1 / 24

Denial of Service Attacks (DoS) in Wireless Sensor Networks (WSNs)

Denial of Service Attacks (DoS) in Wireless Sensor Networks (WSNs). Presented by OYA ŞİMŞEK. WSNs & Applications. WSNs facilitate large-scale, real-time data processing in complex environments.

tsheets
Télécharger la présentation

Denial of Service Attacks (DoS) in Wireless Sensor Networks (WSNs)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Denial of Service Attacks (DoS) in Wireless Sensor Networks (WSNs) Presented by OYA ŞİMŞEK

  2. WSNs & Applications • WSNs facilitate large-scale, real-time data processing in complex environments. • Their foreseeableapplications will help protect and monitor military, environmental, safety-critical, or domestic infrastructures and resources. • In a military scenario, WSNs • may gatherintelligence in battlefield conditions, • track enemytroop movements, • monitor a secured zone for activity,or measure damage and casualties.

  3. WSNs & Applications Cont. • WSNs could be used to rescue personnel at disastersites, or they could themselves help locatecasualties. • They could monitor conditions at therim of a volcano, along an earthquake fault, oraround a critical water reservoir. • Such networkscould also provide always-on monitoring of homehealthcare for the elderly or detect a chemical orbiological threat in an airport or stadium.

  4. DoS Attacks • A DoS attack is any event that diminishes or eliminates a network’s capacity to perform its expected function (Hardware failures, software bugs, resource exhaustion, environmental conditions, or their combination; or intentional attack) • DoS attacks target availability (which ensures that authorized parties can access data, services, or other computer and network resources when requested) by preventing communication between network devices or by preventing a single device from sending traffic.

  5. WSNs Characteristics • WSN platforms (mostly) have limited processing capability and memory. • A primary weakness shared by all wireless networking devices is the inability to secure the wireless medium. • Any adversary in radio range can eavesdrop traffic, transmit bogus data, or jam the network. • Sensors are also vulnerable to physical tampering and destruction if deployed in an unsecured area.

  6. WSNs Characteristics Cont. • Another vulnerability is the sensor devices’ extremely limited and often nonreplenishable power supplies. • Attackers aren’t always limited by the same constraints as the sensor devices. • An adversary might have unlimited power supply, significant processing capability, and the capacity for high-power radio transmission.

  7. Layered Model

  8. Physical Layer: Jamming • A well-known attack on wireless communication,jamming interferes with the radio frequenciesa network’s nodes are using. • An adversary can disrupt the entire network with k randomly distributedjamming nodes, putting N nodes out ofservice, where k is much less than N. • For single frequency networks, this attack is simple and effective, renderingthe jammed node unable to communicate or coordinatewith others in the network. • Constant transmission of a jamming signal is an expensiveuse of energy. If the attacker is limited in energy, she may use sporadic or burst jamminginstead. • She jams only when detecting radiotransmissions in the area of the victim, which requiresthat she be nearby.

  9. Defense Against Jamming • Spread-spectrum communication is a common defense against physical-layer jamming in wireless networks. • Due to the synchronization and cost requirements, lowcost,low-power sensor devices may be limited to single-frequency use. • If the adversary can permanently jam the entire network, and if the nodes can identify a jamming attack, a logical defense is to put sensors into a long-term sleep mode and have them wake periodically to test the channel for continued jamming. • Although this won’t prevent a DoS attack, it could significantly increase the life of sensor nodes by reducing power consumption. An attacker would then have to jam for a considerably longer period, possibly running out of power before the targeted nodes do.

  10. Defense Against Jamming Cont. • If jamming is intermittent, nodes may be ableto send a few high-power, high-priority messagesback to a base station to report the attack. • Nodes should cooperate to maximize theprobability of successfully delivering such messages. • In a large-scale deployment, an adversary is lesslikely to succeed at jamming the entire network. • In this scenario a moreappropriate response would be to call on the nodessurrounding the affected region tocooperativelymap and report the DoS attack boundary to a base station.

  11. Physical Layer: Tampering • An attacker can also tamper with nodes physically,and interrogate and compromise them. • An attacker can damage or replace sensor and computationhardware or extract sensitive material such as cryptographickeys to gain unrestricted access to higher levels of communication. • Node destruction may be indistinguishable from fail-silent behavior.

  12. Defense Against Tampering • Although you can’t prevent destruction of nodes deployed in an unsecured area, redundant nodes and camouflaging can mitigate this threat. • Hiding or camouflaging nodes, tamper-proofing packages, or implementing tamper reaction such as erasing all program or cryptographic memory. • These may increase thecost and complexity of WSN design.

  13. Link Layer: Exhaustion • A self-sacrificing node could exploit the interactivenature of most MAC-layer protocols in aninterrogation attack. • For example, • IEEE 802.11-based MAC protocols use Request To Send, ClearTo Send, and Data/Ack messages to reserve channelaccess and transmit data. • The node couldrepeatedly request channel access with RTS, elicitinga CTS response from the targeted neighbor node. • Constant transmission would exhaustthe energy resources of both nodes.

  14. Defense Against Exhaustion • One solution makes the MAC admission controlrate limiting, so that the network can ignore excessiverequests without sending expensive radio transmissions. • Antireplay protection and strong link-layer authentication can mitigate these attacks. • However, a targeted node receiving the bogus RTS messages still consumes energy and network bandwidth.

  15. Network Layer: Homing • In most sensor networks, morepowerful nodes might serve as cryptographic keymanagers, query or monitoring access points, ornetwork uplinks. These nodes attract an adversary’sinterest because they provide critical services to the network. • Location-based network protocols that rely ongeographic forwarding expose the network tohoming attacks. • A passive adversary observestraffic, learning the presence and location of criticalresources. • Once found, these nodes can beattacked by collaborators or mobile adversaries using other active means.

  16. Defense Against Homing • One approach to hiding important nodes providesconfidentiality for both message headers andtheir content. If all neighbors share cryptographickeys, the network can encrypt the headers at eachhop. • This would prevent a passive adversary fromeasily learning about the source or destination ofoverheard messages.

  17. Network Layer: Black Holes • Distance-vector-based protocols provide another easy avenue for an even more effective DoS attack. • Nodes advertise zero-cost routes to every othernode, forming routing black holes within the network. • As their advertisement propagates, the networkroutes more traffic in their direction. • Inaddition to disrupting message delivery, this causesintense resource contention around the maliciousnode as neighbors compete for limited bandwidth. • These neighbors may themselves be exhausted prematurely,causing a hole or partition in the network.

  18. Defense Against Black Holes • Authorization • Through letting only authorized nodes exchange routinginformation. • Monitoring • Through monitoring their neighbors to ensure that they observe proper routing behavior. • The node relays a message to the next hop and then acts as awatchdog that verifies the next-hop transmissionof the same packet. • The watchdogcan detect misbehavior, subject to limitationscaused by collisions, asymmetric physicalconnectivity, collusion, and so on.

  19. Defense Against Black Holes Cont. • Probing • Networks using geography-based routingcan use knowledge of the physical topologyto detect black holes by periodically sendingprobes that cross the network’s diameter. • Subjectto transient routing errors and overload, a probingnode can identify blackout regions. • To detect malicious nodes, probes must be indistinguishable from normal traffic. • Redundancy • The network can send duplicate messages along the same path toprotect against intermittent routing failure. • If each message uses a different path,one of them might bypass consistently neglectfuladversaries or even black holes.

  20. Transport Layer: Flooding • As in the classic TCP SYNflood, an adversary sends many connectionestablishment requests to the victim. Each request causes the victim to allocate resourcesthat maintain state for that connection. • Limiting the number of connections prevents complete resource exhaustion, which would interfere with all other processes at thevictim. • However, this solution also preventslegitimate clients from connecting to the victim,as queues and tables fill with abandoned connections.

  21. Defense Against Flooding • One defense requires clients to demonstrate thecommitment of their own resources to each connectionby solving client puzzles. • The server cancreate and verify the puzzles easily, and storage ofclient-specific information is not required whileclients are solving the puzzles. Servers distribute thepuzzle, and clients wishing to connect must solveand present the puzzle to the server before receiving a connection. • An adversary must therefore be able tocommit far more computational resources per unittime to flood the server with valid connections. • This solution is most appropriate for combatingadversaries that possess the same limitations as sensornodes. • It has the disadvantage of requiring more computational energy for legitimate sensor nodes, but it is less costly than wasting radio transmissions by flooding.

  22. Transport Layer: Desynchronization • An existing connection between two end pointscan be disrupted by desynchronization. • In thisattack, the adversary repeatedly forges messages toone or both end points. • These messages carrysequence numbers or control flags that cause the endpoints to request retransmission of missed frames. • If the adversary can maintain proper timing, it canprevent the end points from exchanging any usefulinformation, causing them to waste energy in an endless synchronization-recovery protocol.

  23. Defense Against Desynchronization • One counter to this attack authenticates all packetsexchanged, including all control fields in thetransport protocol header.

  24. References • A.D. Wood and J.A. Stankovic, “Denial of Service in Sensor Networks,” Computer, vol. 35, no. 10, 2002, pp. 54–62. • A.D. Wood and J.A. Stankovic, “A Taxonomy for Denial-of-Service Attacks in Wireless Sensor Networks”,Handbook of Sensor Networks: Compact Wireless and Wired Sensing Systems, 2004. • David R. Raymond and Scott F. Midkiff, "Denial-of-Service in Wireless Sensor Networks: Attacks and Defenses," IEEE Pervasive Computing, vol. 7, no. 1, 2008, pp. 74-81.

More Related