Secure Routing in Wireless Sensor Networks : Attacks and Countermeasures - PowerPoint PPT Presentation

Loading...

PPT – Secure Routing in Wireless Sensor Networks : Attacks and Countermeasures PowerPoint presentation | free to view - id: 67e6b-ZDc1Z



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

Secure Routing in Wireless Sensor Networks : Attacks and Countermeasures

Description:

1. Secure Routing in Wireless Sensor Networks : Attacks and Countermeasures ... R.J. Anderson, The resurrecting duckling: security issues for ad-hoc wireless ... – PowerPoint PPT presentation

Number of Views:162
Avg rating:3.0/5.0
Slides: 37
Provided by: Iva56
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Secure Routing in Wireless Sensor Networks : Attacks and Countermeasures


1
Secure Routing in Wireless Sensor Networks
Attacks and Countermeasures
  • Authors Chris Karlof and David Wagner
  • Presenter Ivanka Todorova

2
Outline
  • Introduction and Contributions
  • Background
  • Sensor vs. ad-hoc wireless networks
  • Problem Statement
  • Attacks on sensor network routing
  • Attacks on specific sensor network protocols
  • Countermeasures
  • Conclusions

3
Introduction and Contributions
  • Threat models and security goals for routing in
    WSNs
  • Two new attacks
  • Sinkhole attacks
  • HELLO floods
  • How to adapt attacks against ad-hoc wireless
    networks into powerful attacks against WSNs
  • Practical attacks against routing protocols and
    topology maintenance algorithms for WSNs
  • Countermeasures and design considerations for
    secure routing protocols in WSNs

4
Background
  • WSNs consist of hundreds or thousands of
    low-power, low-cost nodes having a CPU, power
    source, radio, and other sensing elements
  • Have one or more points of centralized control
    called base stations or sinks
  • Sensor readings from multiple nodes processed at
    aggregation points
  • Power is the scarcest resource

5
Background
  • A representative sensor network architecture

Picture from 7
6
WSNs vs. Ad-hoc WNs
  • WSNs
  • Communication method - multihop networking
  • One or more points of centralized control such as
    base stations
  • Routing - specialized communication pattern
  • Resource-starved nature
  • Trust relationships between nodes assumed
  • Public key cryptography not feasible
  • AD-hoc WNs
  • Communication method - multihop networking
  • There is no fixed infrastructure such as base
    stations
  • Routing - any pair of nodes
  • Limited resources
  • Trust relationships between nodes not assumed
  • Public key cryptography possible

7
Problem Statement
  • Network assumptions
  • Insecure radio links
  • Malicious nodes may collude to attack the network
  • Sensor nodes not temper resistant
  • Physical and MAC layers vulnerable to direct
    attacks
  • Trust Requirements
  • Base stations are trustworthy
  • Aggregation points not necessarily trustworthy

8
Problem Statement contd
  • Two types of threat models
  • Based on type of attacking devices
  • Mote-class attackers
  • Laptop-class attackers
  • Based on attacker location
  • Outsider attacks
  • Insider attacks
  • Security goals
  • Confidentiality, integrity, authenticity, and
    availability of all messages

9
Attacks on sensor network routing
  • Spoofed, altered, or replayed routing information
  • Selective forwarding
  • Sinkhole attacks
  • Adversarys goal is to lure traffic through a
    compromised node
  • Work by making the compromised node look
    attractive
  • Makes selective forwarding trivial

10
Attacks on sensor network routing contd
Sybil Attack One can have, some claim, as many
electronic personas as one has time and energy to
create. Judith S. Donath 1
Picture from 2
11
Attacks on sensor network routing contd
  • Wormhole
  • An adversary tunnels packets received in one
    part of the network over a low-latency link and
    replays them in a different part of the network

Picture from http//library/thinkquest.org/27930/w
ormhole.htm
12
Attacks on sensor network routing contd
  • HELLO flood attack
  • Many protocols require that nodes broadcast HELLO
    packets to announce themselves to their neighbors
  • Laptop-class attacker can convince all nodes that
    it is their neighbor by transmitting at high
    power
  • Acknowledgement spoofing

13
Attacks on specific sensor network protocols
  • TinyOS beaconing
  • Description
  • Attacks
  • Can authenticated routing updates solve the
    problem?

Picture from 7
14
Attacks on specific sensor network protocols
contd
  • Combined wormhole/sinkhole attack

Picture from 7
15
Attacks on specific sensor network protocols
contd
  • What if a laptop-class adversary uses a HELLO
    flood attack?
  • What about mote-class adversaries?
  • Routing loops

Picture from 7
16
Attacks on specific sensor network protocols
contd
  • Directed diffusion

Interest propagation
Initial gradients set up
Data delivery along reinforced path
  • Attacks Suppression, Cloning, Path influence,
    Selective forwarding and data tampering

Pictures from 6
17
Attacks on specific sensor network protocols
contd
  • Geographic routing
  • Two protocols
  • GPSR (Greedy Perimeter Stateless Routing)
  • GEAR (Geographic and Energy Aware Routing)
  • Description
  • Greedy forwarding routing each packet to the
    neighbor closest to the destination
  • GEAR weighs the choice of the next hop by both
    remaining energy and distance from the target

18
Attacks on specific sensor network protocols
contd
  • Geographic routing

Greedy forwarding failure x is a local maximum
in its geographic proximity to D w and y are
farther from D.
Greedy forwarding example y is xs closest
neighbor to D
Pictures from 14
19
Attacks on specific sensor network protocols
contd
  • Geographic routing

Node xs void with respect to destination D.
Picture from 14
20
Attacks on specific sensor network protocols
contd
  • Geographic routing
  • Attacks
  • Sybil attack

Picture from 7
21
Attacks on specific sensor network protocols
contd
  • Attacks contd
  • Creating routing loops in GPSR

Picture from 7
22
Attacks on specific sensor network protocols
contd
  • Minimum cost forwarding
  • Description
  • Attacks
  • Sinkhole attack
  • HELLO flood attack can disable the entire network

CN
CM
M
N
CMLN, M
23
Attacks on specific sensor network protocols
contd
  • LEACH low-energy adaptive clustering hierarchy
  • Description
  • Nodes organized into clusters with one node
    serving as a cluster-head
  • Cluster-heads aggregate data for transmission to
    a base station
  • Attacks
  • HELLO flood attack
  • Countermeasures defeated by a Sybil attack

24
Attacks on specific sensor network protocols
contd
Node redundancy
  • Energy conserving topology maintenance
  • Geographic Adaptive Fidelity (GAF)
  • State transitions

Virtual grid
Pictures from 5
25
Countermeasures
  • Shared key and link layer encryption
  • Prevent outsider attacks - Sybil attacks,
    selective forwarding, ACK spoofing
  • Cannot handle insider attacks - Wormhole, HELLO
    flood, TinyOS beaconing attacks
  • In case of a wormhole encryption may make
    selective forwarding more difficult but cannot
    prevent blackholes
  • Sybil and HELLO flood attacks
  • A globally shared key allows an insider to
    masquerade as any node
  • A pair of nodes can use a Needham-Schroeder
    protocol to establish a shared key
  • Limit the number of neighbors for a node
  • Verify the bidirectionality of the link for a
    HELLO flood attack

26
Countermeasures
  • Amended Needham Schroeder Symmetric Key
  • Author(s) Roger Needham and Michael
    Schroeder  (1987)
  • Distribution of a shared symmetric key by a
    trusted server and mutual authentication.
    Symmetric key cryptography with server.

27
Countermeasures
  • Wormhole and sinkhole attacks
  • Protocols that construct a topology initiated by
    a base station are the most vulnerable
  • Good routing protocol design may be the solution
    geographic routing protocols
  • Geographic routing attacks
  • Use fixed topology to eliminate the need for
    location information
  • Selective forwarding
  • Multipath routing
  • Braided paths
  • Allowing nodes to dynamically choose a packets
    next hop probabilistically from a set of possible
    candidates

28
Countermeasures
  • Braided path

Picture from 10
29
Countermeasures
  • Authenticated broadcast and flooding
  • µTESLA protocol to prevent replay of broadcast
    messages issued by the base station
  • Replay is prevented because messages
    authenticated with previously disclosed keys are
    ignored
  • Flood the information about the malicious nodes
    in the network

30
Conclusions
  • End-to-end security mechanisms between a sensor
    node and a base station unlikely to guarantee
    integrity, authenticity, and confidentiality of
    messages
  • Link layer security not enough to protect against
    insider attacks
  • The routing protocol itself must be secure

31
Conclusions
  • Protection against the replay of data packets
    should not be a security goal of a routing
    protocol
  • Sinkhole attacks and wormholes are a significant
    challenge
  • Wormholes are hard to detect because they use
    private, out-of-band channel invisible to the
    underlying network
  • Sinkholes are difficult to defend against because
    they leverage hard to verify information such as
    remaining energy
  • Protocols that construct topology initiated by a
    base station are most vulnerable
  • Geographic routing protocols are resistant
  • Crucial to design routing protocols in which
    these attacks are meaningless

32
Conclusions
  • Geographic routing relatively secure against
    wormhole, sinkhole, and Sybil attacks
  • Traffic naturally routed toward the physical
    location of a base station
  • The main remaining problem is that location
    information must be trusted
  • Restricting the structure of the topology
    eliminates the need for nodes to advertise their
    locations
  • If nodes are arranged in a grid every node can
    easily derive its neighbors locations

33
Conclusions
  • Clustering protocols like LEACH may yield the
    most secure solutions against node compromise and
    insider attacks
  • Virtual base stations can be used to create an
    overlay network

34
Future Work
  • How the feature of autonomic computing can be
    applied to WSNs to improve security 11,12
  • Self-healing in WSNs 13

35
References
  • J. S. Donath, Identity and Deception in the
    Virtual Community, Communities in Cyberspace,
    Routledge, 1998.
  • J.R. Douceur, The Sybil attack, in 1st
    International Workshop on Peer-to-Peer Systems
    (IPTPS 02), 2002.
  • L. Zhou, Z. Haas, Securing ad hoc networks, IEEE
    Network Magazine 13 (6) (1999) 2430.
  • F. Stajano, R.J. Anderson, The resurrecting
    duckling security issues for ad-hoc wireless
    networks, in Seventh International Security
    Protocols Workshop, 1999, pp. 172194.
  • Y. Xu, J. Heidemann, D. Estrin,
    Geography-informed energy conservation for ad hoc
    routing, in Proceedings of the Seventh Annual
    ACM/IEEE International Conference on Mobile
    Computing and Networking, 2001.
  • C. Intanagonwiwat, R. Govindan, D. Estrin,
    Directed diffusion a scalable and robust
    communication paradigm for sensor networks, in
    Proceedings of the Sixth Annual International
    Conference on Mobile Computing and Networks
    (Mobi-COM 00), 2000.
  • C. Karlof and D. Wagner, "Secure Routing in
    Wireless Sensor Networks Attacks and
    Countermeasures," in IEEE SPNA, 2002

36
References
  • F. Ye, A. Chen, S. Lu, L. Zhang, A scalable
    solution to minimum cost forwarding in large
    sensor networks, in Tenth International
    Conference on Computer Communications and
    Networks, 2001, pp. 304309.
  • W.R. Heinzelman, A. Chandrakasan, H.
    Balakrishnan, Energy-efficient communication
    protocol for wireless microsensor networks, in
    33rd Annual Hawaii International Conference on
    System Sciences, 2000, pp. 30053014.
  • Deepak Ganesan, Ramesh Govindan, Scott Shenker,
    Deborah Estrin, Highly-resilient,
    energy-efficient multipath routing in wireless
    sensor networks, in Proceedings of the 2nd ACM
    International Symposium on Mobile Ad Hoc
    Networking Computing, 2001, pp. 251-254.
  • http//s3lab.cs.okstate.edu/projects/CIP-WSN/
  • http//www.cse.msu.edu/mckinley/920/Spring-2006/9
    20-reading-final.html
  • Tatiana Bokareva, Nirupama Bulusu, Sanjay Jha,
    SASHA Toward a Self-Healing Hybrid Sensor
    Network Architecture. Retrieved from
    http//web.cecs.pdx.edu/nbulusu/papers/emnets.pdf
    on March 2, 2008.
  • Brad Karp, H.T. Kung, GPSR Greedy Perimeter
    Stateless Routing for WirelessNetworks, Retrieved
    March 4, 2008 from http//www.eecs.harvard.edu/ht
    k/publication/2000-mobi-karp-kung.pdf
About PowerShow.com