1 / 23

Detection of Denial-of-Message Attacks on Sensor Network Broadcasts

This paper discusses the detection of denial-of-message (DoM) attacks on sensor network broadcasts, where an attacker seeks to deprive sensor nodes of broadcast messages. The paper proposes a secure mechanism, called Secure Implicit Sampling (SIS), which reduces the number of acknowledgements sent to the base station while detecting disruptive adversaries. The paper also introduces an attack taxonomy and analyzes the detection probability.

dswann
Download Presentation

Detection of Denial-of-Message Attacks on Sensor Network Broadcasts

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Detection of Denial-of-Message Attacks on Sensor Network Broadcasts Jonathan M.McCune Elaine Shi Adrian Perrig and Michael K.Reiter

  2. Introduction • Message broadcast is a fundamental communication primitive in most sensor networks. • Sensor nodes are deprived of broadcast messages under the Denial-of-Message ( DoM ) attack. • A simple approach is for every broadcast recipient to send an authenticated acknowledgement for each broadcast message, which can cause the ACK implosion problem. • The attacker’s goal is to deny the broadcast to as many nodes as possible while remaining undetected by the base station. • The designer’s goal is to limit the attacker’s capacity to achieve this.

  3. Attack Taxonomy • Attacks Against Flooding • Blocking attack An attacker may seek to compromise a vertex cut set of nodes, thereby partitioning the network into two halves, with complete control over communications between partitions. • Without enough nodes to obtain a vertex cut set • Denial of service (DOS) • Jamming

  4. Weaknesses in Efficient Broadcast • Cluster based flooding • It is only necessary to prevent cluster-heads from forwarding messages. • Attackers can be successful with far fewer compromised node. • Tree based flooding • For the blocking attack, it will suffice to block non-leaf nodes. • Malicious nodes can also violate the clustering protocol to get elected as non-leaf nodes to get an advantage.

  5. Secure Implicit Sampling (SIS) • SIS allows us to detect a disruptive adversary and in the meantime, reduce the number of acknowledgements sent to the base station. • SIS only requires a subset of recipients acknowledge each broadcast. • This subset is computed deterministically but in a way that is hidden from the attacker.

  6. Assumptions • A base station which is considerably more powerful than ordinary sensor nodes. • Base station is the source of all legitimate broadcast messages. • A secure key-management protocol is present to establish and manage secure pair-wise keys between each node and the base station.

  7. The basic protocol • Assumptions • A base station which is considerably more powerful than ordinary sensor nodes. • Base station is the source of all legitimate broadcast messages. • A secure key-management protocol is present to establish and manage secure pair-wise keys between each node and the base station. • Security Requirements • It is necessary to apply appropriate cryptographic functions to ensure data origin authentication. • An attacker must have no way of finding out which set of nodes are selected to send acknowledgement.

  8. Notation • Msgs: The set of possible broadcast messages. • F: A pseudorandom functions family parameterized by a secret value K belonging to Keys(F). • KskF: A key randomly chosen from Keys(F) that is shared between the broadcast source and the node k. • fp(x): fp is a function for which the fraction of inputs that map to 0 is p, and 1-p map to 1. • MAC: A function family parameterized by a secret value K belonging to Keys(MAC). • KskMAC: A key randomly chosen from Keys(MAC) that is shared between the broadcast source and the node k.

  9. The Secure Mechanism • If K is randomly chosen from Keys(F), then an attacker not knowing K cannot distinguish F(K) from a randomly chosen function even after seeing F(K,m) many times. • MAC is a message authentication code: If K is randomly chosen from Key(MAC), then an attacker not knowing K cannot produce MAC(K,m) fro any m even after having seen MAC(k, m’) may times.

  10. Upon receiving a broadcast m from base state s, node k tests whether fp(F(KskF,m))=0. • If so, it sends a=MAC(KskMAC,m) to s. • Each node can be viewed as being selected independently with probability p to acknowledge. • When s receives an acknowledge “a” purportedly from k for m, it confirms that MAC(KskMAC,m)=a. • For a particular round i, let Si be the number of ACKs expected, Ri be the number of ACKs received and confirmed. • S can compute Si by checking fp(F(KskF,m))=0 for every node k. • If Ri/Si<h, where h is a threshold, an alarm is raised.

  11. Analysis • Consider the ideal world first, where there is no packet loss. • Let x be the number of victim nodes and p the probability that a node gets sampled. • P ( false negative) = (1-p)x • P ( detection)=1-P ( false negative) =1-(1-p)x • False positive: signaling an attack when there is none. • False negative: attackers being able to escape detection.

  12. Let pi be the probability that the base station receives an ACK from the ith node given that it is sampled. • The number of ACKs received approximates a Binomial distribution over pr0 and Si. • Si is the number of expected ACKs in round i, and pr0 =(p1+p2+…+pn)/n. • In the detection phase, the observed Ri will deviate from the anticipated Binomial(Si,Pr0) distribution. • The following slide shows the derivation of detection probability, where f(s) is defined as:

  13. The Optimal Attacker • The success of attacker is defined in terms of the number of legitimate nodes deprived of a broadcast. • His best strategy is to compromise all neighbors of the base station. • If SIS is present, the above strategy will no longer be successful. A clever attacker will try to remain undetected with high probability while still doing damage to the network.

  14. Model the attacker with MDP

  15. Attacker Reward Function • The attacker’s action is indicated by x, the number of victim nodes per round. • r is the discount factor. In the no-loss case

  16. Reward Analysis • Consider the attacker and our detection system as two players in a zero-sum game. • The gain of the attacker is the loss of our system. • The attacker is entitled to choose x, while our system choose p. • The equilibrium of the game is given by the following minimax construction.

  17. Extensions and Discussion • Exclusive-or Aggregation ( tree-based broadcast protocol) • Upon receiving acknowledgements from its children, node i can compute the XOR of its acknowledgement with those of all its children. • Node i will then forward ACKi up the tree towards the base station S. • Upon receiving acknowledgements from all of its neighbors, S can then compute the XOR of all received acknowledgements. • S will compare the expected value of XOR and the above one.

  18. In the above scheme: If all nodes receive the broadcast, and all the aggregated acknowledgements arrive at the base station, then S can compute The base station can calculate the expected value for the XOR of all acknowledgements by iterating through the keys it share with each node for the purpose of computing acknowledgement MACs.

  19. Reducing the Verifier’s Computational Overhead • Random acknowledgement: the broadcaster randomly selects a subset of nodes to sample ( return ACKs). • Random checking: the verifier randomly picks a subset of nodes to check whether they are sampled, and if so, whether they have indeed returned an ACK.

  20. Explicit Acknowledgement Requests • The base station may need to explicitly request a set of nodes to acknowledge in each broadcast round . • Bloom filters can be used to encode a set of nodes from which the base station explicitly wants acknowledgements. • Bloom filters ensure that there are no false negative. • Given the Bloom filter, an adversary cannot figure out which set of nodes are selected, as long as shared keys between the base station and each node are kept secret.

  21. Simulation Results • First run hundreds of rounds of broadcast without attackers to get pr0. • Then run thousands of rounds with various percentage of attackers to generate a large set of victim nodes. • For each d of deprived nodes:

  22. Conclusion and Future Work • Contributions • SIS provides a general mechanism that allows us to sample a subset of network nodes for acknowledgements in a way hidden from the adversary. • Use a game theoretical model to evaluate SIS. • Limitations • Assume that the network operates under stable conditions and nodes are immobile. • Assume that lost acknowledgements are uncorrelated.

More Related