar y performs ea vesdropping, pa cket replay attacks, or spoofing of packets, (b) attacks on s ervice i ntegr ity, wh ere th e networ k is forced to accept false information [ 7], an d (c) attacks on network availability (DoS attacks), where the at tacker tries to re duce the network’s capacity. In the foll owing section, we briefly present most important DoS attacks at physi cal, data link, network, and transport layers. A brief summary of these attacks is given in Table 1 [8 ]. Table 1. WBAN OSI l ayers and DoS attacks/denfeses. Layers DoS Attacks Defense s Physical Jamming Spread-spectrum, pri ority messages, low er duty cycle, region mapping, mode change Tamper ing Tamper-proo f, hiding Link Colli sion Error correcting co de Unfairness Small frames Exhaustion Rate limitation Networ k Neglect and greed Redundancy, probing Homing Encryption Misdirection Egress filtering, authorizati on monitoring Black holes Authorization, monitoring, redundancy Transport Flood ing Client Puzzles De-synchronization Authentication 3.1. Physical Layer Atta cks Some of the main respo nsibilities of physical la yer include frequency sel ection and generation, signal detection, modulation, and encryption [9]. Since the medium is radio- based, jamming the ne twork is always possible. The most common attacks are jamming and tampering. J amming refers to i nterference with the radio frequencies of the nodes. The jamming sou rce can be po werful enough to disrupt the entire netw ork. Tampering 6 refers to the physical attacks on the sensor nodes [10]. However, nodes in WBAN are deployed in close proximity to the huma n body, and this reduces the chances of physical tampering. 3.2. Data Link Layer A ttacks This layer is respo nsible for multiple xing, frame det ection, channel access, and reliability. Atta cks on this layer include creating collision, unfairness in a llocation, and resource exhaust ion. Collision occurs when two or more nodes attempt to transmit a t the same time. An adversary may strategically create extra collisions by sending rep eated messages on the channel. Unfairnes s degrades the network performance by interrupting the MAC priority schemes. Exhaustion of battery resources may occur when a sel f- sacrificing node always keeps t he channel busy. 3.3. Network La yer At tacks The node s in WBAN ar e not r equired to route the pac kets t o other nod es. Routi ng is possible when multip le WBANs communica te with each othe r through their coo rdinators. Possible attacks include spo ofing, selective forwardin g, sybil, and hello floo d. In spoofing, the attacker target s the routing informa tion and alters it to disrupt the network. In selective forwarding, the attacker forwards se lective messages and drops the others [11]. In sybil, the attacker represents more th an one identity in the network [12 ]. The hello flood att acks are us ed to fool the ne twork, i.e. , the sender is within the radio range of the receiver. 3.4. Transport Layer Att acks The attacks on the transport layer are floo ding and de-synchronisation. In flooding, the attacker repeat edly places req uests for co nnection until t he required resources a re exhausted or reach a maximum limit. In de-synchronisation, the attacker forges messages between nodes causing them to request the transmission of missing frames. 4. IEEE 802.15.4 Security for WBAN IEEE 802.15.4 is a low-power standard des igned for low data rate applications. It offers three operational frequency bands: 868 MHz, 915 MHz, and 2.4 GHz bands. There are 27 sub-channels allocated in IEEE 802.15.4, i.e. , 16 sub-channels in 2.4 GHz band, 10 sub-channels in 915 MHz band and one sub-channel in the 868 MHz band. IEEE 802.15. 4 MAC h as two op eration al modes : a bea con -ena ble d mode and a n on-be ac on enabled mode. In the beacon-enabled mode, the network is controlled by a coordinator, which regularly transmits beacons for device synch ronization and association control. The channel is bounded by a superframe structure as illu strated in Figur e 2. 7 Fig ure 2 . IEEE 802.15.4 superframe structure. The superframe consi sts of both active and inactive pe riods. The active peri od contains three components: a beacon, a Contention Access Period (CAP), and a Contention Free Period (CFP). Th e coordinator i nteracts with no des during the a ctive period a nd sleeps during inactiv e period . Ther e are maxi mum of sev en GTS slo ts in the CFP per iod to support time critica l traffic. In the beacon -enabled mode, a slotted CSMA/CA protocol is used in the CAP period. In the non-beacon enabled mode, the channel is accessed using unslotted CSMA/CA protocol. The main security requirements presented in the IEEE 802.15.4 standard specification are access control, confidentialit y, frame integrity, and sequential freshness. Access control ensures the protection of frames from unauthorized nodes. Confidentiality makes sure that only legitimate nod es shar e the secret informat ion. Frame integr ity protects the frames from manipulation by an adversary. Sequential freshness confirms the freshness of the frames. The IEEE 802.15.4 secu rity layer is handled at the MAC layer. The securi ty requirements are specified at the a pplication layer by tuning s ome control parame ters. If no parameters a re selected, no security mechanism is used. The specificat ion defines four packet types: beacon, data, acknowledgement, and control p ackets. The beacon packets are used for synch ronization and resource allocation. No security information can b e included in the acknowledgement packets. In others, the in formation such a s integrity protection and confidentiality protection can be integrated whenever required. The IEEE 802.15.4 specification ha s a choice of security suite s that control different security levels. Each secu rity suite has different securi ty properties, protection levels, and frame formats. The IEEE 802.15.4 based security suites can be considered for WBAN with necessary modifications. Table 2 list s different security sui tes defined in the IEEE 802.15.4 standard [13]. They are broadly clas sified into null, encr yption only (AES-CTR), authentication only (AES-CBC- MAC ), and encryption and authentication (AES-CCM) suites. In AES-CTR, confidentiality protecti on is provided using Advance Encryption Standard (AES) block cipher [14] with counter mode. In AES-CBC- MAC , secu rit y including integrating protec tion is provided us ing CBC- MAC [15]. The AES-CCM provides high-level security that includes b oth data integrity and encryption. De tails about these security suites are presented in the standa rd. 8 Table 2. Security modes in IEEE 802 .15.4 Name Description Access Control Confidentialit y Frame Integrity Sequential Freshness Null No sec urity AES-CTR Encryption on ly, CTR Mode X X X AES-CBC- MAC -128 128 bit MAC X X AES-CBC- MAC -64 64 bit MAC X X AES-CBC- MAC -32 32 bit MAC X X AES-CCM-128 Encryption & 128 bit MAC X X X X AES-CCM-64 Encryption & 64 bi t MAC X X X X AES-CCM-32 Encryption & 32 bi t MAC X X X X The IEEE 802.15.4 is consider ed very close to WBAN due to its quick implementation, reliable security mechanism, and support of low data rate applica tions with low cost of power consumption. A significant improvement has been seen in the IEEE 802.15.4 in terms of sup erframe variation (expanding the C FP period) and con tention access mech ani sms [ 16 ,17] . Sin ce cont ent ion a cce ss mechanisms are not reliable for WBAN due to Clear Channel Assessment (CCA) and heav y collision problems, researchers have urged to shrink the CA P period in the IE EE 802.15.4 superframe and subsequently extend the CFP p eriod [18]. The purpose was to car ry loads of p ackets in the C FP part o f the superframe. As d iscussed earlier, the IEEE 802.15.4 specification defines seven GTS slots for collision free transmission. A nod e interested to grab the slot tracks the b eacon for resource al location. The coordi nator de cides the a ssignment of the GTS slot. If needed, more than one GTS slot can be allocated to a node. Figure 3(a,b) shows the GTS allocation and deallocation process define d in the IEEE 802.15.4 specification. Figure 3. (a) GTS allocation process, (b) GTS dealloca tion process. ( a ) ( b ) First, the nodes receive the beacons to i d entify the superframe boundaries. A GTS request is sent in the CA P part of the superfra me to the coordinator. The request includes the req uired length and d irection (uplink or do wnlink) of the GT S slot. Th e coordinator may send an acknowledgement packet to confirm the succes sful reception of the GTS request. If GTS slots are available, the coordinator assigns them to the nodes using the beacon frame. Once assigned, the data transmission takes place in the GTS slots of the following superframes. 9 The GTS allocation proces s may frequently occur in case o f WBAN, where many nodes request the allocation of GTS slots. The main disadvantage of the IEEE 802.15.4 is the number of GTS slots is limited to seve n. In WBAN, nodes generally require more GTS sl ots in th e CFP per iod. T his can be ac hieved by the v aryin g the CF P duratio n according to the applications. No ma tter how many GTS slots are p resent in the CFP period, they have a vu lnerable poin t that allow s an attack er to disrupt the communication between nodes and the coordina tor. Another problem is that the adversary may conti nuously select a small backoff window a nd may cont end with the legitimate nodes (in the CA P period) in order to p rotect them from se nding the GTS request packets. The following section bri efly describes possi ble attacks on the CAP and CFP periods. 5. Attacks on the CAP and CFP Periods Since most the t raffic in WBAN is carried i n the CFP period of the su perframe, attacks on both CAP (this is used for resource allocation in CFP) and CFP perio ds can dis rupt the entire communicat ion between nodes and the coordinator. To attack the C AP period (also called backoff manipulation attack), a self ish node or an attacker attempts to select a small backoff window in order t o keep the channel busy all the tim e. This attack prevents the legitimate nodes to send GTS sl ot requests to the coordin ator as given in Figure 4(a). The b ackoff manipulation atta ck was first investigated for IEEE 802.11 networks in [19], where a selfish u ser im plement ed a who le range of str ategi es to maximize its access to the medium. Most of the challenging task is to detect backoff manipulation attacks [20,21]. Because the backoff counter is selected on random basis, it is very hard to identify the adversary who has delibera tely chosen a small backoff window. A scheme to detect backoff manipula tion attack is presented in [21 ], which works well for adversa ries who are unaware of the d etection scheme. But a smart adversary can efficient ly maximize hi s throughput and can minimize th e chances of his detection [22]. Another method of detecting these attacks is proposed in [23] where the receiver is used to assign backoff windows to the sender but the problem is that re ceiver cannot always be trusted. To attack the C FP period, an attack er carefully listens to the GTS allocation process and e xtracts the GTS slot information from th e beacon [24] as given in Figure 4(b) . The attacker first synchronizes itself to the network and receives periodic beacons. Assume that the le gitimate node sends a GTS request to the coordinator. The attacker waits for the following beacon to extract the GTS slot information. Once the coo rdinator approves the GTS request, it integrate s the slot information into the beacon frame. Both the legitima te node and the adversary receive the beacon. After obtaining the GTS slot information, the adversary can easily create interference in the GTS slot. Since the GTS sl ots are used to carry critical data (life- critical in case of WBANs [25 ]), interf erence in transmission affects the QoS requirements. 10 Figure 4. (a) Backoff manipulation attack on the CAP, (b) Attack on C FP period. (a) (b) 6. Evaluation and Results We simulate a number of attacks on the CA P and CFP periods of the IE EE 802.15.4 superfram e using the NS 2 .31 simu lator [ 26]. The simulation is bas ed on the framework defined in [24]. We consider a network of te n legitimate nodes, wh ich can be randomly attacked by fi ve attackers. T he attackers ar e cate gorized into smart , rando m, and weak attacks. Smart attackers aim at c orrupting both the CAP and CFP periods. They corrupt the GTS slot wi th maximum duration. Random attackers aim at corrupting CFP period only wi th an a verage G TS sl ot dura tion. W eak at tackers ai m at c orruptin g GTS sl ots wi th minimum duration. The attacks are trigge red at random basis in ea ch simulatio n run and the results are analyz ed in terms of probabil i ty of failed GTS reques ts ( due to back off manipulation attacks) in the CAP period, numb er of corrupted slo ts in the CFP peri od, and decrease in bandwidth utilizat ion. The smart atta ckers repeatedly att empt to access t he channel i n the CAP period, thus increasing the probability of failed GTS requests , as given in Figure 5. It can be seen that few smart attackers can disru pt the entire communication channel. Since the or iginal  11 data transmission in WBAN takes pla ce in the CFP period, analysis of attacks on t he CFP period is becoming in creasingly i mportant. Figure 5. Probability of failed GTS requests . Figure 6. Total number of corrupted slots in t he CF P. Figure 6 shows t he total number of corrupted slots in the CFP period f or a number of smart attacker s. The figure sho ws that tw o smart attacker s can successf ully corrup t up to 149 GTS slots. This trend increases up to 1912 GTS slots for 30 smart a ttackers. Once the GTS slots are identified and attacked, th e attackers try to decrease the bandwidth utilization in each slot. C orrupting more GTS slots result in the lo west bandwid th utilization. This corruption depends on the ty pe of attacks. A smart attacker can corrupt more slots than a r andom or weak attacker. This is shown in Figure 7, where two smart attackers corrupt more slots and therefore decrease the bandwidth utilization by 71%. These ar e the best res ults in th e attacker’ s point of vi ew (and worst fo r the leg itimate 12 nodes). Two random attackers and one weak a ttacker decrease the bandwidth utilization by 49% and 15%, respectively . The later is the worst case for the attackers . As IEEE 802.15.4 networks may not frequently utilize the CFP period, the GTS a ttacks are not a big threat to t hem. But the direct adaptati on of IEEE 802.15.4 security framework for WBAN is not reliable as most of the data is carried in the CFP period of the superframe. Figure 7. Decrease in bandwidth utilization. On e S m a rt A tta ck er Tw o Sm a r t A tt a ckers O ne Ra ndom A tta c k er T w o Ra ndom A tt a ckers On e W e a k A tt a cker 0 10 20 30 40 50 60 70 80 D e cr e a s e i n ba ndw i dth Ut iliz a t io n ( in % ) 7. Conclusions Starting from the WBAN security requirements at d ifferent layers, we studie d the IEEE 802.1 5.4 security framework for WBANs and identified differen t types of attacks on the IEEE 802.15.4 superframe by a nu m ber of adversaries. Thes e attacks were categori zed into smart, random, and weak attacks. Simulation res ults showed that the smart attacker(s) has the capability of corrup ting an increasing number of GTS slots compared to ra ndom and wea k attackers. This means tha t the direct a daption of IE EE 802.15.4 security framework for WBANs is not reliable since most of the traffic in WBANs is carrie d in CFP perio d, which is m ost vulnerable to GT S attacks. One of the solutions is to im plement a sophisticated backoff detection scheme that should successfully detect the backoff attacks. Howeve r, the backoff detection scheme may not work for adversaries who have enough knowledge of the scheme. They may try to maximize their throughput and minimize their chances of dete ction. Another approach is to allow the re ceiver to assig n the backo ff window to the sender. In this scheme, the receiver can easily det ect any attack and ca n even penalize the adversa ries by increasing their backoff values. A game theoretic approa ch could a lso be useful to detect a nd prevent the attacks by considerin g that all nodes are selfis h. Acknowledgements This work was supported b y the National Research Founda tion of Korea (NR F) grant fun ded by the Ko rea go vernment (MEST) (No. No.2010 -0018116) and by the Ministry of Knowledge Economy (MKE), Ko rea, under the Information Technology 13 Research Center ( ITRC) support program supervised by the Institute for Informati on Technology Adva ncement ( IITA) (II TA-2009-C10 90-090 2-0019). References 1. Ullah, S .; Higgins, H. ; Braem, B.; Latre, B.; Bl ondia, C.; Moerman, I.; Saleem, S.; Rahman, Z.; Kwak, K.S. A comprehensive survey of wireless body area networks: On PHY, MAC, and Network Layers Solutions. J. Med. Syst. 2 010 , doi: 10 .1007/ s10916- 010-9571-3. 2. Ullah, S.; Higgins, H .; Shen, B.; Kwak, K.S. On the impla nt communication and MAC protocols for WBAN, Int. J. Com. Syst. 2010 , 23 , 982-999. 3. Saleem, S.; Ullah, S.; Yoo , H.S. On the security issues in wirele ss body area networks . J. Digital Content Tech nol. Appl. 2009 , 3 , 17 8-184. 4. IEEE Standard 802.15.4: Wireless Medium Access Control (MAC) and Physical Layer (PHY) Specifications for Low Data Rate Wireless Personal Area Networks (WPA N) ; IEEE: Piscataway, NJ, USA, 2 006. 5. Sastry, N.; Wagner, D.; Security considerations for IEEE 802. 15.4 networks. In Proceedings of the 3rd AC M workshop on Wireless securi ty (WiSe ’04), Philadelphia (U.S.A.), Oct. 2004. 6. Shi, E.; Perr ig, A. Designing secure sensor netw orks. IEEE Wirel. Commun. Mag. 2004 , 11 , 38-43. 7. Wood, A.D.; Stankovic, J.A. Denial of service in sensor networks. IEEE Comput. 2002 , 35 , 54-62. 8. Wang, Y; Attebury, G.; Ramamurthy, B. A survey of security issues in wireless sensor networks. IEEE Commun. Surv. Tutorials 2006 , 8 , 2-23. 9. Akyildiz, I.F.; Su, W.; Sankarasubramani am, Y.; Cayirci, E. A surve y on sensor networks. IEEE Commun. Mag. 2002 , 40 , 102-114. 10. Wang, X.; Gu, W.; Schosek, K.; Chellappan, S.; Xuan, D. Sensor Netwo rk Configuration under Ph ysical Attacks ; Technical report (OSU-C ISRC-7/04-TR45); Department of Computer Science and Engin eering, Ohio State University: OH, USA, July 2004. 11. Karlof, C.; Wagner, D. Se cure routing in wireless sensor networks: Attacks a nd countermeasures. In Proc eedings of the 1st IEEE Inte rnational Worksh op on Sens or Network Protocols and A pplications , Alask a, May 2 003; pp. 1 13-127 . 12. Douceur, J. The Sybil attack. In Proceedings of the 1st Internat ional Workshop on Peer-to-Peer System s (IPTPS’02) , Cambridge, February 2002 . 13. Xiao, Y.; Chen, H.H.; Sun, B.; Wang, R.; Seth i, S. MAC security and security o verhead analy sis in the IEEE 802. 15.4 Wire less Se nsor Networ ks. EURASIP J. WCN 20 06 , doi:10.1155/WCN/2006/ 93830. 14. Rijmen, V.; Daemen, J. The block cipher Rijndael. In Smart Card Research a nd Applications ; LNCS 1820;, Springer-Verlag: Ne w York, NY, USA, 2000; pp. 288-296. 14 15. Bellare, M.; Kilian, J.; Rogaway, P. The securit y of the cipher block chaining message authentication code. J. Comput. Syst. Sci. 2000 , 61 , 362-399. 16. Ha, J.; Kim, T.; Park, H .; Choi, S.; Kwo n, W. An enha nced CSMA-CA a lgorithm for IEEE 802.15.4 LR-WPANs. IEEE Commun. Lett. 2007 , Vol. 11 , No. 5, 461-463. 17. Huang, Y.; Pang, A.; Kuo, T. AGA: Ad apti ve GTS allocation wit h low latency a nd fairness co nsideratio ns for IEE E 802.15.4. I n Proceedings of 2006 IEEE International Conference on Communications (ICC 06) , Istanbul, Turkey, June 2006 ; pp. 3929-3934. 18. Jeon, J.; Lee, J.; Ha, J.Y.; Kwon, W.H. DCA: Duty-Cycle a daptation algorithm for IEEE 802.15.4 Beacon-E nabled Networks. In Proceedings of VT C2007-Spring , Dublin, UK, 22–25 Apr il 2007; pp. 110- 113. 19. Radosavac, S.; Cardenas, A.A.; Baras, J.S .; Moustakides, G.V. Detecting IEEE 802.11 MAC layer misbeha vior in ad hoc netwo rks: Robust strategies against indi vidual and colluding atta ckers. J. Comput. Secu r. 2007 , 15 , 103-128. 20. Bellardo, J.; Savage, S. IEEE 8 02.11 denial-of-service attacks: Real vulnerabilities and pr actical so lutio ns. In Proceedings of the USENIX Security Symposium , Washington, DC, USA, August 2003. 21. Raya, M.; Huba ux, J.P.; Aad, I.; DOMINO: A system to detect greedy behavior in IEEE 802.11 hotspots. In Procee dings of t he Second International Conference o n Mobile Systems, App lications and Services (Mobi Sys2004) , Boston, MA, USA, Ju ne 2004. 22. Radosavac, S.; Baras, J.S.; Koutsopoul os, I. A framework forMAC proto col misbehavior detection in wireless network s. In Proceedings of the 4th ACM Workshop on Wi rel ess Se cu rity , Colog ne, Germany, August 2005; pp. 33-42. 23. Kyasanur, P.; Vaidya, N.; Detection and handli ng of mac layer misbehavior in wireless net works, In Proceedings of the Internationa l Conference on Depend able Systems and Networks , San Francisco, CA , USA, June 2003. 24. Sokullu, R.; Dagdeviren, O.; Korkmaz, I. On the IEEE 8 02.15.4 MAC layer attacks: GTS attack. In Proceedings of Sens or Te chnologie s and Appl ication s, 20 08. SENSORCOMM ’08 , Cap Esterel, France, 25–31 August 2008; pp.673-678. 25. Ullah, S.; Shen, B.; Riazul Islam, S.; Khan , P.; Saleem, S.; Kwak, K. A study of MAC protocols for WBANs. Sensors , 2010 , 10 , 128-145. 26. Network Simulator 2 ; Available online: http://www.isi.edu /nsnam/ns/ (accessed on 20 September 2010).