1 / 24

Distributed Detection Of Node Replication Attacks In Sensor Networks

Distributed Detection Of Node Replication Attacks In Sensor Networks. By Bryan Parno, Adrian Perrig and Virgil Gligor. Presenter: Kirtesh Patil. Acknowledgement: Slides on Paper originally provided by Bryan Parno, Adrian Perrig and Virgil Gligor. Sensor Networks.

garrisons
Download Presentation

Distributed Detection Of Node Replication Attacks In Sensor Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Distributed Detection Of Node Replication Attacks In Sensor Networks By Bryan Parno, Adrian Perrig and Virgil Gligor Presenter: Kirtesh Patil Acknowledgement: Slides on Paper originally provided by Bryan Parno, Adrian Perrig and Virgil Gligor

  2. Sensor Networks • Wireless sensor networks contain thousands of nodes • Each node has limited processing, storage capacity and power • Low Cost • Easy to deploy • No Tamper proof

  3. Replication Attack • Capture one node • pressure, voltage and temperature sensing not built-in to detect intrusion • Read memory • Replicate nodes – same IDs • Affects data aggregation protocols • Replicated nodes can be used to kick legitimate nodes out (node-revocation protocol)

  4. Outline • Introduction • Problem Statement and Previous Work • Solution • Evaluation • Discussion

  5. Assumptions • Adversary can’t deploy nodes with arbitrary ID – paper assumes n/w implements required safeguards • Adversary has limited node capturing capability • Cloned node has at least one legitimate node in neighborhood (Can be eliminated) • All node know their geographical location and node are primarily stationary

  6. Objectives • Detect node replication with high probability • Secure against adaptive adversary • Unpredictable to adversary • No central point of failure • Minimize communication overhead

  7. Previous Approaches • Centralized scheme • Each node sends location to central base station • Central base station examines list for conflicts • Revocation: flood network with authenticated revocation message • Disadvantages: • Vulnerable to single point failure • Compromise base station • Interfere with its communication • Node surrounding base station – undue routing of traffic • Revocation can be delayed • Advantages: 100% detection

  8. Previous Approaches (Contd.) • Local Detection Scheme • Neighbor try to detect replicated nodes • Fails to detect distributed node replicated in disjoint neighborhood

  9. Emergent Properties • They are properties that only emerge through collective action of multiple nodes • Advantages: • No Central Point of Failure • Attractive approach to thwart unpredictable and adaptive adversary

  10. Simple Approach • Node-To-Network Broadcast • Each node broadcast location information • 100% detection • Assumption: Broadcast reaches all nodes • Attacker can easily jam or interfere with communication

  11. Simple Approach (Contd.) • Deterministic Multicast • Node sends location to neighbors • Neighbors choose witness and forward location to them • Problem: • Predictable – attacker can jam all messages to witnesses • Witnesses become target to subversion

  12. Approach Overview STEP1: Announce location • Sign and broadcast location to neighbors STEP 2: Detect Replicas • Use Emergent properties • Ensure at least one witness receives two conflicting locations STEP 3: Revoke replicas • Flood network with conflicting location claims (signed)

  13. Randomized Multicast Protocol STEP 2 • Witness chosen randomly • Each neighbor chooses witnesses • So n neighbor send location to witnesses • By Birthday Paradox – if there are clones then location conflict will occur. • Probability of detection

  14. Line Selected Multicast • Use routing topology of network to select witnesses • All the intermediate nodes between neighbor and witness check for conflict • Geometric probability says replicated nodes will be detected

  15. Line Selected Multicast Detection

  16. Line Selected Multicast Detection Y

  17. Line Selected Multicast Detection Y With five line segments per point : 95%

  18. Theoretical Communication Overhead

  19. Communication Overhead

  20. Topologies

  21. Probability of Detection in Irregular Topologies

  22. Timing Issue And Masked-Replication • How often to perform detection • Every T unit of time – node forgets previous claims • Time slots • Time slots based on ID • Witness remember claims during time slot • Adversary captures neighbors • Solution: pseudo-neighbors – neighbors ask for location claim

  23. Conclusion And Future Work • Use of emergent properties to tackle node replication • High probability of detection • Resilient to adaptive adversary • Minimum communication overhead • Scheme assumes captured nodes follow protocol • Implicit sampling to detect nodes that suppress or drop messages

  24. Comments and Questions?

More Related