Secure Routing in Sensor Networks: Attacks and Countermeasures First IEEE International Workshop on...
-
date post
20-Dec-2015 -
Category
Documents
-
view
215 -
download
1
Transcript of Secure Routing in Sensor Networks: Attacks and Countermeasures First IEEE International Workshop on...
Secure Routing in Sensor Networks: Attacks and
Countermeasures
First IEEE International Workshop on Sensor Network Protocols and Applications
5/11/2003
Chris Karlof and David WagnerUniversity of California at Berkeley
Security in sensor networks
Security is critical Military apps Building monitoring Burglar alarms Emergency response
Yet security is hard Wireless links are inherently
insecure Resource constraints Lossy, low bandwidth
communication Lack of physical security
Our contributions
Threat models and security goals New attacks against sensor network routing
protocols Detailed security analysis of 15 routing protocols
Countermeasure suggestions
Base stations and sensor nodes Low overhead protocols Specialized traffic patterns In-network processing These differences necessitate
new secure routing protocols
Routing in sensor networks
base station
sensor node
Secure routing goals and threat models
Security goals: Confidentiality: messages are secret Integrity: messages are not tampered with Availability
In-network processing makes end-to-end security hard
Link layer security still possible Need to consider compromised nodes
(insiders) and resourceful attackers
Attacks
TinyOS Beaconing
Attack: Bogus routing information
Bogus routing information can cause havoc
Example: spoof routing beacons and claim to be base station
Lessons:
• Authenticate routing info
• Trust but verify
Attack: HELLO floods Assumption: the sender of a
received packet is within normal radio range
False! A powerful transmitter could reach the entire network
Can be launched by insiders and outsiders
Lesson: Verify the bidirectionality of links
Attack: Wormholes Tunnel packets
received in one part of the network and replay them in a different part
Can be launched by insiders and outsiders
Lesson: Avoid routing race conditions
Attack: Sybil attack
An adversary may present multiple identities to other nodes
Lesson: Verify identities
A
B
Protocols analyzed
Protocol Relevant attacksTinyOS beaconing Bogus routing information, selective forwarding, sinkholes,
Sybil, wormholes, HELLO floods
Directed diffusion and multipath variant
Bogus routing information, selective forwarding, sinkholes, Sybil, wormholes, HELLO floods
Geographic routing (GPSR,GEAR)
Bogus routing information, selective forwarding, Sybil
Minimum cost forwarding Bogus routing information, selective forwarding, sinkholes, wormholes, HELLO floods
Clustering based protocols (LEACH,TEEN,PEGASIS)
Selective forwarding, HELLO floods
Rumor routing Bogus routing information, selective forwarding, sinkholes, Sybil, wormholes
Energy conserving topology maintenance
Bogus routing information, Sybil, HELLO floods
All insecure
Countermeasures
We have countermeasure suggestions and design considerations
See paper for details
Conclusions
End-to-end security is limited in sensor networks
Link layer security is importantIt is not enoughDesign time security
Questions?
Extra Slides
Countermeasures
Access control with link layer crypto Globally shared key outsiders Per link keys insiders Authenticated broadcast and flooding
Verify neighbors’ identities Prevents Sybil attack
Verify bidirectionality of links Prevents HELLO floods
Multipath and probabilistic routing Limits effects of selective forwarding
Countermeasures (cont.)
Wormholes are difficult to defend against Can be launched by insiders and outsiders Defenses exist for outsiders, but are not cheap Best solution avoid routing race conditions Geographic routing protocols hold promise
Nodes near base stations are attractive to compromise Overlays
Why is this a problem?
Wireless security has been spotty WEP/802.11b GSM
Secure routing mechanisms for ad-hoc wireless networks are not necessarily applicable Too much functionality any-to-any routing Not enough functionality sensor nets are often
app. specific Too much overhead public key cryptography
Wormhole attacks A wormhole is created when
an adversary tunnels packets received in one part of the network and replays them in a different part.
Exploits routing race conditions
Enables other attacks Can be launched by insiders
and outsiders