350 likes | 504 Views
Denial of service in sensor networks. Pratik Zirpe Instructor – Dr. T. Andrew Yang. Agenda. Introduction Concepts Denial of Service Threat Physical layer Link layer Network layer Transport layer Conclusion. Introduction. Real-time data processing Applications Availability
E N D
Denial of service in sensor networks PratikZirpe Instructor – Dr. T. Andrew Yang
Agenda • Introduction • Concepts • Denial of Service Threat • Physical layer • Link layer • Network layer • Transport layer • Conclusion
Introduction • Real-time data processing • Applications • Availability • Denial of service
Concepts • Application dependent networks • Limited individual capability of nodes • Must continue operating after significant node failure
Security demands of a network • Network has to face harsh environments and intelligent opposition • Disasters • Public safety • Home healthcare • Design time consideration
Denial of Service Threat • Any event that diminishes or eliminates a network’s capacity to perform it’s expected function • Reasons may be hardware failures, software bugs, resource exhaustion, environmental conditions or other complicated interactions.
Layered Network Architecture • Improves robustness of the system • Each layer is vulnerable to different DoS attacks • Some attacks may crosscut multiple layers
Physical layer • Nodes use wireless communication • Base stations use wired or satellite communication • Attacks- • Jamming • Tampering
Jamming • Interferes with radio frequencies of nodes • Randomly distributed k nodes can put N nodes out of service (k<<N) • Effective in single frequency networks
Detection • Determined by constant energy that impedes communication • Constant jamming prevents nodes from exchanging data or even reporting attack to remote monitoring stations • Sporadic jamming is also effective
Prevention or mitigation • Spread-spectrum communication – not feasible solution • Attacked nodes can be put in long-term sleep and have them wake up periodically to test the channel • High priority messages to defend against intermittent jamming
Tampering • Attacker can physically tamper nodes • Attacker can damage and replace computation hardware • Sensitive material is exposed
Prevention or mitigation • Camouflaging or hiding nodes • Erase cryptographic or program memory
Link layer • Protocols requires cooperation between nodes to arbitrate channel use making them more vulnerable to DoS attack • Attacks- • Collision • Exhaustion • Unfairness
Collision – detection and prevention • Adversary may need to induce collision in one octet of transmission • Attacker requires less energy to listen for transmission • No complete solution is known • Errors are detected using checksum mismatch • Error correction codes can be used
Exhaustion • Repeated retransmissions are triggered by unusually late collision leading to exhaustion • Affect availability • A node could reportedly request channel access with RTS • Causes power losses
Detection and mitigation • Random back-offs • Time division multiplexing • MAC admission control rate limiting • Limiting the extraneous responses required
Unfairness • Degrades service rather than denying it • It exploits MAC-Layer priority schemes • It can be prevented using small frames • Adversary can cheat while vying for access
Network and Routing Layer • Messages may traverse many hops before reaching the destination • The cost of relaying a packet and the probability of its loss increases in an aggregate network • Every node can act as a router • Routing protocols should be simple and robust
Neglect and Greed • A neglectful node arbitrarily neglects to route some messages • Its undue priority to messages originating from it makes it greedy • Multiple routes or sending redundant messages can reduce its effect • It is difficult to detect
Homing • Important nodes and their identities are exposed to mount further attacks • A passive adversary observes traffic to learn the presence and location of critical resources • Shared cryptographic keys are an effective mechanism to conceal the identity of such nodes • This makes the assumption that none of the nodes have been subverted
Misdirection • Messages are forwarded in wrong paths • This attack targets the sender • Adversary can forge replies to route discovery requests and include the spoofed route • Sensor networks can use an approach similar to egress filtering
Black Holes • Nodes advertise zero cost routes to every other node • Network traffic is routed towards these nodes • This disrupts message delivery and causes intense resource contention • These are easily detected but more disruptive
Authorization • Only authorized node can share information • Public-key encryption can be used for routing updates • The problems are with computational and communication overheads and key management
Monitoring • Nodes can keep monitoring their neighbors • Nodes become watchdogs for transmitted packets • Each of them has a quality-rating mechanism
Probing • A network probe tests network connectivity • This mechanism can be used to easily detect Black holes • A distributed probing scheme can detect malicious nodes
Transport layer • Manages end-to-end connections • Sensor Networks utilize protocols with minimum overhead • Threats- • Flooding • Desynchronizations
Flooding • Adversary send many connection establishment request to victim • Each request causes allocation of resources • It can be prevented by limiting the number of connections • Connectionless protocols are not susceptible to this attack • Another solution is client puzzles
Desynchronization • The attacker forges messages to one or both ends with sequence numbers • This causes the end points to request retransmissions of missed frames • This may lead to lack of availability and resource exhaustion • Authentication can prevent such an attack
Adaptive rate control • Describe a series of improvements to standard MAC protocols • Key mechanisms include • Random delay for transmissions • Back-off that shifts an applications periodicity phase • Minimization of overhead in contention control mechanisms • Passive adaptation of originating and route-through admission control rates • Anticipatory delay for avoiding multihop hidden node problems
RAP • Real-time location based protocol • Velocity monotonic scheduling • RAP can use clock synchronization
Conclusion • Attempts at adding security focus on cryptographic-authentication mechanisms • Use of higher security mechanisms poses serious complications in Sensor Networks • It is essential to incorporate security considerations during design-time • Without adequate protection against DoS and other attacks sensor networks may not be deployable at all
References • A.D. Wood and J.A. Stankovic, “Denial of Service in Sensor Networks,” Computer, vol. 35, no. 10, 2002, pp. 54–62. • A.D. Wood and J.A. Stankovic, “A Taxonomy for Denial-of-Service Attacks in Wireless Sensor Networks”,Handbook of Sensor Networks: Compact Wireless and Wired Sensing Systems, 2004. • David R. Raymond and Scott F. Midkiff, "Denial-of-Service in Wireless Sensor Networks: Attacks and Defenses," IEEE Pervasive Computing, vol. 7, no. 1, 2008, pp. 74-81.