Secure Routing in Wireless Sensor Networks - Introduction...

Secure Routing in Wireless Sensor NetworksIntroduction to Wireless Sensor Networks

Ida Siahaan / Leonardo Fernandes

DIT

Ida Siahaan / Leonardo Fernandes (DIT) Secure Routing in Wireless Sensor Networks University of Trento 1 / 34

Outline1 Motivation

2 Wireless Sensor Networks RoutingDirected Diffusion

3 Security in Wireless Sensor NetworksSecurity RequirementsSecurity Threats

4 CountermeasuresOutsider attacks and link layer securityThe Sybil attackHELLO flood attacksWormhole and sinkhole attacksLeveraging global knowledgeSelective forwardingAuthenticated broadcast

5 Example of Secure Sensor Network Routing ProtocolAttacked Directed DiffusionProposed Solution for Directed Diffusion


MotivationCurrent routing protocols optimize for the limited capabilities ofnodes and the application-specific nature of networks, But do notconsider securitySecurity is a basic requirement of most applications

I IndustryI SurveillanceI Health SystemsI Military Applications

in-network processing makes end-to-end security mechanismsharder to deploy because intermediate nodes need direct accessto the contents of the messages


Wireless Sensor Networks RoutingWSN’s are resource constrainedMultihop vs single hop topologiesRouting is usually data-centric rather than address-centricExample: Directed Diffusion


Directed Diffusion

Source

Sink

Figure: A simple scenario


Directed Diffusion

Source

Sink

Figure: Interest propagation


Directed Diffusion

Source

Sink

Figure: Low Rate Messages: At this point the sink needs to decide whichincoming path to reinforce. The directed diffusion description does notspecify how this choice should be done, leaving it as a design choice. Onesimple possibility could be to include in the low rate messages a Hop Countvalue, so that the sink can choose the shortest path.


Directed Diffusion

Source

Sink

Figure: Reinforcement


Directed Diffusion

Source

Sink

Figure: Data Delivery Along Reinforced Path


Security RequirementsAuthentication Verifying that principals are who they claim to becan be achieved through appropriate proof of identity (i.e.encrypted signature)Integrity Ensure that information is not changed in transit, eitherdue to malicious intent or by accidentData Confidentiality In most applications nodes communicatevery sensitive data such as surveillance information and industrialsecrets. Such applications need to rely on confidentiality. Thestandard approach for keeping confidentiality is through the useof encryptionData Freshness To ensure the freshness of each message suchthat the data is recent, and to ensure that no old messages canbe replayedAvailability We can loose the availability of a sensor due to thelost of energy because of computation and communication


Self-Organization Distributed sensor networks must self-organizeto support multihop routing. Such self organization is very hard tobe done in a secure way

Secure Localization The utility of a sensor network often relies onits ability to accurately and automatically locate each sensor inthe network. However, an attacker can easily manipulate nonsecured location information by reporting false signal strengths,replaying signals, etc


Security ThreatsSpoofed, altered, or replayed routing information Attacks targetedat the routing information exchanged between nodes so thatadversaries may be able to create routing loops, attract or repelnetwork traffic, extend or shorten source routes, generate falseerror messages, partition the network, and increase end-to-endlatency.Selective forwarding Malicious nodes in multi-hop networks mayrefuse to forward certain messages and simply drop them,ensuring that they are not propagated any further.Sinkhole attacks The adversary collects nearly all the traffic froma particular area through a compromised node, creating asinkhole with the malicious node at the center.Sybil attacks A single adversary node presents multiple identitiesto other nodes in the network [2].


Wormholes An adversary tunnels messages received in one partof the network over a low latency link and replays them in adifferent part [6].HELLO Flood attacks Many protocols require nodes to broadcastHELLO packets to announce themselves to their neighbors, and anode receiving such a packet may assume that it is within(normal) radio range of the sender. This assumption may befalse: a laptop-class attacker with large transmission power couldconvince every node in the network that the adversary is itsneighbor.Acknowledgment spoofing Several sensor network routingalgorithms rely on implicit or explicit link layer acknowledgements.Due to the inherent broadcast medium, an adversary can spooflink layer acknowledgments for “overheard” packets addressed toneighboring nodes. Goals include convincing the sender that aweak link is strong or that a dead or disabled node is alive.


Threat model - Characteristics - Security modelThreat models:

I sensor-class (mote-class) attackers vs laptop-class attackerI outsider attacks vs insider attacks

Characteristics of sensor networks:I power is a scarce resourceI very little computational power ↪→ public-key cryptography is so

expensive as to be unusableI communication bandwidth is extremely limited and multihop

routing is used as a way of saving energySecurity model:

I insecure wireless communicationI limited node capabilitiesI possible insider threatsI the adversaries can use laptops with high energy and long range

communication to attack the network


Outsider attacks and link layer securityLink layer encryption and authentication using a globally sharedkey.The Sybil attack is not relevant (nodes are unwilling to accepteven a single identity of the adversary).The majority of selective forwarding and sinkhole attacks are notpossible (the adversary is prevented from joining the topology).Attacks not countered are wormhole attacks and HELLO floodattacks:

I nothing prevents adversary from using a wormhole to tunnelpackets sent by legitimate nodes in one part of the network tolegitimate nodes in another part to convince them they areneighbors

I by amplifying an overheard broadcast packet with sufficient powerto be received by every node in the network

Ineffective in presence of insider attacks or compromised nodes.↪→ Insiders can attack the network by spoofing or injecting bogusrouting information, creating sinkholes, selectively forwardingpackets, using the Sybil attack, and broadcasting HELLO floods.


The Sybil attackEvery node share a unique symmetric key with a trusted basestation.Two nodes use a Needham-Schroeder like protocol to verify eachother’s identity and establish a shared key.A pair of neighboring nodes can use the resulting key toimplement an authenticated, encrypted link between them.The base station limits the number of neighbors a node is allowedto have↪→ to prevent an insider from wandering around a stationarynetwork and establishing shared keys with every node in thenetwork.


HELLO flood attacksVerification of the bidirectionality of a link before takingmeaningful action based on a message received over that link.Identity verification protocol as for the Sybil attack is sufficient forprevention.


Wormhole and sinkhole attacksWormholes are hard to detect because they use a private,out-of-band channel invisible to the underlying sensor network.A technique for detecting wormhole attacks is presented in [5],but it requires extremely tight time synchronization.Sinkholes are difficult to defend against in protocols that useadvertised information such as remaining energy or an estimateof end-to-end reliability to construct a routing topology becausethis information is hard to verify.Protocols that construct a topology initiated by a base station aremost susceptible to wormhole and sinkhole attacks.Solution: carefully design routing protocols in which wormholesand sinkholes are meaningless eg. class of geographic routingprotocols.↪→ Geographic protocols construct a topology on demand usingonly localized interactions and information and without initiationfrom the base station.


Leveraging global knowledgeChallenge in securing large sensor networks is their inherentself-organizing, decentralized nature.To account for topology changes due to radio interference ornode failure, nodes would periodically update a base station withthe appropriate information.Drastic or suspicious changes to the topology might indicate anode compromise.Restricting the structure of the topology can eliminate therequirement for nodes to advertise their locations if all nodes’locations are well known, eg. nodes can be arranged in a gridwith square, triangular, or hex shaped cells.


Selective forwardingMultipath routing: Messages routed over n paths whose nodesare completely disjoint are completely protected against selectiveforwarding attacks involving at most n compromised nodes andoffer probabilistic protection when over n nodes arecompromised.Completely disjoint paths are difficult to create.Braided paths [11]: nodes may be in common, but no links incommon (i.e., no two consecutive nodes in common).Multiple braided paths may provide probabilistic protectionagainst selective forwarding and use only localized information.Dynamic choice of a packet’s next hop probabilistically from a setof possible candidates to reduce the chances of an adversarygaining complete control of a data flow.


Authenticated broadcastBase stations are trustworthy, adversaries must not be able tospoof broadcast or flooded messages from any base station.µTESLA [9] is a protocol for efficient, authenticated broadcastand flooding.

I Symmetric key cryptography and minimal packet overhead.I Asymmetry for authenticated broadcast and flooding by using

delayed key disclosure and one-way key chainsI Preventing replay ↪→ messages authenticated with previously

disclosed keys are ignored.I Loose time synchronization.


Attacked Directed Diffusion

Source

Sink

Figure: Simple Attack


Directed Diffusion

Source

Sink

Figure: Interest Propagation is Normal


Directed Diffusion

Source

Sink

Figure: Attacker Alters the Informed Hop Count


Directed Diffusion

Source

Sink

Figure: Attacker Selected for Reinforcement


Directed Diffusion

Source

Sink

Figure: Attacker has Access to All Data


Proposed Solution for Directed DiffusionWe ensure data confidentiality (Data chunk) and data integrity(Requirment/Hopcount chunk)SNEP (Secure Network Encryption Protocol):

I providing data confidentiality, two-party data authentication, anddata freshness, with low overhead

I do not deal completely with compromised sensors, merely ensurethat compromising a single sensor does not reveal the keys of allthe sensors in the network.

E = {D}〈Kencr ,C〉 {to achieve confidentiality, use encrypted data}M = MAC(Kmac , C|{E}) {to achieve data integrity, use a messageauthentication code (MAC)}

I D:dataI Kencr : encryption keyI C:counterI Kencr and Kmac : derived from the master secret key K


SummaryCurrent routing protocols optimize for the limited capabilities ofnodes and the application-specific nature of networks.Secure sensor network routing protocols requirements, threatsand countermeasures.Routing security must be included as part of the overall sensornetwork design.


For Further Reading I

J.N. Al-Karaki and A.E. Kamal.Routing techniques in wireless sensor networks: a survey.IEEE Wireless Communications, 11(6):6–28, 2004.

J.R. Douceur.The sybil attack.In in 1st International Workshop on Peer-to-Peer Systems (IPTPS02),March 2003.

D. Ganesan, B. Krishnamachari, A. Woo, D. Culler, D. Estrin, andS. Wicker.An empirical study of epidemic algorithms in large scale multihopwireless networks.Technical report, 2002.

Z.J. Haas, J.Y. Halpern, and L. Li.Gossip-based ad hoc routing.IEEE/ACM Trans. Netw., 14(3):479–491, 2006.


For Further Reading II

Y. Hu, A. Perrig, and D. Johnson.Wormhole detection in wireless ad hoc networks.Technical report, 2002.

Y.C. Hu, A. Perrig, and D.B. Johnson.Wormhole detection in wireless ad hoc networks.Tech. Rep. TR01-384, Department of Computer Science, RiceUniversity, June 2002.

C. Karlof and D. Wagner.Secure routing in wireless sensor networks: Attacks andcountermeasures.In First IEEE International Workshop on Sensor Network Protocols andApplications, pages 113–127, May 2003.

J. Kulik, W. Heinzelman, and H. Balakrishnan.Negotiation-based protocols for disseminating information in wirelesssensor networks.Wirel. Netw., 8(2/3):169–185, 2002.


For Further Reading III

A. Perrig, R. Szewczyk, J.D. Tygar, V. Wen, and D.E. Culler.Spins: security protocols for sensor networks.Wirel. Netw., 8(5):521–534, 2002.

J.P. Walters, Z. Liang, W. Shi, and V. Chaudhary.Wireless sensor network security: A survey, 2006.

Y. Yu, R. Govindan, and D. Estrin.Geographical and energy aware routing: A recursive data disseminationprotocol for wireless sensor networks.Technical report, 2001.


Secure Routing in Wireless Sensor Networks - Introduction...

Documents

Transcript of Secure Routing in Wireless Sensor Networks - Introduction...