1 / 34

A Low-Cost Method to Thwart Relay Attacks in Wireless Sensor Networks

A Low-Cost Method to Thwart Relay Attacks in Wireless Sensor Networks. Reza Shokri Tutors: Panos Papadimitratos, Marcin Poturalski 29 January 2008. Agenda. Neighbor Discovery and Relay Attacks Currently Proposed Defense Methods Our System Model A Low-Cost Method to Thwart Relay Attacks

santa
Download Presentation

A Low-Cost Method to Thwart Relay Attacks in Wireless Sensor Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. A Low-Cost Method to Thwart Relay Attacks in Wireless Sensor Networks Reza Shokri Tutors: Panos Papadimitratos, Marcin Poturalski 29 January 2008

  2. Agenda • Neighbor Discovery and Relay Attacks • Currently Proposed Defense Methods • Our System Model • A Low-Cost Method to Thwart Relay Attacks • Analysis and Simulation Results • Conclusion

  3. Neighbor Discovery • Neighbor Discovery is the Building Block of Multi-Hop Communication in WSN. • Security Requirements • Authenticity (Authenticating the neighbors) • Availability (Discovering all neighbors) • Correctness (Verifying the neighborhood relation) • Threats • Impersonation Attacks • Denial of Service (e.g. Jamming Attack) • Relay Attack

  4. A1 Relay Attack • Relaying messages between two nodes in a way that: nodes believe they are neighbors while they are not. • Placing a Relay Point in vicinity of BS, the attacker attracts nodes to route their packets through the Relay Channel. • Having control over the channel, he can perpetrate powerful external attack on Fake Links.

  5. Agenda • Neighbor Discovery and Relay Attacks • Currently Proposed Defense Methods • Our System Model • A Low-Cost Method to Thwart Relay Attacks • Analysis and Simulation Results • Conclusion

  6. Currently Proposed Defense Methods • Distance Bounding [BC93, HK05] [BC93] Stefan Brands and David Chaum. Distance-bounding protocols, 1993. • Location-based [HPJ03, SRB01] [HPJ03] Y.-C. Hu, A. Perrig, and D.B. Johnson. Packet leashes: a defense against wormhole attacks in wireless networks, 2003. • Using Directional Antenna [HE04] [HE04] Lingxuan Hu and David Evans. Using directional antennas to prevent wormhole attacks, 2004. • Connectivity-based [BDV05, MGD07] [BDV05] Levente Buttyán, László Dóra, and István Vajda. Statistical wormhole detection in sensor networks, 2005.

  7. Observations • These solutions are • Impractical in wireless sensor networks because they require sophisticated hardware or trustworthy external information • Not resilient against strong adversaries.

  8. Agenda • Neighbor Discovery and Relay Attacks • Currently Proposed Defense Methods • Our System Model • A Low-Cost Method to Thwart Relay Attacks • Analysis and Simulation Results • Conclusion

  9. Received Signal Power (dBm) at Distance d (m) Transmission Signal Power (dBm) Path Loss1 (dBm) at Distance d (m) 1. Path loss (or path attenuation) is the reduction in power density (attenuation) of an electromagnetic wave as it propagates through space. IEEE 802.15.4 Channel Model • The IEEE 802.15.4 standard addresses a simple, low-cost communication network that allows a wireless connectivity between devices with a limited power. • Signal propagation of MicaZ, IEEE 802.15.4 compliant, mote modules (Equipped with CC2420 RF transceivers on 2.4 GHz Frequency band):

  10. IEEE 802.15.4 Channel ModelReceived Signal Strength via Distance (on MicaZ)

  11. Network Model • A static wireless sensor network, composed of tiny motes uniformly distributed in the field. • Nodes are able to transmit with different power levels and can measure the received signal strength. • Inspired from the channel characteristics, neighbors have following properties: • Channel Symmetry • Bidirectional Connection Transitivity • Signal Attenuation • Polygon Distance Plausibility

  12. Channel Symmetry • For any pair of neighbors, the path loss is equivalent in both directions (because it is dependent to distance). • In practice there is a Symmetry Error. • The difference between RSS in two directions should be less than Symmetry Error.

  13. Bidirectional Connection Transitivity • Noise Floor at s < Received Signal Power from v • Received Signal Power from v < Received Signal Power from u • If s can not hear u, maybe there is a selective relay attack in between Suspicious Case

  14. Signal Attenuation • Clearly, based on the path loss model: d0: The reference distance (usually 1m in low-power communication), is chosen to be at a distance at which the propagation can be considered to be close enough to the transmitter such that multi-path and diffraction are negligible and the link is approximately that of free-space.

  15. Polygon Distance Plausibility • Distance between connected nodes should match to a polygon on a plane. • Error in distance estimation will be considered.

  16. S We use currently proposed Security Association (SA) establishment protocol. • SA establishment framework: • After these (at most) three messages, nodes have established a shared key. • We use in our protocol which stands for SA material.

  17. Set B Set A Adversary Model Victims • We look at the network from the attacker’s point of view. • We define Victim Topology as two sets of nodes corresponding to two sides of the attack. Each node is a member of one set and its path loss to the adversary is its representative. {{PLA1M},{PLB1M,PLB2M}}

  18. Attacker Strategy • Attacker Strategy represents how the attacker wants to deceive the victim network (for example by changing the signal power). • A Successful Strategy is the strategy that the attacker can deceive the nodes and remains undetected in the presence of secure neighbor discovery protocol.

  19. Agenda • Neighbor Discovery and Relay Attacks • Currently Proposed Defense Methods • Our System Model • A Low-Cost Method to Thwart Relay Attacks • Analysis and Simulation Results • Conclusion

  20. Protocol has two phases:Neighbor Discovery and Neighbor Verification. • Neighbor Discovery (ND) • Nodes simply look for their neighbors and perform SA establishment. • They check "Channel Symmetry" and "Signal Attenuation" properties. • Neighbor Verification (NV) • Nodes exchange their Neighbor Table and check the "Bidirectional Connection Transitivity" and “Polygon Distance Plausibility” properties.

  21. ND Phase • Consider u performs ND and v is one of its neighbors.

  22. NV Phase • Check following properties in CheckPlausibility: • Polygon Distance Plausibility • Bidirectional Connection Transitivity

  23. Agenda • Neighbor Discovery and Relay Attacks • Currently Proposed Defense Methods • Our System Model • A Low-Cost Method to Thwart Relay Attacks • Analysis and Simulation Results • Conclusion

  24. Finding Successful Strategy for the Adversary • To fulfill the “Symmetry Property”: • Adversary adds a ∆Pi (dBm) to each packet he wants to relay for node i. • To maximize his chance, | ∆Pi - ∆Pj| should be minimized.

  25. What is the best ∆P? ∆P (Number of nodes covered by the signal) ∆P (Probability of violating the “Signal Attenuation” property) For median values, attacker may violate the “Polygon Distance Plausibility” and “Bidirectional Connection Transitivity” properties.

  26. “Selective Relay Strategy” is not always a successful strategy. • Can be detected by “Bidirectional Connection Transitivity” property. • Moreover, if • Nodes randomly use different power levels for NV. • Each node has a different identifier for each power level. • Identifiers of nodes are disclosed to their legitimate neighbors (after authentication). • Then, • Attacker can not link between two messages coming from a single node with different power levels (different identifiers). • Can not have a correct deterministic selective relay.

  27. 45 (dBm) 80 (dBm) 50 (dBm) 70 (dBm) Examples of Attack DetectionViolating “Signal Attenuation” Property • Victim Topology = {{45,70}, {50,80}} • PL(d0)=40 (dBm) • Minimum ∆P to cover all nodes is: 60 (dBm) 45-60+50 = 35 < 40 Impossible (Signal Attenuation)

  28. 79 (dBm) 73 (dBm) 54 m 72 (dBm) 18.5 m 54 m 11 m Examples of Attack DetectionViolating “Polygon Distance Plausibility” PropertyTriangle Case • Victim Topology = {{73}, {72,79}} • ∆P = 83 (dBm) • Distances through relay channel: • 11 + 18.5 < 54

  29. Examples of Attack DetectionViolating “Polygon Distance Plausibility” PropertyQuadrilateral Case • Victim Topology = {{81,86},{83,89}} • ∆P = 86 (dBm) • Localization error using path loss: 20m

  30. Simulation Model • Victim Network Size: |A|=|B|= 1, …, 10 • Nodes Power level: 0 dBm. • Attacker Transmission range: 80m • Nodes Transmission Range: 70m. • Localization error: 20m • All possible ∆P values checked for a large number of topologies (randomly generated), considering the constraints of ND and NV phases. • The probability of detection is the proportion of cases the attacker is detected by ALERT. • The effectiveness of the attack is the average number of fake links the attacker can make, without being detected.

  31. Victim Network Size |A| = |B| Attack Success Detection Probability ∆P Simulation Results

  32. Agenda • Neighbor Discovery and Relay Attacks • Currently Proposed Defense Methods • Our System Model • A Low-Cost Method to Thwart Relay Attacks • Analysis and Simulation Results • Conclusion

  33. Conclusion and On-Going Work • We proposed a low-cost secure neighbor discovery protocol for wireless sensor networks. • Our protocol is based on basic principles of wireless channel and geometry. • We are implementing our protocol on real sensors to check its effectiveness in real situations. • Challenges are calibration of receivers to reduce the “Symmetry Error” and tuning the path loss model to have more precise distance measurement.

  34. References [BC93] Stefan Brands and David Chaum. Distance-bounding protocols. In Theory and Application of Cryptographic Techniques, 1993. [BDV05] Levente Buttyán, László Dóra, István Vajda. Statistical wormhole detection in sensor networks. Lecture Notes in Computer Science, 2005. [HE04] Lingxuan Hu and David Evans. Using directional antennas to prevent wormhole attacks. In NDSS, 2004. [HK05] Gerhard P. Hancke and Markus G. Kuhn. An RFID distance bounding protocol. In SECURECOMM 2005. [HPJ03] Y.-C. Hu, A. Perrig, and D.B. Johnson. Packet leashes: a defense against wormhole attacks in wireless networks. In INFOCOM 2003. [MGD07] R. Maheshwari, J. Gao, and S. R. Das. Detecting wormhole attacks in wireless networks using connectivity information. In INFOCOM 2007. [PPS+07] Panos Papadimitratos, Marcin Poturalski, Patrick Schaller, Pascal lafourcade, David Basin, Srdjan Capkun, and Jean-Pierre Hubaux. Secure neighborhood discovery: A fundamental element for mobile ad hoc networking. Accepted in IEEE Communication Magazine, 2007. [SRB01] Chris Savarese, Jan M. Rabaey, and Jan Beutel. Locationing in distributed adhoc wireless sensor networks. In ICASSP 2001.

More Related