1 / 27

Secure Routing in wireless sensor networks: attacks and countermeasures

Secure Routing in wireless sensor networks: attacks and countermeasures. Chris Karlof and David Wagner University of California at Berkeley 1 st IEEE International Workshop on Sensor Network Protocols and Applications, 2003 발 표 : 장준혁 , 최준철. Contents.

knoton
Télécharger la présentation

Secure Routing in wireless sensor networks: attacks and countermeasures

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Secure Routing in wireless sensor networks:attacks and countermeasures Chris Karlof and David Wagner University of California at Berkeley 1st IEEE International Workshop on Sensor Network Protocols and Applications, 2003 발표: 장준혁, 최준철

  2. Contents • Introduction: wireless sensor network • Problem statement • Attacks on sensor network routing • Attacks on specific sensor network protocols • Countermeasures • Conclusion

  3. Wireless Sensor Network(WSN) • Applications • Fire monitoring, protecting wild animals, military purpose • Deployment • Sensing • Network construction • Data aggregation • Restricted resources • Environments(assumptions) • Base station • Global information • Transmission range • Mobility • Resource constraints Sensor Node Sensor Field Sink Node

  4. Sensor Node <Mica mote> <Power consumption>

  5. Sensor Network Routing • Power consumption dominates network lifetime • Mostly, sensor nodes are not repaired or reused • 2 weeks ~ a few years • How many messages are used? • = How long does the network alive? •  Sensor routing protocols • Flooding, proactive(DSDV), reactive(AODV), clustering(LEACH) • The routing protocols are not designed for security and traditional methods are hard to use • This paper suggests • Threat models and security goals • Countermeasures • Design consideration

  6. WSN vs. Ad-hoc Wireless Networks • Similarity • Support Multi-hop networking • Differences • Sensor : Supports Specialized communication patterns • Many-to-One • One-to-Many • Local Communication • Sensor nodes more resource constrained than Ad-hoc nodes • Public key cryptography not feasible • Higher level of trust relationship among sensor nodes • In-network processing, aggregation, duplication elimination

  7. Problem Statement • Trust Requirements • Insecure Radio links • Base station(trusted), nodes(untrusted) • None tamper resistant • Adversary can access all key, data, code • Threat Models • Based on device capability • Mote-class attacker / Laptop-class attacker • Based on attacker type/location • Outside attacks / Inside attacks

  8. Security Goal • Responsibility • Link layer: Integrity, authenticity, and confidentiality • Routing protocol: Availability • Application: replay attack • Outsider adversaries • Conceivable to achieve these goals • Insider adversaries • These goals are not fully attainable -> Graceful degradation

  9. Attack Model • Spoofed, altered, or replayed routing information • Selective forwarding • Sinkhole attacks** • Sybil attacks • Wormholes attacks • HELLO flood attacks** • Acknowledgement spoofing • Attacker wants to: • Steal information through the data flows • Break the functionality of the sensor network

  10. B A1 A2 A3 A4 Attack Model • Spoofed, altered or replayed routing information • May be used for loop construction, attracting or repelling traffic, extend or shorten source route • Selective forwarding • A malicious node behaves like a black hole • Refuse to forward certain messengers, selective forwarding packets or simply drop them • Sinkhole attacks • Attacker creates metaphorical sinkhole by advertising for example high quality route to a base station • Almost all traffic is directed to the fake sinkhole

  11. Attack Model • The Sybil Attack • Forging of multiple identities - having a set of faulty entities represented through a larger set of identities. • Significant threat to location aware routing protocols • An adversary node can be in more than one place at once • Wormholes • Tunneling of messages over alternative low-latency links, • e.g. confuse the routing protocol, create sinkholes. etc. 그림: 애드혹(Ad Hoc) 네트워크에서의 위치정보 기반의 웜홀(Wormhole) 탐지 기법, 이규호 외, 정보과학회, 2006

  12. Attack Model • HELLO flood attack • An attacker sends or replays a routing protocol’s HELLO packets with more energy • Acknowledgement spoofing • Spoof link layer acknowledgement to trick other nodes to believe that a link or node is either dead or alive

  13. Attacks on specific protocols • TinyOS beaconing • Directed Diffusion • Geographic routing

  14. Attacks on specific protocols • TinyOS beaconing • Base station broadcast Route update(beacon) periodically, Nodes received the update and mark the base station as parent and broadcast it • Breadth First Spanning Tree rooted at a base station • Routingupdates are not authenticated

  15. Attacks on TinyOS protocols • Spoofing a routing update • Bogus and replayed routing information (such like “I am station”) send by an adversary can easily pollute the entire network • Routing loops can easily be created by mote-class adversaries

  16. Attacks on TinyOS protocols • Wormhole / Sinkhole attack • Two colluding powerful laptop-class nodes, one near the base station and one near the targeted area • The first node forwards routing updates through worm hole • The second node create sinkhole by rebroadcasting the routing update in the targeted area

  17. Attacks on TinyOS protocols • HELLO flood attack • Broadcast a routing update loud enough to reach the entire network by using a powerful transmitter • Every node marks the adversary as its parent • Most nodes will be likely out of normal radio range

  18. Attacks on TinyOS protocols • HELLO flood attack • Broadcast a routing update loud enough to reach the entire network by using a powerful transmitter • Every node marks the adversary as its parent • Most nodes will be likely out of normal radio range

  19. Attacks on specific protocols • Directed diffusion • A data-centric routing algorithm for drawing information out of a sensor network

  20. Attacks on Directed diffusion protocols • Suppression • Cloning • Path influence • Selective forwarding and data tempering

  21. Attacks on specific protocols • Geographic Routing • GPSR (Greedy Perimeter Stateless Routing) • Greedy forwarding routing each packet to the neighbor closest to the destination • GEAR (Geographic and Energy Aware Routing) • GEAR weighs the choice of the next hop by both remaining energy and distance from the target

  22. Attacks on Geographic Routing protocols • Sybil Attack • Surrounding each target using non-existent nodes by using Sybil attack. Adversary maximizes chances for placing herself on the path of data flow • Forge location advertisements • Advertise her location in a way to place herself on the path of a known flow • Forge other node’s location to create routing loops

  23. Countermeasures • Authentication and encryption • Prevents the majority of outsider attacks • False routing information, selective forwarding, sinkhole attacks, sybil attacks, ACK spoofing • Can’t prevent to tunnel or amplify legitimate message • Wormhole attacks, HELLO flood atacks • Can’t prevent insider attacks

  24. Countermeasures • Insider attacks • Using a globally shared key allows an insider to masquerade as any node • Verifing identities might be done using Public key cryptography, but this is beyond the capabilities of sensor nodes • Share a unique symmetric key with a trusted base station • Two nodes verify each other by using some protocol and establish a shared key • Using that key, pair of noes can implement authenticated and encrypted link between them • Base station reasonably limit the number of neighbors

  25. Countermeasures • Wormhole and Sinkhole attacks • These are very difficult to defend since detecting and verifying is extremely difficult • Difficult to retrofit existing protocols with defenses against these attack • Best solution is to carefully design routing protocols • Geographic routing protocol • Resistant to wormhole and sinkhole attacks • Do not construct topology with initiation. Construct on demand • Difficult to create a sinkhole and easy to detect wormhole

  26. Countermeasures • Selective Forwarding • Multipath routing can be used to counter these types of selective forwarding attacks • Messages routed over n paths whose nodes are completely disjoint are completely protected against selective forwarding attacks involving at most n compromised nodes • Allowing nodes to dynamically choose a packet’s next hop probabilistically from a set of possible candidates

  27. Conclusion • Currently proposed routing protocols for sensor networks are insecure • Link layer encryption and authentication, multipath • routing, identity verification, bidirectional link • verification and authenticated broadcast is important • Cryptography is not enough for insiders and laptopclass • adversaries, careful protocol design is needed as • well

More Related