1 denial of service in sensor networks authors: anthony d. wood, john a. stankovic presented by:...
TRANSCRIPT
1
Denial of Service in Sensor Networks
Authors: Anthony D. Wood,
John A. Stankovic
Presented by: Aiyaz Amin Paniwala
2
The paper
Introduction Theory and Application Denial of Service Threat Physical Layer Link Layer Networking Layer Transport Layer Conclusion References
3
Introduction
WSN involves large-scale, real time data processing in complex environments
WSN is used for various applications Availability is of great importance Consideration of security at design time is
essential
4
Theory
Growing use of application dependent sensor networks
Many limitations exist in WSN like power reserves, wireless communication, identifiers
Network must operate under partial failure Network must meet real time requirements Data may be intrinsically valid for short time
5
Application
Sensor Networks are used in different environments with different needs
Military application is primary Can be used in inaccessible locations like
volcanoes Can be used in critical situations like natural or
man made disasters In all applications network must be resilient to
individual node failure
6
Denial of Service Threat
Any event that diminishes or eliminates a network’s capacity to perform it’s expected function
Caused by hardware failures, software bugs, resource exhaustion, environmental conditions or other complicated interactions
7
The Layered Approach
A layered network architecture improves robustness
Each layer has different attacks and different defensive mechanisms
Some attacks are applicable across multiple layers
8
Tabular Representation
9
Physical Layer
This layer deals with the physical transmission in the form of signals
Nodes use wireless communication Base Stations use wired or satellite
communication. Attacks
Jamming Tampering
10
Jamming
Interferes with radio frequencies An adversary can use k randomly
distributed jamming nodes These k nodes can put N nodes out of
service (k<<N) Effective for single frequency network
11
Detection of Jamming
Determined by constant energy as opposed to lack of response
Jamming can be sporadic and hence more difficult to detect yet effective
Jamming itself prevents exchanging data or even reporting the attack
12
Prevention and Mitigation
Spread spectrum communication (code spreading)
It is less feasible due to design complexity, more power and more cost
Attacked nodes can switch to lower duty cycle and wake up to check for jamming
For intermittent jamming nodes send few high power, high priority messages to report attack
13
Local Jamming
14
Tampering
Attacker can physically tamper nodes Likewise nodes can be interrogated and
compromised Attacker can damage or replace sensor
and computation hardware Attacker can extract sensitive material and
use it for further attacks
15
Prevention and Mitigation
Tamper proofing against physical damage Camouflaging or hiding nodes React to tampering by erasing
cryptographic or program memory
16
Link Layer
Provides Channel arbitration Cooperative schemes are vulnerable to
DoS attacks Sensor Network is susceptible to
Collision Exhaustion Unfairness
17
Collision
Adversary may cause disruption by inducing collision in just one octet of transmission
Corruption of ACK can induce costly exponential back-off
The attacker requires minimum energy for listening
18
Detection, Prevention and Mitigation Errors are detected using checksum
mismatch There is no effective way of defending
against such an attack Error Correcting codes can be used at the
cost of increased overheads
19
Exhaustion
Repeated retransmissions are triggered even by unusually late collisions
This leads to exhaustion of battery source It can potentially block availability A node could repeatedly request channel access
with RTS This causes power losses on both requesting
and responding node
20
Detection, Prevention and Mitigation Random back-offs can be used for prevention Ineffective as they would only decrease
probability of inadvertent collisions Time division multiplexing Solve the indefinite postponement problem MAC admission control rate limiting Limiting the extraneous responses required
21
Unfairness
It is a weaker form of DoS It mostly degrades service than denies it It exploits MAC-Layer priority schemes It can be prevented by use of small frames This may increase framing overheads Adversary can cheat while vying for
access
22
Network and Routing Layer
Messages may traverse many hops before reaching the destination
The cost of relaying a packet and the probability of its loss increases in an aggregate network
Every node can act as a router Hence the routing protocols should be simple
and robust
23
Neglect and Greed
A neglectful node arbitrarily neglects to route some messages
Its undue priority to messages originating from it makes it greedy
Multiple routes or sending redundant messages can reduce its effect.
It is difficult to detect
24
Homing
Important nodes and their identities are exposed to mount further attacks
A passive adversary observes traffic to learn the presence and location of critical resources
Shared cryptographic keys are an effective mechanism to conceal the identity of such nodes
This makes the assumption that none of the nodes have been subverted
25
Misdirection
Messages are forwarded in wrong paths This attack targets the sender Adversary can forge replies to route
discovery requests and include the spoofed route
Sensor networks can use an approach similar to egress filtering
26
Black Holes
Nodes advertise zero cost routes to every other node
Network traffic is routed towards these nodes This disrupts message delivery and causes
intense resource contention These are easily detected but more disruptive
27
Authorization
This is a defense mechanism against misdirection and black-hole
Only authorized node can share information Public-key encryption can be used for routing
updates The problems are with computational and
communication overheads and key management
28
Monitoring
Nodes can keep monitoring their neighbors
Nodes become watchdogs for transmitted packets
Each of them has a quality-rating mechanism
29
Probing
A network probe tests network connectivity This mechanism can be used to easily
detect Black holes A distributed probing scheme can detect
malicious nodes
30
Redundancy
Lessens the probability of encountering a malicious node
Duplicate messages can also be sent using same path to deal with intermittent failure
31
Transport Layer
Manages end-to-end connections Sensor Networks utilize protocols with
minimum overhead The potential threats are
Flooding Desynchronization
32
Flooding
Adversary send many connection establishment request to victim
Each request causes allocation of resources It can be prevented by limiting the number of
connections Connectionless protocols are not susceptible to
this attack Another solution is client puzzles
33
Desynchronization
The attacker forges messages to one or both ends with sequence numbers
This causes the end points to request retransmissions of missed frames
This may lead to lack of availability and resource exhaustion
Authentication can prevent such an attack
34
Adaptive rate control
Describe a series of improvements to standard MAC protocols
Key mechanisms include Random delay for transmissions Back-off that shifts an applications periodicity phase Minimization of overhead in contention control mechanisms Passive adaptation of originating and route-through
admission control rates Anticipatory delay for avoiding multihop hidden node
problems
35
Conclusion
Attempts at adding security focus on cryptographic-authentication mechanisms
Use of higher security mechanisms poses serious complications in Sensor Networks
It is essential to incorporate security considerations during design-time
Without adequate protection against DoS and other attacks sensor networks may not be deployable at all
36
References
C.L.Schuba et al., “Analysis of a Denial of Service Attack on TCP”, Proc. IEEE Symp. Security and Privacy, IEEE Press, Piscataway, N.J., 1997, pp. 208-223
A Perrig et al., “SPIN: Security Protocols for Sensor Networks,” Proc. 7th Ann. Intl. Conf. Mobile Computing and Networking (MobiCom 2001), ACM Press, New York, 2001, pp. 189-199
CERT Coordination Center, “Smurf IP Denial-of-Service Attacks”, CERT Advisory CA-98:01,Jan. 1998.
A. Woo and D.E. Culler, “A Transmission Control Scheme for Media Access in Sensor Networks,” Proc. 7th Ann Int’l Conf. Mobile Computing and Networking (MobiCom 2001), ACM Press, New York, 2001, pp. 221-235