Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures - PowerPoint PPT Presentation

View by Category
About This Presentation
Title:

Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures

Description:

Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures Chris Karlof David Wagner University of Califonia at Berkeley – PowerPoint PPT presentation

Number of Views:132
Avg rating:3.0/5.0
Slides: 40
Provided by: csColora
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures


1
Secure Routing in Wireless Sensor Networks
Attacks and Countermeasures
  • Chris Karlof David Wagner
  • University of Califonia at Berkeley
  • Paper review and Present by
  • Run dong

2
Outline
  • Overview Background
  • Statement of routing security problem
  • Attacks on sensor network routing
  • Attacks on specific sensor network protocols
  • Countermeasures

3
Routing protocols
  • Layer 3 protocols
  • determine the routing path and transmit the
    packets reliably
  • Traditional routing protocols
  • RIP (routing information protocol)
  • Distance vector
  • OSPF (open shortest path first)
  • Link state
  • BGP
  • Mobile Ad-hoc Network protocols
  • On demand vs table driven
  • WSN Routing Protocols

4
Current Routing Protocols Goals
  • Low Energy
  • Minimize communication
  • Radio cost more than instructions executed
  • Aggregate data in network
  • Low Node Duty Cycle
  • Shut down nodes when possible
  • Robust
  • Adapt to unpredictable environment without
    intervention
  • Scalable
  • Rely on localized algorithms no centralized
    control
  • Low Latency
  • Must meet application latency and accuracy
    requirements
  • Small Footprint
  • Must run on hardware with severe memory and
    computational power constraints

5
Overview
  • Current sensor routing protocols are not designed
    for security and be insecure, mostly optimized
    for the limited capabilities of the nodes
  • Wireless sensor network cannot depend on many of
    the resources available to traditional networks
    for security
  • Analyze current protocols to find attacks and
    suggest countermeasures and design consideration
  • The effective solution for secure routing is to
    design such sensor routing protocols with
    security in mind

6
Problem statement
  • Assumption about underlying network
  • Different Threat Models
  • Security goal in this setting

7
Problem statement
  • Assumption about underlying network
  • radio link are insecure (easily eavesdropping)
  • sensor nodes are not tamper resistant
  • The physical and MAC layers are susceptible to
    direct attack
  • Base station is trustworthy
  • Aggregation points may be trusted in certain
    protocols
  • Different Threat Models
  • Security goal in this setting

8
Problem statement
  • Assumption about underlying network
  • Different Threat Models
  • Mote class vs Laptop class
  • Outsider vs insider
  • Security goal in this setting

9
Problem statement
  • Assumption about underlying network
  • Threat Models
  • Security goal in this setting
  • The goal of conventional network is reliable
    delivery of messengers
  • Sensor network need in-network processing
    (aggregation, compression, duplicate elimination)
  • Graceful degration
  • Confidentiality Protection against Replay of data
    packets should better handled by higher level

10
Attacks model
  • Spoofed, altered, or replayed routing information
  • Selective forwarding
  • Sinkhole attacks
  • Sybil attacks
  • Wormholes attacks
  • HELLO flood attacks
  • Acknowledgement spoofing

11
Attacks model
  • Spoofed, altered or replayed routing information
  • May be used for loop construction, attracting or
    repelling traffic, extend or shorten source route
  • Selective forwarding
  • Refuse to forward certain messengers, selective
    forwarding packets or simply drop them try to
    Follow the path of least resistance and attempt
    to include itself on the actual data path flow
  • Sinkhole attacks
  • Lure nearly all traffic from a particular area
    through a specific compromised node

12
Attacks model
  • Sybil attack
  • forging of multiple identities -- having a set of
    faulty entities represented through a larger set
    of identities.
  • Sybil Attack undermines assumed mapping between
    identity to entity
  • Wormholes
  • tunneling of messages over alternative
    low-latency links,
  • e.g. confuse the routing protocol, create
    sinkholes. etc.
  • Exploit routing race condition
  • Hello flood attack
  • an attacker sends or replays a routing protocols
    hello packets with more energy
  • Acknowledgement spoofing
  • Spoof link layer acknowledgement to trick other
    nodes to believe that a link or node is either
    dead or alive

13
Attacks on specific protocols
  • General typical sensor routing protocol type
  • Flooding
  • Gradient
  • Clustering and Cellular
  • Geographic
  • Energy Aware
  • TinyOS beaconing
  • Directed diffusion
  • Geographic routing
  • Minimal cost forwarding
  • Cluster-head- LEACH
  • Rumor routing
  • Energy conserving topology maintenance

14
TinyOS beaconing
  • Base station broadcast Route update(beacon)
    periodly, Nodes received the update and mark the
    base station as parent and broadcast it
  • Relevent Attack mode
  • Bogus routing information
  • Selective forwarding
  • Sinkholes
  • Sybil
  • Wormholes
  • Hello floods

15
TinyOS beacon
Spoof information
Bogus and replayed routing information (such like
I am base station) send by an adversary can
easily pollute the entire network.
16
TinyOS beacon
Wormhole sinkhole Combination
  • Tunnel packets received in one place of the
    network and replay them in another place
  • The attacker can have no key material. All it
    requires is two transceivers and one high quality
    out-of-band channel

Adapted from Chris Karlof and David Wagner's
WSNPA slides
17
TinyOS beacon
Wormhole sinkhole Combination
  • Most packets will be routed to the wormhole
  • The wormhole can drop packets directly (sinkhole)
  • or more subtly selectively forward packets to
    avoid detection

Adapted from Chris Karlof and David Wagner's
WSNPA slides
18
TinyOS beacon
Hello flood attack
  • A Laptop class adversary that can retransmit a
    routing update with enough power to be received
    by the entire network

Adapted from Chris Karlof and David Wagner's
WSNPA slides
19
Directed diffusion
  • Data and Application Specific
  • Content based naming
  • Interest distribution
  • Interests are injected into the network from base
    station.
  • Interval specifies an event data rate.
  • Interest entry also maintains gradients.
  • Data flows from the source to the sink along the
    gradient
  • Data propagation and reinforcement
  • Reinforcement to single path delivery.
  • Multipath delivery with probabilistic forwarding.
  • Multipath delivery with selective quality along
    different paths.

20
Directed diffusion
  • Relevant attack
  • Suppression- by spoof negative reinforcement
  • Cloning- by replay information with malicious
    listed as a base station (send both)
  • Path influence- by spoof positive or negative
    reinforcements and bogus data events
  • Selective forwarding and data tampering- by above
    attack method to put the malicious node in the
    data flow
  • Wormholes attack
  • Sybil attack

21
Geographic routing
  • GEARGPSR
  • Cost function based on destination location and
    neighbor node energies used to determine next hop
  • Greedy geographic query routing technique
  • Improvement over Directed Diffusions interest
    flooding technique
  • Restricted broadcast within sampling region

22
Geographic routing
  • Relevant attack
  • Sybil attack
  • Bogus routing information
  • Selective forwarding
  • No wormholes and sinkholes attack

An adversary may present multiple identities to
other nodes. The Sybil attack can disrupt
geographic and multi-path routing protocols by
being in more than one place at once and
reducing diversity.
From B-gtC, now will go through B-gtA3-gtC
23
Geographic routing
  • Relevant attack
  • Sybil attack
  • Bogus routing information
  • Selective forwarding
  • No wormholes and sinkholes attack

From B-gtD, A forge a wrong information to claim B
is in (2,1), so C will send packets back to B
which cause loop at last.
24
Minimum cost forwarding
  • Is an backoff-based cost field algorism for
    efficiently forwarding packets from senor nodes
    to a base station.
  • Once the field is established, the message,
    carrying dynamic cost information, flows along
    the minimum cost path in the cost field. Each
    intermediate node forwards the message only if it
    finds itself on the optimal path for this message
    based on the messages cost states.

A110, will select B
25
Minimum cost forwarding
  • Relevant attack mode
  • Sinkhole attack
  • Mote-class adversary advertising cost zero
    anywhere in network
  • Hello flood attack
  • Bogus routing informaiton
  • Selective forwarding
  • wormholes

26
LEACH
  • Low-Energy Adaptive Clustering Hierarchy
  • randomized, self-configuration
  • Low energy media access control
  • Cluster-head collect data and perform processing
    then transmit to BS
  • Relevant attack mode
  • Hello floods
  • Selective forwarding
  • Sybil attack

27
LEACH
  • Relative attack mode
  • Hello floods
  • Cluster-head selection based on signal strengh
    what mean a powerful advertisement can make the
    malicious attacker be its cluster-head.
  • Sybil attack
  • Combined with hello floods if nodes try to
    randomly select cluster-head instead of strongest
    signal strength.

28
Rumor Routing
Observation Two lines in a bounded rectangle
have a 69 chance of intersecting, 5 line more
than 99
  • Designed for query/event ratios between query and
    event flooding
  • Lower the energy cost of flooding

29
Rumor routing
30
Rumor routing
  • Relevant attack mode
  • Bogus routing information
  • Create tendrils by FWD copies of agent
  • Send them as long as possible (TTL)
  • Selective forwarding
  • Sinkholes
  • Sybil
  • wormholes

31
Energy conserving topology maintenance
  • GAF-Geographical Adaptive Fidelity
  • Physical space is divided into equal virtual size
    squares. Each nodes know its location and nodes
    with a square are equivalent
  • Identifies nodes for routing based on location
    information
  • Dense nodes deployment, Turns off unnecessary
    nodes
  • Sleeping, discovery, active state
  • Each grid square has one active node
  • Nodes are ranked with respect to current state
    and expected lifetime

32
Energy conserving topology maintenance
  • Relevant attack mode for GAF
  • Bogus routing information
  • Broadcast high ranking discovery messages, then
    can use some selective forwarding attack
  • Sybil Hello floods
  • Target individual grids by a high ranking
    discovery messages with a non-existent node,
    frequently advertisements can disable the whole
    network by making most node sleep

33
Energy conserving topology maintenance
  • SPAN
  • An energy-efficient coordination algorism for
    topology maintenance
  • Backbone for routing fidelity is build by
    coordinators
  • A node becomes eligible to be a coordinator if
    two of its neighbors cannot reach other directly
    or via one or two coordinators.
  • Traffic only routed by coordinator
  • Random backoff for delay coordinator announcement
  • Utility and energy level decide coordinator
    selection by adjusting the backoff time
  • Hello messengers being broadcasted periodically.

34
Energy conserving topology maintenance
  • Relevant attack mode for SPAN
  • Hello floods
  • Broadcast n Hello messages with fake coordinators
    and neighbors which will preventing nodes from
    becoming coordinators when they should. then can
    use some selective forwarding attack

35
Summary of attacks
Protocol Relevant Attacks
TinyOS beaconing Bogus routing information, selective forwarding, sinkholes, Sybil, wormholes, HELLO floods
Directed diffusion and its multipath variant Bogus routing information, selective forwarding, sinkholes, Sybil, wormholes, HELLO floods
Geographic routing (GPSR, GEAR) Bogus routing information, selective forwarding, Sybil
Minimum cost forwarding Bogus routing information, selective forwarding, sinkholes, wormholes, HELLO floods
Clustering based protocols (LEACH, TEEN, PEGASIS) Selective forwarding, HELLO floods
Rumor routing Bogus routing information, selective forwarding, sinkholes, Sybil, wormholes
Energy conserving topology maintenance (SPAN, GAF, CEC, AFECA) Bogus routing information, Sybil, HELLO floods
36
Countermeasures
  • Multipath and probabilistic routing limits
    effects of selective forwarding
  • Link layer security with key management can
    prevent the majority of outsider attacks bogus
    routing information, Sybil, selective forwarding,
    sinkholes. However, it provides little protection
    against insiders, HELLO floods, and wormholes.
  • Establish link keys using a trusted base station.
    Verifies the bidirectionality of links and
    prevents Sybil attacks and HELLO floods

37
Countermeasures
  • Wormholes are difficult to defend against. Can be
    mounted effectively by both laptop-class insiders
    and outsiders. Good protocol design is the best
    solution geographic and clustering-based
    protocols hold the most promise. Wormholes are
    ineffective against these protocols
  • Authenticated broadcast and flooding are
    important primitives.
  • Nodes near base stations are attractive to
    compromise. Clustering-based protocols and
    overlays can reduce their significance

38
Conclusion
  • Conclusion
  • Link layer encryption and authentication,
    multipath routing, identity verification,
    bidirectional link verification and authenticated
    broadcast is important,
  • cryptography is not enough for insiders and
    laptop-class adversaries, careful protocol design
    is needed as well.

39
  • THANK YOU
About PowerShow.com