220 likes | 428 Views
Routing security against Threat models. CSCI 5931 Wireless & Sensor Networks Darshan Chipade. Introduction. Routing security a major issue Key contribution -Show how they are different from ad hoc networks -Introduce two new classes of attacks Sinkhole attack Hello flood attack
E N D
Routing security against Threat models CSCI 5931 Wireless & Sensor Networks Darshan Chipade
Introduction • Routing security a major issue • Key contribution -Show how they are different from ad hoc networks -Introduce two new classes of attacks Sinkhole attack Hello flood attack -Security analysis of all major routing protocols
WSN vs. Ad-Hoc Networks • Multi-hop wireless communication • WSN -Specialized communication patterns -Many-to-one -One-to-many -Local communication -More resource constrained i.e. limited energy -More trust needed for in-network processing, aggregation, duplicate elimination
Assumptions • Radio links insecure • Malicious node can collude to attack WSN • Sensor nodes are not tamper resistant • Base station are trustworthy • Aggregation points may not be trusted
Distinction of threat Models • Mote class attacker have access to few sensor nodes with similar capabilities • Laptop class attacker are powerful devices with greater battery power, more capable CPU, high power transmitter • Attacker types-outside attacker, inside attacker
Attacks on WSN routing protocol Spoof altered or replayed routing attack • Target the routing information exchanged between nodes • Spoofing, routing altering the routing information, adversaries may create the routing loops, repel, extend or shorten the routing source routes • Generate false messages, partition network
Selective forwarding attack • Malicious nodes may simply refuse to forward certain messages and simply drop them ensuring that they are not propagated further • Adversary can also modify these packets and forward these messages
Sinkhole attack • All the packets are directed to base station • A malicious node advertises a high quality link to the base station to attract a lot of packets • Specialized communication pattern • Enable other attacks, e.g., selective forwarding
Sybil attack • A single node represents multiple ID’s to other nodes • The attack affects the multiple path routing, topology maintenance • It is believed to affect a significant threat to the geographic routing protocols • More than one place at same time
Wormholes attack • Tunneling of messages • A node at one end of the wormhole advertises high quality link to the base station • Another node at the other end receives the attracted packets
Hello Flood attack • Many protocols require nodes to broadcast HELLO packets to announce themselves to neighbors • Laptop-class attacker can convince it’s a neighbor of distant nodes by sending high power hello messages Acknowledgement attack • Adversary spoofs ACKs to convince the sender a weak/dead link supports good link quality
Attacks on specific sensor network protocol Tiny OS beaconing • Construct a Breadth First Spanning tree (BFS) rooted at the base station • Beacons are not authenticated • Adversary can take over the whole WSN by broadcasting beacons
Directed Diffusion • Base station floods interest for named data and setting up gradients designed to draw events • Suppression- Flow suppression is done by spoofing negative reinforcement • Cloning- Cloning a flow enables eavesdropping • Path influence- Spoofing the data path as positive and negative path reinforcement
Countermeasures Outsider attacks and link layer security • Majority of the attacks against WSN routing protocols can be prevented by link layer encryption using shared key • Selective forwarding and sinkhole attacks are not possible as adversary is prevented from joining the topology • Cannot handle insider attack like Wormhole, HELLO flood
Sybil attack • Every nodes shares unique symmetric key with the base station • Creates a pair wise shared key for message authentication • Base station limits the number of neighbors for a node Hello Flood attack • Verify link bidirectional
Wormhole and sink hole attack • They use private out of bound channel invisible to the underlying sensor network • Good routing protocol required Selective forwarding • Multi path routing • Route messages over disjoint • Dynamically pick up next hop from set of candidate
Limitation of securing multi hop routing • Nodes which are one or two hops away from the to base station are more likely to be attacked or compromised • Using the cluster nodes which communicate directly to base station is one solution against node compromise • Using the virtual base station
Countermeasures Summary • Link layer authentication, encryption, multi path routing, identity verification, bidirectional link verification and authenticated broadcast can protect the sensor network routing protocols • It is necessary to build such counter measures so that different attacks can be ineffective against them
Conclusion • This paper covers the security issues at network level • Securing the routing protocols is most essential • Link layer encryption can be used against the mote class outsiders
Question • It is said that using the good routing protocol we can minimize the wormhole and sinkhole attack i.e. by minimizing the number of hops to the base station. How it can be done?