KAIS T SIGF : A Family of Configurable, Secure Routing Protocols for WSNs Sep. 20, 2007 Presented by Kim, Chano Brian Blum, Tian He, Sang Son, Jack Stankovic

KAIST

SIGF : A Family of Configurable, Secure

Routing Protocols for WSNs

Sep. 20, 2007

Presented by Kim, Chano

Brian Blum, Tian He, Sang Son, Jack Stankovic

Security of Ad Hoc and Sensor Networks (SASN’06)

22 / 19 / 19SIGF : A Family of Configurable, Secure Routing Protocols for WSNs

Contents

Introduction

IGF : Implicit Geographic Forwarding

Assumptions and Attacks

SIGF : Secure IGF

Evaluation

Conclusion

33 / 19 / 19

Introduction

Resource bound security solution

Efficiency of individual security mechanism

Efficiency of all security mechanisms installed together at a node

Access control, routing, localization, time synchronization, Power management

SIGF(Secure Implicit Geographic Forwarding )

B.blum at al, IGF : A state free robust communication protocol for wireless

sensor networks. CS-2003-1, Univ. of Virginia, 2003

A family of configurable secure routing protocols

Three protocols (SIGF-0, SIGF-1, SIGF-2)

State ↑ & Security ↑

SIGF : A Family of Configurable, Secure Routing Protocols for WSNs

44 / 19 / 19

IGF(Implicit Geographic Forwarding) – 1/2

Quick overview of IGF

Fig-1. Forwarding Area for Source S Fig-2. IGF handshake timeline

A

R

: Candidate nodes


55 / 19 / 19

Keeps no routing state information

Lazy binding → Fault tolerance, robust topology changes

Eliminate maintenance overhead and routing latency

Ten-fold increase in delivery ratio

Reduce end to end delay and control overhead

A point of view from security

Confines the attacker’s impact to the neighborhood

Prevents attackers that proof, alter, replace routing information

Vulnerable in black-hole attack

IGF(Implicit Geographic Forwarding) – 2/2


66 / 19 / 19

System assumption

Insecure radio links

Attacker’s possibilities

Nodes know their own location

Additionally know that of their neighbors (SIGF-1, SIGF-2)

Pairwise-shared keys in the neighbors(SIGF-2 )

Routing attacks (applicable to IGF)

Routing state corruption, Wormhole, Hello-flood => prevented

Black hole attack, Selective forwarding attack, Sybil attack

Denial of services : ORTS replay attack, CTS replay attack

Assumptions and Attacks – 1/3


Routing Attacks

Assumptions and Attacks – 2/3

Fig-3. CTS Rushing Attack by A Fig-4. Node A performs a Sybil attack

SIGF : A Family of Configurable, Secure Routing Protocols for WSNs 77 / 19 / 19

88 / 19 / 19

SIGF : Secure IGF

Tradeoff between security and state maintenance

Configurability can be adapted at runtime

Higher cost must be borne even when no attacks are occurring

Each protocol is a subset of the next

SIGF-0 : no state at all

SIGF-1 : locally generated state

Limited information learned from interactions with neighbors

SIGF-2 : Cryptographic guarantees in routing

Use keys and sequence numbers shared among neighbors


99 / 19 / 19

SIGF : Secure IGF-0

Lessen but not eliminate the chance of selecting an attackers

Fig-3. SIFG-0 next hop selection for message from current node S to ultimate Destination D


1010 / 19 / 19

SIGF : Secure IGF-0

Configurable dimension

Forward Area

{60° sextant, closer, whole neighborhood}

Collection Window

{one responder, fixed multiple, dynamically lengthened}

Forwarding Candidate Choice

{first, by priority, random, multiple}

Omit location

{ yes, no}

Robust against a black-hole attack cased

by CTS rushing attack


1111 / 19 / 19

SIGF : Secure IGF-1

Reduce the chance of selecting an attacker as the next-hop

State

T : Total # of messages sent to all neighbors)

Nsent = # of messages sent to N

Nforward = # of messages forwarded by neighbor N on this node’s behalf

Nlocation = Last claimed location of node N

Ndelay = average delay between relaying a message to node N

Nsuccess = Nforward / Nsent = forwarding success ratio (reliability)

Nfairness = (T- Nsent ) / T = forwarding fairness ratio

Nconsistency = A consistency score based on N’s claimed location

N performance = (D – N delay) / D


1212 / 19 / 19

SIGF : Secure IGF-1

Per Neighbor Reputation Value

System Parameters for SIGF-1


eperformancyconsistencfairnesssuccess NNNNR

1313 / 19 / 19

SIGF : Secure IGF-2

Shared state secure IGF (for cryptographic operations)

Message Authentication { all messages, only DATA, node)

Message Sequence { yes, no)

Payload Encryption { yes, no}

Attacks resisted by IFG and SIGF protocols

State & Cost

↑

Security ↑


1414 / 19 / 19

Use GloMoSim Simulator

Evaluation

Table. Simulation parameter Fig. Final node location (S,D, A1-4)


1515 / 19 / 19

Evalutation (2/2)

Base System (No attacks)


1616 / 19 / 19

Evalutation (2/2)

Black Hole Attack Selective Forwarding Attack (by A3)


1717 / 19 / 19

Evalutation (2/2)

Sybil Attack (by A3)


1818 / 19 / 19

Conclusion

SIGF (Secure Implicit Geographic Forwarding)

Chooses the next hop dynamically and nondeterministically

Increase robustness to node mobility and failure

SIGF-0, SIGF-1, SIGF-2

Future studies

Evaluate lower densities

How failure-recovery mechanism impacts the performance of SIGF family


1919 / 19 / 19SIG – WORK (4)

Thank you

EXTRA : Wormhole attack (1/4)

Adapted from Chris Karlof and David Wagner's WSNPA slides

Routing Tree

Wormhole attack (2/4)

Routing


Wormhole Attack (3/4)

Tunnel packets received

in one place of the network

and replay them in another

place

The attacker can have no

key material. All it requires

is two transceivers and one

high quality out-of-band

channel Adapted from Chris Karlof and David Wagner's WSNPA slides

Disrupted Routing (4/4)


Most packets will be

routed to the wormhole

The wormhole can drop

packets or more subtly,

selectively forward packets

to avoid detection

Blackhole / Selective forwarding attack

Sybil attack & Rushing attack

Sybil Attack Rushing Attack

Documents

KAIS T SIGF : A Family of Configurable, Secure Routing Protocols for WSNs Sep. 20, 2007 Presented by Kim, Chano Brian Blum, Tian He, Sang Son, Jack Stankovic