1 / 33

DoS Attacks on Sensor Networks

DoS Attacks on Sensor Networks. Hossein Nikoonia Department of Computer Engineering Sharif University of Technology nikoonia@ce.sharif.edu. Outline. Wireless Sensor Networks False-Endorsement-Based DoS Attacks Broadcast Authentication Broadcast Authentication Digital Signature µTESLA

hannah-golden
Télécharger la présentation

DoS Attacks on Sensor Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. DoS Attacks on Sensor Networks Hossein Nikoonia Department of Computer Engineering Sharif University of Technology nikoonia@ce.sharif.edu

  2. Outline • Wireless Sensor Networks • False-Endorsement-Based DoS Attacks • Broadcast Authentication • Broadcast Authentication • Digital Signature • µTESLA • Containing DoS Attacks in Broadcast Authentication • Mitigating DoS Attacks against Broadcast Authentication • Other Types of DoS Attack • Future Work

  3. Wireless sensor networks

  4. Introduction • Composed of a large number of sensor nodes and one or more sink • Sensor Nodes • Collect data • Route data back to the sink • Sink [Akyildiz et. al. 2002]

  5. Applications • Military • Health • Monitoring patients • Monitoring disaster areas [Akyildiz et. al. 2002]

  6. Constraints • Sensor Nodes • Energy • Usually battery-powered • Processing power • Public-key operations are expensive • Delay • Energy • Cost • Tamper-proof hardware is not practical • Deployment area • Hostile • Unattended

  7. Mica2 Motes • Developed at UC Berkeley • TinyOS • ATmega128L • 128 KB Program flash memory • 4KB Configuration E2PROM • 2X AA Battery [Crossbow Technology]

  8. Information Security • Confidentiality • Integrity • Availability • Denial-of-Service (DoS)

  9. C. Krauβ, M Schneider, C. Eckert False-Endorsement-BasedDoS Attacks in wireless sensor networks WiSec ‘08

  10. False-Endorsement • How to verify correctness of an event? • Message Authentication Code (MAC) • Problem • Node capture • Solution to the problem • Endorsement • XOR of MACs [Krauβ et. al. 2008]

  11. False-Endorsement • Problem of the solution • False-Endorsement • Solution? [Krauβ et. al. 2008]

  12. Basic Idea • Nodes should prove their endorsement. [Krauβ et. al. 2008]

  13. Details • Assumptions • Nodes are loosely time-synchronized • Attacker does not have access to nodes for a period of time • Clusters contain • One cluster head (CH) • Several cluster nodes (CNs) • Hash chain • A sequence of n hash values [Krauβ et. al. 2008; Ning et. al. 2008]

  14. Details • Report Generation • Verification [Krauβ et. al. 2008]

  15. Broadcast authentication

  16. Broadcast Authentication • Digital signatures • µTESLA [Ning et. al. 2008]

  17. Digital Signature • 160-bit Elliptic Curve Digital Signature Algorithm (ECDSA) on MICAz • Power consumption • Receiving • 0.25mJ • Signature verification • 38.88mJ • Alkaline Battery • 1200 J/cm3 • Delay • 1.62s [Ning et. al. 2008; Karl and Willing 2005]

  18. µTESLA • Delayed authentication • Use of a one-way hash chain • Nodes should be loosely time synchronized • MACs are generated with a key which will be disclosed after a certain period of time. [Ning et. al. 2008]

  19. DoS Attack against Broadcast Authentication • Digital signature • Power consumption • Delay • It is impractical for the nodes to validate each incoming message before forwarding it. • µTESLA • Delayed authentication [Wang et. al. 2007; Ning et. al. 2008]

  20. R. Wang, W. Du, P. Ning Containing DoS Attacks in Broadcast Authentication In Sensor Networks MobiHoc ‘07

  21. The Basic Question • First to forward or first to verify? [Wang et. al. 2007]

  22. The Ideal Solution • The Ideal Solution • Faked messages • Authentication-first • Authentic messages • Forwarding-first • How? [Wang et. al. 2007]

  23. Proposed Solution • Dynamic Windows • Additive increase, Multiplicative Decrease (AIMD) • Each node stores a window size W • Initial value: Wmax • Attach a da to each message • Number of hops message has passed since its last authentication. [Wang et. al. 2007]

  24. Proposed Solution [Wang et. al. 2007]

  25. Simulation Result [Wang et. al. 2007]

  26. P. Ning, A. Liu, W. Du Mitigating DoS Attacks against Broadcast Authentication In Wireless Sensor Networks ACM Transactions on Sensor Networks, 2008.

  27. Basic Idea • Use of a weak authenticator • Could be verified efficiently by a sensor node. • Cannot be pre-computed. • Takes a reasonable amount of time for sink to compute. • Almost impractical for attacker to forge. • Not a replacement of digital signatures [Ning et. al. 2008]

  28. Weak authenticator • Message-specific puzzle • Based on one-way key chains • Takes 14.6ms on a MICAz mote to verify this weak authenticator. [Ning et. al. 2008]

  29. Details • Consider a hash chain. • This chain is generated offline and is stored in sink. • Each node knows the last value of the chain. • Hence, they can authenticate next values [Ning et. al. 2008]

  30. Details [Ning et. al. 2008]

  31. Other Types of DoS Attacks • Jamming • [Wood and Stankovic 2002] • Path-based DoS Attack • [Deng et. al. 2005]

  32. Future Work • DoS attack against sink • Multistage digital signature • Real-time weak authenticator (puzzle)

  33. References • I. F. Akyildiz, W. Su, Y. Sankarasubramaniam, E. Cayirci, “A Survey on Sensor Networks”, IEEE Communications Magazine, pp. 102-114, Aug. 2002. • [Crossbow Technology] www.xbow.com • J. Deng, R. Han, S. Mishra, “Defending against Path-based DoS Attacks in Wireless Sensor Networks”, In Proceedings of SASN’05, pp. 89-96, 2005. • C. Krauβ, M. Schneider, C. Eckert, “Defending against False-Endorsement-Based DoS Attacks in Wireless Sensor Networks, In Proceedings of WiSec’08, pp. 13-21, 2008. • H. Karl, A. Willing, ”Protocols and Architectures for Wireless Sensor Networks”, John Wiley and Sons, 2005. • P. Ning, A. Liu, W. Du, “Mitigating DoS Attacks against Broadcast Authentication in Wireless Sensor Networks”, ACM Transactions on Sensor Networks, Vol. 4, No. 1, pp. 1-33, 2008. • A. D. Wood, J. A. Stankovic, “Denial of Service in Sensor Networks”, Computer, Vol. 35, pp. 54-62, Oct. 2002. • R. Wang, W. Du, P. Ning, ”Containing Denial-of-Service Attacks in Broadcast Authentication in Sensor Networks”, In Proceedings of MobiHoc’07, pp. 71-79, 2007.

More Related