NETWORK SECURITY Final Presenation

8/3/2019 NETWORK SECURITY Final Presenation

1/23

NETWORK SECURITY

DHWANI BHAVSAR GUIDED BY:

10MCEC02 PROF. VIJAY UKANI


2/23

Revision:

Common attacks in wired

network

Security technologies

Challenges


3/23

OUTLINE

WIRELESS SENSOR NETWORK.

COMMON ATTACKS.

SINKHOLE ATTACK ANDITS

COUNTERMEASURES.


4/23

WIRELE

SS SEN

SO

RNETWO

RK Wireless Sensor Network consists of distributed

autonomous sensors to co-operatively monitorphysical or environmental conditions, such as

temperature , sound , vibration ,pressure,motion etc.


5/23

ATT

ACKS: Selective forwarding attack

Sybil attack

Wormhole attack

Sinkhole attack


6/23

Selective Forwarding Attack


7/23

Sybil Attack


8/23

Sinkhole Attack: Prevent the base station from obtaining

complete and correct sensing data

Particularly severe for wireless sensornetworks

Many current routing protocols in sensornetworks are susceptible to the sinkholeattack


9/23

Sinkhole Attack

Left: using an artificial high quality route

Right: using a wormhole

BS

SH

Affected

node

High quality

route


10/23

Estimate the Attacked Area

Consider a monitoring application in which sensornodes submit sensing data to the BS periodically

By observing consistent data missing from an area,the BS may suspect there is an attack with selective

forwarding BS can detect the data inconsistency using thefollowing statistical method

Let X1, ...,Xn be the sensing data collected in asliding window, and be their mean. Define f(Xj) as


11/23

Estimate the Attacked Area

Identify a suspectednode iff(Xj) is greaterthan a certain threshold

The BS can estimatewhere the sinkholelocates

It can circle a potential

attackedarea, whichcontains all thesuspected nodes

BS

SH

Nodes with missing

or inconsistent data


12/23

Identifying the

Intruder

Each sensor stores the ID of next-hop to the BSand the cost in its routing table

The BS sends a request message to all theaffected nodes

The sensors reply with Since the next-hop and the cost could already be

affected by the attack The reply message should be sent along the

reverse path in the flooding, which corresponds tothe original route with no intruder


13/23

Identifying the

Intruder

Network flow information canbe represented by a directededge

Realizes the routing patternby constructing a tree usingthe next hop informationcollected

An invaded area possessesspecial routing pattern

All network traffic flowstoward the samedestination, which iscompromised by theintruder SH

BS

SH


14/23

Enhancement on Network FlowInformation Collection

Multiple malicious nodes may prevent theBS from obtaining correct and completeflow information for intruder detection

They may cooperate with the intruder toperform the following misbehaviors: Modify the packets passing through

Forward the packets selectively

Provide wrong network flow information of itself

We address these issues throughencryption and path redundancy


15/23

Multiple Malicious Nodes

Drop some of thereply packets

BS

SH

Colluding nodes

SH'

3

3

3

3

33

3

2

33

3

2

2

1A

SH'

SH

C

D

E

F

G H

Their objective is to hide the real intruderSHand

blame on a victim node SH

Provide incorrectflow information


16/23

Dealing with

Malicious

Nodes

Maintain an array Count[] Entry Count[i] stores the total number of

nodes having hop count difference i

Index ican be negative (a node issmaller than its actual distance from thecurrent root)

IfCount[0] is not the dominated one

in the array, it means the current rootis unlikely the real intruder


17/23

Dealing with Malicious Nodes By analyzing the array

Count, we may estimatethe hop counts from SHto SH

The BS can make rootcorrection and re-calculate the arrayCountamong the nodeswithin two hops from SH

Concludes the intruderbased on the mostconsistent result


18/23

Example

The array Countof the following figure is:


19/23

Example Eventually, node SH becomes the new

root:


20/23

Performance EvaluationNo. of nodes in network 400

Size of network 200m x 200m

Transmission range 10m

Location ofBS (100,100)

Location of sinkhole (50, 50)

Percentage of colluding codes (m) 0 50%

Message drop rate (d) 0 80%

No. of neighbors which a message is

forwarded to (k)1 2

Packet size 100bytes

Max. number of reply messages per

packet5

Accuracy of IntruderIdentification

Success RateFalse-positive Rate

False-negative Rate

Communication Cost

Energy Consumption


21/23

Success Rate

0

20

40

60

80

100

0 5 10 15 20 25 30 35 40 45 50

Successrate(%)

Ratio of malicious nodes (%)

Success rate in intruder identification

d=0d=0.2d=0.4d=0.6d=0.8


22/23

False-positive and

False-negative Rate

0

20

40

60

80

100

0 5 10 15 20 25 30 35 40 45 50

Fa

lse-positive

rate

(%

)


False-positive rate in intruder identification

d=0

d=0.2d=0.4d=0.6d=0.8

0

20

40

60

80

100

0 5 10 15 20 25 30 35 40 45 50

Fa

lse-negative

rate(%

)


False-negative rate in intruder identification

d=0

d=0.2d=0.4d=0.6d=0.8


23/23

THANK YOU..

NETWORK SECURITY Final Presenation

Documents

Transcript of NETWORK SECURITY Final Presenation