Distributed Detection Of Node Replication Attacks In Sensor Networks Presenter: Kirtesh Patil...
-
Upload
ruth-sherman -
Category
Documents
-
view
223 -
download
0
Transcript of Distributed Detection Of Node Replication Attacks In Sensor Networks Presenter: Kirtesh Patil...
Distributed Detection Of Node Replication Attacks In Sensor
Networks
Presenter: Kirtesh Patil
Acknowledgement: Slides on Paper originally provided by Bryan Parno, Adrian Perrig and Virgil Gligor
By Bryan Parno, Adrian Perrig and Virgil Gligor
Sensor Networks
• Wireless sensor networks contain thousands of nodes
• Each node has limited processing, storage capacity and power
• Low Cost• Easy to deploy– No Tamper proof
Replication Attack
• Capture one node– pressure, voltage and temperature sensing not
built-in to detect intrusion– Read memory
• Replicate nodes – same IDs– Affects data aggregation protocols– Replicated nodes can be used to kick legitimate
nodes out (node-revocation protocol)
Outline
• Introduction• Problem Statement and Previous Work• Solution• Evaluation• Discussion
Introduction Problem Statement Solution 1 Solution 2 Evaluation Discussion
Assumptions
• Adversary can’t deploy nodes with arbitrary ID – paper assumes n/w implements required safeguards
• Adversary has limited node capturing capability
• Cloned node has at least one legitimate node in neighborhood (Can be eliminated)
• All node know their geographical location and node are primarily stationary
Introduction Problem Statement Solution 1 Solution 2 Evaluation Discussion
Objectives• Detect node replication with high probability
• Secure against adaptive adversary– Unpredictable to adversary– No central point of failure
• Minimize communication overhead
Introduction Problem Statement Solution 1 Solution 2 Evaluation Discussion
Previous Approaches• Centralized scheme– Each node sends location to central base station– Central base station examines list for conflicts– Revocation: flood network with authenticated
revocation message– Disadvantages:
• Vulnerable to single point failure– Compromise base station– Interfere with its communication
• Node surrounding base station – undue routing of traffic• Revocation can be delayed
– Advantages: 100% detection
Introduction Problem Statement Solution 1 Solution 2 Evaluation Discussion
Previous Approaches (Contd.)
• Local Detection Scheme– Neighbor try to detect replicated nodes– Fails to detect distributed node replicated in
disjoint neighborhood
Introduction Problem Statement Solution 1 Solution 2 Evaluation Discussion
Emergent Properties
• They are properties that only emerge through collective action of multiple nodes
• Advantages:– No Central Point of Failure– Attractive approach to thwart unpredictable and
adaptive adversary
Introduction Problem Statement Solution 1 Solution 2 Evaluation Discussion
Simple Approach
• Node-To-Network Broadcast– Each node broadcast location information– 100% detection– Assumption: Broadcast reaches all nodes • Attacker can easily jam or interfere with
communication
Introduction Problem Statement Solution 1 Solution 2 Evaluation Discussion
Simple Approach (Contd.)
• Deterministic Multicast– Node sends location to neighbors– Neighbors choose witness and forward location to
them– Problem:• Predictable – attacker can jam all messages to
witnesses • Witnesses become target to subversion
Introduction Problem Statement Solution 1 Solution 2 Evaluation Discussion
Approach Overview
STEP1: Announce location– Sign and broadcast location to neighbors
STEP 2: Detect Replicas– Use Emergent properties– Ensure at least one witness receives two conflicting
locations
STEP 3: Revoke replicas– Flood network with conflicting location claims
(signed)
Introduction Problem Statement Solution 1 Solution 2 Evaluation Discussion
Randomized Multicast Protocol
STEP 2• Witness chosen randomly• Each neighbor chooses witnesses• So n neighbor send location to witnesses • By Birthday Paradox – if there are clones then
location conflict will occur. • Probability of detection
Introduction Problem Statement Solution 1 Solution 2 Evaluation Discussion
dn
n
n
Rw
Detect eP
2
1
Line Selected Multicast
• Use routing topology of network to select witnesses
• All the intermediate nodes between neighbor and witness check for conflict
• Geometric probability says replicated nodes will be detected
Introduction Problem Statement Solution 1 Solution 2 Evaluation Discussion
Line Selected Multicast Detection
Introduction Problem Statement Solution 1 Solution 2 Evaluation Discussion
Line Selected Multicast Detection
Introduction Problem Statement Solution 1 Solution 2 Evaluation Discussion
Y
Line Selected Multicast Detection
Introduction Problem Statement Solution 1 Solution 2 Evaluation Discussion
Y
With five line segments per point : 95%
Theoretical Communication Overhead
Detection Scheme Average # of Messages / Nodes
Centralized Detection
Randomized Multicast
Line Selected Multicast
Introduction Problem Statement Solution 1 Solution 2 Evaluation Discussion
)( nO
)( nO
)(nO
Probability of Detection in Irregular Topologies
Introduction Problem Statement Solution 1 Solution 2 Evaluation Discussion
Timing Issue And Masked-Replication
• How often to perform detection1. Every T unit of time – node forgets previous
claims2. Time slots• Time slots based on ID• Witness remember claims during time slot
• Adversary captures neighbors– Solution: pseudo-neighbors – neighbors ask for
location claim
Introduction Problem Statement Solution 1 Solution 2 Evaluation Discussion
Conclusion And Future Work
• Use of emergent properties to tackle node replication– High probability of detection– Resilient to adaptive adversary– Minimum communication overhead
• Scheme assumes captured nodes follow protocol– Implicit sampling to detect nodes that suppress or
drop messages
Introduction Problem Statement Solution 1 Solution 2 Evaluation Discussion