Secure Routing in Wireless Sensor Networks - PowerPoint PPT Presentation

About This Presentation
Title:

Secure Routing in Wireless Sensor Networks

Description:

GEAR spreads out path to load-balance. attack: misrepresent location data for sinkhole attack ... text styles. Second level. Third level. Fourth level. Fifth ... – PowerPoint PPT presentation

Number of Views:73
Avg rating:3.0/5.0
Slides: 23
Provided by: beny7
Category:

less

Transcript and Presenter's Notes

Title: Secure Routing in Wireless Sensor Networks


1
Secure Routing in Wireless Sensor Networks
2
This Paper
  • One of the first to examine security on sensor
    networks
  • prior work focused on wired and adhoc
  • Not an algorithms or systems paper
  • Describes
  • general attacks on routing
  • attacks on specific sensor systems
  • some countermeasures
  • Also useful as survey of sensor routing protocols

3
Outline
  • Context
  • Routing attacks
  • Protocol attacks
  • What next?

4
Security for Sensor Nets
  • A larger challenge in sensor nets
  • security not priority in protocol design
  • mainly optimize for power (CPU / transmissions)
  • E2E principle does not apply
  • routers need access to data for aggregation
  • many to one communication instead of end-to-end
  • Result
  • Protocols easy to attack and cripple
  • Security needs to be built-in at protocol design

5
Context
  • Large static sensor networks
  • large (100s, 1000s) of low power nodes
  • fixed location for their entire lifetime
  • focused scenario Berkeley Motes
  • 4Mhz CPU, 4KB RAM (data), 40Kbps max b/w
  • Connectivity
  • base stations powerful pts of central control
  • sensors form multi-hop wireless network
  • periodic data stream aggregated to BS

6
(No Transcript)
7
Worrying about Power
  • Power is 1 concern for sensors
  • small power reserves ? 1 duty cycle or less
  • radio uses power 103 more than sleep mode
  • Other constraints
  • minimal CPU, RAM, radio power
  • cannot support public-key, source routing or
    distance vector, anything that requires
  • May not benefit from Moores law
  • strong pressure to use cheaper nodes
  • is this a temporary trend? will eventually benefit

8
Assumptions
  • Network assumptions
  • radio is insecure
  • base stations are trust-worthy
  • Attackers
  • can control/turn nodes, collude
  • mote-class vs. laptop-class attackers
  • inside vs. outside attackers

9
Outline
  • Context
  • Routing attacks
  • Protocol attacks
  • What next?

10
Attacks on Sensor Routing
  • Spoofed, altered, replayed routing info
  • result routing loops, attract or repel network
    traffic, extend or shorten routes, partition
    network
  • Selective forwarding
  • drop subset of packets w/o being detected
  • (enabled by) Sinkhole attack
  • provide or falsely advertise shorter routes
  • many to one model makes this easy

11
Routing Attacks II
  • Sybil attack
  • one node, many (network) identities
  • Wormholes
  • use out-of-band fast channel to route msgs faster
    than regular network
  • exploit out-of-order delivery (race conditions)
  • hello flood
  • broadcast msg to all nodes (laptop-class)
  • disrupt topology construction
  • Ack spoofing
  • replay link layer acks to misrepresent link
    quality between nodes

12
Understanding Routing Attacks
  • Key weakness
  • insecure wireless channel (eavesdropping,
    replays)
  • unequal transmission power / link quality
  • Selective forwarding
  • be a sinkhole (concentrate traffic into malicious
    node)
  • Enablers (distort view of wireless network)
  • wormholes, HELLO flood (leverage transmission
    pwr)
  • acknowledgement/route spoofing (distort view of
    links)
  • sybil (appear as many nodes at once)

13
Outline
  • Context
  • Routing attacks
  • Protocol attacks
  • What next?

14
Protocols Attacks
  • TinyOS beaconing
  • base station constructs depth first spanning tree
    with itself as root
  • Attacks
  • w/o authentication anyone can claim 2b BS
  • wormhole ? sinkhole attack w/ laptop-class nodes
  • HELLO flood ? strand nodes out of range

15
Protocol Attacks II
  • Directed diffusion
  • BS flood interests for named data
  • sensors send data on reverse interest path
  • paths reinforced to in/decrease data flow
  • Attacks
  • flooding is more robust to sinkholes
  • once path established, can suppress or clone
    flows using path reinforcements
  • can modify in-flight data once its on path

16
Protocol Attacks III
  • Geographic routing (GPSR, GEAR)
  • use coordinates to route towards destination
  • GEAR spreads out path to load-balance
  • attack misrepresent location data for sinkhole
    attack
  • attack use sybil to surround target node
    (sinkhole)
  • Minimum cost forwarding
  • each node keeps local cost of reaching BS
  • broadcast out msg w/ budget, each hop subtracts
    cost. If budget exceeded, msg dropped
  • attack advertise low cost path (can also use
    HELLO)

17
Protocol Attacks IV
  • Rumor routing
  • send out agent carrying useful events on random
    walk through network w/ TTL
  • queries and data both sent out via agents
  • attack mishandle agents remove data
  • attack send out tendrils with large TTLs
    advertising low cost

18
Protocol Attacks V
  • Energy conserving topology maintenance
  • GAF nodes placed into grid squares
  • occasionally wake to see if theyre needed,
    otherwise sleep
  • SPAN coordinators keep connectivity
  • nodes occasionally wake to see if they should be
    upgraded to coordinator
  • Attacks
  • spoof route/discovery msgs to lull nodes to sleep
    ? destroy connectivity

19
Understanding Protocol Attacks
  • Inherent tradeoff energy vs. security
  • optimizing route vs. susceptibility to attacks
  • Attacks
  • all leading to sinkhole attack
  • manipulate cost function to represent self as
    optimal path
  • Is resistance futile?
  • flooding ? useful, but high cost
  • random walks ? potentially high cost
  • key is randomization

20
Outline
  • Context
  • Routing attacks
  • Protocol attacks
  • What next?

21
Countermeasures
  • Link layer security (shared key auth.)
  • costly, but can disable sybil attacks
  • useless against compromised nodes (insiders)
  • Hello floods
  • verify bi-directionality, or authenticate
    identity of neighbors w/ separate protocol
  • Use global knowledge
  • nodes are static, so learn global map
  • scalability enough state to keep info?

22
Intuition
  • Tight tradeoff
  • energy conservation via optimized paths
  • optimization ? manipulation of cost factors
  • Avoid
  • powerful nodes (they cant be authenticated)
  • centralized functionality (same reason)
  • What can we use?
  • randomization / probabilistic routing?
Write a Comment
User Comments (0)
About PowerShow.com