Denial of Service in Sensor Networks

1
Denial of Service inSensor Networks

• Anthony D. Wood
• and John A. Stankovic

2
Why Security?

• Battlefield
• Disasters
• Protect the location and status of casualties
  from unauthorized disclosure, particularly if the
  disaster relates to ongoing terrorist activities
• Public safety
• False alarms about chemical, biological, or
  environmental threats could cause panic or
  disregard for warning systems. An attack on the
  systems availability could precede a real attack
  on the protected resource.
• Home healthcare
• Because protecting privacy is paramount, only
  authorized users can query or monitor the
  network. These networks can also form critical
  pieces of an accident-notification chain, thus
  they must be protected from failure.

3
THE DENIAL OF SERVICE THREAT

• A DoS attack is any event that diminishes or
  eliminates a networks capacity to perform its
  expected function.
• Hardware failures, software bugs, resource
  exhaustion, environmental conditions, or their
  combination
• Intentional Attack

4
Adversary Capability

• Physically damaged or manipulated node
• May be less powerful than a normally functioning
  node.
• Subverted nodes (or added ones)
• Interact with the network only through software
• As powerful as other nodes
• Immensely more powerful adversaries
• Existing wired network with virtually unlimited
  computational and energy resources possible.

5
Attacks on Physical Layer

• Jamming
• Defenses
• Spread-spectrum
• Region mapping
• Lower duty cycle
• Tampering
• Defenses Tamper-proofing, hiding

6
Link Layer Attacks

• Collision
• Use error-correcting codes
• Exhaustion
• Rate limitation
• Unfairness
• Small frames

7
Network and Routing Attacks

• Neglect and greed
• Redundancy, probing
• Homing/traffic analysis
• Encryption enough?
• Misdirection
• Egress filtering, authorization, monitoring
• Black holes
• Authorization, monitoring, probing, redundancy

8
Neglect and Greed

• Neglect
• Drops packets arbitrarily
• Greed
• Gives undue priority to its own messages
• Use multiple paths and/or redundant messages to
  mitigate these effects.

9
Homing

• Geographic forwarding allows attacker to figure
  out where important nodes are.
• Encrypting headers as well as content might
  alleviate this issue.

10
Misdirection

• Diverting traffic away from intended destination
• targets the sender
• Misdirecting many flows in one direction
• targets an arbitrary victim (receiver)
• Defense
• Egress Filtering
• Verification of source addresses
• Legitimately generated from below?

11
Black Holes

• Distance-vector-based protocol weakness
• Nodes advertise zero-cost routes to every other
  node.
• Fixes
• Authorization
• Monitoring
• watchdog the next hop transmission of your
  packets by neighbors
• Probing
• Send periodic messages across topology to test
  for blackout regions
• Redundancy

12
Transport Layer DoS

• Flooding
• Client puzzles
• Make the adversary commit resources
• Only useful if the adversary has limited
  resources
• Desynchronization
• Authentication

13
PROTOCOL VULNERABILITIES

• Analyzing these vulnerabilities helps show why
  developers should consider DoS susceptibility at
  design time.

14
Adaptive Rate Control MAC Protocol by Woo Cull

• Give preference to route-through traffic
• This preserves the networks investment in
  packets that may have already traversed many
  hops.
• Makes flooding attacks more effective.
• High bandwidth packet streams that an adversary
  generates will receive preference during
  collisions that can occur at every hop along
  their route.
• Thus, the network gives preference to malicious
  traffic.

15
RAP

• Real-time communication architecture
• query-event service API
• geographic forwarding
• Velocity monotonic scheduling (VMS) policy.
• Originator of message sets deadline, and
  destination
• VMS layer computes velocity based on time to
  deadline and distance remaining

16
RAP Vulnerability

• Flood with high velocity packets
• Set destination at long distance
• Possibly outside the network
• Intermediate node adversary could lower the
  velocity of route through traffic
• Causes missed deadline several hops away
• If relying on a synchronized clock, attacking
  that mechanism could cause another node to always
  drop
• inadvertent black hole