KAIS T SIGF : A Family of Configurable, Secure Routing Protocols for WSNs Sep. 20, 2007 Presented by...
-
Upload
ginger-stokes -
Category
Documents
-
view
218 -
download
0
Transcript of KAIS T SIGF : A Family of Configurable, Secure Routing Protocols for WSNs Sep. 20, 2007 Presented by...
![Page 1: KAIS T SIGF : A Family of Configurable, Secure Routing Protocols for WSNs Sep. 20, 2007 Presented by Kim, Chano Brian Blum, Tian He, Sang Son, Jack Stankovic.](https://reader035.fdocuments.in/reader035/viewer/2022062315/5697bfc41a28abf838ca5f04/html5/thumbnails/1.jpg)
KAIST
SIGF : A Family of Configurable, Secure
Routing Protocols for WSNs
Sep. 20, 2007
Presented by Kim, Chano
Brian Blum, Tian He, Sang Son, Jack Stankovic
Security of Ad Hoc and Sensor Networks (SASN’06)
![Page 2: KAIS T SIGF : A Family of Configurable, Secure Routing Protocols for WSNs Sep. 20, 2007 Presented by Kim, Chano Brian Blum, Tian He, Sang Son, Jack Stankovic.](https://reader035.fdocuments.in/reader035/viewer/2022062315/5697bfc41a28abf838ca5f04/html5/thumbnails/2.jpg)
22 / 19 / 19SIGF : A Family of Configurable, Secure Routing Protocols for WSNs
Contents
Introduction
IGF : Implicit Geographic Forwarding
Assumptions and Attacks
SIGF : Secure IGF
Evaluation
Conclusion
![Page 3: KAIS T SIGF : A Family of Configurable, Secure Routing Protocols for WSNs Sep. 20, 2007 Presented by Kim, Chano Brian Blum, Tian He, Sang Son, Jack Stankovic.](https://reader035.fdocuments.in/reader035/viewer/2022062315/5697bfc41a28abf838ca5f04/html5/thumbnails/3.jpg)
33 / 19 / 19
Introduction
Resource bound security solution
Efficiency of individual security mechanism
Efficiency of all security mechanisms installed together at a node
Access control, routing, localization, time synchronization, Power management
SIGF(Secure Implicit Geographic Forwarding )
B.blum at al, IGF : A state free robust communication protocol for wireless
sensor networks. CS-2003-1, Univ. of Virginia, 2003
A family of configurable secure routing protocols
Three protocols (SIGF-0, SIGF-1, SIGF-2)
State ↑ & Security ↑
SIGF : A Family of Configurable, Secure Routing Protocols for WSNs
![Page 4: KAIS T SIGF : A Family of Configurable, Secure Routing Protocols for WSNs Sep. 20, 2007 Presented by Kim, Chano Brian Blum, Tian He, Sang Son, Jack Stankovic.](https://reader035.fdocuments.in/reader035/viewer/2022062315/5697bfc41a28abf838ca5f04/html5/thumbnails/4.jpg)
44 / 19 / 19
IGF(Implicit Geographic Forwarding) – 1/2
Quick overview of IGF
Fig-1. Forwarding Area for Source S Fig-2. IGF handshake timeline
A
R
: Candidate nodes
SIGF : A Family of Configurable, Secure Routing Protocols for WSNs
![Page 5: KAIS T SIGF : A Family of Configurable, Secure Routing Protocols for WSNs Sep. 20, 2007 Presented by Kim, Chano Brian Blum, Tian He, Sang Son, Jack Stankovic.](https://reader035.fdocuments.in/reader035/viewer/2022062315/5697bfc41a28abf838ca5f04/html5/thumbnails/5.jpg)
55 / 19 / 19
Keeps no routing state information
Lazy binding → Fault tolerance, robust topology changes
Eliminate maintenance overhead and routing latency
Ten-fold increase in delivery ratio
Reduce end to end delay and control overhead
A point of view from security
Confines the attacker’s impact to the neighborhood
Prevents attackers that proof, alter, replace routing information
Vulnerable in black-hole attack
IGF(Implicit Geographic Forwarding) – 2/2
SIGF : A Family of Configurable, Secure Routing Protocols for WSNs
![Page 6: KAIS T SIGF : A Family of Configurable, Secure Routing Protocols for WSNs Sep. 20, 2007 Presented by Kim, Chano Brian Blum, Tian He, Sang Son, Jack Stankovic.](https://reader035.fdocuments.in/reader035/viewer/2022062315/5697bfc41a28abf838ca5f04/html5/thumbnails/6.jpg)
66 / 19 / 19
System assumption
Insecure radio links
Attacker’s possibilities
Nodes know their own location
Additionally know that of their neighbors (SIGF-1, SIGF-2)
Pairwise-shared keys in the neighbors(SIGF-2 )
Routing attacks (applicable to IGF)
Routing state corruption, Wormhole, Hello-flood => prevented
Black hole attack, Selective forwarding attack, Sybil attack
Denial of services : ORTS replay attack, CTS replay attack
Assumptions and Attacks – 1/3
SIGF : A Family of Configurable, Secure Routing Protocols for WSNs
![Page 7: KAIS T SIGF : A Family of Configurable, Secure Routing Protocols for WSNs Sep. 20, 2007 Presented by Kim, Chano Brian Blum, Tian He, Sang Son, Jack Stankovic.](https://reader035.fdocuments.in/reader035/viewer/2022062315/5697bfc41a28abf838ca5f04/html5/thumbnails/7.jpg)
Routing Attacks
Assumptions and Attacks – 2/3
Fig-3. CTS Rushing Attack by A Fig-4. Node A performs a Sybil attack
SIGF : A Family of Configurable, Secure Routing Protocols for WSNs 77 / 19 / 19
![Page 8: KAIS T SIGF : A Family of Configurable, Secure Routing Protocols for WSNs Sep. 20, 2007 Presented by Kim, Chano Brian Blum, Tian He, Sang Son, Jack Stankovic.](https://reader035.fdocuments.in/reader035/viewer/2022062315/5697bfc41a28abf838ca5f04/html5/thumbnails/8.jpg)
88 / 19 / 19
SIGF : Secure IGF
Tradeoff between security and state maintenance
Configurability can be adapted at runtime
Higher cost must be borne even when no attacks are occurring
Each protocol is a subset of the next
SIGF-0 : no state at all
SIGF-1 : locally generated state
Limited information learned from interactions with neighbors
SIGF-2 : Cryptographic guarantees in routing
Use keys and sequence numbers shared among neighbors
SIGF : A Family of Configurable, Secure Routing Protocols for WSNs
![Page 9: KAIS T SIGF : A Family of Configurable, Secure Routing Protocols for WSNs Sep. 20, 2007 Presented by Kim, Chano Brian Blum, Tian He, Sang Son, Jack Stankovic.](https://reader035.fdocuments.in/reader035/viewer/2022062315/5697bfc41a28abf838ca5f04/html5/thumbnails/9.jpg)
99 / 19 / 19
SIGF : Secure IGF-0
Lessen but not eliminate the chance of selecting an attackers
Fig-3. SIFG-0 next hop selection for message from current node S to ultimate Destination D
SIGF : A Family of Configurable, Secure Routing Protocols for WSNs
![Page 10: KAIS T SIGF : A Family of Configurable, Secure Routing Protocols for WSNs Sep. 20, 2007 Presented by Kim, Chano Brian Blum, Tian He, Sang Son, Jack Stankovic.](https://reader035.fdocuments.in/reader035/viewer/2022062315/5697bfc41a28abf838ca5f04/html5/thumbnails/10.jpg)
1010 / 19 / 19
SIGF : Secure IGF-0
Configurable dimension
Forward Area
{60° sextant, closer, whole neighborhood}
Collection Window
{one responder, fixed multiple, dynamically lengthened}
Forwarding Candidate Choice
{first, by priority, random, multiple}
Omit location
{ yes, no}
Robust against a black-hole attack cased
by CTS rushing attack
SIGF : A Family of Configurable, Secure Routing Protocols for WSNs
![Page 11: KAIS T SIGF : A Family of Configurable, Secure Routing Protocols for WSNs Sep. 20, 2007 Presented by Kim, Chano Brian Blum, Tian He, Sang Son, Jack Stankovic.](https://reader035.fdocuments.in/reader035/viewer/2022062315/5697bfc41a28abf838ca5f04/html5/thumbnails/11.jpg)
1111 / 19 / 19
SIGF : Secure IGF-1
Reduce the chance of selecting an attacker as the next-hop
State
T : Total # of messages sent to all neighbors)
Nsent = # of messages sent to N
Nforward = # of messages forwarded by neighbor N on this node’s behalf
Nlocation = Last claimed location of node N
Ndelay = average delay between relaying a message to node N
Nsuccess = Nforward / Nsent = forwarding success ratio (reliability)
Nfairness = (T- Nsent ) / T = forwarding fairness ratio
Nconsistency = A consistency score based on N’s claimed location
N performance = (D – N delay) / D
SIGF : A Family of Configurable, Secure Routing Protocols for WSNs
![Page 12: KAIS T SIGF : A Family of Configurable, Secure Routing Protocols for WSNs Sep. 20, 2007 Presented by Kim, Chano Brian Blum, Tian He, Sang Son, Jack Stankovic.](https://reader035.fdocuments.in/reader035/viewer/2022062315/5697bfc41a28abf838ca5f04/html5/thumbnails/12.jpg)
1212 / 19 / 19
SIGF : Secure IGF-1
Per Neighbor Reputation Value
System Parameters for SIGF-1
SIGF : A Family of Configurable, Secure Routing Protocols for WSNs
eperformancyconsistencfairnesssuccess NNNNR
![Page 13: KAIS T SIGF : A Family of Configurable, Secure Routing Protocols for WSNs Sep. 20, 2007 Presented by Kim, Chano Brian Blum, Tian He, Sang Son, Jack Stankovic.](https://reader035.fdocuments.in/reader035/viewer/2022062315/5697bfc41a28abf838ca5f04/html5/thumbnails/13.jpg)
1313 / 19 / 19
SIGF : Secure IGF-2
Shared state secure IGF (for cryptographic operations)
Message Authentication { all messages, only DATA, node)
Message Sequence { yes, no)
Payload Encryption { yes, no}
Attacks resisted by IFG and SIGF protocols
State & Cost
↑
Security ↑
SIGF : A Family of Configurable, Secure Routing Protocols for WSNs
![Page 14: KAIS T SIGF : A Family of Configurable, Secure Routing Protocols for WSNs Sep. 20, 2007 Presented by Kim, Chano Brian Blum, Tian He, Sang Son, Jack Stankovic.](https://reader035.fdocuments.in/reader035/viewer/2022062315/5697bfc41a28abf838ca5f04/html5/thumbnails/14.jpg)
1414 / 19 / 19
Use GloMoSim Simulator
Evaluation
Table. Simulation parameter Fig. Final node location (S,D, A1-4)
SIGF : A Family of Configurable, Secure Routing Protocols for WSNs
![Page 15: KAIS T SIGF : A Family of Configurable, Secure Routing Protocols for WSNs Sep. 20, 2007 Presented by Kim, Chano Brian Blum, Tian He, Sang Son, Jack Stankovic.](https://reader035.fdocuments.in/reader035/viewer/2022062315/5697bfc41a28abf838ca5f04/html5/thumbnails/15.jpg)
1515 / 19 / 19
Evalutation (2/2)
Base System (No attacks)
SIGF : A Family of Configurable, Secure Routing Protocols for WSNs
![Page 16: KAIS T SIGF : A Family of Configurable, Secure Routing Protocols for WSNs Sep. 20, 2007 Presented by Kim, Chano Brian Blum, Tian He, Sang Son, Jack Stankovic.](https://reader035.fdocuments.in/reader035/viewer/2022062315/5697bfc41a28abf838ca5f04/html5/thumbnails/16.jpg)
1616 / 19 / 19
Evalutation (2/2)
Black Hole Attack Selective Forwarding Attack (by A3)
SIGF : A Family of Configurable, Secure Routing Protocols for WSNs
![Page 17: KAIS T SIGF : A Family of Configurable, Secure Routing Protocols for WSNs Sep. 20, 2007 Presented by Kim, Chano Brian Blum, Tian He, Sang Son, Jack Stankovic.](https://reader035.fdocuments.in/reader035/viewer/2022062315/5697bfc41a28abf838ca5f04/html5/thumbnails/17.jpg)
1717 / 19 / 19
Evalutation (2/2)
Sybil Attack (by A3)
SIGF : A Family of Configurable, Secure Routing Protocols for WSNs
![Page 18: KAIS T SIGF : A Family of Configurable, Secure Routing Protocols for WSNs Sep. 20, 2007 Presented by Kim, Chano Brian Blum, Tian He, Sang Son, Jack Stankovic.](https://reader035.fdocuments.in/reader035/viewer/2022062315/5697bfc41a28abf838ca5f04/html5/thumbnails/18.jpg)
1818 / 19 / 19
Conclusion
SIGF (Secure Implicit Geographic Forwarding)
Chooses the next hop dynamically and nondeterministically
Increase robustness to node mobility and failure
SIGF-0, SIGF-1, SIGF-2
Future studies
Evaluate lower densities
How failure-recovery mechanism impacts the performance of SIGF family
SIGF : A Family of Configurable, Secure Routing Protocols for WSNs
![Page 19: KAIS T SIGF : A Family of Configurable, Secure Routing Protocols for WSNs Sep. 20, 2007 Presented by Kim, Chano Brian Blum, Tian He, Sang Son, Jack Stankovic.](https://reader035.fdocuments.in/reader035/viewer/2022062315/5697bfc41a28abf838ca5f04/html5/thumbnails/19.jpg)
1919 / 19 / 19SIG – WORK (4)
Thank you
![Page 20: KAIS T SIGF : A Family of Configurable, Secure Routing Protocols for WSNs Sep. 20, 2007 Presented by Kim, Chano Brian Blum, Tian He, Sang Son, Jack Stankovic.](https://reader035.fdocuments.in/reader035/viewer/2022062315/5697bfc41a28abf838ca5f04/html5/thumbnails/20.jpg)
EXTRA : Wormhole attack (1/4)
Adapted from Chris Karlof and David Wagner's WSNPA slides
Routing Tree
![Page 21: KAIS T SIGF : A Family of Configurable, Secure Routing Protocols for WSNs Sep. 20, 2007 Presented by Kim, Chano Brian Blum, Tian He, Sang Son, Jack Stankovic.](https://reader035.fdocuments.in/reader035/viewer/2022062315/5697bfc41a28abf838ca5f04/html5/thumbnails/21.jpg)
Wormhole attack (2/4)
Routing
Adapted from Chris Karlof and David Wagner's WSNPA slides
![Page 22: KAIS T SIGF : A Family of Configurable, Secure Routing Protocols for WSNs Sep. 20, 2007 Presented by Kim, Chano Brian Blum, Tian He, Sang Son, Jack Stankovic.](https://reader035.fdocuments.in/reader035/viewer/2022062315/5697bfc41a28abf838ca5f04/html5/thumbnails/22.jpg)
Wormhole Attack (3/4)
Tunnel packets received
in one place of the network
and replay them in another
place
The attacker can have no
key material. All it requires
is two transceivers and one
high quality out-of-band
channel Adapted from Chris Karlof and David Wagner's WSNPA slides
![Page 23: KAIS T SIGF : A Family of Configurable, Secure Routing Protocols for WSNs Sep. 20, 2007 Presented by Kim, Chano Brian Blum, Tian He, Sang Son, Jack Stankovic.](https://reader035.fdocuments.in/reader035/viewer/2022062315/5697bfc41a28abf838ca5f04/html5/thumbnails/23.jpg)
Disrupted Routing (4/4)
Adapted from Chris Karlof and David Wagner's WSNPA slides
Most packets will be
routed to the wormhole
The wormhole can drop
packets or more subtly,
selectively forward packets
to avoid detection
Blackhole / Selective forwarding attack
![Page 24: KAIS T SIGF : A Family of Configurable, Secure Routing Protocols for WSNs Sep. 20, 2007 Presented by Kim, Chano Brian Blum, Tian He, Sang Son, Jack Stankovic.](https://reader035.fdocuments.in/reader035/viewer/2022062315/5697bfc41a28abf838ca5f04/html5/thumbnails/24.jpg)
Sybil attack & Rushing attack
Sybil Attack Rushing Attack