NC

SC

International Journal of Computer Networks and Communications Security

VOL. 1, NO. 2, JULY 2013, 40–45Available online at: www.ijcncs.orgISSN 2308-9830

DOS Attacks on TCP/IP Layers in WSN

Isha1, Arun Malik2, Gaurav Raj3

123Department of Computer Engg, LPU Jalandhar, India

ABSTRACT

The emergence of sensor networks as one of the dominant technology trends in the coming decades hasposed numerous unique challenges on their security to researchers. These networks are likely to becomposed of thousands of tiny sensor nodes, which are low-cost devices equipped with limited memory,processing, radio, and in many cases, without access to renewable energy resources. While the set ofchallenges in sensor networks are diverse, we focus on security of Wireless Sensor Network in this paper.First, we propose some of the security goal for Wireless Sensor Network. To perform any task in WSN, thegoal is to ensure the best possible utilization of sensor resources so that the network could be keptfunctional as long as possible. In contrast to this crucial objective of sensor network management, a Denialof Service (DoS) attack targets to degrade the efficient use of network resources and disrupts the essentialservices in the network. DoS attack could be considered as one of the major threats against WSN security.Further, various DoS attacks on different layers of OSI are proposed.

Keywords: Wireless sensor networks, Security, Denial of Service (DoS), Availability, OSI model.

1 INTRODUCTION

A wireless sensor network is composed ofthousands of small, spatially distributed devicescalled sensor nodes or motes, with each of themhaving sensing, communicating and computationcapabilities to monitor the real world environmentusing radio. WSN can be used for manyapplications such as military implementations in thebattlefield, environmental monitoring, in healthsectors as well as emergency responses and varioussurveillances. Due to WSNs’ natures such as low-cost, low power, etc. they have become one part ofour daily life and drawn great attentions to thosepeople who are working in this area.

For the proper functioning of WSN, especially inmalicious environments, security mechanismsbecome essential for all kinds of sensor networks.However, the resource constrains in the sensornodes of a WSN and multi-hop communications inopen wireless channel make the security of WSNeven more heavy challenge. The nodes deployed ina network are relatively easy to be compromised,which is the case that the nodes are out of thesystem control and an adversary can easily get fullaccess to those nodes. Hence, all the data could bemodified and restored in those targeted nodes,including the cryptographic keys. The common

attack involves overloading the target system withrequests, such that it cannot respond to legitimatetraffic. As a result, it makes the system or serviceunavailable for the other legitimate sensor nodes. Inthis paper, the Denial of Service attack isconsidered particularly as it targets the energyefficient protocols that are unique to wireless sensornetworks. One of focuses of this paper is to give anoverview of DoS attack of a WSN based on theOpen System Interconnect (OSI) model.

2 SECURITY GOALS FOR SENSORNETWORKS

A WSN is a different type of network from atypical computer network as it shares somecommonalities with them, but also exhibits manycharacteristics which are unique to it. The securityservices in a WSN should protect the informationcommunicated over the network and the resourcesfrom attacks and misbehaviour of nodes [1]. Thefollowing are the important security goals in WSN:

2.1 Data confidentiality

Confidentiality is the way to secure the messagefrom passive attackers as it is communicated overthe network. Only the intended receiver can

41

Isha et al. / International Journal of Computer Networks and Communications Security, 1 (2), JULY 2013

understand that message. This is the most importantissue in network security. In a WSN, the issue ofconfidentiality should address the followingrequirements

A sensor node should not reveal its data tothe neighbours. For example, in a sensitivemilitary application where an adversary hasinjected some malicious nodes into thenetwork, confidentiality will preclude themfrom gaining access to informationregarding other nodes.

Establishing and maintaining confiden-tiality is extremely important where thepublic information like node identities andkeys are being distributed to establish asecure communication chan-nel amongsensor nodes.

2.2 Data Integrity

The mechanism should ensure that no messagecan be altered by any entity as it traverses from thesender to the recipient. Data integrity can be losteven if confidentiality measures are in place due tofollowing reasons:

A malicious node present in the networkinjects fraudulent data.

Disordered or uncontrolled conditions inwireless channel cause damage or loss ofdata.

2.3 Data Availability

This goal ensures that the services of a WSNshould be always available even in presence of anyinternal or external attacks such as a denial ofservice attack (DoS). Different approaches havebeen proposed by researchers to achieve this goal.While some mechanisms make use of additionalcommunication among nodes, others propose use ofa central access control system to ensure successfuldelivery of every message to its recipient. However,failure of the base station or cluster leader’savailability will eventually threaten the entiresensor network. Thus availability is of primaryimportance for maintaining an operational network.

2.4 Authentication

Authentication ensures that message has comefrom the legitimate user. Attacks in WSN are not

only due to alteration of packets, adversary can alsoinject fabricated packets in the network. So, dataauthentication verifies the identity of senders. Dataauthentication is achieved through symmetric orasymmetric mechanisms where sending andreceiving nodes will share secret keys to computethe message authentication code (MAC). A numberof methods have been developed by the researchersfor secret keys, but the energy and computationallimitations of sensor nodes makes it impractical todeploy complex cryptographic techniques.

2.5 Data Freshness

Data freshness means that the data is recent, andit ensures that no old messages have been replayedby the adversary. To solve this problem, a nonce ortime-specific counter may be added to each packetto check the freshness of the packet.

3 DENIAL OF SERVICE ATTACK INWSN

Denial of Service attack is an incident thatreduces, eliminates, or hinders the normal activitiesof the network. In a DoS attack a legitimate user isdeprived of the services of a resource he wouldnormally expect to have. As a result, it makes thesystem or service unavailable for the user. InternalDoS situations can occur due to any kind ofhardware failure, software bug, resource exh-austion, environmental condition, or any type ofcomplicated interaction of these factors. ExternalDoS situation occurs due to an intentional attemptof an adversary, and it is called as a DoS attack.

The basic types of DoS attacks are:

Consumption of scarce, limited, or non-renewable resources like bandwidth orprocessor time

Destruction or alteration of configurationinformation between two machines

Disruption of service to a specific system orperson

Disruption of routing information.

Disruption of physical components

Among these three types of DoS attacks, the firstone is the most significant for wireless sensornetworks as the sensors in the network suffer fromthe lack of enough resources.

42

Isha et al. / International Journal of Computer Networks and Communications Security, 1 (2), JULY 2013

4 DOS ATTACKS AT VARIOUS OSILAYERS

Sensor networks are usually divided into layers,and this layered architecture makes WSNsvulnerable to DoS attacks as they may occur in anylayer of a sensor network. Layer wise categoriz-ation of DoS attacks was first proposed by Woodand Stankovic [2]. Later, Raymond and Midkiff [3]enhanced the survey with some updatedinformation. In this paper, the denial of serviceattacks at each layer and their possiblecountermeasures are given.

4.1 Physical Layer

The physical layer is responsible for frequencyselection, carrier frequency generation, signaldetection, modulation, and data encryption [4].Nodes in WSNs may be deployed in hostile orinsecure environments where an attacker has thephysical access. Two types of attacks are present atphysical layer:

4.1.1 Jamming

In this Denial of Service Attack, the adversaryattempts to hinder the operation of the networkbroadcasting a high-energy signal. Even with lesspowerful jamming sources, an adversary canpotentially disrupt communication in the entirenetwork by distributing the jamming sources.Jamming attacks can further be classified as:

Constant, which corrupts packets as they aretransmitted

Deceptive , that sends a constant stream ofbytes into the network to make it look likelegitimate traffic

Random , which randomly alternatesbetween sleep and jamming to save energy

Reactive, transmits a jam signal when itsenses traffic.

Counter measures for jamming involvevariations on spread-spectrum communication suchas frequency hopping and code spreading.Frequency-hopping spread spectrum (FHSS) [5] isa method of transmitting signals by rapidlyswitching a carrier among many frequencychannels using a pseudo random sequence knownto both transmitter and receiver. Without being ableto follow the frequency selection sequence an

attacker is unable to jam the frequency being usedat a given moment in time. However, as the rangeof possible frequencies is limited, an attacker mayinstead jam a wide section of the frequency band.Code spreading is another technique used to defendagainst jamming attacks and is common in mobilenetworks. However, this technique requires greaterdesign complexity and energy restricting its use inWSNs. In general, to maintain low cost and lowpower requirements, sensor devices are limited tosingle-frequency use and are therefore highlysusceptible to jamming attacks.

4.1.2 Tampering

Sensor networks typically operate in outdoorenvironments. Due to unattended and distributednature, the nodes in a WSN are highly susceptibleto physical attacks [6]. The physical attacks maycause irreversible damage to the nodes. Theadversary can extract cryptographic keys from thecaptured node, tamper with its circuitry, modify theprogram codes or even replace it with a malicioussensor [7].

Counter measures for tempering involvestamper-proofing the node’s physical package whichinclude.

Self-Destruction (tamper-proofing packages)– whenever somebody accesses the sensornodes physically the nodes vaporize theirmemory contents and this prevents anyleakage of information.

Fault Tolerant Protocols – the protocolsdesigned for a WSN should be resilient tothis type of attacks.

4.2 Data Link Layer

4.2.1 Collision

A collision occurs when two nodes attempt totransmit on the same frequency simultaneously [8].When packets collide, they are discarded and needto re-transmit. An adversary may strategically causecollisions in specific packets such as ACK controlmessages. A possible result of such collisions is thecostly exponential back-off. The adversary maysimply violate the communication protocol andcontinuously transmit messages in an attempt togenerate collisions.

Counter measures for collision is the use of errorcorrecting codes.

43

Isha et al. / International Journal of Computer Networks and Communications Security, 1 (2), JULY 2013

4.2.2 Exhaustion

A malicious node disrupts the Media AccessControl protocol, by continuously requesting ortransmitting over the channel. This eventually leadsa starvation for other nodes in the network withrespect to channel access.

Counter measures for exhaustion are:

Rate Limiting to the MAC admission controlsuch that the network can ignore excessiverequests, thus preventing the energy draincaused by repeated transmissions.

Use of time division multiplexing whereeach node is allotted a time slot in which itcan transmit.

4.2.3 Information gathering

In this the attacker makes use of the interactionbetween two nodes prior to data transmission. Forexample, wireless LANs (IEEE 802.11) useRequest to Send (RTS) and Clear to Send (CTS).An attacker can exhaust a node’s resources byrepeatedly sending RTS messages to elicit CTSresponses from a targeted neighbour node.

Counter measures for information gathering is toput a check against such type of attacks a node canlimit itself in accepting connections from sameidentity or use anti replay protection and stronglink-layer authentication.

4.3 Network Layer

4.3.1 Spoofed routing information

The most direct attack against a routing protocolis to target the routing information in the network.An attacker may spoof, alter, or replay routinginformation to disrupt traffic in the network. Thesedisruptions include creation of routing loops,attracting or repelling network traffic from selectednodes, extending or shortening source routes,generating fake error messages, causing networkpartitioning, and increasing end-to-end latency.

Counter measures for spoofed routing is toappend a MAC (Message Authentication Code)after the message so that the receiver can verifywhether the messages have been spoofed or altered.To defend against replayed information, counters ortimestamps can be included in the messages.

4.3.2 Selective forwarding

In a multi-hop network like a WSN, for messagecommunication all the nodes need to forwardmessages accurately. An attacker may compromisea node in such a way that it selectively forwardssome messages and drops others.

Counter measures for selective forwardingattacks are:

Use multiple paths to send data.

Detect the malicious node or assume it hasfailed and seek an alternative route.

Use implicit acknowledgments, whichensure that packets are forwarded as theywere sent.

4.3.3 Sinkhole

In a sinkhole attack, an attacker makes acompromised node look more attractive to itsneighbours by forging the routing information [9].The result is that the neighbour nodes choose thecompromised node as the next-hop node to routetheir data through. This type of attack makesselective forwarding very simple as all traffic froma large area in the network would flow through thecompromised node.

Counter measures for Sinkhole attack is to makeuse of Geo-routing protocols as one of the routingprotocol groups because they are resistant tosinkhole attacks, as their topology is built usingonly localized information, and traffic is naturallyrouted based on the physical location of the sinknode, which makes it difficult to lure it elsewhereto create a sinkhole.

4.3.4 Sybile attack

It is an attack where one node presents more thatone identity in a network. It was originallydescribed as an attack intended to defeat theobjective of redundancy mechanisms in distributeddata storage systems in peer-to-peer networks [10].Newsome et al describe this attack from theperspective of a WSN. In addition to defeatingdistributed data storage systems, the Sybil attack isalso effective against routing algorithms, dataaggregation, voting,

Counter measures for Sybil attack is to useidentity certificates. During initialization, before

44

Isha et al. / International Journal of Computer Networks and Communications Security, 1 (2), JULY 2013

deploying the sensor nodes, unique information isassigned to them by the server. Server then createsa certificate for each node which binds node’sidentity with the unique information. To prove itsidentity node has to present its certificate.

4.4 Transport Layer

Two attacks are possible at transport layer:

4.4.1 Flooding

In this a protocol which is maintaining stateinformation at both the ends during communication,becomes vulnerable to exhaustion of memoryresources. This is due to the number of fakerequests are made by an attacker, so that legitimateuser cannot access the resources.

Counter measures for flooding at transport layeris either give a puzzle to every new node that joinsa network, so a node can join network only if itsolves the puzzle. This will also put a limit onnumber of connections that a node can maintain at atime, or use a mechanism to trace back everythingbut this is difficult in sensor networks due tolimitation of resources, sudden unavailability ofsome nodes due to their failure.

4.4.2 De-synchronization

In this an adversary repeatedly spoofs messagesto end nodes and eventually that nodes will requestthe retransimmion of missed frames. So, anadversary can waste the energy of legitimate endnodes which keep on attempting to recover fromerrors that actually don’t exist.

Counter measures for this attack isauthentication of packets before they are deliveredto end nodes whether they belong to legitimate useror not

4.5 Application Layer

4.5.1 Path based DoS

In this a adversary injects replayed packets to floodthe end to end communication between two nodesevery node in the path towards the base stationforwards the packet, but if large number of fakepackets are sent all of these will become busy. So,this attack consumes network bandwidth andenergy of the nodes [11].

4.5.2 Reprogramming attack

Reprogram mean to again program the nodes in

network may be due to version updating, changingthe old program or for other network managementpurpose [12]. If this process of reprogramming isnot secure, the attacker can have hold on largeportion of network.

Counter measures for attacks at application layeris to choose a best authentication method or antireplay protection

DoS attack at various layers and its possiblecounter measures are given in table 1 below.

Table1: DoS Attacks at TCP/IP layers and theireffective countermeasures

LAYERS ATTACKS CONTERMEASURES

PHYSICAL LAYER

JAMMING Spread spectrum,priority messages,region mapping

TAMPERING

Tamper-proofingpackages, or usefault tolerantprotocols

DATALINK

LAYER

Collision Error correctingcodes

Exhaustion Rate limitation

Informationgathering

use anti replayprotection andstrong link-layerauthentication

NETWORK LAYER

Spoofedrouting

information

Authentication,anti-replay

Selectiveforwarding

Use multiple paths,acknowledgments

Sinkhole Redundancychecking

Sybil attack Authentication,monitoring,redundancy

TRANSPORT

LAYER

Flooding Client puzzles

De-synchronizat

ion

Authentication

APLLICATION

LAYER

Path basedDoS

Authentication andantireplayprotection.Reprogramm

ing attacks

45

Isha et al. / International Journal of Computer Networks and Communications Security, 1 (2), JULY 2013

5 CONCLUSION

Security plays a crucial role in the properfunctioning of wireless sensor networks. In thispaper, we have classified attacks on wireless sensornetwork at all the layers of TCP/IP. Along with theattacks, countermeasures are also given so thatwireless sensor network is not venerable to suchkind of attacks as prevention is better than cure.Sensor networks are more vulnerable to DoSattacks at physical layer than all other layers. In allthe layers except physical, it is very difficult toidentify that attack is intentional or not. At last,DoS attacks are effective at all the layers, so aspecial attention is required for their detection aswell as prevention.

6 REFERENCES

[1] Sanaei, Mojtaba GhanaatPisheh, et al."Performance Evaluation of Routing Protocolon AODV and DSR Under Wormhole Attack."International Journal of Computer Networksand Communications Security 1.1 (2013).

[2] Wood, A. D. and Stankovic, J.A. (2002).Denial of Service in Sensor Networks. IEEEComputer, vol. 35, no. 10, 2002, pp 54–62.

[3] Raymond, D. R. and Midkiff, S. F. (2008).Denial-of-Service in Wireless SensorNetworks: Attacks and Defenses. IEEEPervasive Computing, January-March 2008, pp74-81.

[4] X. Du, H. Chen, "Security in Wireless SensorNetworks", IEEE Wireless Communications,2008.

[5] Xu, W., Trappe, W., Zhang, Y., and Wood, T.(2005). The Feasibility of Launching andDetecting Jamming Attacks in WirelessNetworks. ACM MobiHoc’05, May 25–27,2005, Urbana-Champaign, Illinois, USA, pp46-57.

[6] S. K. Singh, M. P. Singh, and D. K. Singh, “ASurvey on Network Security and AttackDefense Mechanism For Wireless SensorNetworks”, International Journal of ComputerTrends and Technology-May to June Issue2011

[7] Zia, T.; Zomaya, A., “Security Issues inWireless Sensor Networks”, Systems andNetworks Communications (ICSNC)Page(s):40 – 40, year 2006

[8] David R. Raymond and Scott F.Midkiff,(2008) "Denial-of-Service in WirelessSensor Networks: Attacks and Defenses,"IEEE Pervasive Computing, vol. 7, no. 1,2008, pp. 74-81.

[9] E. C. H. Ngai, J. Liu, and M. R. Lyu,(2006)“On the intruder detection for sinkholeattack in wireless sensor networks,” inProceedings of the IEEE InternationalConference on Communications (ICC ‟06),Istanbul, Turkey.

[10] J. R. Douceur, "The Sybil Attack," in 1stInternational Workshop on Peer-to-PeerSystems (IPTPS '02), March 2002.

[11] Deng, J., Han, R., and Mishra, S. (2005).Defending against Path-based DoS Attacks inWireless Sensor Networks. ACM SASN’05,November 7, 2005, Alexandria, Virginia, USA,pp 89-96.

[12] Wang, Q., Zhu, Y., and Cheng, L. (2006).Reprogramming Wireless Sensor Networks:Challenges and Approaches. IEEE Network,May/June 2006, pp 48-55.