1 / 18

WSN Security (Draft)

WSN Security (Draft). Moh’d Abidalrahman. WSN Security. Too... many types of attacks!! With lots of (overlapping ) details …. In this presentation. We will have an overview of the most serious attacks. Providing security mechanisms against these attacks is so difficult.

ivory
Download Presentation

WSN Security (Draft)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. WSN Security (Draft) Moh’d Abidalrahman

  2. WSN Security • Too... many types of attacks!! With lots of (overlapping) details…. • In this presentation. We will have an overview of the most serious attacks. • Providing security mechanisms against these attacks is so difficult.

  3. Why Security is difficult? • Sensor Node Constraints • Battery • CPU power • Memory • Networking Constraints and Features • Wireless • Ad hoc • Unattended • Sensor network protocols have not been designed with security as a goal

  4. Outline • Passive Information Gathering • Subversion of a Node • False Node and malicious data • HELLO floods Attack. • Sinkhole attack. • Wormhole attack. • The Sybil Attack. • Denial of Service Attack.

  5. Passive Information Gathering • An intruder with an appropriately powerful receiver and well designed antenna can easily pick off the data stream. • Interception of the messages containing the physical locations of sensor nodes (attacker can locate the nodes and destroy them). • An adversary can observe the application specific content of messages and use them an another type of attack • message IDs • Sequence numbers • timestamps • etc...

  6. Subversion of a Node • A particular sensor might be captured. • Information stored on it (such as the security keys) might be obtained by an adversary. • How to exclude that node, and that node only, from the sensor network???

  7. False Node and malicious data • Add a node to the system that feeds false data or prevents passing true data. • By spoofing, altering, or replaying routing information, adversaries may be able to • create routing loops • attract or repel network traffic • extend or shorten source routes • generate false error messages • partition the network • increase end-to-end latency • etc… • Can destroy the whole network or • Take it over (more dangerous)

  8. HELLO floods attack • Protocols that use HELLO packets to announce to neighbors • Assumption: the sender of a received packet is within normal radio range • False! A powerful transmitter could reach the entire network. • Traffic from nodes in the range will be drawn through adversary. • Nodes far away from the adversary would be sending packets to no one. • The network is left in a state of confusion.

  9. Sinkhole attacks • Goal is to attract nearly all the traffic from a particular area through a compromised node, creating a sinkhole with the adversary at the center. • Sinkhole attacks typically work by making a compromised node look “especially attractive” to surrounding nodes with respect to the routing algorithm.

  10. Sinkhole attacks • For instance, an adversary could spoof or replay an advertisement for an extremely high quality route to a base station. • Each neighbouring node will forward packets destined for a base station through the compromised node. • They will propagate the attractiveness of the route as well. • Effectively, the adversary creates a large “sphere of influence” attracting all traffic destined for a base station from nodes several hops away from the compromised node.

  11. Wormhole attacks • An adversary tunnels messages received in one part of the network over a low latency link and replays.

  12. Wormhole Attack • The attacker can have no key material. All it requires is two transceivers and one high quality out-of-band channel • An adversary could convince nodes who would normally be multiple hops from a base station that they are only one or two hops away via the wormhole. • This can create a sinkhole: since the adversary on the other side of the wormhole can artificially provide a high quality route to the base station. • potentially all traffic in the surrounding area will be drawn through sinkhole if alternate routes are significantly less attractive.

  13. The Sybil Attacks • A single node presents multiple identities to other nodes in the network. • Can be used to launch more advanced attacks: • Routing • Distributed Storage • Data Aggregation • Voting • Fair Resource Allocation • Misbehaviour Detection

  14. The Sybil Attacks • Distributed Storage • Defeat replication and fragmentation mechanisms • Routing • Attack routing algorithm • Geographic routing • Evade misbehavior detection mechanisms

  15. The Sybil Attacks • Data Aggregation • With enough Sybil nodes, an attacker may be able to completely alter the aggregate reading. • Voting • Depending on the number of identities the attacker owns, he may be able to determine the outcome of any vote. • Either claim a legitimate node is misbehaving or Sybil nodes can vouch for each other…

  16. The Sybil Attacks • Fair Resource Allocation • Using Sybil attack, a malicious node can obtain an unfair share of any resource shard in per-node manner. • Consequently, cause DoS to legitimate node, and also give the attacker more resources to perform attacks. • Misbehavior Detection • Sybil nodes could “spread the blame” . • Even action is taken to revoke the offending nodes, the attacker can continue using new Sybil identities to misbehave.

  17. Denial of Service Attacks • A denial of service attack is "any event that diminishes or eliminates a network‘s capacity to perform its expected function.“ • Musfeq will explain them in detail.

More Related