Energy Life-Time of Wireless Nodes with Network Attacks and Mitigation Erol Gelenbe, Life Fellow, IEEE and Yasin Murat Kadioglu, Member, IEEE Intelligent Systems and Networks Group Dept. of Electrical and Electronic Engineering Imperial College, London SW7 2BT, UK {e.gelenbe,y.kadioglu14, }@imperial.ac.uk Abstract—In the Internet of Things (IoT), a simple form of attack can deplete the energy available to operate the sensor nodes. Some of these nodes may use batteries, while others may harvest ambient energy such as photovoltaic, or electromagnetic, or vibration based energy. We first briefly survey the types of attacks which aim at the nodes’ energy provisioning systems. This paper analyses the effect of such attacks on the energy life- time of a wireless node. Then we provide models to estimate the effect of attacks that attempt to deplete the node’s energy supply, both for a node that uses energy harvesting. We then examine a simple means of attack mitigation based on dropping both attack and “good” traffic. For nodes that use energy harvesting, we compute the fraction of traffic that must be dropped so as to offer a desired “energy life-time” of the node. We see that the required traffic drop rate depends in a non-linear manner on the nominal “good traffic rate” at which the node is expected to operate. Finally, we analyse the impact of attacks on the energy life-time of a node that operates with a replaceable battery. Index Terms—Wireless Networks, Battery Life-Time, Network Attacks, Renewable Energy I. I NTRODUCTION Energy needed to operate networks is an important issue [1], and there is a growing trend to power network nodes with renewable energy sources. Since energy harvesting is typically intermittent, such nodes also need to be equipped with batteries to power the nodes when energy cannot be harvested, as with photovoltaic harvesting during night-time. A simple way to attack such systems, which can be used for security surveillance or other critical applications, is to attack them in a way which depletes batteries [2], [3] that are needed to operate nodes. Such attacks can increase the activity of nodes through useless data packets (DPs) that the nodes receive, process and respond to, and attackers can also use electromagnetic emissions to cause errors and force packet retransmissions that increase traffic and energy consumption [4]. Such attacks can lengthen the paths that packets travel through [5], and thus propagate the effect of battery depletion across the network. Furthermore, attacks can change the “sleep-awake” duty cycle of nodes and reduce the proportion of time when the nodes should be asleep to save energy. Larger noise levels may also lead to increases in transmission power and hence also shorter battery life. A. Earlier Work Prior work has discussed many types of energy depletion attacks. In vampire attacks, a vampire node appears to be benign, but it continuously sends protocol compliant messages to other nodes [6]. Vampire nodes may add causing additional traffic of rate λ A to be sent by the node that is under attack. Vampire attacks [7] have been observed to take one of two forms: the carrousel and the stretch attack. In the carrousel attack, a vampire node sends corrupted data leading to routing loops. In the stretch attack, artificially longer routes are chosen despite the fact that shorter routes are available. Carrousel attacks result in more energy consumption than stretch attacks [8], and the detection of vampire attacks is not easy since one malicious vampire node can affect the whole network, effectively opposing routing techniques that increase network battery life-time [9]. Other power aware routing techniques have been suggested in [10], and a protocol was proposed in [8] to detect and mitigate vampire attacks, providing routing through the network only for legitimate packets, and verifying that consistent progress is made by packets towards the des- tination. Another study [11] provides a mitigation method for preventing carrousel attacks by adding extra forwarding logic to check whether there are loops in source routes. To prevent stretch attacks, the work in [12], [13] suggests ”strict” source routing where the route is exactly specified in the header and there is no need for checking its optimality. An attack packet detection and removal method was proposed in [14], [15], using packet broadcast rates and energy parameters at sensor nodes. Sleep deprivation attacks are designed to keep sensor nodes awake as long as possible to increase their energy consump- tion, and reduce the battery life of a sensor from months to days, and also include [2], [16] barrage, synchronization, replay, broadcast, and collision attacks. Typically, a node that receives a request to receive data from another node, can check its routing table to see whether it may receive data from that node; if not it discards the request and goes to sleep. In sleep deprivation attacks [17], malicious nodes will continuously try to send data to some nodes, so that they cannot sleep and waste energy. As a defense, a lightweight scheme was proposed [18], to activate a node only if it receives messages 978-1-5386-4328-0/18/$31.00 ©2018 IEEE