Secure Routing in Wireless Sensor Networks Attacks and
- Slides: 18
Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures Chris Karlof and David Wagner (modified by Sarjana Singh)
Key Contributions n Secure routing issues in WSNs – Show they are different from ad hoc networks – Introduce two new classes of attacks » Sinkhole attack » Hello flood attack n n Analyze security aspects of major routing protocols Discuss countermeasures & design considerations for secure routing in WSNs
WSNs vs. Ad Hoc Networks n n n Multi-hop wireless communications Ad hoc nets: communication between two arbitrary nodes WSNs – Specialized communication patterns » » » Many-to-one One-to-many Local communication – More resource constrained – More trust needed for in-network processing, aggregation, duplicate elimination
Assumptions Insecure radio links n Malicious nodes can collude to attack the WSN n Sensor are not tamper-resistant n Adversary can access all key material, data & code n Base station is trustworthy n Aggregation points may not be trustworthy n
Threat Models n Device capability – Mote class attacker – Laptop class attacker: more energy, more powerful CPU, sensitive antenna, more radio power n Attacker type – Outside attacker: External to the network – Inside attacker: Authorized node in the WSN is compromised or malicious
Security Goals n Secure routing – Support integrity, authenticity, availability of messages in presence of attack – Data confidentiality
Potential Attacks on general WSN routing n Attacks on specific WSN protocols n
Attacks on General WSN Routing Protocols n Spoof, alter, or replay routing info. – Create loops, attack or repel network traffic, partition the network, extend or shorten the source routes and generate false error messages. n Selective forwarding – Malicious node selectively drops incoming packets – Adversary can also modify packets and forward these messages
n Sinkhole attacks – Specific to WSNs – All packets are directed to base station – A malicious node advertises a high quality link to the base station to attract a lot of packets – Enable other attacks, e. g. , selective forwarding or wormhole attack
n Sybil attack – A single node presents multiple ID’s to other nodes – Affect distributed storage, multi-path routing , topology maintenance and geographic routing n Wormhole Attack – Two colluding nodes – A node at one end of the wormhole advertises high quality link to the base station – Another node at the other end receives the attracted packets
n Hello flood attack – Specific to WSNs – In some protocols, nodes have to periodically broadcast “hello” to advertise themselves » Not authenticated! – Laptop-class attacker can convince it’s a neighbor of distant nodes by sending high power hello messages n Acknowledgement spoofing – Adversary spoofs ACKs to convince the sender a weak/dead link supports good link quality
Attacks on Specific Sensor Network Protocols n Tiny. OS beaconing – Construct a BFS Tree rooted at the base station – Beacons are not authenticated! – Adversary can take over the whole WSN by broadcasting beacons
Directed diffusion Base station floods interest for named data and setting up gradients designed to draw events. n – – n Suppression Cloning (Replay interest) Path influence Selective forwarding & data tampering Geographic routing – Adversary false, possibly multiple, location info. – Create routing loop – GEAR considers energy in addition to location
Countermeasures n n n Outsider attacks and link layer security – Prevent outsider attacks, e. g. , Sybil attacks, selective forwarding, ACK spoofing – Cannot handle insider attacks » Wormhole, Hello flood, Tiny. OS beaconing Sybil attack – Every node shares a unique secret key with the base station – Create pairwise shared key for msg authentication – Limit the number of neighbors for a node Hello flood attack – Verify link bidirectionality
n Wormhole, sinkhole attack – Cryptography may not help directly – Good routing protocol design – Geographic routing n Geographic routing – Location verification – Use fixed topology, e. g. , grid structure n Selective forwarding – Multi-path routing – Route messages over disjoint or Braided paths – Dynamically pick next hop from a set of candidates
n Authenticated broadcast and flooding – u. TESLA is a protocol which uses asymmetric key cryptography and minimal packet overhead
Conclusions This paper covers security issues at network layer n WSN security is challenging, new area of research n
Source : http: //www. cs. binghamton. edu/~kang/teachin g/cs 580 s/karlof-wagner. ppt
- Single node architecture in wireless sensor networks
- Habitat monitoring sensor
- Wireless sensor networks for habitat monitoring
- Difference between reservoir routing and channel routing
- Static routing and dynamic routing
- Continuity equation hydrology
- Clock routing
- Wired and wireless media
- Telecommunications, the internet, and wireless technology
- Wireless sensor network protocols
- Wireless sensor network ppt
- Forest geove
- Sst wireless
- Game theory in wireless and communication networks
- Understanding wired and wireless networks
- Computer networks routing algorithms
- Broadcast routing in computer networks
- Bluetooth-based smart sensor networks
- Bluetooth based smart sensor networks