Secure Routing in Wireless Sensor Networks Attacks and

Key Contributions n Secure routing issues in WSNs – Show they are different from

WSNs vs. Ad Hoc Networks n n n Multi-hop wireless communications Ad hoc nets:

Assumptions Insecure radio links n Malicious nodes can collude to attack the WSN n

Threat Models n Device capability – Mote class attacker – Laptop class attacker: more

Security Goals n Secure routing – Support integrity, authenticity, availability of messages in presence

Potential Attacks on general WSN routing n Attacks on specific WSN protocols n

Attacks on General WSN Routing Protocols n Spoof, alter, or replay routing info. –

n Sinkhole attacks – Specific to WSNs – All packets are directed to base

n Sybil attack – A single node presents multiple ID’s to other nodes –

n Hello flood attack – Specific to WSNs – In some protocols, nodes have

Attacks on Specific Sensor Network Protocols n Tiny. OS beaconing – Construct a BFS

Directed diffusion Base station floods interest for named data and setting up gradients designed

Countermeasures n n n Outsider attacks and link layer security – Prevent outsider attacks,

n Wormhole, sinkhole attack – Cryptography may not help directly – Good routing protocol

n Authenticated broadcast and flooding – u. TESLA is a protocol which uses asymmetric

Conclusions This paper covers security issues at network layer n WSN security is challenging,

Source : http: //www. cs. binghamton. edu/~kang/teachin g/cs 580 s/karlof-wagner. ppt

Slides: 18

Download presentation

Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures Chris Karlof and David Wagner (modified by Sarjana Singh)

Key Contributions n Secure routing issues in WSNs – Show they are different from ad hoc networks – Introduce two new classes of attacks » Sinkhole attack » Hello flood attack n n Analyze security aspects of major routing protocols Discuss countermeasures & design considerations for secure routing in WSNs

WSNs vs. Ad Hoc Networks n n n Multi-hop wireless communications Ad hoc nets: communication between two arbitrary nodes WSNs – Specialized communication patterns » » » Many-to-one One-to-many Local communication – More resource constrained – More trust needed for in-network processing, aggregation, duplicate elimination

Assumptions Insecure radio links n Malicious nodes can collude to attack the WSN n Sensor are not tamper-resistant n Adversary can access all key material, data & code n Base station is trustworthy n Aggregation points may not be trustworthy n

Threat Models n Device capability – Mote class attacker – Laptop class attacker: more energy, more powerful CPU, sensitive antenna, more radio power n Attacker type – Outside attacker: External to the network – Inside attacker: Authorized node in the WSN is compromised or malicious

Security Goals n Secure routing – Support integrity, authenticity, availability of messages in presence of attack – Data confidentiality

Potential Attacks on general WSN routing n Attacks on specific WSN protocols n

Attacks on General WSN Routing Protocols n Spoof, alter, or replay routing info. – Create loops, attack or repel network traffic, partition the network, extend or shorten the source routes and generate false error messages. n Selective forwarding – Malicious node selectively drops incoming packets – Adversary can also modify packets and forward these messages

n Sinkhole attacks – Specific to WSNs – All packets are directed to base station – A malicious node advertises a high quality link to the base station to attract a lot of packets – Enable other attacks, e. g. , selective forwarding or wormhole attack

n Sybil attack – A single node presents multiple ID’s to other nodes – Affect distributed storage, multi-path routing , topology maintenance and geographic routing n Wormhole Attack – Two colluding nodes – A node at one end of the wormhole advertises high quality link to the base station – Another node at the other end receives the attracted packets

n Hello flood attack – Specific to WSNs – In some protocols, nodes have to periodically broadcast “hello” to advertise themselves » Not authenticated! – Laptop-class attacker can convince it’s a neighbor of distant nodes by sending high power hello messages n Acknowledgement spoofing – Adversary spoofs ACKs to convince the sender a weak/dead link supports good link quality

Attacks on Specific Sensor Network Protocols n Tiny. OS beaconing – Construct a BFS Tree rooted at the base station – Beacons are not authenticated! – Adversary can take over the whole WSN by broadcasting beacons

Directed diffusion Base station floods interest for named data and setting up gradients designed to draw events. n – – n Suppression Cloning (Replay interest) Path influence Selective forwarding & data tampering Geographic routing – Adversary false, possibly multiple, location info. – Create routing loop – GEAR considers energy in addition to location

Countermeasures n n n Outsider attacks and link layer security – Prevent outsider attacks, e. g. , Sybil attacks, selective forwarding, ACK spoofing – Cannot handle insider attacks » Wormhole, Hello flood, Tiny. OS beaconing Sybil attack – Every node shares a unique secret key with the base station – Create pairwise shared key for msg authentication – Limit the number of neighbors for a node Hello flood attack – Verify link bidirectionality

n Wormhole, sinkhole attack – Cryptography may not help directly – Good routing protocol design – Geographic routing n Geographic routing – Location verification – Use fixed topology, e. g. , grid structure n Selective forwarding – Multi-path routing – Route messages over disjoint or Braided paths – Dynamically pick next hop from a set of candidates

n Authenticated broadcast and flooding – u. TESLA is a protocol which uses asymmetric key cryptography and minimal packet overhead

Conclusions This paper covers security issues at network layer n WSN security is challenging, new area of research n

Source : http: //www. cs. binghamton. edu/~kang/teachin g/cs 580 s/karlof-wagner. ppt