Secure Routing in Wireless Sensor Networks: Attacks and ... rek/Adv_Nets/Fall2007/Secure_WSN07.pdfSecure Routing in Wireless Sensor Networks: ... node uses the faults in a routing protocol ... routing, energy and distance aware routing

Embed Size (px)

Text of Secure Routing in Wireless Sensor Networks: Attacks and ......

  • SecureRoutinginWirelessSensorNetworks:Attacksand

    Countermeasures

    Presentedby:IvorRodrigues

    WorcesterPolytechnicInstitute

  • WhatisaSensornetwork? Aheterogeneous

    systemcombiningtinysensorsandactuatorswithgeneralpurposecomputingelements.

  • SensorNetwork

    1km

    38strongmotionseismometersin17storysteelframeFactorBuilding.100freefieldseismometersinUCLAcampusgroundat100mspacing

    Mobicom2002WirelessSensorNetworksDeborahEstrin

  • Sensors

    PassiveNodes:seismic,acoustic,infrared,strain,salinity,humidity,temperature,etc.

    Activesensors:radar,sonar

    Highenergy,incontrasttopassiveelements

    SmallinSizeICTechnology

  • UseofSensorNetworks?

    WirelessCommunicationsandComputing:

    InteractingwiththephysicalworldSecurityandsurveillanceapplicationsMonitoringof

    naturalhabitatsMedicalSensorssuchasBodyId

  • ThisPaper

    Proposethreatmodelsandsecuritygoalsforsecureroutinginwirelesssensornetworks

    Discussthevariouskindsofattacks Showhowattacksagainstadhocwirelessnetworksand

    peerpeernetworkscanbeadaptedaspowerfulattacksagainstsensornetworks.

    Discusscountermeasuresanddesignconsiderations

  • Motivation SecurityforRoutingusingSensorNetworks

    Securityisnotconsideredasatoppriority Sowesee,whysensornetworksaresoprone

    toattacks.

  • SensornetworkprotocolsandPossibleAttacks

  • RequirementsforSensorNetworks

    Nodesandnetwork CentralinformationprocessingUnit Power Memory Synchronization,cooperabibility

  • Definitions

    BSBaseStationsorSinksNodesAggregatePointsSources

  • RequirementsforSensorNetworks

    Powerrestrictions Numberofnodesrequiredfordeployment Dutycycledependsonlongevity DataratePowerrelation Security Memory Simplicity

  • Adhocvs.WSN Multihop Routingbetweenanypairofnodes Somewhatresourceconstrained

    Adhoc

  • Adhocvs.WSN RoutingPatterns

    ManytoOne OnetoMany Local

    Extremelyresourceconstrained

    TrustRelationshipstopruneredundantmessages Innetworkprocessing Aggregation Duplicateelimination

    WSN

  • MicaMote 4MHz8bitAtmelATMEGA103Processor

    Memory 128KBInstructionMemory 4KBRAM/512KBflashmemory

    916MHzradio 40Kbpssinglechannel Range:fewdozenmeters

    Power 12mAinTxmode 4.8mAinRxmode 5Ainsleepmode

    Batteries 2850mAon2AA Imagesource:www.btnode.ethz.ch

  • MoteClassvsLaptopClassAttacker

    Small LessPowerful FewerCapabilities

    Large likelaptops,highly

    powerful Largecapabilities

  • OutsiderAttackervsInsiderAttacker

    Lessaccess Doesnotinclude

    compromisednodes

    Bigthreat Mayormaynot

    includecompromisednodes

  • Authentication Publickeycryptography

    Toocostly WSNcanonlyaffordsymmetrickey

    SecureRouting Sourcerouting/distancevectorprotocols

    Requiretoomuchnodestate,packetoverhead Usefulforfullyconnectednetworks,whichWSNare

    not

  • ControllingMisbehavingNodes Punishment

    Ignorenodesthatdontforwardpackets Susceptibletoblackmailers

    Securityprotocols SNEPprovidesconfidentiality,authentication TESLAprovidesauthenticatedbroadcast

  • Assumptions

    NetworkAssumptions TrustRequirements ThreatModels SecurityGoals

  • AttacksonSensorNetworkRouting

    Spoofed,Alteredorreplayedroutinginformation

  • AttacksonSensorNetworkRoutingSelectiveforwarding

  • AttacksonSensorNetworkRoutingOntheIntruderDetectionforSinkholeAttackin

    WirelessSensorNetworksEdithC.H.Ngai,1JiangchuanLiu,2andMichaelR.Lyu1 SinkholeAttack

  • AttacksonSensorNetworkRouting

    SybilAttack

  • AttacksonSensorNetworkRouting

    Wormholes

  • AttacksonSensorNetworkRouting

    HelloFloodAttack

  • AttacksonSensorNetworkRouting

    Acknowledgmentspoofing

  • AcknowledgmentSpoofing Ifaprotocoluseslinklayeracks,theseackscanbe

    forged,sothatothernodesbelieveaweaklinktobestrongordeadnodestobealive.

    Packetssentalongthisrouteareessentiallylost Adversaryhaseffectedaselectiveforwardingattack

  • Hellofloodattack InaHELLOfloodattackamaliciousnodecansend,

    recordorreplayHELLOmessageswithhightransmissionpower.

    Itcreatesanillusionofbeinganeighbortomanynodesinthenetworksandcanconfusethenetworkroutingbadly.

    Assumptionthatsenderiswithinnormalrange Alaptopclassattackercouldtrickallnodesin

    networkintothinkingitsaparent/neighbor

  • Hellofloodattack Endresultcanbeafeelingofsinkhole,wormhole,

    selectiveforwardingsymptoms. Adversaryismyneighbor Result:Networkisconfused

    Neighborseitherforwardingpacketstotheadversary

    Attackprimarilyonprotocolsthatrequiresharingofinformationfortopologymaintenanceorflowcontrol.

  • Wormholes Thewormholeattackusuallyneedstwomalicious

    nodes. Theideaistodistortroutingwiththeuseofalow

    latencyoutofboundchanneltoanotherpartofthenetworkwheremessagesarereplayed.

    Thesecanbeused,forexample,tocreatesinkholesandtoexploitraceconditions.

    Usefulinconnectionwithselectiveforwarding,eavesdropping

    DifficulttodetectwhenusedinconjunctionwithSybilattack

    Wormholesaredifficulttodetect.

  • SybilAttack TheSybilattackistargetedtounderminethe

    distributedsolutionsthatrelyonmultiplenodescooperationormultipleroutes.InaSybilattack,themaliciousnodegathersseveralidentitiesforposingasagroupofmanynodesinsteadofone.Thisattackisnotrelevantasaroutingattackonly,itcanbeusedagainstanycryptoschemesthatdividethetrustbetweenmultipleparties.Forexample,tobreakathresholdcryptoscheme,oneneedsseveralsharesofthesharedsecret.

  • SybilAttack Affectsgeographicrouting. Sendingmultiple(fictitious)resultstoaparent Sendingdatatomorethanoneparent

  • SinkholeAttack Amaliciousnodeusesthefaultsinaroutingprotocol

    toattractmuchtrafficfromaparticulararea,thuscreatingasinkholesinkhole

    Trickingusersadvertisingahighqualitylink Usealaptopclassnodetofakeagoodroute HighlyAttractiveandsusceptibilitydueto

    communicationpattern. Sinkholesaredifficulttodefend

  • SelectiveForwarding Amaliciousnodecanselectivelydroponlycertain

    packets. Especiallyeffectiveifcombinedwithanattackthat

    gathersmuchofthetrafficviathenode,suchasthesinkholeattackoracknowledgmentspoofing.

    Theattackcanbeusedtomakeadenialofserviceattacktargetedtoaparticularnode.Ifallpacketsaredropped,theattackiscalledablackhole.

  • SelectiveForwarding AnInsiderattackerincludedintheroutingpath

    AnOutsiderattackercausescollisionsonanoverheardflow.

  • Spoofed,Alteredorreplayedroutinginformation

    Anunprotectedadhocroutingisvulnerabletothesetypesofattacks,aseverynodeactsasarouter,andcanthereforedirectlyaffectroutinginformation.

    Createroutingloops Extendorshortenserviceroutes Generatefalseerrormessages Increaseendtoendlatency

  • AttacksonSpecificSensorNetworkProtocols

    TinyOSBeaconing Directeddiffusion Geographicrouting Minimumcostforwarding LEACH Rumorrouting SPAN&GAF

  • TinyOSBeaconing InTinyOSbeaconing,anynode

    canclaimtobeabasestation.Ifroutingupdatesareauthenticated,alaptopattackercanstilldoawormhole/sinkholeattack:LaptopattackercanalsouseaHELLOfloodattacktothewholenetwork:allnodesmarkitasitsparent,buttheirradiorangewillnotreachit.Moteclassattackerscanalsocreateroutingloops.

  • TinyOSBeaconing Routingalgorithmconstructsabreadthfirstspanning

    treerootedatthebasestation TheNodesmarkbasestationasitsparent,then

    informthebasestationthatitisoneofitschildrennode.

    Receivingnoderebroadcastsbeaconrecursively ThreatLevel:Orange

  • Directeddiffusion

    DataCentricSensorNodedontneedglobalidentityApplicationSpecificTraditionalNetworksperformwidevarietyoftasks.SensorNetworksaredesignedforspecifictask.Dataaggregation&caching.Positivereinforcementincreasesthedatarateoftheresponseswhilenegativereinforcementdecreasesit.

  • Directeddiffusion Suppression Cloning PathInfluence

  • SelectiveForwarding

    WormingandSybilingondirecteddiffusionWSN's

  • GEARandGPSR GPSR:unbalancedenergyconsumption GEAR:balancedenergyconsumption GPSR:routingusingsamenodesaroundthe

    perimeterofavoid GEAR:weighstheremainingenergyanddistance

    fromthetarget GPSR:GreedyroutingtoBasestation GEAR:distributedrouting,energyanddistanceaware

    routing. Constructatopologyondemandusinglocalized

    interactionsandinformationwithoutinitiationofthebasestation

  • GeographicalAttacksandAttackers

    Forgingfakenodestotrytoplugitselfintothedatapath.

  • GeographicalAttacksandAttackers

    GPSR.

  • Countermeasures

    Sybilattack Uniquesymmetrickey

    NeedhamSchroeder

    RestrictnearneighborsofnodesbyBasestation

  • Countermeasures

    HelloFlooding Bidirectionality Restrictingthe

    numberofnodesbythebasestation

  • Countermeasures

    Wormholeandsinkholeattacks

    Usetimeanddistance ThusGeographic

    routingprotocolslikeGPSRandGEARworkagainstsuchattacks

    TrafficdirectedtowardsBasestationandnotelsewherelikesinkholes

  • LeveragingGlobalknowledge

    Fixednumberofnodes Fixedtopology.

  • SelectiveForwarding

    Messagesroutedoverndisjointpathsprotectedfromncompromisednodes

    ImageSource:http://wiki.uni.lu/secanlab/Braided+Multipath+Routing.html

  • Conclusions

    TheAuthorsstatethatforsecurerouting,networksshouldhavesecurityasthegoal

    Infiltratorscaneasilyattack,modifyorcapturevulnerablenodes.

    Limitingthenumberofnodes,usingpublic/global/localkeyaresomeofthewaystocounterbeingattackedbyadversaries.

  • FewObservations

    Moreinsigh