VAMPIRE ATTACK IN WSN: A DETECTION AND PREVENTION APPROACH AGAINST

VAMPIRE

Presented By:

Richa Kumari

Outline

Introduction of WSN

Security Threats

Security Requirement

Vampire Attack

Related Work

Proposed Work

Conclusion and Future Work

References

Introduction

a) Wireless Sensor Network

Sometimes WSN is also called WSAN, wireless sensor and actuator

networks. WSAN is a collection of autonomous sensors which are

distributed in a specific area to monitor environmental conditions,

such as pressure, temperature and sound etc. they co-ordinately

transfer their information over the network to a destination node.

Figure : Sensor Node Architecture

Introduction Cont’d…

b) Characteristics of WSN

• Large no of nodes: A wireless sensor network uses huge amount

of sensor nodes.

• Unreliable Communication: In WSN routing is done by using

connection-less protocol so obviously communication will be

unreliable.

• Heterogeneity of nodes: The WSN have sensor nodes with

different abilities, such as various transmission or sensing ranges,

so that network provides more resilience in distribution.

• Battery powered: The power is needed to every sensor node to

receive packet and to perform the computation on it.

• Very limited resources: Each sensor nodes in WSN have limited

resource like memory (48K Program Memory and 1M flash

storage), 16 bit 8 MHz CPU with 10K RAM.

Introduction Cont’d…

• Scalability: It is the capability of a WSN to handle a growing no.

of sensor node.

• Node for common task: Each sensor node performs some task

like collecting the information, computation and communicating

with other nodes in the network.

• In network data processing: This technique of WSN is very

common and also very important in which an intermediate node

has a special transmission function to aggregate the sensing data

from the source and pass the resultant data to sink node [14].

• Self-Organization: Due to autonomous feature of the sensor

network each nodes can organize itself during ambiguous

situations [11].

Introduction Cont’d…

c) Application of WSN

• Area monitoring: The WSN is deployed over an area where some

aspect is to be observed and then transmit that information to the

control unit.

• Health monitoring: In medical science wearable and implanted

these two type of applications.

• Air pollution monitoring: To measure the concentration of

serious gases in cities, the WSN is used to do this.

• Forest fire detection: The Wireless Sensor Network can be

installed in a forest to detect the fire in particular coverage area. In

this process sensors measure the temperature, humidity and gases

which are produced during fire.

• Natural disaster prevention: WSN have strongly been set up in

water sources like rivers, lacks where variation in the water levels

observed in real time.

Security Threats

• There are different threats that target WSN [3] [7]. Which are

categorise as follows-

• Common Attacks: In WSN, wireless transmission medium is usedfor communication so it is easy to present many types of attackslike: Active attack (data modification, data injection, delay, DoS)and passive attack (traffic analysis, eavesdropping).

• Denial of Service Attacks (DoS [4] [16]): These type of attacksprevent the normal use of communication functionality. This attackmay suppress all packet directed to a particular destination e.g.jamming attack [15], Target the power of a nodes e.g. power-exhaustion, vampire attack.

• Node Compromise: When a node come into network attackerextract vital information from a node like routing information,

data, access control, security key etc. these attacks are Theseattacks are more dominant than other attacks.

Security Threats cont’d…

• Side-channel Attacks: Attacker can observe some real activity of

a node like electromagnetic flow of data whenever they implement

encryption or decryption. After capturing this information attacker

can easily extract secret key.

• Impersonation Attacks: There are two types of impersonation

attack. One is Sybil attack in which adversary creates multiple fake

identities and other is replication attack in which adversary create

duplicates of the same identity.

• Protocol-specific Attacks: In WSN some protocols are essential

to perform some activity in the network. These protocols like data

aggregation, routing and time synchronization are pointed by

specific attacks that objective to influence the internal network

services.

Security Requirement

There is need to use some security mechanism to avoid attack in

WSN [5] [7].

• Confidentiality: It ensure that a given information must not be

reveal by anyone other than the intended sender and receiver.

• Integrity: This security service stated that the data receive by the

receiver are absolute as sent by an authorize sender.

• Authorization: This security service ensure that only the

authorized entities (e.g.: sensor nodes and base station) can be able

to execute functions in the network like data gathering, routing,

processing and controlling the system.

• Authentication: It allows a recipient to verify that the data is

really sent by the authorised sender. In sensor network this security

services is quite significant.

• Auditing: Important information which is observed from

environment by the sensor nodes must be stored by nodes.

Security Requirement cont’d…

• Availability: The principle of this property is that network

services or resource should be always available to the authentic

users when they needed.

• Freshness [7]: In WSN Sensor node collect the real information

from environment at every moment and transmit it to base stations.

So this information must be recent.

• Forward and Backward Secrecy: There are two properties

needed whenever a new node join a network and a sensor node

fail. First is forward secrecy where a sensor node should not be

able to read any future messages after it leaves the network and the

other one is backward secrecy, where a joining sensor node should

not be able to read any previously transmitted message.

• Privacy and Anonymity: This property ensure that the location

and identities of WSN entities (sensor node and base stations)

should be hidden or protected from the outsiders.

Vampire Attack

• The vampire attack is the class of Denial-of-Service attack.

• Denial-of-Services in network is cause by consuming the power of

the sensor node. It is also called power draining attacks because of

this attack consume power of sensor nodes and disable the

network.

• we can categorise vampire attack into two.

a) Vampire Attack on Stateless Protocol

b) Vampire Attacks on Stateful Protocol

Vampire Attack Cont’d…

a) Vampire Attack on Stateless Protocol

• Carousel Attack: In carousel attack, an attacker compose a packet

with a path that contain series of loops of that path, so that same of

nodes will traverse by the single packet many times[9] as shown in

Figure.

Figure 1: Carousel Attack

Vampire Attack Cont’d…

• Stretch Attack: In stretch attack, intruder build up fake long

source route. So that the packets move through large number of

node rather than the excellent number of nodes as shown in Figure.

Figure 2: Stretch Attack

Vampire Attack Cont’d…

b) Vampire attacks on Stateful Protocol

Stateful routing protocols in which network topology and its state

are already known by the nodes so local forwarding decisions at

each is done by using stored state.

• Directional Antenna Attack: In this type of attack intruder have

small control over the packet progress when forwarding decisions

are made independently by each node but by using directional

antenna they can still waste energy[10].

• Malicious Discovery Attacks: AODV and DSR routing

algorithms are vulnerable to vampire, when route discovery initiate

by the node at any time, not just during change in a topology.

There are many ways for the malicious node to activate topology

change: it may simply falsely claim that a link is down, or claim a

new link to a non-existent node.

Related Work

1. Eugene y. vasserman et. al. [6], Describe PLGP protocol which is

developed By Parno, Luk, Gaustad and Perrig to prevent the

vampire attack. PLGP have mainly two phases, first is Topology

discovery Phase and other is Packet forwarding phase.

2. K. Vanitha and V.dhivya et. al. [8], They have invented a routing

protocol to Prevent from Vampire Attacks in WSN, name is

Valuable Secure protocol. It has mainly three phases, first is

network configuration phase, second is key management and last

one is communication phase.

3. B. Umakanth and J. Damodhar et. al. [13], Describe the EWMA

(Energy Weighted Monitoring Algorithm) to detect the vampire

attack. It has mainly two phases, first is network configuration and

other is communication phase. First phase is responsible for

creating an excellent routing path from source to sink. Second

phase perform aggregation of the packet transmission to avoids the

same packets.

Related Work Cont’d…

4. Ashish Patil and Rahul Gaikwad et. al.[2], Describe a method to

prevent vampire attack by using EWMA and finding corresponding

trust value of each node. For preventing vampire attack first detect

carousal and stretch attack. After detection of carousal and stretch

attack reduce their impact in wireless sensor networks by using

energy weight monitoring algorithm (EWMA). Then finding trust

value of each node in the network for performing routing operation.

5. Amee A. Patel and Sunil J. Soni et. al [1], Describe a method for

detection and prevention against vampire attack in AODV routing

protocol. The main goal of approach is defending the energy

draining of nodes in wireless sensor network against vampire attack

and increase the life time of network.

6. Shrikant C. Chumble1 and M. M. Ghonge et. al.[12], Describe

the vulnerability to the vampire attack on exiting routing protocol

like AODV even they design to be secure routing. The author also

proposed, vampire attack removal protocol (VARP).

Proposed Work

In this approach we add one extra field in the routing table at each

node and in data packet that is Bcast_id for AODV routing protocol

to detect the directional antenna attack.

Step 1: Whenever sensor node want to send the information, first it

will check its routing table.

• If path available in routing table then goto step 3.

• Otherwise it will generate the packet RREQ with Bcast_id and

broadcast this packet into the network in read only mode.

Step 2: The intermediate nodes either generates RREP with same

Bcast_id as RREQ or rebroadcast RREQ. Redundant RREQs are

dropped by these node.

• If these node have a path to destination in their routing table then

generates RREP and goto step 3.

• Otherwise rebroadcast the RREQ packet.

Proposed Work Cont’d…

Step 3: Node will unicast a ‘route_path_alert’ packet in that forward

path with fields <dest_addr, source_addr, bcast_id >.

So that all intermediate nodes can update their bcast_id field in

routing table corresponding to the source and destination entries.

Step 4: After establish or alert the reverse and forward path, source

node can transmit the information to destination.

Now source node prepare data packet including Bcast_id (read only

mode) and unicast this packet on particular selected path.

Step 5: All Intermediate nodes match bcast_id of packet and the

corresponding stored bcast_id in routing table.

If bcast_id matches then this node forward the data packet otherwise

send message to trusted authorise party that the particular previous

node is vampire node.

Conclusion and Future Work

• Various new routing protocol against vampire attack and methods

to detect or prevent the vampire in AODV routing protocol are

mentioned in related work.

• This paper provide a different approach for detect and prevent the

vampire attack by adding one extra variable in routing table and

data packet. After that performs some computation on that variable

to detect and prevent this attack.

• The simulation of above proposed algorithm is left for future work.

References

1. Amee A. Patel and Sunil J. Soni, “A Novel Proposal for Defending Against Vampire Attack in WSN” International Conference on Communication Systems and Network Technologies,pp: 624-627, DOI 10.1109/CSNT in 2015.

2. Ashish Patil and Rahul Gaikwad, “Preventing Vampire Attack in Wireless Sensor Network by using Trust” International Journal of Engineering Research & Technology ISSN: 2278-0181 Vol. 4 pp: 254-258, Issue 06, June-2015.

3. C. Karlof , D. Wagner, “Secure routing in wireless sensor networks attacks And countermeasures” in proc. Of 1st IEEE Int. workshop on sensor network Protocols and applications (SNPA’03), pp. 113-127, May 2003.

4. D.R. Raymond, R.C. Marchany, M.I. Brown¯eld, and S.F. Midki, “Effects of Denial-of-Sleep Attacks on Wireless Sensor Network MAC Protocols” IEEE Trans- actions on Vehicular Technology, vol. 58, no. 1, pp. 367-380, 2009.

5. Dr. Manoj Kumar Jain, “Wireless Sensor Networks: Security Issues and Challenges” IJCIT, vol. 2, issue 1, pp. 62-67, 2011.

6. Eugene Y. Vasserman and Nicholas Hopper, “Vampire Attacks: Draining Life from Wireless Ad Hoc Sensor Network” Ieee Transactions On Mobile Computing, Vol. 12, pp: 318 – 332, No. 2, February 2013.

7. J. Lopez, R. Roman, and C. Alcaraz, “Analysis of Security Threats, Requirements, Technologies and Standards in Wireless Sensor Networks” Foundations of Security Analysis and Design 2009, LNCS vol. 5705, pp. 289-338, 2009.

8. K.Vanitha, and V.Dhivya, “A Valuable Secure Protocol to Prevent Vampire Attacks in Wireless Ad Hoc Sensor Networks” IEEE International Conference on Innovations in Engineering and Technology Vol. 3, pp: 2441-2446, Special Issue 3, March 2014.

References Cont’d…

9. P.Rajipriyadharshini and V.Venkatakrishnan, S.Suganya and A .Masanam, “Vampire AttacksDeploying Resources in Wireless Sensor Networks” International Journal of Computer Scienceand Information Technologies, Vol. 5 (3), 2014, pp: 2951-2953 ; ISSN: 0975-9646.

10. Richa kumari, Pankaj Sharma, “A Literature Survey on Detection and Prevention againstVampire Attack in WSN” international conference on computer, communication &computational sciences [IC4S 2016], pp:122-126, Ajmer (Raj.) August 2016.

11. Snehlata Yadav, Kamlesh Gupta, Sanjay Silakari, “Security issues in wireless sensor networks”Journal of Information Systems and Communication, vol. 1, pp-01-06, issue 2, 2010.

12. Tawseef Ahmad Naqishbandi and Imthyaz Sheriff C, “A Resilient Strategy against EnergyAttacks in Ad-Hoc WSN and Future IoT” International Journal of Advanced Research inComputer Science and Software Engineering Vol. 4, Issue 2, February 2014, pp: 766-773, ISSN:2277 128X.

13. Umakant, and J. Damodhar, “Resource Consumption Attacks in Wireless Ad Hoc SensorNetworks” International Journal of Engineering Research ISSN: 2319 6890, Volume No.3 IssueNo: Special 2, pp: 107-111 22 March 2014.

14. V. Shnayder, M. Hempstead, B. Chen, G.W. Allen, and M. Welsh, “Simulating the PowerConsumption of Large-Scale Sensor Network Applications” Proceedings of the 2ndInternational Conference on Embedded Networked Sensor Systems (SenSys 2004), pp. 188-200, Baltimore (USA), August 2004.

15. W. Xu, W. Trappe, Y. Zhang, and T. Wood, “The Feasibility of Launching and DetectingJamming Attacks in Wireless Networks” Proceedings of the 6th ACM international symposiumon Mobile ad hoc networking and computing, pp. 46-57, Urbana-Champaign (USA), May 2005.

16. Y.W. Law, M. Palaniswami, L. Van Hoesel, J. Doumen, P. Hartel, and P. Havinga. Energy,“Efficient Link-Layer Jamming Attacks against Wireless Sensor Network MAC Protocols”ACM Transactions on Sensor Networks, vol. 5, no. 1, pp. 6:1-6:38, 2009.