1 / 19

Location Verification and Trust Management for Resilient Geographic Routing

Location Verification and Trust Management for Resilient Geographic Routing. Ke Liu, Nael Abu-Ghazaleh and Kyoung-Don Kang Binghamton University CS 587x Nishanth Gaddam. Overview. Geographic Routing (GR) in wireless networks Security Issues in GR

landon
Télécharger la présentation

Location Verification and Trust Management for Resilient Geographic Routing

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Location Verification and Trust Management for Resilient Geographic Routing Ke Liu, Nael Abu-Ghazaleh and Kyoung-Don Kang Binghamton University CS 587x Nishanth Gaddam

  2. Overview • Geographic Routing (GR) in wireless networks • Security Issues in GR • Existing Solutions • Proposed Solution • Location Verification Algorithm • Trust-based Multi-Path Routing. • Performance • Limitations

  3. Geographic Routing in Wireless Sensor networks • Wireless Sensor Networks • Lack of infrastructure • Limited Battery life • Geographic Routing (GR) • Geographic forwarding ( Forwarding sets) • Complementary routing (Void avoidance) Fig a Fig b

  4. Security in Geographic Routing • GR requires exact location of each node. • Use of node location as address rather than node id • Falsification of location information is possible. • Attacks in GR • Sybil attacks – Misbehaving nodes falsify location information • Black hole or Selective forwarding attacks.

  5. Attacks • Sybil Attacks • Malicious node claim multiple locations • Packets misrouted or routed through sub-optimal paths • No centralized system to check the attacks • Black hole attack • In a distributed environment a node can only monitor nodes at 1-hop distance • Adversary node can attract packets towards it and may decide to drop all of them or selectively forward few of the packets

  6. Existing Solution:Location verification scheme Challenge Request Location Information S - Source C n V - Verifier V R S n Ultra-sonic channel • Delay between challenge and response is used for calculating the location estimate.

  7. Problems in Existing solution • Requires specific hardware required for verifying claimed location. • Immediate response is not possible because of packet losses or overload. • Single verifier of the claim.

  8. Threat model and Assumptions • Two types of nodes • Anchor nodes • Assumed to know its own location ( using GPS ) • Trusted nodes • Sensor nodes • These nodes are not trusted • An adversary can capture and compromise sensor nodes. • Efficient Public key system is assumed • Each anchor or sensor node is assigned unique private and public key pair • Public keys are distributed among anchor and sensor nodes • Two communication ends can exchange shared key once trusted route is established • No Physical or MAC layer attack is considered • Denser network (each sensor node has several one hop neighbors) • Sybil and Black hole attacks are possible.

  9. Triangulation based Localization • Basic Idea: • Non-Trusted node is not allowed to generate its own location estimate • There are specific nodes ( anchor ) for generating location information to each sensor node. • Multiple nodes are responsible for generating location information • Location of sensor node is determined using lateration technique • A 2D position requires at least 3 distance measurements

  10. Scheme : Demo • Localization is initiated by sensor node. It transmits request to all the anchor nodes at 1-hop distance Location Certificate Sensor C A Anchor Lc Lc LA LA P P P S B LB LB • Anchor nodes exchange these information with each other to securely produce location estimate using triangulation method • Location estimate is provided to sensor node with a certificate • Each anchor node produce an estimate of the distance based on: • Radio Signal Strength (RSS) or Time of Arrival (TOA)

  11. Counter measures against attacks • Localization Broadcast Manipulation • Node transmit at low/high power to appear far/close • Example Scenario • Assume attacker is at (5,5) and the anchors are at (0,10),(10,10) and(10,0) • Attacker is at 5√2 units from each anchor node. • Attacker transmitted with reduced power to appear 2 units farther (5√2+2) • The set of equation to solve are: • (x,y) = (5, 9.07). But substituting in second equation reveals the infeasibility of the solution.

  12. Calculating original location estimate • Let ei = di+f be the distance calculated by each anchor node • . • We can estimate the location of the attacker by solving for f,xm,ym.

  13. Counter measures contd.. • Multiple Unicast Packets • Attacks • A node can send multiple unicast packets to each anchor node separately with different transmission power using directional antennas • Counter Measure • Synchronizing anchor nodes with the tolerance of a packet length • Anchor nodes can also detect clock skew in the serial attack. • Mobility of nodes • Attack • Malicious node can obtain a valid location certificate and move to new location • Counter Measure • Periodical renew of certificates

  14. Packet Forwarding Attacks • How to ensure that intermediate nodes are forwarding packets ? • Naïve forward verification method is to overhear neighbor transmissions and check whether it has forwarded the packet • But sender may miss the transmission because of collisions • Node B can forward packet in the wrong direction or even to a non existing node

  15. Secure Routing (Resilient Geographic Routing) • Proposes multi-path routing to increase the chance of using uncompromised paths. • Steps for implementing the routing scheme • Source before transmitting messages gets the location information of 2-hop neighbors by querying anchor nodes • Source exchanges authenticated RTS and CTS packet with neighbors • Source adds neighbor ID and location information to routing table ( if it is not present before ) • Build forwarding set of nodes closer to destination • Compute the probability of forwarding packet to each neighbor based on their trust levels • Selects k neighbors based on roulette wheel selection technique and floods packets to them • Source node overhears transmissions of neighbors and checks whether it has transmitted to legitimate location by referring to its cache.

  16. Trust Management • Basic Idea • Favors honest nodes by giving credit for successful packet forwarding • Penalize nodes which lie about location information and also drop packets • Calculating Trust levels of neighbor nodes • Ti (Trust value) is initialized to 0.5. • On successful transmission Tinew =Ti +θ • On dropping the packet Tinew = Ti- φ • Any trusted nodes can exchange trust information of their neighbors

  17. Results • Simulations were done on ns2-simulator and compared with GPSR • RGR outperformed GPSR (insecure) in different scenarios • Delivery ratio is high in RGR even when there are attacks in the network ( because of multi-path routing) • Path length of the received packets increase under attacks • Energy consumption is also high under attacks

  18. Limitations • Requires at least 3 anchor nodes around each sensor node. Deploying anchor nodes is costly • Periodical renew of location information adds additional overhead in terms of energy consumption • RGR fails when there are 2 attackers in a sequence ( or 1 is attacker and other node is completely drained of energy • Multi-Path routing requires exchange of 2-hop neighbor location information periodically. This is additional overhead in terms of transmitting energy and storing it. • Consensus between Anchor nodes. • Assumption that anchor nodes are trusty is not practical

  19. Reference • Ke Liu, Nael Abu-Ghazaleh and Kyoung-Don Kang,” Location Verification and Trust Management for Resilient Geographic Routing” Journal of Parallel and Distributed Computing, 215-228, Volume 67, Issue 2, Feb 2007.

More Related