Upload
sharon-morgan
View
219
Download
0
Tags:
Embed Size (px)
Citation preview
Secure Routing in Wireless Sensor Network
Soumyajit MannaKent State University
04/18/23Kent State University1
Outline
Overview and background
Statement of routing security problem
Attacks on sensor network routing
Attack on specific sensor network protocol
Countermeasure04/18/23Kent State University2
Overview and Background Current Routing Protocol Goal:
Low Energy
Robust
Scalable
Low Latency
Small Footprint
So for Wireless Sensor Network:
Current routing protocol not designed for security & be insecure
Unlike traditional network, they can’t depend on many available resources for security
Goal: to design sensor routing protocol with security in mind
04/18/23Kent State University3
Problem Statement Assumption about underlying network
Radio link, sensor node and MAC layer are not secured and easily tampered
Base stations and aggregation points can be trusted to some extend
Different threat models Mote class Vs Laptop class Inside Vs Outside
Security goals in this settings Reliable delivery of messenger in conventional network
Sensor network need in-network processing Graceful degradation Confidentiality Protection against Reply of data packet should be handle by higher level
04/18/23Kent State University4
Attack model
Spoofed, altered or replay routing information May be used for loop construction, attracting or repelling traffic, extend or shorten source route
Selective forwarding Refuse to forward certain messengers, selective forwarding packets or simply drop them by trying to follow the path of least resistance and attempt to include itself on the actual data path flow
Sinkhole attacks Attracting nearly all traffic from a particular area through a specific compromised node
04/18/23Kent State University5
Attack model Sybil attacks
Forging of multiple identities – having a set of faulty entities representing through a large set of identities. It undermines assumed mapping between identity to entity
Wormhole attacks Tunneling of messages over alternative low – latency links like confuse the routing protocol, creates sinkhole
Hello flood attacks An attacker sends or replays a routing protocol’s hello packets with more energy
Acknowledgement spoofing Spoof link layer acknowledgement to trick other nodes to believe that link or node is either dead or alive
04/18/23Kent State University6
General sensor routing protocol type
Flooding
Gradient
Clustering
Geographic
Energy Aware
04/18/23Kent State University7
Protocols used in sensor network
TinyOS beaconing Directed diffusion Geographic routing Minimal cost forwarding Cluster – head – LEACH Rumor routing Energy conserving topology maintenance
04/18/23Kent State University8
Attacks on specific protocols TinyOS beaconing: It constructs a breath first spanning tree rooted at base station. Periodically the base station broadcasts a route updates and mark the base station as parents and
broadcast it .
Relevant Attack mode: Bogus routing information Selective forwarding Sinkhole Wormholes Hello floods
04/18/23Kent State University9
TinyOS beacon
Spoof information
Bogus and replayed routing
information (such as “I am
base station”) send by an
adversary can easily pollute
the entire network.
04/18/23Kent State University10
TinyOS beacon Wormhole & Sinkhole Combination
Tunnel packets received in one place of the network and replay them in another place
The attacker can have no key material. All it requires is two transceivers and one high quality out-of-bound channel
04/18/23Kent State University11
TinyOS beacon Wormhole & Sinkhole Combination
Most packet will be routed to the wormhole
The wormhole can drop packet directly (sinkhole)
Or more subtly selectively forward packets to avoid detection
04/18/23Kent State University12
TinyOS beacon Hello flood attack
A Laptop class adversary that can retransmit a routing updates with enough power to be received by the entire network
04/18/23Kent State University13
Direct Diffusion Relevant attack
Suppression – by spoof negative reinforcement Cloning – by replay information with malicious listed as base station (send both)
Path influence – by spoof positive or negative reinforcements and bogus data events
Selective forwarding and data tampering – by above attack method to put the malicious node in the data flow
Wormholes attack Sybil attack
04/18/23Kent State University14
Geographic routing
GEAR & GPSR Cost function depends on destination location and the neighbor nodes used to determine next hop
It uses greedy geographic query routing technique
Better than Directed Diffusion (e.g. flooding technique)
It restrict broadcast within sampling region
04/18/23Kent State University15
Geographic routing
Possible attack
Sybil attack Bogus routing information Selective forwarding No wormhole and sinkhole attack
An adversary may present multiple identitiesto other nodes. The Sybil attack can disrupt geographic and multi-path
routing protocols by being in more than one place at once and reducing
diversity. From B-> C, now will go through B-> A3 ->C04/18/23Kent State University16
Geographic routing example 2
From B -> D, A forge a wrong information to claim B is in (2, 1), so C will send packets back to B which cause loop at last.
04/18/23Kent State University17
Minimum cost forwarding It is an backoff – based cost field algorithm for efficiently forwarding packets from sensor nodes to base station
Once the field is established the message, carrying dynamic cost information, flows along the minimum cost path in the cost field. Each intermediate node forwards the message only if it finds itself on the optimal path A = 110, will select B
for this message.04/18/23Kent State University18
Minimum cost forwarding Possible attacks
Sinkhole attack Mote – class adversary advertising cost zero anywhere in network
Hello flood attack
Bogus routing information
Selective forwarding
Wormholes
04/18/23Kent State University19
LEACH It is termed as Low – Energy Adaptive Clustering Hierarchy. Randomized and self – configuration Low energy media access control Cluster-head collect data and perform processing then transmit to base station.
Possible attack Hello floods: Cluster – head selection based on signal strength what means a powerful advertisement can make the malicious attack be cluster – head.
Selective forwarding Sybil attack: Combined with hello floods if nodes try to randomly select cluster – head instead of strongest signal strength.
04/18/23Kent State University20
Rumor Routing Designed for query/event ratios between query and event flooding
Lower the energy cost of flooding
04/18/23Kent State University21
Rumor routing Possible attack
Bogus routing information Create tendrils by FWD copies of agent Send them as long as possible (TTL)
Selective forwarding Sinkholes Sybil Wormholes
04/18/23Kent State University22
Energy conserving topology maintenanceGAF SPAN Physical space is divided into equal virtual size squares, where nodes know its location and nodes with a square are equivalent
Identifies nodes for routing based on location information
Dense node deployment hence turn off unnecessary nodes ( like sleep, discovery or active state)
Each grid square has one active node
Nodes are ranked with respect to current state & expected lifetime
An energy – efficient coordination algorism for topology maintenance
Backbone for routing fidelity is build by coordinators
A node become eligible to be coordinate if two of its neighbors can’t reach other directly or via one or two coordinators
Traffic only routed by coordinator
Random back off for delay coordinator announcement
Hello messenger being broadcasted periodically
04/18/23Kent State University23
Energy conserving topology maintenanceGAF SPAN
Possible attack Bogus routing: Broadcasting high ranking discovery messages , then they can use some selective forwarding attack
Sybil & Hello flood: Target individual grids by a high ranking discovery messages with a non – existent node, frequently advertisements can disable the whole network by making most node sleep
Possible attack Hello floods: Broadcast n Hello messages with fake coordinator and neighbors which will prevent nodes from becoming coordinators when they should, then they can use some selective forwarding attack
04/18/23Kent State University24
Summary of attacks
04/18/23Kent State University25
Countermeasures Selective Forwarding can be limited by implementing multipath and probabilistic routing.
Outsider attack like Bogus routing information, Sybil, Sinkholes can be prevented by implementing key management at the link layer.
Insider attack like HELLO floods can be prevented by establishing link keys with the trusted base station which will verifies bidirectional.
Authenticated broadcast and flooding are important primitives.
Cluster-based protocols and overlays can reduce attack for the nodes closer to base station
04/18/23Kent State University26
Attacks difficult to defend
Wormhole are difficult to defend. This type of attack is done by mainly laptop-class both from inside and outside. To some extend geographic and clustering based protocol defend against this attack.
04/18/23Kent State University27
Conclusion
Link layer encryption and authentication, multipath routing, identity verification, bidirectional link verifies and authenticated broadcast is important.
Cryptography is not enough for insider and laptop-class adversaries, careful protocol design is needed as well
04/18/23Kent State University28