1 / 22

Secure Routing in Wireless Sensor Networks

Secure Routing in Wireless Sensor Networks. This Paper. One of the first to examine security on sensor networks prior work focused on wired and adhoc Not an algorithms or systems paper Describes general attacks on routing attacks on specific sensor systems some countermeasures

kay
Download Presentation

Secure Routing in Wireless Sensor Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Secure Routing in Wireless Sensor Networks

  2. This Paper • One of the first to examine security on sensor networks • prior work focused on wired and adhoc • Not an algorithms or systems paper • Describes • general attacks on routing • attacks on specific sensor systems • some countermeasures • Also useful as survey of sensor routing protocols

  3. Outline • Context • Routing attacks • Protocol attacks • What next?

  4. Security for Sensor Nets • A larger challenge in sensor nets • security not priority in protocol design • mainly optimize for power (CPU / transmissions) • E2E principle does not apply • routers need access to data for aggregation • many to one communication instead of end-to-end • Result • Protocols easy to attack and cripple • Security needs to be built-in at protocol design

  5. Context • Large static sensor networks • large # (100’s, 1000’s) of low power nodes • fixed location for their entire lifetime • focused scenario: Berkeley Motes • 4Mhz CPU, 4KB RAM (data), 40Kbps max b/w • Connectivity • base stations: powerful pts of central control • sensors form multi-hop wireless network • periodic data stream aggregated to BS

  6. Worrying about Power • Power is #1 concern for sensors • small power reserves  1% duty cycle or less • radio uses power 103 more than sleep mode • Other constraints • minimal CPU, RAM, radio power • cannot support: public-key, source routing or distance vector, anything that requires • May not benefit from Moore’s law • strong pressure to use cheaper nodes • is this a temporary trend? will eventually benefit

  7. Assumptions • Network assumptions • radio is insecure • base stations are trust-worthy • Attackers • can control/turn nodes, collude • mote-class vs. laptop-class attackers • inside vs. outside attackers

  8. Outline • Context • Routing attacks • Protocol attacks • What next?

  9. Attacks on Sensor Routing • Spoofed, altered, replayed routing info • result: routing loops, attract or repel network traffic, extend or shorten routes, partition network • Selective forwarding • drop subset of packets w/o being detected • (enabled by) Sinkhole attack • provide or falsely advertise shorter routes • many to one model makes this easy

  10. Routing Attacks II • Sybil attack • one node, many (network) identities • Wormholes • use out-of-band fast channel to route msgs faster than regular network • exploit out-of-order delivery (race conditions) • hello flood • broadcast msg to all nodes (laptop-class) • disrupt topology construction • Ack spoofing • replay link layer acks to misrepresent link quality between nodes

  11. Understanding Routing Attacks • Key weakness • insecure wireless channel (eavesdropping, replays) • unequal transmission power / link quality • Selective forwarding • be a sinkhole (concentrate traffic into malicious node) • Enablers (distort view of wireless network) • wormholes, HELLO flood (leverage transmission pwr) • acknowledgement/route spoofing (distort view of links) • sybil (appear as many nodes at once)

  12. Outline • Context • Routing attacks • Protocol attacks • What next?

  13. Protocols Attacks • TinyOS beaconing • base station constructs depth first spanning tree with itself as root • Attacks • w/o authentication: anyone can claim 2b BS • wormhole  sinkhole attack w/ laptop-class nodes • HELLO flood  strand nodes out of range

  14. Protocol Attacks II • Directed diffusion • BS flood “interests” for named data • sensors send data on reverse interest path • paths “reinforced” to in/decrease data flow • Attacks • flooding is more robust to sinkholes • once path established, can suppress or clone flows using path reinforcements • can modify in-flight data once it’s on path

  15. Protocol Attacks III • Geographic routing (GPSR, GEAR) • use coordinates to route towards destination • GEAR spreads out path to load-balance • attack: misrepresent location data for sinkhole attack • attack: use sybil to surround target node (sinkhole) • Minimum cost forwarding • each node keeps local cost of reaching BS • broadcast out msg w/ budget, each hop subtracts cost. If budget exceeded, msg dropped • attack: advertise low cost path (can also use HELLO)

  16. Protocol Attacks IV • Rumor routing • send out agent carrying useful events on random walk through network w/ TTL • queries and data both sent out via agents • attack: mishandle agents & remove data • attack: send out tendrils with large TTLs advertising low cost

  17. Protocol Attacks V • Energy conserving topology maintenance • GAF: nodes placed into grid squares • occasionally wake to see if they’re needed, otherwise sleep • SPAN: “coordinators” keep connectivity • nodes occasionally wake to see if they should be upgraded to coordinator • Attacks • spoof route/discovery msgs to lull nodes to sleep  destroy connectivity

  18. Understanding Protocol Attacks • Inherent tradeoff: energy vs. security • optimizing route vs. susceptibility to attacks • Attacks • all leading to sinkhole attack • manipulate cost function to represent self as optimal path • Is resistance futile? • flooding  useful, but high cost • random walks  potentially high cost • key is randomization

  19. Outline • Context • Routing attacks • Protocol attacks • What next?

  20. Countermeasures • Link layer security (shared key auth.) • costly, but can disable sybil attacks • useless against compromised nodes (insiders) • Hello floods • verify bi-directionality, or authenticate identity of neighbors w/ separate protocol • Use global knowledge • nodes are static, so learn global map • scalability: enough state to keep info?

  21. Intuition • Tight tradeoff • energy conservation via optimized paths • optimization  manipulation of cost factors • Avoid • powerful nodes (they can’t be authenticated) • centralized functionality (same reason) • What can we use? • randomization / probabilistic routing?

More Related