Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures - PowerPoint PPT Presentation

1 / 18
About This Presentation
Title:

Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures

Description:

Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures ... Analyze security aspects of major routing protocols ... Mote class attacker ... – PowerPoint PPT presentation

Number of Views:550
Avg rating:3.0/5.0
Slides: 19
Provided by: kang
Category:

less

Transcript and Presenter's Notes

Title: Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures


1
Secure Routing in Wireless Sensor Networks
Attacks and Countermeasures
  • Chris Karlof and David Wagner
  • (modified by Sarjana Singh)

2
Key Contributions
  • Secure routing issues in WSNs
  • Show how they are different from ad hoc networks
  • Introduce two new classes of attacks
  • Sinkhole attack
  • Hello flood attack
  • Analyze security aspects of major routing
    protocols
  • Discuss countermeasures design considerations
    for secure routing in WSNs

3
WSNs vs. Ad Hoc Networks
  • Multi-hop wireless communications
  • Ad hoc nets communication between two arbitrary
    nodes
  • WSNs
  • Specialized communication patterns
  • Many-to-one
  • One-to-many
  • Local communication
  • More resource constrained
  • More trust needed for in-network processing,
    aggregation, duplicate elimination

4
Assumptions
  • Insecure radio links
  • Malicious nodes can collude to attack the WSN
  • Sensor are not tamper-resistant
  • Adversary can access all key material, data
    code
  • Base station is trustworthy
  • Aggregation points may not be trustworthy

5
Threat Models
  • Device capability
  • Mote class attacker
  • Laptop class attacker more energy, more powerful
    CPU, sensitive antenna, more radio power
  • Attacker type
  • Outside attacker External to the network
  • Inside attacker Authorized node in the WSN is
    compromised or malicious

6
Security Goals
  • Secure routing
  • Support integrity, authenticity, availability of
    messages in presence of attack
  • Data confidentiality

7
Potential Attacks
  • Attacks on general WSN routing
  • Attacks on specific WSN protocols

8
Attacks on General WSN Routing Protocols
  • Spoof, alter, or replay routing info.
  • Create loops, attack or repel network traffic,
    partition the network, extend or shorten the
    source routes and generate false error messages.
  • Selective forwarding
  • Malicious node selectively drops incoming packets
  • Adversary can also modify packets and forward
    these messages

9
  • Sinkhole attacks
  • Specific to WSNs
  • All packets are directed to base station
  • A malicious node advertises a high quality link
    to the base station to attract a lot of packets
  • Enable other attacks, e.g., selective forwarding
    or wormhole attack

10
  • Sybil attack
  • A single node presents multiple IDs to other
    nodes
  • Affect distributed storage, multi-path routing ,
    topology maintenance and geographic routing
  • Wormhole Attack
  • Two colluding nodes
  • A node at one end of the wormhole advertises high
    quality link to the base station
  • Another node at the other end receives the
    attracted packets

11
  • Hello flood attack
  • Specific to WSNs
  • In some protocols, nodes have to periodically
    broadcast hello to advertise themselves
  • Not authenticated!
  • Laptop-class attacker can convince its a
    neighbor of distant nodes by sending high power
    hello messages
  • Acknowledgement spoofing
  • Adversary spoofs ACKs to convince the sender a
    weak/dead link supports good link quality

12
Attacks on Specific Sensor Network Protocols
  • TinyOS beaconing
  • Construct a BFS Tree rooted at the base station
  • Beacons are not authenticated!
  • Adversary can take over the whole WSN by
    broadcasting beacons

13
  • Directed diffusion
  • Base station floods interest for named data and
    setting up gradients designed to draw events.
  • Suppression
  • Cloning (Replay interest)
  • Path influence
  • Selective forwarding data tampering
  • Geographic routing
  • Adversary false, possibly multiple, location
    info.
  • Create routing loop
  • GEAR considers energy in addition to location

14
Countermeasures
  • Outsider attacks and link layer security
  • Prevent outsider attacks, e.g., Sybil attacks,
    selective forwarding, ACK spoofing
  • Cannot handle insider attacks
  • Wormhole, Hello flood, TinyOS beaconing
  • Sybil attack
  • Every node shares a unique secret key with the
    base station
  • Create pairwise shared key for msg authentication
  • Limit the number of neighbors for a node
  • Hello flood attack
  • Verify link bidirectionality

15
  • Wormhole, sinkhole attack
  • Cryptography may not help directly
  • Good routing protocol design
  • Geographic routing
  • Geographic routing
  • Location verification
  • Use fixed topology, e.g., grid structure
  • Selective forwarding
  • Multi-path routing
  • Route messages over disjoint or Braided paths
  • Dynamically pick next hop from a set of candidates

16
  • Authenticated broadcast and flooding
  • uTESLA is a protocol which uses asymmetric key
    cryptography and minimal packet overhead

17
Conclusions
  • This paper covers security issues at network
    layer
  • WSN security is challenging, new area of research

18
  • Source
  • http//www.cs.binghamton.edu/kang/teaching/cs580s
    /karlof-wagner.ppt
Write a Comment
User Comments (0)
About PowerShow.com