Secure routing in wireless sensor networks attacks and countermeasures
1 / 27

Secure Routing in wireless sensor networks: attacks and countermeasures - PowerPoint PPT Presentation

  • Uploaded on

Secure Routing in wireless sensor networks: attacks and countermeasures. Chris Karlof and David Wagner University of California at Berkeley 1 st IEEE International Workshop on Sensor Network Protocols and Applications, 2003 발 표 : 장준혁 , 최준철. Contents.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Secure Routing in wireless sensor networks: attacks and countermeasures' - knoton

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Secure routing in wireless sensor networks attacks and countermeasures

Secure Routing in wireless sensor networks:attacks and countermeasures

Chris Karlof and David Wagner

University of California at Berkeley

1st IEEE International Workshop on Sensor Network Protocols and Applications, 2003

발표: 장준혁, 최준철


  • Introduction: wireless sensor network

  • Problem statement

  • Attacks on sensor network routing

  • Attacks on specific sensor network protocols

  • Countermeasures

  • Conclusion

Wireless sensor network wsn
Wireless Sensor Network(WSN)

  • Applications

    • Fire monitoring, protecting wild animals, military purpose

  • Deployment

  • Sensing

  • Network construction

  • Data aggregation

  • Restricted resources

  • Environments(assumptions)

    • Base station

    • Global information

    • Transmission range

    • Mobility

  • Resource constraints Sensor Node

Sensor Field



Sensor node
Sensor Node

<Mica mote>

<Power consumption>

Sensor network routing
Sensor Network Routing

  • Power consumption dominates network lifetime

    • Mostly, sensor nodes are not repaired or reused

    • 2 weeks ~ a few years

  • How many messages are used?

  • = How long does the network alive?

  •  Sensor routing protocols

    • Flooding, proactive(DSDV), reactive(AODV), clustering(LEACH)

  • The routing protocols are not designed for security and traditional methods are hard to use

  • This paper suggests

    • Threat models and security goals

    • Countermeasures

    • Design consideration

Wsn vs ad hoc wireless networks
WSN vs. Ad-hoc Wireless Networks

  • Similarity

    • Support Multi-hop networking

  • Differences

    • Sensor : Supports Specialized communication patterns

      • Many-to-One

      • One-to-Many

      • Local Communication

    • Sensor nodes more resource constrained than Ad-hoc nodes

      • Public key cryptography not feasible

    • Higher level of trust relationship among sensor nodes

    • In-network processing, aggregation, duplication elimination

Problem statement
Problem Statement

  • Trust Requirements

    • Insecure Radio links

    • Base station(trusted), nodes(untrusted)

    • None tamper resistant

      • Adversary can access all key, data, code

  • Threat Models

    • Based on device capability

      • Mote-class attacker / Laptop-class attacker

    • Based on attacker type/location

      • Outside attacks / Inside attacks

Security goal
Security Goal

  • Responsibility

    • Link layer: Integrity, authenticity, and confidentiality

    • Routing protocol: Availability

    • Application: replay attack

  • Outsider adversaries

    • Conceivable to achieve these goals

  • Insider adversaries

    • These goals are not fully attainable -> Graceful degradation

Attack model
Attack Model

  • Spoofed, altered, or replayed routing information

  • Selective forwarding

  • Sinkhole attacks**

  • Sybil attacks

  • Wormholes attacks

  • HELLO flood attacks**

  • Acknowledgement spoofing

  • Attacker wants to:

    • Steal information through the data flows

    • Break the functionality of the sensor network

Attack model1






Attack Model

  • Spoofed, altered or replayed routing information

    • May be used for loop construction, attracting or repelling traffic, extend or shorten source route

  • Selective forwarding

    • A malicious node behaves like a black hole

    • Refuse to forward certain messengers, selective forwarding packets or simply drop them

  • Sinkhole attacks

    • Attacker creates metaphorical sinkhole

      by advertising for example high quality

      route to a base station

      • Almost all traffic is directed to the fake sinkhole

Attack model2
Attack Model

  • The Sybil Attack

    • Forging of multiple identities - having a set of faulty entities represented through a larger set of identities.

    • Significant threat to location aware routing protocols

      • An adversary node can be in more than one place at once

  • Wormholes

    • Tunneling of messages over alternative low-latency links,

    • e.g. confuse the routing protocol, create sinkholes. etc.

그림: 애드혹(Ad Hoc) 네트워크에서의 위치정보 기반의 웜홀(Wormhole) 탐지 기법, 이규호 외, 정보과학회, 2006

Attack model3
Attack Model

  • HELLO flood attack

    • An attacker sends or replays a routing protocol’s HELLO packets with more energy

  • Acknowledgement spoofing

    • Spoof link layer acknowledgement to trick other nodes to believe that a link or node is either dead or alive

Attacks on specific protocols
Attacks on specific protocols

  • TinyOS beaconing

  • Directed Diffusion

  • Geographic routing

Attacks on specific protocols1
Attacks on specific protocols

  • TinyOS beaconing

    • Base station broadcast Route update(beacon) periodically, Nodes received the update and mark the base station as parent and broadcast it

      • Breadth First Spanning Tree rooted at a base station

    • Routingupdates are not authenticated

Attacks on tinyos protocols
Attacks on TinyOS protocols

  • Spoofing a routing update

    • Bogus and replayed routing information (such like “I am station”) send by an adversary can easily pollute the entire network

    • Routing loops can easily be created by mote-class adversaries

Attacks on tinyos protocols1
Attacks on TinyOS protocols

  • Wormhole / Sinkhole attack

    • Two colluding powerful laptop-class nodes, one near the base station and one near the targeted area

    • The first node forwards routing updates through worm hole

    • The second node create sinkhole by rebroadcasting the routing update in the targeted area

Attacks on tinyos protocols2
Attacks on TinyOS protocols

  • HELLO flood attack

    • Broadcast a routing update loud enough to reach the entire network by using a powerful transmitter

    • Every node marks the adversary as its parent

    • Most nodes will be likely out of normal radio range

Attacks on tinyos protocols3
Attacks on TinyOS protocols

  • HELLO flood attack

    • Broadcast a routing update loud enough to reach the entire network by using a powerful transmitter

    • Every node marks the adversary as its parent

    • Most nodes will be likely out of normal radio range

Attacks on specific protocols2
Attacks on specific protocols

  • Directed diffusion

    • A data-centric routing algorithm for drawing information out of a sensor network

Attacks on directed diffusion protocols
Attacks on Directed diffusion protocols

  • Suppression

  • Cloning

  • Path influence

  • Selective forwarding and data tempering

Attacks on specific protocols3
Attacks on specific protocols

  • Geographic Routing

    • GPSR (Greedy Perimeter Stateless Routing)

      • Greedy forwarding routing each packet to the neighbor closest to the destination

    • GEAR (Geographic and Energy Aware Routing)

      • GEAR weighs the choice of the next hop by both remaining energy and distance from the target

Attacks on geographic routing protocols
Attacks on Geographic Routing protocols

  • Sybil Attack

    • Surrounding each target using non-existent nodes by using Sybil attack. Adversary maximizes chances for placing herself on the path of data flow

  • Forge location advertisements

    • Advertise her location in a way to place herself on the path of a known flow

    • Forge other node’s location to create routing loops


  • Authentication and encryption

    • Prevents the majority of outsider attacks

      • False routing information, selective forwarding, sinkhole attacks, sybil attacks, ACK spoofing

    • Can’t prevent to tunnel or amplify legitimate message

      • Wormhole attacks, HELLO flood atacks

    • Can’t prevent insider attacks


  • Insider attacks

    • Using a globally shared key allows an insider to masquerade as any node

    • Verifing identities might be done using Public key cryptography, but this is beyond the capabilities of sensor nodes

    • Share a unique symmetric key with a trusted base station

      • Two nodes verify each other by using some protocol and establish a shared key

      • Using that key, pair of noes can implement authenticated and encrypted link between them

      • Base station reasonably limit the number of neighbors


  • Wormhole and Sinkhole attacks

    • These are very difficult to defend since detecting and verifying is extremely difficult

    • Difficult to retrofit existing protocols with defenses against these attack

    • Best solution is to carefully design routing protocols

    • Geographic routing protocol

      • Resistant to wormhole and sinkhole attacks

      • Do not construct topology with initiation. Construct on demand

      • Difficult to create a sinkhole and easy to detect wormhole


  • Selective Forwarding

    • Multipath routing can be used to counter these types of selective forwarding attacks

    • Messages routed over n paths whose nodes are completely disjoint are completely protected against selective forwarding attacks involving at most n compromised nodes

    • Allowing nodes to dynamically choose a packet’s next hop probabilistically from a set of possible candidates


  • Currently proposed routing protocols for sensor networks are insecure

  • Link layer encryption and authentication, multipath

  • routing, identity verification, bidirectional link

  • verification and authenticated broadcast is important

  • Cryptography is not enough for insiders and laptopclass

  • adversaries, careful protocol design is needed as

  • well