TinyWIDS: a WPM-based Intrusion Detection System for TinyOS2.x/802.15.4 Wireless Sensor Networks Luigi Pomante DEWS, University of L’Aquila luigi.pomante@univaq.it Walter Tiberti DISIM, University of L’Aquila walter.tiberti@graduate.univaq.it Fortunato Santucci DEWS, University of L’Aquila fortunato.santucci@univaq.it Marco Pugliese DEWS, University of L’Aquila marco.pugliese@guest.univaq.it Lorenzo Di Giuseppe University of L’Aquila lorenzo.digiuseppe88@gmail.com Marco Santic DEWS, University of L’Aquila marco.santic@univaq.it Luciano Bozzi RhoTecnology Via dei Mille, 41A, 00185 – Roma luciano.bozzi@rotechnology.it ABSTRACT Last years have seen the growth of interest for Middleware (MW) exploitation in distributed resource- constrained systems like Wireless Sensor Networks (WSN). Available MW platforms usually provide an Application Layer (AL) with different basic services but no security services. In such a context, this paper describes an existing TinyOS2.x-based MW tailored to IEEE 802.15.4 WSN (Agilla2) and an existing Intrusion Detection System (IDS) based on a Weak Process Model approach (WIDS). Then, the paper reports the main issues related to the implementation of WIDS on TinyOS2.x/802.15.4 (TinyWIDS) also providing some experimental results. Finally, the paper proposes a strategy for the integration of TinyWIDS into Agilla2. KEYWORDS WSN, IDS, Weak Process Model, Mobile Agent Middleware 1 INTRODUCTION Wireless Sensor Networks (WSN) are commonly exploited in monitoring applications. Such kinds of networks are composed of sensor nodes with severe HW limitations [1]. Typical WSN applications require sensor nodes distributed in space with at least one node, called sink node, connected to a base station, which collects data from the others. The final application greatly influences the design of the network architecture. For such reasons, the last years have witnessed the growth of methods to avoid to application developers the management of network parameters. One of them is to use middleware-based approaches for application development [10]. In fact, a Middleware (MW) reduces the development cost of WSN applications by providing a intermediate software layer that carry out low-level network and resource management tasks, leaving to the developers only the task of providing the application-dependent code. This paper focuses on a special kind of WSN-MW, the (mobile) agent-based MW (MAMW), which exploits small pieces of code (agents) that can move inside the network. This peculiarity gives the possibility to reprogram the nodes once deployed, or to relocate the code, without losing continuity of services. A debate living in WSN world is related to the security of the WSN platform. Given the limited HW resources, applying security techniques poses multiple challenges. This issue is often solved by providing no security at all or providing a lightweight solution. This paper assumes that the application cannot avoid the use of security techniques. So, this paper focuses on one specific aspect of security, the development of an Intrusion Detection System (IDS). Also, to provide an integrated yet flexible solution, the paper exploits a famous MAMW for WSN, running on the TinyOS2.x [4] operating system and exploiting the IEEE 802.15.4 protocol [5]. The structure of the paper is the following: Section II describes background and motivations, Section III presents the exploited MAMW, and Section IV introduces the adopted IDS solution. Then, Section V describes IDS implementation while Section VI outline its integration of into the considered MAMW. Finally, Section VII completes the paper with some conclusions and future works. 2 BACKGROUND 2.1 Security in WSN Granting security in a WSN is harder than in traditional wireless networks since WSN suffers of all the same problems but available HW resources are severely