1 Routing security against Threat models CSCI 5931 Wireless & Sensor Networks CSCI 5931 Wireless &...
-
Upload
brendan-gaines -
Category
Documents
-
view
218 -
download
0
description
Transcript of 1 Routing security against Threat models CSCI 5931 Wireless & Sensor Networks CSCI 5931 Wireless &...
1
Routing security against Threat Routing security against Threat modelsmodels
CSCI 5931 Wireless & Sensor CSCI 5931 Wireless & Sensor Networks Networks
Darshan ChipadeDarshan Chipade
2
IntroductionIntroduction
Routing security a major issueRouting security a major issue Key contributionKey contribution
-Show how they are different from ad hoc -Show how they are different from ad hoc networksnetworks-Introduce two new classes of attacks-Introduce two new classes of attacks
Sinkhole attackSinkhole attackHello flood attackHello flood attack
-Security analysis of all major routing -Security analysis of all major routing protocolsprotocols
3
WSN vs. Ad-Hoc NetworksWSN vs. Ad-Hoc Networks
Multi-hop wireless communicationMulti-hop wireless communication WSNWSN
-Specialized communication patterns-Specialized communication patterns-Many-to-one-Many-to-one-One-to-many-One-to-many-Local communication-Local communication--More resource constrained i.e. limited More resource constrained i.e. limited
energyenergy--More trust needed for in-network processing, More trust needed for in-network processing,
aggregation, duplicate eliminationaggregation, duplicate elimination
4
AssumptionsAssumptions
Radio links insecureRadio links insecure
Malicious node can collude to attack WSNMalicious node can collude to attack WSN
Sensor nodes are not tamper resistantSensor nodes are not tamper resistant
Base station are trustworthyBase station are trustworthy
Aggregation points may not be trustedAggregation points may not be trusted
5
Distinction of threat ModelsDistinction of threat Models
Mote class attacker have access to few Mote class attacker have access to few sensor nodes with similar capabilitiessensor nodes with similar capabilities
Laptop class attacker are powerful Laptop class attacker are powerful devices with greater battery power, more devices with greater battery power, more capable CPU, high power transmittercapable CPU, high power transmitter
Attacker types-outside attacker, inside Attacker types-outside attacker, inside attackerattacker
6
Attacks on WSN routing protocolAttacks on WSN routing protocol
Spoof altered or replayed routing attackSpoof altered or replayed routing attack Target the routing information exchanged Target the routing information exchanged
between nodesbetween nodes Spoofing, routing altering the routing Spoofing, routing altering the routing
information, information, adversaries may create the routing loops, adversaries may create the routing loops,
repel, extend or shorten the routing source repel, extend or shorten the routing source routesroutes
Generate false messages, partition network Generate false messages, partition network
7
Selective forwarding attackSelective forwarding attack Malicious nodes may simply refuse to Malicious nodes may simply refuse to
forward certain messages and simply drop forward certain messages and simply drop them ensuring that they are not them ensuring that they are not propagated furtherpropagated further
Adversary can also modify these packets Adversary can also modify these packets and forward these messagesand forward these messages
8
Sinkhole attackSinkhole attack All the packets are directed to base All the packets are directed to base
stationstation A malicious node advertises a high A malicious node advertises a high
quality link to the base station to attract a quality link to the base station to attract a lot of packetslot of packets
Specialized communication patternSpecialized communication pattern Enable other attacks, e.g., selective Enable other attacks, e.g., selective
forwarding forwarding
9
Sybil attackSybil attack A single node represents multiple ID’s to A single node represents multiple ID’s to
other nodesother nodes The attack affects the multiple path The attack affects the multiple path
routing, topology maintenancerouting, topology maintenance It is believed to affect a significant threat It is believed to affect a significant threat
to the geographic routing protocolsto the geographic routing protocols More than one place at same timeMore than one place at same time
10
Wormholes attackWormholes attack Tunneling of messagesTunneling of messages A node at one end of the wormhole A node at one end of the wormhole
advertises high quality link to the base advertises high quality link to the base stationstation
Another node at the other end receives Another node at the other end receives the attracted packets the attracted packets
11
Hello Flood attackHello Flood attack Many protocols require nodes to broadcast Many protocols require nodes to broadcast
HELLO packets to announce themselves to HELLO packets to announce themselves to neighborsneighbors
Laptop-class attacker can convince it’s a Laptop-class attacker can convince it’s a neighbor of distant nodes by sending high neighbor of distant nodes by sending high power hello messagespower hello messages
Acknowledgement attackAcknowledgement attack Adversary spoofs ACKs to convince the sender Adversary spoofs ACKs to convince the sender
a weak/dead link supports good link qualitya weak/dead link supports good link quality
12
Attacks on specific sensor network Attacks on specific sensor network protocolprotocol
Tiny OS beaconingTiny OS beaconing Construct a Breadth First Spanning tree Construct a Breadth First Spanning tree
(BFS) rooted at the base station(BFS) rooted at the base station Beacons are not authenticatedBeacons are not authenticated Adversary can take over the whole WSN Adversary can take over the whole WSN
by broadcasting beaconsby broadcasting beacons
13
Directed DiffusionDirected Diffusion Base station floods interest for named data Base station floods interest for named data
and setting up gradients designed to draw and setting up gradients designed to draw eventsevents
Suppression- Flow suppression is done by Suppression- Flow suppression is done by spoofing negative reinforcementspoofing negative reinforcement
Cloning- Cloning a flow enables Cloning- Cloning a flow enables eavesdroppingeavesdropping
Path influence- Spoofing the data path as Path influence- Spoofing the data path as positive and negative path reinforcementpositive and negative path reinforcement
14
CountermeasuresCountermeasures
Outsider attacks and link layer securityOutsider attacks and link layer security Majority of the attacks against WSN Majority of the attacks against WSN
routing protocols can be prevented by link routing protocols can be prevented by link layer encryption using shared keylayer encryption using shared key
Selective forwarding and sinkhole attacks Selective forwarding and sinkhole attacks are not possible as adversary is prevented are not possible as adversary is prevented from joining the topologyfrom joining the topology
Cannot handle insider attack like Cannot handle insider attack like Wormhole, HELLO floodWormhole, HELLO flood
15
Sybil attackSybil attack Every nodes shares unique symmetric key Every nodes shares unique symmetric key
with the base stationwith the base station Creates a pair wise shared key for message Creates a pair wise shared key for message
authenticationauthentication Base station limits the number of neighbors Base station limits the number of neighbors
for a nodefor a node Hello Flood attackHello Flood attack Verify link bidirectionalVerify link bidirectional
16
Wormhole and sink hole attackWormhole and sink hole attack They use private out of bound channel They use private out of bound channel
invisible to the underlying sensor networkinvisible to the underlying sensor network Good routing protocol requiredGood routing protocol required
Selective forwardingSelective forwarding Multi path routingMulti path routing Route messages over disjointRoute messages over disjoint Dynamically pick up next hop from set of Dynamically pick up next hop from set of
candidatecandidate
17
Limitation of securing multi hop Limitation of securing multi hop routingrouting
Nodes which are one or two hops away Nodes which are one or two hops away from the to base station are more likely to from the to base station are more likely to be attacked or compromisedbe attacked or compromised
Using the cluster nodes which Using the cluster nodes which communicate directly to base station is communicate directly to base station is one solution against node compromiseone solution against node compromise
Using the virtual base station Using the virtual base station
18
Countermeasures SummaryCountermeasures Summary
Link layer authentication, encryption, Link layer authentication, encryption, multi path routing, identity verification, multi path routing, identity verification, bidirectional link verification and bidirectional link verification and authenticated broadcast can protect the authenticated broadcast can protect the sensor network routing protocolssensor network routing protocols
It is necessary to build such counter It is necessary to build such counter measures so that different attacks can be measures so that different attacks can be ineffective against themineffective against them
19
ConclusionConclusion
This paper covers the security issues at This paper covers the security issues at network levelnetwork level
Securing the routing protocols is most Securing the routing protocols is most essential essential
Link layer encryption can be used against Link layer encryption can be used against the mote class outsidersthe mote class outsiders
20
THANK YOU!!!!THANK YOU!!!!
21
QuestionQuestion
It is said that using the good routing It is said that using the good routing protocol we can minimize the protocol we can minimize the wormhole and sinkhole attack i.e. by wormhole and sinkhole attack i.e. by minimizing the number of hops to minimizing the number of hops to the base station. How it can be the base station. How it can be done?done?