Secure Routing in Wireless Sensor Network

1
Secure Routing in Wireless Sensor Network

• Soumyajit Manna
• Kent State University

2
Outline

• Overview and background
• Statement of routing security problem
• Attacks on sensor network routing
• Attack on specific sensor network protocol
• Countermeasure

3
Overview and Background

• So for Wireless Sensor Network
• Current routing protocol not designed for
  security be insecure
• Unlike traditional network, they cant depend on
  many available resources for security
• Goal to design sensor routing protocol with
  security in mind

• Current Routing Protocol Goal
• Low Energy
• Robust
• Scalable
• Low Latency
• Small Footprint

4
Problem Statement

• Assumption about underlying network
• Radio link, sensor node and MAC layer are not
  secured and easily tampered
• Base stations and aggregation points can be
  trusted to some extend
• Different threat models
• Mote class Vs Laptop class
• Inside Vs Outside
• Security goals in this settings
• Reliable delivery of messenger in conventional
  network
• Sensor network need in-network processing
• Graceful degradation
• Confidentiality Protection against Reply of data
  packet should be handle by higher level

5
Attack model

• Spoofed, altered or replay routing information
• May be used for loop construction, attracting or
  repelling traffic, extend or shorten source route
• Selective forwarding
• Refuse to forward certain messengers, selective
  forwarding packets or simply drop them by trying
  to follow the path of least resistance and
  attempt to include itself on the actual data path
  flow
• Sinkhole attacks
• Attracting nearly all traffic from a particular
  area through a specific compromised node

6
Attack model

• Sybil attacks
• Forging of multiple identities having a set of
  faulty entities representing through a large set
  of identities. It undermines assumed mapping
  between identity to entity
• Wormhole attacks
• Tunneling of messages over alternative low
  latency links like confuse the routing protocol,
  creates sinkhole
• Hello flood attacks
• An attacker sends or replays a routing
  protocols hello packets with more energy
• Acknowledgement spoofing
• Spoof link layer acknowledgement to trick other
  nodes to believe that link or node is either dead
  or alive

7
General sensor routing protocol type

• Flooding
• Gradient
• Clustering
• Geographic
• Energy Aware

8
Protocols used in sensor network

• TinyOS beaconing
• Directed diffusion
• Geographic routing
• Minimal cost forwarding
• Cluster head LEACH
• Rumor routing
• Energy conserving topology maintenance

9
Attacks on specific protocols

• TinyOS beaconing It constructs a breath first
  spanning tree rooted at base station.
  Periodically the base station broadcasts a route
  updates and mark the base station as parents and
  broadcast it .
• Relevant Attack mode
• Bogus routing information
• Selective forwarding
• Sinkhole
• Wormholes
• Hello floods

10
TinyOS beacon

• Spoof information
• Bogus and replayed routing
• information (such as I am
• base station) send by an
• adversary can easily pollute
• the entire network.

11
TinyOS beacon

• Wormhole Sinkhole Combination
• Tunnel packets received in one
• place of the network and replay
• them in another place
• The attacker can have no key
• material. All it requires is two
• transceivers and one high quality
• out-of-bound channel

12
TinyOS beacon

• Wormhole Sinkhole Combination
• Most packet will be
• routed to the wormhole
• The wormhole can drop
• packet directly (sinkhole)
• Or more subtly selectively
• forward packets to avoid
• detection

13
TinyOS beacon

• Hello flood attack
• A Laptop class adversary
• that can retransmit a routing
• updates with enough power
• to be received by the entire
• network

14
Direct Diffusion

• Relevant attack
• Suppression by spoof negative reinforcement
• Cloning by replay information with malicious
  listed as base station (send both)
• Path influence by spoof positive or negative
  reinforcements and bogus data events
• Selective forwarding and data tampering by
  above attack method to put the malicious node in
  the data flow
• Wormholes attack
• Sybil attack

15
Geographic routing

• GEAR GPSR
• Cost function depends on destination location and
  the neighbor nodes used to determine next hop
• It uses greedy geographic query routing technique
• Better than Directed Diffusion (e.g. flooding
  technique)
• It restrict broadcast within sampling region

16
Geographic routing

• Possible attack
• Sybil attack
• Bogus routing information
• Selective forwarding
• No wormhole and
• sinkhole attack
• An adversary may present multiple identities
• to other nodes. The Sybil attack can disrupt
  geographic and multi-path
• routing protocols by being in more than one place
  at once and reducing
• diversity. From B-gt C, now will go through B-gt A3
  -gtC

17
Geographic routing example 2

• From B -gt D, A forge a wrong information to
  claim B is in (2, 1), so C will send packets back
  to B which cause loop at last.

18
Minimum cost forwarding

• It is an backoff based cost field
• algorithm for efficiently
• forwarding packets from sensor
• nodes to base station
• Once the field is established
• the message, carrying dynamic
• cost information, flows along
• the minimum cost path in the
• cost field. Each intermediate
• node forwards the message only
• if it finds itself on the optimal path
  A 110, will select B
• for this message.

19
Minimum cost forwarding

• Possible attacks
• Sinkhole attack
• Mote class adversary advertising cost zero
  anywhere in network
• Hello flood attack
• Bogus routing information
• Selective forwarding
• Wormholes

20
LEACH

• It is termed as Low Energy Adaptive Clustering
  Hierarchy.
• Randomized and self configuration
• Low energy media access control
• Cluster-head collect data and perform processing
  then transmit to base station.
• Possible attack
• Hello floods Cluster head selection based on
  signal strength what means a powerful
  advertisement can make the malicious attack be
  cluster head.
• Selective forwarding
• Sybil attack Combined with hello floods if nodes
  try to randomly select cluster head instead of
  strongest signal strength.

21
Rumor Routing

• Designed for query/event ratios between query and
  event flooding
• Lower the energy cost of flooding

22
Rumor routing

• Possible attack
• Bogus routing information
• Create tendrils by FWD copies of agent
• Send them as long as possible (TTL)
• Selective forwarding
• Sinkholes
• Sybil
• Wormholes

23
Energy conserving topology maintenance

• GAF

• SPAN

• Physical space is divided into equal virtual size
  squares, where nodes know its location and nodes
  with a square are equivalent
• Identifies nodes for routing based on location
  information
• Dense node deployment hence turn off unnecessary
  nodes ( like sleep, discovery or active state)
• Each grid square has one active node
• Nodes are ranked with respect to current state
  expected lifetime

• An energy efficient coordination algorism for
  topology maintenance
• Backbone for routing fidelity is build by
  coordinators
• A node become eligible to be coordinate if two of
  its neighbors cant reach other directly or via
  one or two coordinators
• Traffic only routed by coordinator
• Random back off for delay coordinator
  announcement
• Hello messenger being broadcasted periodically

24
Energy conserving topology maintenance

• GAF

• SPAN

• Possible attack
• Bogus routing Broadcasting high ranking
  discovery messages , then they can use some
  selective forwarding attack
• Sybil Hello flood Target individual grids by a
  high ranking discovery messages with a non
  existent node, frequently advertisements can
  disable the whole network by making most node
  sleep

• Possible attack
• Hello floods Broadcast n Hello messages with
  fake coordinator and neighbors which will prevent
  nodes from becoming coordinators when they
  should, then they can use some selective
  forwarding attack

25
Summary of attacks
26
Countermeasures

• Selective Forwarding can be limited by
  implementing multipath and probabilistic routing.
• Outsider attack like Bogus routing information,
  Sybil, Sinkholes can be prevented by implementing
  key management at the link layer.
• Insider attack like HELLO floods can be prevented
  by establishing link keys with the trusted base
  station which will verifies bidirectional.
• Authenticated broadcast and flooding are
  important primitives.
• Cluster-based protocols and overlays can reduce
  attack for the nodes closer to base station

27
Attacks difficult to defend

• Wormhole are difficult to defend. This type of
  attack is done by mainly laptop-class both from
  inside and outside. To some extend geographic and
  clustering based protocol defend against this
  attack.

28
Conclusion

• Link layer encryption and authentication,
  multipath routing, identity verification,
  bidirectional link verifies and authenticated
  broadcast is important.
• Cryptography is not enough for insider and
  laptop-class adversaries, careful protocol design
  is needed as well