Security Protocols - PowerPoint PPT Presentation

Loading...

PPT – Security Protocols PowerPoint presentation | free to download - id: 73418b-ZDM2O



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

Security Protocols

Description:

Security Protocols In Sensor Networks – PowerPoint PPT presentation

Number of Views:28
Avg rating:3.0/5.0
Slides: 32
Provided by: Daml4
Learn more at: http://www.cs.ucf.edu
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Security Protocols


1
Security Protocols In Sensor Networks
2
A Performance Evaluation of Intrusion-Tolerant
Routing in Wireless Sensor Networks Deng 2003
  • Introduction
  • Security in sensor networks is important to
    prevent unauthorized users from eavesdropping,
    obstructing and tampering with sensor data, and
    launching denial-of-service (DOS) attacks against
    entire network
  • The challenges of designing and implementing of a
    secure routing in WSN are as follows
  • The vulnerability of the network to
    eavesdropping, spoofing, unauthorized access,
    and DOS attacks increases due to the wireless
    communication among the sensor nodes
  • The limited resource constraints of the sensor
    nodes, such as memory, CPU, bandwidth, and
    battery life, hinders the degree of
    implementation of encryption, decryption and
    authentication mechanisms in individual sensor
    nodes

3
A Performance Evaluation of Intrusion-Tolerant
Routing in Wireless Sensor Networks Deng 2003
  • Introduction
  • Physical security risk of being deployed in the
    field individual sensor nodes can be obtained
    and face attacks from an unauthorized user in
    order to compromise a single sensor node.
  • If attack is successful, a compromised sensor
    node can start malicious activities within the
    network such as false routing information and
    launching DOS attacks
  • The secure routing protocol should handle such
    attacks such that networks continues to function
    properly
  • Since this paper assumes that base station has
    more resources to defend against these kinds of
    attacks therefore, it investigates on how to
    secure the system against attacks on the
    resource-poor sensor nodes

4
A Performance Evaluation of Intrusion-Tolerant
Routing in Wireless Sensor Networks Deng 2003
  • Introduction
  • This paper evaluates the performance of INSENS,
    an INtrusion-tolerant routing protocol for
    wireless SEnsor NetworkS
  • More specifically, it evaluates implementations
    on the motes of the RC5 and AES encryption
    standards
  • RC5-based scheme to generate message
    authentication codes (MACs) and
  • RC5-based generation of one-way sequence numbers
  • The proposed secure routing protocol is resilient
    to obstruction of the data delivery, develops
    end-to-end integrity checksums and authentication
    schemes to detect tampering with sensor data

5
A Performance Evaluation of Intrusion-Tolerant
Routing in Wireless Sensor Networks Deng 2003
  • Introduction
  • INSENS has the property that a single compromised
    node can only disrupt a localized section of the
    network and is not enough to stop the entire
    network from functioning
  • The INSENS system adheres to the following design
    principles
  • The individual nodes are not allowed broadcast to
    the entire network in order to prevent DOS
    flooding attacks only base station can
    broadcast and it is considered as a gateway to
    the wired network. The base station is loosely
    authenticated via one-way sequence number such
    that nodes cannot spoof the base station and
    flood the network. Sensor nodes can unicast a
    packet only to the base station. Peer-to-peer
    sensor communication is not directly supported
    however, tunneling through the base station
    allows indirect sensor-to-sensor communication

6
A Performance Evaluation of Intrusion-Tolerant
Routing in Wireless Sensor Networks Deng 2003
  • Introduction
  • Control routing information needs to be
    authenticated to prevent false routing data
    advertisements. This way, the base station
    receives correct knowledge of the topology even
    if it may not represent the full view due to
    malicious packet dropping
  • To address resource constraints
  • Symmetric key cryptography is chosen for
    confidentiality and authentication between a base
    station and a sensor node instead of computation
    intensive public key cryptography techniques
  • Base station is in charge for computation and
    dissemination of the routing tables
  • The redundant multipath routing is built into
    INSENS to achieve secure routing. The goal is to
    have disjoint paths such that even if the
    intruder compromises a node or a path, secondary
    paths will function correctly

7
A Performance Evaluation of Intrusion-Tolerant
Routing in Wireless Sensor Networks Deng 2003
Introduction
Figure 1 Sample asymmetric WSN topology rooted
at the base station. Triangle node is a
malicious node. Black nodes are its downstream
nodes. Intrusion-tolerant routing is assisted by
multiple paths downstream nodes can still
communicate with the base station
8
A Performance Evaluation of Intrusion-Tolerant
Routing in Wireless Sensor Networks Deng 2003
  • Protocol Description
  • The INSENS is comprised of a route discovery
    phase and data forwarding phase
  • The route discovery phase builds appropriate
    forwarding tables at some nodes and it is divided
    into three rounds
  • Route request The base station floods a request
    message to all reachable sensor nodes
  • Route feedback Each sensor node sends its
    neighborhood topology information back to the
    base station using a feedback message
  • Computing and propagating multipath routing
    tables The base station authenticates the
    neighborhood information, builds a topological
    view of the network, computes the forwarding
    tables for each sensor node, and sends the tables
    to the appropriate nodes using a routing update
    message

9
A Performance Evaluation of Intrusion-Tolerant
Routing in Wireless Sensor Networks Deng 2003
  • Protocol Description
  • The data forwarding phase forwards data from each
    sensor node to and from the base station
  • A symmetric communication channel is assumed
  • Each node has a shared symmetric key with base
    station and has a globally known one-way function
    F and initial sequence number K0
  • F and K0 are used to authenticate messages from
    the base station
  • The shared symmetric key, F and K0 are
    distributed in advance preprogrammed into each
    sensor node prior to deployment

10
A Transmission Control Scheme for Media Access
in Sensor Networks Woo, 2003
  • Advantages
  • Builds a secure routing protocol, rather than
    placing security layer on top of existing routing
    protocols
  • INSENS prevents DoS-style attacks by not allowing
    individual nodes to broadcast to the entire
    network
  • The resource rich base station is chosen as the
    central point for computation rather than
    resource-poor network nodes
  • Redundant multipath routing is used to achieve
    secure routing
  • The one-way cryptographic hash function used to
    generate the sequence helps hiding attacker from
    guessing the next sequence number to spoof the
    network
  • It is not constrained by time synchronization or
    delayed release schedule

11
A Transmission Control Scheme for Media Access
in Sensor Networks Woo, 2003
  • Disadvantages
  • Base stations are given too much responsibility
    and thus the prime target for hackers to bring
    the entire network down
  • If an alternate path is not available, then the
    network is susceptible to partitioning under
    attack
  • No mentioning about the advantages of building a
    bottom up secure routing protocol (i.e. no
    numerical comparison of the proposed approach
    with other approaches)

12
A Transmission Control Scheme for Media Access
in Sensor Networks Woo, 2003
  • Suggestions/Improvements/Future Work
  • For multipath routing table dissemination, meshed
    multipath routing algorithm can be used
  • Further route failure detection via flow
    monitoring and overlay routing for route
    reconfiguration can be added to ensure fault
    tolerance in WSN
  • Better algorithm to find disjoint multi paths
    with minimum number of common nodes between node
    and base station

13
Secure Routing in Wireless Sensor Networks
Attacks and Countermeasures Karlof 2003
  • Introduction
  • It is very difficult to incorporate security
    mechanisms into sensor routing protocols after
    the design has completed
  • Therefore, sensor network routing protocols must
    be designed with security considerations and this
    is the only effective solution for secure routing
    in sensor networks
  • The main contributions of this paper are as
    follows
  • Proposed threat models and security goals for
    secure routing in wireless sensor networks
  • Introduced two novel classes of previously
    undocumented attacks against sensor networks
    sinkhole attacks and HELLO floods
  • It is shown how attacks against ad hoc and
    peer-to-peer networks can be adapted into
    powerful attacks against sensor networks

14
Secure Routing in Wireless Sensor Networks
Attacks and Countermeasures Karlof 2003
  • Introduction
  • Presented the first detailed security analysis of
    all the major routing protocols and energy
    conserving topology maintenance algorithms for
    sensor networks described practical attacks
    against all of them that would defeat any
    reasonable security goals
  • Discussed countermeasures and design
    considerations for secure routing protocols in
    sensor networks

15
Secure Routing in Wireless Sensor Networks
Attacks and Countermeasures Karlof 2003
Introduction
Figure 2 Sensor network legend All nodes may use
low power radio links, but only laptop-class
adversaries and base stations can use low
latency, high bandwidth links
Figure 3 A representative sensor network
architecture
16
Secure Routing in Wireless Sensor Networks
Attacks and Countermeasures Karlof 2003
  • Problem Statement
  • A. Network Assumptions
  • Due to wireless communications, the radio links
    are insecure
  • Attackers can eavesdrop on radio transmissions,
    inject bits in the channel, and replay previously
    heard messages
  • It is assumed that the adversary can deploy few
    malicious nodes with similar hardware
    capabilities as the legitimate nodes
  • It is not assumed that sensor nodes are tamper
    resistant
  • Even though tamper resistance might be a defense
    for physical node compromise, this is not
    considered a general purpose solution since
    effective temper resistance can add significant
    per-unit cost, and sensor nodes are generally
    inexpensive

17
Secure Routing in Wireless Sensor Networks
Attacks and Countermeasures Karlof 2003
  • Problem Statement
  • B. Trust Requirements
  • Base stations are assumed to be trustworthy to
    behave correctly since they act as gateway nodes
    to the outside world
  • Aggregation points which are often regular nodes
    are trusted in certain protocols to accurately
    combine other messages to forward to base
    stations
  • It is possible that adversaries may deploy
    malicious aggregation points or turn malicious
    nodes into aggregation points therefore,
    aggregation points may not be trustworthy

18
Secure Routing in Wireless Sensor Networks
Attacks and Countermeasures Karlof 2003
  • Problem Statement
  • C. Threat Models
  • There is a difference between mote-class and
    laptop-class attackers
  • In mote-class attackers, the attacker has access
    to a few sensor nodes with similar capabilities
    to motes, but nothing more
  • A laptop-class attacker may have access to more
    powerful devices in which case, malicious nodes
    have advantages over legitimate nodes may jam
    the entire network using stronger transmitter,
    eavesdrop on an entire network, may have high
    bandwidth low-latency channel
  • Second distinction can be made between outsider
    and insider attacks
  • The discussion so far has been related to the
    outsider attacks, where the attacker has no
    special access to the network

19
Secure Routing in Wireless Sensor Networks
Attacks and Countermeasures Karlof 2003
  • Problem Statement
  • C. Threat Models
  • Insider attacks may occur either when an
    authorized participant in the network has been
    compromised, running malicious code or
    adversaries who have stolen the key material,
    code, and data from legitimate nodes
  • D. Security Goals
  • Ideally, a secure routing protocol should
    guarantee the integrity, authenticity, and
    availability of messages in the presence of
    adversaries
  • Protection against eavesdropping is not an
    explicit goal for secure routing
  • Routing protocol should prevent eavesdropping
    caused by misuse of abuse of the protocol itself,
    for instance, eavesdropping achieved by the
    cloning or rerouting of a data flow should be
    prevented

20
Secure Routing in Wireless Sensor Networks
Attacks and Countermeasures Karlof 2003
  • Problem Statement
  • D. Security Goals
  • Protection against the replay of data packets is
    not the responsibility of the secure routing
    protocol, rather application layer can provide
    such service since only the application can fully
    and accurately detect the replay of data packets
  • In the case of insider laptop-class attacks, all
    of these goals are not fully attainable
  • Instead of complete compromise of the network, it
    is expected to have graceful degradation at best
  • The degradation should be no faster than a rate
    approximately proportional to the ratio of
    compromised nodes to total nodes

21
Secure Routing in Wireless Sensor Networks
Attacks and Countermeasures Karlof 2003
  • Attacks on Sensor Network Routing
  • A. Spoofed, altered, or replayed routing
    information
  • This is the most direct attack against a routing
    protocol
  • Adversaries may be able to create routing loops,
    attract or repel network traffic, extend or
    shorten source routes, generate false error
    messages, partition the network, increase
    end-to-end delay latency
  • B. Selective Forwarding
  • Malicious nodes may refuse to forward certain
    messages, drop them, ensuring that they are not
    propagated any further
  • In order not get noticed by the neighboring nodes
    by not forwarding the packets, the adversary may
    selectively forwards the packets

22
Secure Routing in Wireless Sensor Networks
Attacks and Countermeasures Karlof 2003
  • Attacks on Sensor Network Routing
  • B. Selective Forwarding
  • It is most effective when the attacker is
    explicitly included on the path of a data
    flow
  • An adversary overhearing a flow passing through
    neighboring nodes might be able to emulate
    selective forwarding by jamming or causing a
    collision on each forwarded packet of interest
  • C. Sinkhole Attacks
  • Adversary tries to lure all the traffic from a
    particular area through a compromised node,
    creating a metaphorical sinkhole with the
    adversary at the center

23
Secure Routing in Wireless Sensor Networks
Attacks and Countermeasures Karlof 2003
  • Attacks on Sensor Network Routing
  • C. Sinkhole Attacks
  • Typically works by making a compromised node look
    attractive to surrounding nodes with respect to
    the routing algorithm
  • The adversary could spoof or replay an
    advertisement for high quality route to a base
    station
  • Due to either real or imagine high quality route
    through compromised node, each neighboring node
    of the adversary will forward packets destined
    for a base station through the adversary
  • Since all packets share the same destination (the
    only base station), a compromised node needs only
    to provide a single high quality route to the
    base station to influence a large number of nodes

24
Secure Routing in Wireless Sensor Networks
Attacks and Countermeasures Karlof 2003
  • Attacks on Sensor Network Routing
  • D. The Sybil Attack
  • A single node presents multiple identities to
    other nodes in the network
  • This type of attack can reduce the effectiveness
    of fault-tolerant schemes and pose a threat to
    geographic routing protocols
  • Adversary can be in more than one place at once
    by using this attack
  • E. Wormholes
  • An adversary tunnels messages received one part
    of the network over a low latency link and
    replays them in a different part
  • Wormhole attacks generally involve two distant
    malicious nodes colluding to understand their
    distance from each other by relaying packets
    along an out-of-bound channel available only to
    the attacker

25
Secure Routing in Wireless Sensor Networks
Attacks and Countermeasures Karlof 2003
  • Attacks on Sensor Network Routing
  • E. Wormholes
  • An adversary can convince nodes who are multiple
    hops away from the base station to believe that
    they are only one or two hops away via the
    wormhole this creates a sinkhole
  • Wormholes can be used to convince two distant
    nodes that they are neighbors by relaying packets
    between the two of them
  • This attacks can be combined with selective
    forwarding or eavesdropping
  • F. HELLO Flood Attack
  • A laptop-class attacker broadcasting routing or
    other information with large enough transmission
    power could convince every node in the network
    that the adversary is its neighbor

26
Secure Routing in Wireless Sensor Networks
Attacks and Countermeasures Karlof 2003
  • Attacks on Sensor Network Routing
  • F. HELLO Flood Attack
  • An adversary advertising a high quality route to
    the base station to every node in the network can
    cause large number of nodes to use this route,
    leaving the network in the state of confusion
  • An adversary can re-broadcast overhead packets
    with enough power to be received by every node
  • HELLO floods can be considered as one-way
    broadcast wormholes and uses a single hop
    broadcast to transmit a message to a large number
    of nodes unlike the traditional definition of
    flooding denoting epidemic-like propagation of a
    message to every node in the network

27
Secure Routing in Wireless Sensor Networks
Attacks and Countermeasures Karlof 2003
  • Attacks on Sensor Network Routing
  • G. Acknowledgement Spoofing
  • An adversary can spoof link layer
    acknowledgements for overhead packets addressed
    to the neighboring nodes
  • A sender can be convinced that a weak link is
    strong or a dead node is alive since packets sent
    along weak or dead links are lost
  • An adversary can mount a selective forwarding
    attack using acknowledgment spoofing by
    encouraging the target node to transmit packets
    on those weak links

28
Secure Routing in Wireless Sensor Networks
Attacks and Countermeasures Karlof 2003
  • Advantages
  • The authors outline a number of attacks that are
    possible on a sensor network. They introduce two
    new kinds of attacks that are specific to sensor
    networks
  • The authors present the drawbacks of the existing
    protocols to overcome these threats
  • It is reported that the majority of outsider
    attacks against sensor network routing protocols
    can be prevented by simple link layer encryption
    and authentication using globally shared key
  • The analysis of various possible attacks on WSN
    give insight into the sorts of countermeasures
    required for security in WSN

29
Secure Routing in Wireless Sensor Networks
Attacks and Countermeasures Karlof 2003
  • Disadvantages
  • Energy requirements and overheads of implementing
    the countermeasures are not presented
  • The authors have not simulated or provided any
    platform to show that the countermeasure actually
    works
  • The use of geographical information for security
    carries heavy overhead

30
Secure Routing in Wireless Sensor Networks
Attacks and Countermeasures Karlof 2003
  • Suggestions/Improvements/Future Work
  • Multipath routing to multiple destination base
    stations can be as a strategy to provide
    tolerance against individual base station attacks
    and/or compromise
  • Relocation of the base station in the network
    topology can be studied as a means of enhancing
    resiliency and mitigating the scope of damage
  • Develop application specific security schemes and
    counter measures for given attacks

31
References
  • Deng 2003 J. Deng, R. Han, and S. Mishra, A
    Performance Evaluation of Intrusion-Tolerant
    Routing in Wireless Sensor Networks, Proceedings
    of IPSN 2003.
  • Karlof 2003 C. Karlof and D. Wagner, Secure
    Routing in Sensor Networks Attacks and
    Countermeasures, Proceedings of SNPA 2003.
  • Perrig 2001 A. Perrig, R. Szewczyk, V. Wen, D.
    Culler, and J. Tygar , SPINS Security Suite for
    Sensor Networks, MobiCom 2001, Rome, Italy, pp.
    189-199.
About PowerShow.com