Secure routing in wireless sensor networks attacks and countermeasures
This presentation is the property of its rightful owner.
Sponsored Links
1 / 39

Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures PowerPoint PPT Presentation


  • 111 Views
  • Uploaded on
  • Presentation posted in: General

Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures. Chris Karlof David Wagner University of Califonia at Berkeley Paper review and Present by Run dong. Outline. Overview & Background Statement of routing security problem Attacks on sensor network routing

Download Presentation

Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Secure routing in wireless sensor networks attacks and countermeasures

Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures

Chris Karlof David Wagner

University of Califonia at Berkeley

Paper review and Present by

Run dong


Outline

Outline

  • Overview & Background

  • Statement of routing security problem

  • Attacks on sensor network routing

  • Attacks on specific sensor network protocols

  • Countermeasures


Routing protocols

Routing protocols

  • Layer 3 protocols

    • determine the routing path and transmit the packets reliably

  • Traditional routing protocols

    • RIP (routing information protocol)

      • Distance vector

  • OSPF (open shortest path first)

    • Link state

  • BGP

  • Mobile Ad-hoc Network protocols

    • On demand vs table driven

  • WSN Routing Protocols


  • Current routing protocols goals

    Current Routing Protocols Goals

    • Low Energy

      • Minimize communication

        • Radio cost more than instructions executed

        • Aggregate data in network

  • Low Node Duty Cycle

  • Shut down nodes when possible

  • Robust

    • Adapt to unpredictable environment without intervention

  • Scalable

    • Rely on localized algorithms – no centralized control

  • Low Latency

    • Must meet application latency and accuracy requirements

  • Small Footprint

    • Must run on hardware with severe memory and computational power constraints


  • Overview

    Overview

    • Current sensor routing protocols are not designed for security and be insecure, mostly optimized for the limited capabilities of the nodes

    • Wireless sensor network cannot depend on many of the resources available to traditional networks for security

    • Analyze current protocols to find attacks and suggest countermeasures and design consideration

    • The effective solution for secure routing is to design such sensor routing protocols with security in mind


    Problem statement

    Problem statement

    • Assumption about underlying network

    • Different Threat Models

    • Security goal in this setting


    Problem statement1

    Problem statement

    • Assumption about underlying network

    • radio link are insecure (easily eavesdropping)

    • sensor nodes are not tamper resistant

    • The physical and MAC layers are susceptible to direct attack

    • Base station is trustworthy

    • Aggregation points may be trusted in certain protocols

    • Different Threat Models

    • Security goal in this setting


    Problem statement2

    Problem statement

    • Assumption about underlying network

    • Different Threat Models

    • Mote class vs Laptop class

    • Outsider vs insider

    • Security goal in this setting


    Problem statement3

    Problem statement

    • Assumption about underlying network

    • Threat Models

    • Security goal in this setting

    • The goal of conventional network is reliable delivery of messengers

    • Sensor network need in-network processing (aggregation, compression, duplicate elimination)

    • Graceful degration

    • Confidentiality Protection against Replay of data packets should better handled by higher level


    Attacks model

    Attacks model

    • Spoofed, altered, or replayed routing information

    • Selective forwarding

    • Sinkhole attacks

    • Sybil attacks

    • Wormholes attacks

    • HELLO flood attacks

    • Acknowledgement spoofing


    Attacks model1

    Attacks model

    • Spoofed, altered or replayed routing information:

    • May be used for loop construction, attracting or repelling traffic, extend or shorten source route

    • Selective forwarding:

    • Refuse to forward certain messengers, selective forwarding packets or simply drop them try to Follow the path of least resistance and attempt to include itself on the actual data path flow

    • Sinkhole attacks

    • Lure nearly all traffic from a particular area through a specific compromised node


    Attacks model2

    Attacks model

    • Sybil attack

    • forging of multiple identities -- having a set of faulty entities represented through a larger set of identities.

    • Sybil Attack undermines assumed mapping between identity to entity

    • Wormholes

    • tunneling of messages over alternative low-latency links,

    • e.g. confuse the routing protocol, create sinkholes. etc.

    • Exploit routing race condition

    • Hello flood attack

    • an attacker sends or replays a routing protocol’s hello packets with more energy

    • Acknowledgement spoofing

    • Spoof link layer acknowledgement to trick other nodes to believe that a link or node is either dead or alive


    Attacks on specific protocols

    Attacks on specific protocols

    • General typical sensor routing protocol type:

      • Flooding

      • Gradient

      • Clustering and Cellular

      • Geographic

      • Energy Aware

    • TinyOS beaconing

    • Directed diffusion

    • Geographic routing

    • Minimal cost forwarding

    • Cluster-head- LEACH

    • Rumor routing

    • Energy conserving topology maintenance


    Tinyos beaconing

    TinyOS beaconing

    • Base station broadcast Route update(beacon) periodly, Nodes received the update and mark the base station as parent and broadcast it

    • Relevent Attack mode

      • Bogus routing information

      • Selective forwarding

      • Sinkholes

      • Sybil

      • Wormholes

      • Hello floods


    Tinyos beacon

    TinyOS beacon

    Spoof information

    Bogus and replayed routing information (such like “I am base station”) send by an adversary can easily pollute the entire network.


    Tinyos beacon1

    TinyOS beacon

    Wormhole & sinkhole Combination

    • Tunnel packets received in one place of the network and replay them in another place

    • The attacker can have no key material. All it requires is two transceivers and one high quality out-of-band channel

    Adapted from Chris Karlof and David Wagner's WSNPA slides


    Tinyos beacon2

    TinyOS beacon

    Wormhole & sinkhole Combination

    • Most packets will be routed to the wormhole

    • The wormhole can drop packets directly (sinkhole)

    • or more subtly selectively forward packets to avoid detection

    Adapted from Chris Karlof and David Wagner's WSNPA slides


    Tinyos beacon3

    TinyOS beacon

    Hello flood attack

    • A Laptop class adversary that can retransmit a routing update with enough power to be received by the entire network

    Adapted from Chris Karlof and David Wagner's WSNPA slides


    Directed diffusion

    Directed diffusion

    • Data and Application Specific

    • Content based naming

    • Interest distribution

    • Interests are injected into the network from base station.

    • Interval specifies an event data rate.

    • Interest entry also maintains gradients.

    • Data flows from the source to the sink along the gradient

    • Data propagation and reinforcement

    • Reinforcement to single path delivery.

    • Multipath delivery with probabilistic forwarding.

    • Multipath delivery with selective quality along different paths.


    Directed diffusion1

    Directed diffusion

    • Relevant attack

    • Suppression- by spoof negative reinforcement

    • Cloning- by replay information with malicious listed as a base station (send both)

    • Path influence- by spoof positive or negative reinforcements and bogus data events

    • Selective forwarding and data tampering- by above attack method to put the malicious node in the data flow

    • Wormholes attack

    • Sybil attack


    Geographic routing

    Geographic routing

    • GEAR&GPSR

    • Cost function based on destination location and neighbor node energies used to determine next hop

    • Greedy geographic query routing technique

    • Improvement over Directed Diffusion’s interest flooding technique

    • Restricted broadcast within sampling region


    Geographic routing1

    Geographic routing

    • Relevant attack

    • Sybil attack

    • Bogus routing information

    • Selective forwarding

    • No wormholes and sinkholes attack

    An adversary may present multiple identities to other nodes. The Sybil attack can disrupt geographic and multi-path routing protocols by “being in more than one place at once” and reducing diversity.

    From B->C, now will go through B->A3->C


    Geographic routing2

    Geographic routing

    • Relevant attack

    • Sybil attack

    • Bogus routing information

    • Selective forwarding

    • No wormholes and sinkholes attack

    From B->D, A forge a wrong information to claim B is in (2,1), so C will send packets back to B which cause loop at last.


    Minimum cost forwarding

    Minimum cost forwarding

    • Is an backoff-based cost field algorism for efficiently forwarding packets from senor nodes to a base station.

    • Once the field is established, the message, carrying dynamic cost information, flows along the minimum cost path in the cost field. Each intermediate node forwards the message only if it finds itself on the optimal path for this message based on the message’s cost states.

    A=110, will select B


    Minimum cost forwarding1

    Minimum cost forwarding

    • Relevant attack mode

    • Sinkhole attack

      • Mote-class adversary advertising cost zero anywhere in network

    • Hello flood attack

    • Bogus routing informaiton

    • Selective forwarding

    • wormholes


    Leach

    LEACH

    • Low-Energy Adaptive Clustering Hierarchy

    • randomized, self-configuration

    • Low energy media access control

    • Cluster-head collect data and perform processing then transmit to BS

    • Relevant attack mode

    • Hello floods

    • Selective forwarding

    • Sybil attack


    Leach1

    LEACH

    • Relative attack mode

    • Hello floods

      • Cluster-head selection based on signal strengh what mean a powerful advertisement can make the malicious attacker be it’s cluster-head.

  • Sybil attack

    • Combined with hello floods if nodes try to randomly select cluster-head instead of strongest signal strength.


  • Rumor routing

    Event

    Source

    Rumor Routing

    Observation: Two lines in a bounded rectangle have a 69% chance of intersecting, 5 line more than 99%

    • Designed for query/event ratios between query and event flooding

    • Lower the energy cost of flooding


    Rumor routing1

    Rumor routing


    Rumor routing2

    Rumor routing

    • Relevant attack mode

    • Bogus routing information

      • Create tendrils by FWD copies of agent

      • Send them as long as possible (TTL)

    • Selective forwarding

    • Sinkholes

    • Sybil

    • wormholes


    Energy conserving topology maintenance

    Energy conserving topology maintenance

    • GAF-Geographical Adaptive Fidelity

    • Physical space is divided into equal virtual size squares. Each nodes know it’s location and nodes with a square are equivalent

    • Identifies nodes for routing based on location information

    • Dense nodes deployment, Turns off unnecessary nodes

    • Sleeping, discovery, active state

    • Each grid square has one active node

    • Nodes are ranked with respect to current state and expected lifetime


    Energy conserving topology maintenance1

    Energy conserving topology maintenance

    • Relevant attack mode for GAF

    • Bogus routing information

      • Broadcast high ranking discovery messages, then can use some selective forwarding attack

    • Sybil & Hello floods

      • Target individual grids by a high ranking discovery messages with a non-existent node, frequently advertisements can disable the whole network by making most node sleep


    Energy conserving topology maintenance2

    Energy conserving topology maintenance

    • SPAN

    • An energy-efficient coordination algorism for topology maintenance

    • Backbone for routing fidelity is build by coordinators

    • A node becomes eligible to be a coordinator if two of its neighbors cannot reach other directly or via one or two coordinators.

    • Traffic only routed by coordinator

    • Random backoff for delay coordinator announcement

    • Utility and energy level decide coordinator selection by adjusting the backoff time

    • Hello messengers being broadcasted periodically.


    Energy conserving topology maintenance3

    Energy conserving topology maintenance

    • Relevant attack mode for SPAN

    • Hello floods

      • Broadcast n Hello messages with fake coordinators and neighbors which will preventing nodes from becoming coordinators when they should. then can use some selective forwarding attack


    Summary of attacks

    Summary of attacks


    Countermeasures

    Countermeasures

    • Multipath and probabilistic routing limits effects of selective forwarding

    • Link layer security with key management can prevent the majority of outsider attacks: bogus routing information, Sybil, selective forwarding, sinkholes. However, it provides little protection against insiders, HELLO floods, and wormholes.

    • Establish link keys using a trusted base station. Verifies the bidirectionality of links and prevents Sybil attacks and HELLO floods


    Countermeasures1

    Countermeasures

    • Wormholes are difficult to defend against. Can be mounted effectively by both laptop-class insiders and outsiders. Good protocol design is the best solution: geographic and clustering-based protocols hold the most promise. Wormholes are ineffective against these protocols

    • Authenticated broadcast and flooding are important primitives.

    • Nodes near base stations are attractive to compromise. Clustering-based protocols and overlays can reduce their significance


    Conclusion

    Conclusion

    • Conclusion:

    • Link layer encryption and authentication, multipath routing, identity verification, bidirectional link verification and authenticated broadcast is important,

    • cryptography is not enough for insiders and laptop-class adversaries, careful protocol design is needed as well.


    Secure routing in wireless sensor networks attacks and countermeasures

    THANK YOU


  • Login