360 likes | 508 Views
Denial of Service in Sensor Networks. Authors: Anthony D. Wood, John A. Stankovic Presented by: Aiyaz Amin Paniwala. The paper. Introduction Theory and Application Denial of Service Threat Physical Layer Link Layer Networking Layer Transport Layer Conclusion References.
E N D
Denial of Service in Sensor Networks Authors: Anthony D. Wood, John A. Stankovic Presented by: Aiyaz Amin Paniwala
The paper • Introduction • Theory and Application • Denial of Service Threat • Physical Layer • Link Layer • Networking Layer • Transport Layer • Conclusion • References
Introduction • WSN involves large-scale, real time data processing in complex environments • WSN is used for various applications • Availability is of great importance • Consideration of security at design time is essential
Theory • Growing use of application dependent sensor networks • Many limitations exist in WSN like power reserves, wireless communication, identifiers • Network must operate under partial failure • Network must meet real time requirements • Data may be intrinsically valid for short time
Application • Sensor Networks are used in different environments with different needs • Military application is primary • Can be used in inaccessible locations like volcanoes • Can be used in critical situations like natural or man made disasters • In all applications network must be resilient to individual node failure
Denial of Service Threat • Any event that diminishes or eliminates a network’s capacity to perform it’s expected function • Caused by hardware failures, software bugs, resource exhaustion, environmental conditions or other complicated interactions
The Layered Approach • A layered network architecture improves robustness • Each layer has different attacks and different defensive mechanisms • Some attacks are applicable across multiple layers
Physical Layer • This layer deals with the physical transmission in the form of signals • Nodes use wireless communication • Base Stations use wired or satellite communication. • Attacks • Jamming • Tampering
Jamming • Interferes with radio frequencies • An adversary can use k randomly distributed jamming nodes • These k nodes can put N nodes out of service (k<<N) • Effective for single frequency network
Detection of Jamming • Determined by constant energy as opposed to lack of response • Jamming can be sporadic and hence more difficult to detect yet effective • Jamming itself prevents exchanging data or even reporting the attack
Prevention and Mitigation • Spread spectrum communication (code spreading) • It is less feasible due to design complexity, more power and more cost • Attacked nodes can switch to lower duty cycle and wake up to check for jamming • For intermittent jamming nodes send few high power, high priority messages to report attack
Tampering • Attacker can physically tamper nodes • Likewise nodes can be interrogated and compromised • Attacker can damage or replace sensor and computation hardware • Attacker can extract sensitive material and use it for further attacks
Prevention and Mitigation • Tamper proofing against physical damage • Camouflaging or hiding nodes • React to tampering by erasing cryptographic or program memory
Link Layer • Provides Channel arbitration • Cooperative schemes are vulnerable to DoS attacks • Sensor Network is susceptible to • Collision • Exhaustion • Unfairness
Collision • Adversary may cause disruption by inducing collision in just one octet of transmission • Corruption of ACK can induce costly exponential back-off • The attacker requires minimum energy for listening
Detection, Prevention and Mitigation • Errors are detected using checksum mismatch • There is no effective way of defending against such an attack • Error Correcting codes can be used at the cost of increased overheads
Exhaustion • Repeated retransmissions are triggered even by unusually late collisions • This leads to exhaustion of battery source • It can potentially block availability • A node could repeatedly request channel access with RTS • This causes power losses on both requesting and responding node
Detection, Prevention and Mitigation • Random back-offs can be used for prevention • Ineffective as they would only decrease probability of inadvertent collisions • Time division multiplexing • Solve the indefinite postponement problem • MAC admission control rate limiting • Limiting the extraneous responses required
Unfairness • It is a weaker form of DoS • It mostly degrades service than denies it • It exploits MAC-Layer priority schemes • It can be prevented by use of small frames • This may increase framing overheads • Adversary can cheat while vying for access
Network and Routing Layer • Messages may traverse many hops before reaching the destination • The cost of relaying a packet and the probability of its loss increases in an aggregate network • Every node can act as a router • Hence the routing protocols should be simple and robust
Neglect and Greed • A neglectful node arbitrarily neglects to route some messages • Its undue priority to messages originating from it makes it greedy • Multiple routes or sending redundant messages can reduce its effect. • It is difficult to detect
Homing • Important nodes and their identities are exposed to mount further attacks • A passive adversary observes traffic to learn the presence and location of critical resources • Shared cryptographic keys are an effective mechanism to conceal the identity of such nodes • This makes the assumption that none of the nodes have been subverted
Misdirection • Messages are forwarded in wrong paths • This attack targets the sender • Adversary can forge replies to route discovery requests and include the spoofed route • Sensor networks can use an approach similar to egress filtering
Black Holes • Nodes advertise zero cost routes to every other node • Network traffic is routed towards these nodes • This disrupts message delivery and causes intense resource contention • These are easily detected but more disruptive
Authorization • This is a defense mechanism against misdirection and black-hole • Only authorized node can share information • Public-key encryption can be used for routing updates • The problems are with computational and communication overheads and key management
Monitoring • Nodes can keep monitoring their neighbors • Nodes become watchdogs for transmitted packets • Each of them has a quality-rating mechanism
Probing • A network probe tests network connectivity • This mechanism can be used to easily detect Black holes • A distributed probing scheme can detect malicious nodes
Redundancy • Lessens the probability of encountering a malicious node • Duplicate messages can also be sent using same path to deal with intermittent failure
Transport Layer • Manages end-to-end connections • Sensor Networks utilize protocols with minimum overhead • The potential threats are • Flooding • Desynchronization
Flooding • Adversary send many connection establishment request to victim • Each request causes allocation of resources • It can be prevented by limiting the number of connections • Connectionless protocols are not susceptible to this attack • Another solution is client puzzles
Desynchronization • The attacker forges messages to one or both ends with sequence numbers • This causes the end points to request retransmissions of missed frames • This may lead to lack of availability and resource exhaustion • Authentication can prevent such an attack
Adaptive rate control • Describe a series of improvements to standard MAC protocols • Key mechanisms include • Random delay for transmissions • Back-off that shifts an applications periodicity phase • Minimization of overhead in contention control mechanisms • Passive adaptation of originating and route-through admission control rates • Anticipatory delay for avoiding multihop hidden node problems
Conclusion • Attempts at adding security focus on cryptographic-authentication mechanisms • Use of higher security mechanisms poses serious complications in Sensor Networks • It is essential to incorporate security considerations during design-time • Without adequate protection against DoS and other attacks sensor networks may not be deployable at all
References • C.L.Schuba et al., “Analysis of a Denial of Service Attack on TCP”, Proc. IEEE Symp. Security and Privacy, IEEE Press, Piscataway, N.J., 1997, pp. 208-223 • A Perrig et al., “SPIN: Security Protocols for Sensor Networks,” Proc. 7th Ann. Intl. Conf. Mobile Computing and Networking (MobiCom 2001), ACM Press, New York, 2001, pp. 189-199 • CERT Coordination Center, “Smurf IP Denial-of-Service Attacks”, CERT Advisory CA-98:01,Jan. 1998. • A. Woo and D.E. Culler, “A Transmission Control Scheme for Media Access in Sensor Networks,” Proc. 7th Ann Int’l Conf. Mobile Computing and Networking (MobiCom 2001), ACM Press, New York, 2001, pp. 221-235