Secure Routing in Sensor Networks: Attacks and Countermeasures - PowerPoint PPT Presentation

About This Presentation
Title:

Secure Routing in Sensor Networks: Attacks and Countermeasures

Description:

Attack: Sybil attack. An adversary may present multiple ... Bogus routing information, selective forwarding, sinkholes, Sybil, wormholes, HELLO floods ... – PowerPoint PPT presentation

Number of Views:118
Avg rating:3.0/5.0
Slides: 25
Provided by: Bor490
Learn more at: http://cs.uccs.edu
Category:

less

Transcript and Presenter's Notes

Title: Secure Routing in Sensor Networks: Attacks and Countermeasures


1
Secure Routing in Sensor Networks Attacks and
Countermeasures
Chris Karlof and David Wagner University of
California at Berkeley
  • First IEEE International Workshop on Sensor
    Network Protocols and Applications
  • 5/11/2003

2
Security in sensor networks
  • Security is critical
  • Military apps
  • Building monitoring
  • Burglar alarms
  • Emergency response
  • Yet security is hard
  • Wireless links are inherently insecure
  • Resource constraints
  • Lossy, low bandwidth communication
  • Lack of physical security

3
Our contributions
  • Threat models and security goals
  • New attacks against sensor network routing
    protocols
  • Detailed security analysis of 15 routing
    protocols
  • Countermeasure suggestions

4
Routing in sensor networks
  • Base stations and sensor nodes
  • Low overhead protocols
  • Specialized traffic patterns
  • In-network processing
  • These differences necessitate new secure routing
    protocols

5
Secure routing goals and threat models
  • Security goals
  • Confidentiality messages are secret
  • Integrity messages are not tampered with
  • Availability
  • In-network processing makes end-to-end security
    hard
  • Link layer security still possible
  • Need to consider compromised nodes (insiders) and
    resourceful attackers

6
Attacks
7
TinyOS Beaconing
8
Attack Bogus routing information
  • Bogus routing information can cause havoc
  • Example spoof routing beacons and claim to be
    base station
  • Lessons
  • Authenticate routing info
  • Trust but verify

9
Attack HELLO floods
  • Assumption the sender of a received packet is
    within normal radio range
  • False! A powerful transmitter could reach the
    entire network
  • Can be launched by insiders and outsiders

Lesson Verify the bidirectionality of links
10
Attack Wormholes
  • Tunnel packets received in one part of the
    network and replay them in a different part
  • Can be launched by insiders and outsiders

Lesson Avoid routing race conditions
11
Attack Sybil attack
B
  • An adversary may present multiple identities to
    other nodes

A
Lesson Verify identities
12
Protocols analyzed
Protocol Relevant attacks
TinyOS beaconing Bogus routing information, selective forwarding, sinkholes, Sybil, wormholes, HELLO floods
Directed diffusion and multipath variant Bogus routing information, selective forwarding, sinkholes, Sybil, wormholes, HELLO floods
Geographic routing (GPSR,GEAR) Bogus routing information, selective forwarding, Sybil
Minimum cost forwarding Bogus routing information, selective forwarding, sinkholes, wormholes, HELLO floods
Clustering based protocols (LEACH,TEEN,PEGASIS) Selective forwarding, HELLO floods
Rumor routing Bogus routing information, selective forwarding, sinkholes, Sybil, wormholes
Energy conserving topology maintenance Bogus routing information, Sybil, HELLO floods
All insecure
13
Countermeasures
  • We have countermeasure suggestions and design
    considerations
  • See paper for details

14
Conclusions
  • End-to-end security is limited in sensor networks
  • Link layer security is important
  • It is not enough
  • Design time security

15
Questions?
16
Extra Slides
17
Countermeasures
  • Access control with link layer crypto
  • Globally shared key ? outsiders
  • Per link keys ? insiders
  • Authenticated broadcast and flooding
  • Verify neighbors identities
  • Prevents Sybil attack
  • Verify bidirectionality of links
  • Prevents HELLO floods
  • Multipath and probabilistic routing
  • Limits effects of selective forwarding

18
Countermeasures (cont.)
  • Wormholes are difficult to defend against
  • Can be launched by insiders and outsiders
  • Defenses exist for outsiders, but are not cheap
  • Best solution ? avoid routing race conditions
  • Geographic routing protocols hold promise
  • Nodes near base stations are attractive to
    compromise
  • Overlays

19
Why is this a problem?
  • Wireless security has been spotty
  • WEP/802.11b
  • GSM
  • Secure routing mechanisms for ad-hoc wireless
    networks are not necessarily applicable
  • Too much functionality ? any-to-any routing
  • Not enough functionality ? sensor nets are often
    app. specific
  • Too much overhead ? public key cryptography

20
Wormhole attacks
  • A wormhole is created when an adversary tunnels
    packets received in one part of the network and
    replays them in a different part.
  • Exploits routing race conditions
  • Enables other attacks
  • Can be launched by insiders and outsiders

21
(No Transcript)
22
(No Transcript)
23
(No Transcript)
24
(No Transcript)
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Secure Routing in Sensor Networks: Attacks and Countermeasures" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!