The goal of access control is to allow access by authorized individuals and devices and to disallow access to all others. Access should be authorized and provided only to individuals whose identity is established, and their activities should be limited to the minimum required for respective purposes. An effective control mechanism includes numerous controls to safeguard and limits access to key information system assets at all layers in the network stack.

System devices, programs, and data are system resources. Each system resource may need to be accessed by individuals (users) in order for work to be performed. Access beyond the minimum required for work to be performed exposes the systems and information to a loss of confidentiality, integrity, and availability. Accordingly, the goal of access rights administration is to identify and restrict access to any particular system resource to the minimum required for work to be performed.

Authentication is the verification of identity by a system based on the presentation of unique credentials to that system. The unique credentials are in the form of something the user knows, something the user has, or something the user is. Those forms exist as shared secrets, tokens, or biometrics. More than one form can be used in any authentication process. Authentication that relies on more than one form is called multi-factor authentication and is generally stronger than any single-factor authentication method. Authentication contributes to the confidentiality of data and the accountability of actions performed on the system by verifying the unique identity of the system user.

Authentication over the WSN based CPS delivery channel presents unique challenges. That channel does not benefit from physical security and controlled computing and communications devices like internal local area networks (LANs), and is used by people whose actions cannot be controlled. It should be considered the use of single-factor authentication in that environment, as the only control mechanism, to be inadequate for high-risk transactions involving access to patient information or the movement of healthcare information to other parties. Authentication does not provide assurance that the initial identification of a system user is correct.

Encryption is used to secure communications and data storage particularly, authentication credentials and the transmission of sensitive information. It can be used throughout technological environment, including the operating systems, middleware, applications, file systems, and communications protocols. Encryption can be used as a preventive control, a detective control, or both. As a prevention control, encryption acts to protect data from disclosure to unauthorized parties. As a detective control, encryption is used to allow discovery of unauthorized changes to data and to assign responsibility for data among authorized parties. When prevention and detection are joined, encryption is a key control in ensuring confidentiality, data integrity, and accountability.

Properly used, encryption can significantly strengthen the security of a CPS system. Encryption also has the potential, however, to weaken other security aspects. For instance, encrypted data drastically lessens the effectiveness of any security mechanism that relies on inspections of the data, such as anti-virus scanning and intrusion detection systems. When encrypted communications are used, networks may have to be reconfigured to allow for adequate detection of malicious code and system intrusions.

A sensor network is an area with unique requirements compared to a typical network. Therefore, the requirements of the WSN encompass both the typical network requirements and the unique requirements suited solely to wireless sensor networks. To ensure the security of WSNs, the following major security objectives are of paramount importance.

Data privacy is the most important issue in network security. Every network with any security focus will typically address this problem first. Privacy is a service that is used to prevent the disclosure of information to unauthorized parties, means that certain information is only accessible to those who have been authorized to access it, and keep them secret from all other entities that do not have required privileges. Privacy is achieved using cryptography through the use of symmetric or asymmetric cipher algorithms able render the information unintelligible except by authorized entities. The information may become intelligible again by using decryption. From a user point of view this requires the authenticated communicating parties to have the required keys.

Authentication is a service that is used to establish the origin of information. Essentially ensures that participants in communication are genuine and not impersonators. It is necessary for the communication participants to prove their identities as what they have claimed using some techniques so as to ensure the authenticity. If there is no such authentication mechanism, the adversary could impersonate a benign node and thus get access to confidential resources, or even propagate fake messages to disturb the normal network operations. Packet integrity pertains to the assurance that data are not modified or in any way tampered with between transmitter and receiver entities. Most commonly, authentication is provided by digital signatures or message authentication codes.

Authorization is a process in which an entity is issued a credential, which specifies the privileges and permissions it has and cannot be falsified, by the certificate authority. Normally, authorization is granted following a process of authentication. A non-cryptographic analog of the interaction between authentication and authorization is the examination of an individual’s credentials to establish their identity (authentication); upon proving identity, the individual is then provided with the key or password that will allow access to specific resources, such as a locked room (authorization). Authentication can be used to authorize a role rather than to identify an individual. Once authenticated to a role, an entity is authorized for all the privileges associated with the role.

Availability ensures that a node should maintain its ability to provide all the designed services regardless of the security state of it. This security criterion is challenged mainly during the denial-of-service attacks, in which all the nodes in the network can be the attack target and thus some selfish nodes make some of the network services unavailable.

A DoS attack or Denial of Service [8] is the most well known attack in communication networks and services. Therefore, this type of attack can harm or destroy completely a WSN. As DoS is characterized any event that diminish or eliminate a network’s capacity to perform its expected function. Some of these events are hardware failures, software bugs, resource exhaustion, environmental conditions, or any complicated interaction between these factors. Although attackers commonly use the Internet to exploit software bugs when making DoS attacks, here is considered primarily protocol- or design-level vulnerabilities.

Determining if a fault or collection of faults is the result of an intentional DoS attack presents a concern of its own—one that becomes even more difficult in large-scale deployments, which may have a higher nominal failure rate of individual nodes. An intrusion-detection system monitors a host or network for suspicious activity patterns such as those that match some pre-programmed or possibly learned rules about what constitutes normal or abnormal behavior.

Sybil Attack [9–11] is a particularly dangerous attack against sensor networks and CPS platforms. A malicious node, which is called the Sybil node, illegitimately claims multiple false identities by either fabricating new identities or impersonating existing ones. Sybil attack’s goal is to gain a disproportionate amount of influence over the network via its false identities. In the worst case, an attacker may generate an arbitrary number of additional node identities, using only one physical device. The result is especially harmful, because often these attacks are the home gateway to other attacks (such as those on resource exhaustion, voting, etc.).

A sensor network has a base station and a number of nodes. Each node processes data that it received from its group of neighboring sensor nodes and sends that processed data to the base station through multiple hops. The most critical part of a sensor network is the base station as all the relevant data collected by the sensor nodes are directed towards the base station where the data is aggregated and processed. So if an adversary can detect the base station and compromise it, the entire WSN will be rendered useless [12].

Adversary is guided by anyone of the following motives (for WSN) [13]:

If these are the motives, it is obvious that detecting and compromising the base station will be of most benefit to it. Since the centre of data aggregation is the base station, to compromise the base station it will be able to access the majority of data flowing through the network. Also by rendering the base station non-functional, the entire WSN will collapse.

An application-independent attack unique to wireless sensor networks is the node replication attack [14–16]. An adversary prepares its own low-cost sensor nodes and induces them to the network to accept them as legitimate ones. For a successful attack, the adversary only needs to capture one node physically, reveal its secret credentials, replicate the node in large quantity, and deploy these malicious nodes back into the network so as to subvert the network with little effort.

Wireless sensor networks and even more in CPS used in medical applications can be used to determine the activities of daily living and provide data for longitudinal studies and this poses opportunities to violate privacy [17, 18]. The importance of securing such systems will continue to rise as their adoption rate increases. In addition to policy and database query privacy violations, WSNs are susceptible to new side channel privacy attacks that gain information by observing the radio transmissions of sensors to deduce private activities, even when the transmissions are encrypted. This physical layer attack needs only the time of transmission and the fingerprint of each message, where a fingerprint is a set of features of an RF waveform that are unique to a particular transmitter. Thus, this is called the fingerprint and timing based snooping (FATS) attack. To execute a FATS attack, an adversary eavesdrops on the sensors’ radio to collect the timestamps and fingerprints of all radio transmissions. The adversary then uses the fingerprints to associate each message with a unique transmitter, and uses multiple phases of inference to deduce the location and type of each sensor. Once this is known, various private user activities and health conditions can be inferred.

Furthermore, Wireless Sensor Networks are notorious for strict constraints and scarce resource availability compared to a traditional computer network comprising an additional set of challenges. Due to these constraints it is difficult to directly employ the existing security approaches to the area of wireless sensor networks. Therefore, prior to developing useful security mechanisms while borrowing the ideas from the current security techniques, it is necessary to know and understand these constraints.