1 / 63

Malicious Motes and Suspicoius Sensors: Byzantine Interference in Wireless Networks

Explore the vulnerabilities of sensor networks to malicious attacks and disruptions, including communication interference and device manipulation. Learn about proposed applications, challenges, and strategies to mitigate threats in wireless networks.

woods
Télécharger la présentation

Malicious Motes and Suspicoius Sensors: Byzantine Interference in Wireless Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Malicious Motes and Suspicoius Sensors:Byzantine Interference in Wireless Networks Seth Gilbert February 13, 2006 TexPoint fonts used in EMF. Read the TexPoint manual before you delete this box.: AAAAAAAAAAA

  2. Alice, Bob, and Collin The Basic Problem: Alice likes chocolate! Bob likes ice cream! Bob likes zebras?? !!?%%? Bob Alice

  3. Sensor Networks • Devices: • Berkeley Motes (TinyOS / TinyDB / etc.) • “Smart Dust”

  4. Sensor Networks • Devices: • Berkeley Motes (TinyOS / TinyDB / etc.) • “Smart Dust” • Properties of Small Devices: • Radio Broadcast • Limited power • Limited computation • Limited storage

  5. Sensor Networks • Proposed Applications: • Environmental Monitoring • e.g., Great Duck Island • System control • e.g., Dam valves at a hydroelectric plant • e.g., Damping vibrations on rockets • Intelligent Highways

  6. Malicious Behavior • Physical Devices: • Attacked by malicious adversary • Hacked • Motes are easy to reprogram • Attacker deploys his own devices • Fake sensors confuse real network • Malfunctioning • Motes are fragile

  7. Malicious Behavior • Communication: • Corrupted by interference • Overwhelmed by attacker • Cannot necessarily distinguish between good/bad messages • Disrupted by attacker • denial-of-service attack

  8. Malicious Behavior Challenges: • Local Communication • Only nearby devices can communicate • Collision prone • Susceptible to contention, EM interference, etc. • Unauthenticated • It may be impossible to identify the sender.

  9. Malicious Behavior Challenges: • Local Communication • Collision prone • Unauthenticated

  10. Malicious Behavior Challenges: • Local Communication • Collision prone • Unauthenticated

  11. Malicious Behavior Challenges: • Local Communication • Collision prone • Unauthenticated

  12. Wireless Ad Hoc Networks • Cryptography is hard: • Public-key crypto: • Computationally intensive • Bandwidth intensive • Symmetric-key crypto: • Slow message dissemination • Energy intensive • Key dissemination??

  13. Today: Overview • How do you cope with malicious devices in wireless networks?

  14. Today: Overview • How do you cope with malicious devices in wireless networks? • How little can we restrict the power of the Byzantine nodes? • What is the trade-off between restricting the power of the Byzantine nodes and the efficiency with which we can computer?

  15. Today: Overview • How do you cope with malicious devices in wireless networks? • Part I: Multi-hop grid wireless networks. Highly restricted adversary. Reliable, authenticated communication. • Part II: Single-hop wireless networks. Bounded-collision adversary. Unreliable communication

  16. Byzantine Generals [LSP’82] • Reliable Broadcast: • Single source s with message m. • n-1 receivers. • Each receiver should receive message m. • Byzantine Adversaries: • Arbitrarily malicious.

  17. Byzantine Generals [LSP’82] • Reliable Broadcast: • Agreement • All nodes receive the same message. • Validity • If the source is correct, then every node receives the message broadcast by the source. • Termination • All nodes eventually receive a message, or null.

  18. Classical Results • Impossibility Results: • If network is asynchronous, then impossible. [FLP] • If t≥n/3 then impossible. [LSP’82] • Algorithms: • If tn/3 then possible in t+1 rounds. [LSP’82] • If 2-cast channel & tn/2 then possible. [FM’00]

  19. Classical Results • Graph Results: • If network is not (t+1)-connected, then impossible. [LSP’82] • If network is (2t+1)-connected, then possible. [D’82]

  20. Part I: Overview • Model • Wireless sensors deployed in a grid. • Lower Bound • Impossible if too many corrupt nodes. • Upper Bound • Flooding-based algorithm. • Bounded Collisions

  21. Grid Networks

  22. Grid Net Model

  23. Grid Net Model

  24. Grid Net Model • Broadcast Properties: • Synchronous • Each node knows its own location • Radius r broadcast • L1 norm. • Results also hold in L1and L2 norms.

  25. Grid Net Model • Collisions: • If 2 neighbors broadcast, then collision.

  26. Grid Net Model • Collisions: • If 2 neighbors broadcast, then collision. • Assume broadcast schedule. 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30

  27. Grid Net Model • Collisions: • If 2 neighbors broadcast, then collision. • Assume broadcast schedule. • Min size: (2r+1)2 • Not optimally efficient! • Focus on feasibility. • Honest nodes never cause collisions. 1 2 3 4 5 6 7 1 2 3 4 5 6 7 1 8 9 10 11 12 13 14 8 9 10 11 12 13 14 8

  28. Grid Net Model • Byzantine nodes: • Problem 1: Impossible for any t=(n). • Example: Assume tn/100, n¸4800

  29. Grid Net Model • Byzantine Nodes: • Problem 1: Impossible for any bound on t. • Assume locally-bounded adversary. • For every neighborhood of size (2r+1)(2r+1), there are at most t corrupted nodes.

  30. Grid Net Model • Byzantine Nodes: • Problem 1: Impossible for any bound on t. • Assume locally-bounded adversary. • For every neighborhood of size (2r+1)(2r+1), there are at most t corrupted nodes.

  31. Grid Net Model • Byzantine Nodes: • Problem 2: Collisions. • Impossible if t=4.

  32. Grid Net Model • Byzantine Nodes: • Problem 2: Collisions. • Byzantine nodes must follow schedule. • For example, cannot corrupt MAC layer. • We will weaken this assumption later. • Thus, Byzantine nodes cannot cause collisions.

  33. Grid Net Model • Byzantine Nodes: • At most t in every neighborhood. • Cannot cause collisions. • Otherwise, arbitrary behavior.

  34. Main Result Theorem: Reliable broadcast is possible if and only if: ¼r2¼1/4 of a broadcast neighborhood

  35. Mini-Bibliography • Koo, Broadcast in radio networks tolerating Byzantine adversarial behavior. PODC, 2004. • Bhandari, Vaidya, On reliable broadcast in a radio network. PODC 2005. • Bhandari, Vaidya, On reliable broadcast in a radio network: A simplified characteriziation. UIUC-TR 2005. • Koo, Bhandari, Katz, Vaidya, Reliable broadcast in radio networks: The Bounded collision case. PODC 2006.

  36. First Attempt: How many corrupted nodes? ¼ 1/2 in neighborhood Theorem 1: Broadcast is impossible if . Lower Bound

  37. Better Bound: Lower Bound Assume r=6.

  38. Better Bound: How many corrupted nodes? ¼ 1/4 in neighborhood Lower Bound Assume r=6.

  39. Better Bound: How many corrupted nodes? ¼1/4 in neighborhood Theorem 2: Broadcast is impossible if . Lower Bound Assume r= 5.

  40. Algorithm • Reliable Broadcast: • Agreement • Validity • Termination • Assume: • Basic idea:Flooding. • Each node broadcasts everything in each round. • When enough data is received, then decide.

  41. Algorithm • Rule 1:Source sends message m. • If node receives m directly from the source, then it chooses(m).

  42. Algorithm • Rule 2:When a node chooses(m), then it broadcasts COMMITTED(m). • When a node receives t+1COMMITTED(m) messages, then it chooses(m).

  43. Algorithm • Rule 2:t+1COMMITTED(m))choose(m). Example:

  44. Algorithm • Rule 2:t+1COMMITTED(m))choose(m). Example:

  45. Algorithm “relay” • Rule 3: When a node receives COMMITTED(m) from nodei, it broadcasts HEARD(m,i). • When a node receives t+1 • COMMITTED(m) messages and • HEARD(m,i) messages • where all the senders and relays are distinct and in one neighborhood, then choose(m). m HEARD(m) COMMITTED(m)

  46. Proof Assume t= 3. • Agreement: • All neighbors of the source choose the same message m by Rule 1.

  47. Proof • Agreement: • Assume by contradiction that i is the first correct node to choose m’m. • Node i receives m’ from t+1 distinct paths. • Only t can be corrupt. • Hence some correct node sent m’. Contradiction.

  48. Proof Assume t= 3. • Agreement:

  49. Proof • Validity: • If the source is correct and broadcasts m, all neighbors of the source choosem. • By agreement, every node choosesm.

  50. Proof • Termination: • Need to show that every node receives t+1COMMITTED or HEARD messages. • Proof by induction. Directly: Indirectly:

More Related