1 / 36

Denial of Service in Sensor Networks

Denial of Service in Sensor Networks. Authors: Anthony D. Wood, John A. Stankovic Presented by: Aiyaz Amin Paniwala. The paper. Introduction Theory and Application Denial of Service Threat Physical Layer Link Layer Networking Layer Transport Layer Conclusion References.

jpearce
Télécharger la présentation

Denial of Service in Sensor Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Denial of Service in Sensor Networks Authors: Anthony D. Wood, John A. Stankovic Presented by: Aiyaz Amin Paniwala

  2. The paper • Introduction • Theory and Application • Denial of Service Threat • Physical Layer • Link Layer • Networking Layer • Transport Layer • Conclusion • References

  3. Introduction • WSN involves large-scale, real time data processing in complex environments • WSN is used for various applications • Availability is of great importance • Consideration of security at design time is essential

  4. Theory • Growing use of application dependent sensor networks • Many limitations exist in WSN like power reserves, wireless communication, identifiers • Network must operate under partial failure • Network must meet real time requirements • Data may be intrinsically valid for short time

  5. Application • Sensor Networks are used in different environments with different needs • Military application is primary • Can be used in inaccessible locations like volcanoes • Can be used in critical situations like natural or man made disasters • In all applications network must be resilient to individual node failure

  6. Denial of Service Threat • Any event that diminishes or eliminates a network’s capacity to perform it’s expected function • Caused by hardware failures, software bugs, resource exhaustion, environmental conditions or other complicated interactions

  7. The Layered Approach • A layered network architecture improves robustness • Each layer has different attacks and different defensive mechanisms • Some attacks are applicable across multiple layers

  8. Tabular Representation

  9. Physical Layer • This layer deals with the physical transmission in the form of signals • Nodes use wireless communication • Base Stations use wired or satellite communication. • Attacks • Jamming • Tampering

  10. Jamming • Interferes with radio frequencies • An adversary can use k randomly distributed jamming nodes • These k nodes can put N nodes out of service (k<<N) • Effective for single frequency network

  11. Detection of Jamming • Determined by constant energy as opposed to lack of response • Jamming can be sporadic and hence more difficult to detect yet effective • Jamming itself prevents exchanging data or even reporting the attack

  12. Prevention and Mitigation • Spread spectrum communication (code spreading) • It is less feasible due to design complexity, more power and more cost • Attacked nodes can switch to lower duty cycle and wake up to check for jamming • For intermittent jamming nodes send few high power, high priority messages to report attack

  13. Local Jamming

  14. Tampering • Attacker can physically tamper nodes • Likewise nodes can be interrogated and compromised • Attacker can damage or replace sensor and computation hardware • Attacker can extract sensitive material and use it for further attacks

  15. Prevention and Mitigation • Tamper proofing against physical damage • Camouflaging or hiding nodes • React to tampering by erasing cryptographic or program memory

  16. Link Layer • Provides Channel arbitration • Cooperative schemes are vulnerable to DoS attacks • Sensor Network is susceptible to • Collision • Exhaustion • Unfairness

  17. Collision • Adversary may cause disruption by inducing collision in just one octet of transmission • Corruption of ACK can induce costly exponential back-off • The attacker requires minimum energy for listening

  18. Detection, Prevention and Mitigation • Errors are detected using checksum mismatch • There is no effective way of defending against such an attack • Error Correcting codes can be used at the cost of increased overheads

  19. Exhaustion • Repeated retransmissions are triggered even by unusually late collisions • This leads to exhaustion of battery source • It can potentially block availability • A node could repeatedly request channel access with RTS • This causes power losses on both requesting and responding node

  20. Detection, Prevention and Mitigation • Random back-offs can be used for prevention • Ineffective as they would only decrease probability of inadvertent collisions • Time division multiplexing • Solve the indefinite postponement problem • MAC admission control rate limiting • Limiting the extraneous responses required

  21. Unfairness • It is a weaker form of DoS • It mostly degrades service than denies it • It exploits MAC-Layer priority schemes • It can be prevented by use of small frames • This may increase framing overheads • Adversary can cheat while vying for access

  22. Network and Routing Layer • Messages may traverse many hops before reaching the destination • The cost of relaying a packet and the probability of its loss increases in an aggregate network • Every node can act as a router • Hence the routing protocols should be simple and robust

  23. Neglect and Greed • A neglectful node arbitrarily neglects to route some messages • Its undue priority to messages originating from it makes it greedy • Multiple routes or sending redundant messages can reduce its effect. • It is difficult to detect

  24. Homing • Important nodes and their identities are exposed to mount further attacks • A passive adversary observes traffic to learn the presence and location of critical resources • Shared cryptographic keys are an effective mechanism to conceal the identity of such nodes • This makes the assumption that none of the nodes have been subverted

  25. Misdirection • Messages are forwarded in wrong paths • This attack targets the sender • Adversary can forge replies to route discovery requests and include the spoofed route • Sensor networks can use an approach similar to egress filtering

  26. Black Holes • Nodes advertise zero cost routes to every other node • Network traffic is routed towards these nodes • This disrupts message delivery and causes intense resource contention • These are easily detected but more disruptive

  27. Authorization • This is a defense mechanism against misdirection and black-hole • Only authorized node can share information • Public-key encryption can be used for routing updates • The problems are with computational and communication overheads and key management

  28. Monitoring • Nodes can keep monitoring their neighbors • Nodes become watchdogs for transmitted packets • Each of them has a quality-rating mechanism

  29. Probing • A network probe tests network connectivity • This mechanism can be used to easily detect Black holes • A distributed probing scheme can detect malicious nodes

  30. Redundancy • Lessens the probability of encountering a malicious node • Duplicate messages can also be sent using same path to deal with intermittent failure

  31. Transport Layer • Manages end-to-end connections • Sensor Networks utilize protocols with minimum overhead • The potential threats are • Flooding • Desynchronization

  32. Flooding • Adversary send many connection establishment request to victim • Each request causes allocation of resources • It can be prevented by limiting the number of connections • Connectionless protocols are not susceptible to this attack • Another solution is client puzzles

  33. Desynchronization • The attacker forges messages to one or both ends with sequence numbers • This causes the end points to request retransmissions of missed frames • This may lead to lack of availability and resource exhaustion • Authentication can prevent such an attack

  34. Adaptive rate control • Describe a series of improvements to standard MAC protocols • Key mechanisms include • Random delay for transmissions • Back-off that shifts an applications periodicity phase • Minimization of overhead in contention control mechanisms • Passive adaptation of originating and route-through admission control rates • Anticipatory delay for avoiding multihop hidden node problems

  35. Conclusion • Attempts at adding security focus on cryptographic-authentication mechanisms • Use of higher security mechanisms poses serious complications in Sensor Networks • It is essential to incorporate security considerations during design-time • Without adequate protection against DoS and other attacks sensor networks may not be deployable at all

  36. References • C.L.Schuba et al., “Analysis of a Denial of Service Attack on TCP”, Proc. IEEE Symp. Security and Privacy, IEEE Press, Piscataway, N.J., 1997, pp. 208-223 • A Perrig et al., “SPIN: Security Protocols for Sensor Networks,” Proc. 7th Ann. Intl. Conf. Mobile Computing and Networking (MobiCom 2001), ACM Press, New York, 2001, pp. 189-199 • CERT Coordination Center, “Smurf IP Denial-of-Service Attacks”, CERT Advisory CA-98:01,Jan. 1998. • A. Woo and D.E. Culler, “A Transmission Control Scheme for Media Access in Sensor Networks,” Proc. 7th Ann Int’l Conf. Mobile Computing and Networking (MobiCom 2001), ACM Press, New York, 2001, pp. 221-235

More Related