Secure routing in wireless sensor network: attacks and countermeasures Presenter: Haiou Xiang...
-
Upload
carol-wade -
Category
Documents
-
view
215 -
download
0
Transcript of Secure routing in wireless sensor network: attacks and countermeasures Presenter: Haiou Xiang...
Secure routing in wireless sensor network: attacks and countermeasures
Presenter: Haiou Xiang
Author: Chris Karlof, David Wagner
Appeared at the First IEEE International Workshop on Sensor Network Protocols and Applications, May 11, 2003
Contribution
• Propose threat models and security goals for secure routing in wireless sensor networks
• Introduce seven attack techniques, including two novel attacks, sinkhole and HELLO floods.
• Present the detailed security analysis of all major routing protocols.
• Discuss countermeasures and design considerations for security routing protocols
Background
• What is sensor network?
Outside Network
Base station
Sensor nodeEvent
Aggregation node
Background
• The properties of sensor network– Sensor Node:
• Lower-power, Lower-bandwidth, shorter-range• Multihop wireless network
– Aggregation node:• Eliminate the redundancy, saving energy
– Base station (Sink)• More powerful than sensor nodes
Background
• Security limitation: UC berkeley lab: Mica mote
– Limit Power• Power: Two AA batteries• Only two weeks at full power
– Limit memory and computational power• 4MHz 8-bit CPU, 4KB RAM, 512KB flash memor
y
Attacks on sensor network routing
Spoofed, altered, or replayed routing information
• Behavior:– Create routing loops, attract or repel network
traffic, extend or shorten source routes
• Goal:– Generate false error messages, partition the
network, increase end-to-end latency
Example
Selective forwarding
• Behavior:– Malicious nodes may refuse to forward
certain messages and simply drop them, ensuring that they are not propagated any further.
• Goal:– Attempt to include herself on the actual path
of the data flow
Example
Outside Network
Base station
Sensor nodeEvent
Aggregation node
Malicious node
Drop
Acknoledgement spoofing
• Behavior– Spoof link layer acknowledgments for
“overheard” packet addressed to neighboring nodes
• Goal– Convincing the sender that a weak link is
strong or that a dead or disabled node is alive
– Enable selecting forward attack
Example
Outside Network
Base station
Sensor nodeEvent
Aggregation node
Malicious node
Lost
bad node
Sinkhole attacks
• Behavior– Making a compromised node look especially
attractive to surrounding nodes
• Goal– Lure nearly all the traffic from a particular
area through a compromised node, create a metaphorical sinkhole with the adversary at the center
– Enable selecting forward attack
Example
Sinkhole attack
Wormholes
• Behavior– Tunnel messages received in one part of
network over a low-latency link and replays them in a different part
• Goal:– May be able to completely disrupt routing if
an adversary situated close to a base station– Enable sinkhole attack– Exploit routing race condition
Example
Sybil attack
• Behavior– A single node presents multiple identities to
other nodes in the network
• Goal:– Significantly reduce the effectiveness of fault-
tolerant schemes
Example
HELLO flood attack
• Behavior– A laptop-class attacker broadcasting routing
or other information with large enough transmission power could convince every node in the network that the adversary is its neighbor
• Goal– Enable wormhole attack by broadcasting
wormholes
Example
Summary of attack
Countermeasures
Outsider attacks and link layer security
• Solution:– Global share key: link layer encryption and
authentication
• Limitation: ineffective– Wormhole and HELLO flood attack– Insider attack or compromised node
Sybil attack
• Solution– Every node share a unique symmetric key with base
station– Two node establish a shared key and verify each
other’s identity– Base station limit the number of neighbors around a
node– When a node is compromised, it is restricted to
communicating only with its verified neighbors
• Limitation– Adversary can still use a wormhole to create an
artificial link between two nodes to convince them
HELLO flood attacks
• Solution:– Verify the bidirectionality of a link before takin
g meaningful action– Every node authenticate each of its neighbor
s with an identity verification protocol using a trusted base station
Wormhole and sinkhole attacks
• Solution– Design routing protocols which avoid routing
race conditions and make these attacks less meaningful
• Geographic routing protocols: construct a topology on demand using only localized interactions and information
Selective forwarding
• Solution:– Multipath routing: message routed over n pat
hs whose nodes are completely disjoint – Nodes dynamically choose a packet’s next h
op probabilistically from a set of possible candidates
• Limitation:– Completely disjoint paths is difficult to create
Countermeasure summary
Attacks Countermeasure
Outersiders,
Sybil,
HELLO floods,
ACKs spoofing
Link-layer encryption and authentication, multipath routing,
identity verification,
bidirectional link verification,
authenticated broadcast
Sinkhole attack
wormhole attack
Geographic routing protocols
Strength
• Demonstrate current routing protocols for wireless sensor networks are insecure
• Provide several countermeasures to against attacks: link layer encryption and authentication and so on
Questions?