OPEN ACCESS
Diagrammatic methodologies for modeling information security attacks have been developed in vari-ous forms (e.g. attack trees, use cases, and misuse cases) and applied for many purposes (e.g. security requirements specification and identification of commonly occurring attack patterns). They play an important role in the development of more effective communication between technical and nontechni-cal participants than that made possible by text. Recently, Unified Modeling Language (UML) sequence diagrams have been used to model security attacks (e.g. collision attacks and unintelligent replay attacks) in wireless sensor networks (WSNs). WSNs require protection to preserve the confidentiality and integrity of sensitive information as well as availability of the system. This is an important research issue because WSNs are used in critical applications such as military battlefield surveillance, industrial process monitoring and control, and machine health monitoring. This paper describes an alternative flow-based approach for visualizing security attacks in terms of depiction of behavioral interactions. It models security attacks in WSNs and contrasts this method with the sequence-based diagrammatic method. The comparison provides an initial appraisal of the technique with reference to a well-known process modeling methodology. The results indicate that the method can capture the interweaving of attack events to achieve a more complete and detailed picture necessary for better understanding.
Collision attacks, conceptual model, information security, security requirements, UML sequence diagram, visualization, wireless sensor networks
[1] Avison, D.E. & Fitzgerald, G., Information Systems Development: Methodologies, Techniques and Tools, 3rd edn., Blackwell Scientific: Oxford, UK, 2003.
[2] Moody, D.L., The physics of notations: towards a scientific basis for constructing visual notations in software engineering. IEEE Transactions on Software Engineering, 35(6), pp. 756–779, 2009. doi: http://dx.doi.org/10.1109/TSE.2009.67
[3] OMG, Unifi ed Modeling Language Version 2.0: Superstructure, Object Management Group (OMG), 2005. http://www.omg.org/cgi-bin/doc?formal/05-07-04
[4] Moody, D.L. & van Hillegersberg, J., Evaluating the visual syntax of UML: an analysis of the cognitive effectiveness of the UML suite of diagrams. Proceedings of the 1st International Conference on Software Language Engineering (SLE), Toulouse, France. Springer Lecture Notes in Computer Science, 2008.
[5] OMG, Unifi ed Modeling Language Specifi cation, Version 1.5, Object Management Group, March 2003.
[6] Gordon, D., Stehney, T., Wattas, N. & Yu, E., System Quality Requirements Engineering (SQUARE): Case Study on Asset Management System, Phase II. Carnegie Mellon University, available at: http://www.cert.org/archive/pdf/05sr005.pdf, 2005.
[7] Pawar, P.M., Nielsen, R.H., Prasad, N.R., Ohmori, S. & Prasad R., Behavioural modelling of wsn mac layer security attacks: a sequential UML approach. Journal of Cyber Security and Mobility, 1(1), pp. 65–82, 2012.
[8] Hong, S. & Lim, S., Analysis of attack models via unified modeling language in WIRELESS SENSOR networks: a survey study. IEEE International Conference on Wireless Communications, Networking and Information Security (WCNIS2010), pp. 692–696, 2010.
[9] Chen, X., Makki, K., Yen, K. & Pissinou, N., Sensor network security: a survey. IEEE Communications Surveys & Tutorials, 11(2), pp. 52–73, 2009. doi: http://dx.doi.org/ 10.1109/SURV.2009.090205
[10] Lopez, J., Roman, R. & Alcaraz, C., Analysis of security threats, requirements, technologies and standards in wireless sensor networks. In On Foundations of Security Analysis and Design, eds. A. Aldini & R. Gorrieri, Springer, LNCS 5705, pp. 289–338, 2009.
[11] Dargie, W. & Poellabauer, C., Fundamentals of Wireless Sensor Networks: Theory and Practice, John Wiley and Sons, ISBN 978-0-470-99765-9, 2012.
[12] Sohraby, K., Minoli, D. & Znati, T., Wireless Sensor Networks: Technology, Protocols, and Applications, John Wiley and Sons, ISBN 978-0-471-74300-2, 2007. doi: http:// dx.doi.org/10.1002/047011276X
[13] Bachir, A., Dohler, M., Watteyne, T. & Leung, K., MAC Essentials for wireless sensor networks. IEEE Communications Surveys & Tutorials, 12(2), pp. 222–248, 2010. doi: http://dx.doi.org/10.1109/SURV.2010.020510.00058
[14] Al-Fedaghi, S., Scrutinizing the rule: privacy realization in HIPAA. International. Journal of Healthcare Information Systems and Informatics (IJHISI), 3(2), pp. 32–47, 2008.
[15] Al-Fedaghi, S., Conceptualizing effects, and uses of information. Information Seeking in Context Conference (ISIC 2008), September 17–20, Vilnius, Lithuania, 2008.
[16] Al-Fedaghi, S., Software requirements as narratives. Third International Conference on Information, Process, and Knowledge Management, February 23–28, Gosier, Guadeloupe, France, 2011.
[17] Al-Fedaghi, S. & Al-Babtain, B., Modeling the forensics process. International Journal of Security and Its Applications, 6(4), pp. 97–108, 2012. doi: http://dx.doi.org/10.4018/ jhisi.2008040104
[18] Al-Fedaghi, S., Annotations of security requirements. International Review on Computers and Software (IRECOS), 7(4(A)), pp. 1470–1477, 2012.
[19] Sakshat Virtual Lab, Simulating a Wi-Fi Network, available at http://virtual-labs.ac.in/ cse28/ant/ant/5/theory/ (accessed 2013).
[20] Reindl, P., Nygard, K. & Du Xiaojiang, D., Defending malicious collision attacks in wireless sensor networks. IEEE/IFIP 8th International Conference on Embedded and Ubiquitous Computing (EUC), December 11–13, pp. 771–776, 2010.