NETWORK SECURITY Final Presenation
Transcript of NETWORK SECURITY Final Presenation
-
8/3/2019 NETWORK SECURITY Final Presenation
1/23
NETWORK SECURITY
DHWANI BHAVSAR GUIDED BY:
10MCEC02 PROF. VIJAY UKANI
-
8/3/2019 NETWORK SECURITY Final Presenation
2/23
Revision:
Common attacks in wired
network
Security technologies
Challenges
-
8/3/2019 NETWORK SECURITY Final Presenation
3/23
OUTLINE
WIRELESS SENSOR NETWORK.
COMMON ATTACKS.
SINKHOLE ATTACK ANDITS
COUNTERMEASURES.
-
8/3/2019 NETWORK SECURITY Final Presenation
4/23
WIRELE
SS SEN
SO
RNETWO
RK Wireless Sensor Network consists of distributed
autonomous sensors to co-operatively monitorphysical or environmental conditions, such as
temperature , sound , vibration ,pressure,motion etc.
-
8/3/2019 NETWORK SECURITY Final Presenation
5/23
ATT
ACKS: Selective forwarding attack
Sybil attack
Wormhole attack
Sinkhole attack
-
8/3/2019 NETWORK SECURITY Final Presenation
6/23
Selective Forwarding Attack
-
8/3/2019 NETWORK SECURITY Final Presenation
7/23
Sybil Attack
-
8/3/2019 NETWORK SECURITY Final Presenation
8/23
Sinkhole Attack: Prevent the base station from obtaining
complete and correct sensing data
Particularly severe for wireless sensornetworks
Many current routing protocols in sensornetworks are susceptible to the sinkholeattack
-
8/3/2019 NETWORK SECURITY Final Presenation
9/23
Sinkhole Attack
Left: using an artificial high quality route
Right: using a wormhole
BS
SH
Affected
node
High quality
route
-
8/3/2019 NETWORK SECURITY Final Presenation
10/23
Estimate the Attacked Area
Consider a monitoring application in which sensornodes submit sensing data to the BS periodically
By observing consistent data missing from an area,the BS may suspect there is an attack with selective
forwarding BS can detect the data inconsistency using thefollowing statistical method
Let X1, ...,Xn be the sensing data collected in asliding window, and be their mean. Define f(Xj) as
-
8/3/2019 NETWORK SECURITY Final Presenation
11/23
Estimate the Attacked Area
Identify a suspectednode iff(Xj) is greaterthan a certain threshold
The BS can estimatewhere the sinkholelocates
It can circle a potential
attackedarea, whichcontains all thesuspected nodes
BS
SH
Nodes with missing
or inconsistent data
-
8/3/2019 NETWORK SECURITY Final Presenation
12/23
Identifying the
Intruder
Each sensor stores the ID of next-hop to the BSand the cost in its routing table
The BS sends a request message to all theaffected nodes
The sensors reply with Since the next-hop and the cost could already be
affected by the attack The reply message should be sent along the
reverse path in the flooding, which corresponds tothe original route with no intruder
-
8/3/2019 NETWORK SECURITY Final Presenation
13/23
Identifying the
Intruder
Network flow information canbe represented by a directededge
Realizes the routing patternby constructing a tree usingthe next hop informationcollected
An invaded area possessesspecial routing pattern
All network traffic flowstoward the samedestination, which iscompromised by theintruder SH
BS
SH
-
8/3/2019 NETWORK SECURITY Final Presenation
14/23
Enhancement on Network FlowInformation Collection
Multiple malicious nodes may prevent theBS from obtaining correct and completeflow information for intruder detection
They may cooperate with the intruder toperform the following misbehaviors: Modify the packets passing through
Forward the packets selectively
Provide wrong network flow information of itself
We address these issues throughencryption and path redundancy
-
8/3/2019 NETWORK SECURITY Final Presenation
15/23
Multiple Malicious Nodes
Drop some of thereply packets
BS
SH
Colluding nodes
SH'
3
3
3
3
33
3
2
33
3
2
2
1A
SH'
SH
C
D
E
F
G H
Their objective is to hide the real intruderSHand
blame on a victim node SH
Provide incorrectflow information
-
8/3/2019 NETWORK SECURITY Final Presenation
16/23
Dealing with
Malicious
Nodes
Maintain an array Count[] Entry Count[i] stores the total number of
nodes having hop count difference i
Index ican be negative (a node issmaller than its actual distance from thecurrent root)
IfCount[0] is not the dominated one
in the array, it means the current rootis unlikely the real intruder
-
8/3/2019 NETWORK SECURITY Final Presenation
17/23
Dealing with Malicious Nodes By analyzing the array
Count, we may estimatethe hop counts from SHto SH
The BS can make rootcorrection and re-calculate the arrayCountamong the nodeswithin two hops from SH
Concludes the intruderbased on the mostconsistent result
-
8/3/2019 NETWORK SECURITY Final Presenation
18/23
Example
The array Countof the following figure is:
-
8/3/2019 NETWORK SECURITY Final Presenation
19/23
Example Eventually, node SH becomes the new
root:
-
8/3/2019 NETWORK SECURITY Final Presenation
20/23
Performance EvaluationNo. of nodes in network 400
Size of network 200m x 200m
Transmission range 10m
Location ofBS (100,100)
Location of sinkhole (50, 50)
Percentage of colluding codes (m) 0 50%
Message drop rate (d) 0 80%
No. of neighbors which a message is
forwarded to (k)1 2
Packet size 100bytes
Max. number of reply messages per
packet5
Accuracy of IntruderIdentification
Success RateFalse-positive Rate
False-negative Rate
Communication Cost
Energy Consumption
-
8/3/2019 NETWORK SECURITY Final Presenation
21/23
Success Rate
0
20
40
60
80
100
0 5 10 15 20 25 30 35 40 45 50
Successrate(%)
Ratio of malicious nodes (%)
Success rate in intruder identification
d=0d=0.2d=0.4d=0.6d=0.8
-
8/3/2019 NETWORK SECURITY Final Presenation
22/23
False-positive and
False-negative Rate
0
20
40
60
80
100
0 5 10 15 20 25 30 35 40 45 50
Fa
lse-positive
rate
(%
)
Ratio of malicious nodes (%)
False-positive rate in intruder identification
d=0
d=0.2d=0.4d=0.6d=0.8
0
20
40
60
80
100
0 5 10 15 20 25 30 35 40 45 50
Fa
lse-negative
rate(%
)
Ratio of malicious nodes (%)
False-negative rate in intruder identification
d=0
d=0.2d=0.4d=0.6d=0.8
-
8/3/2019 NETWORK SECURITY Final Presenation
23/23
THANK YOU..