340 likes | 578 Views
A Low-Cost Method to Thwart Relay Attacks in Wireless Sensor Networks. Reza Shokri Tutors: Panos Papadimitratos, Marcin Poturalski 29 January 2008. Agenda. Neighbor Discovery and Relay Attacks Currently Proposed Defense Methods Our System Model A Low-Cost Method to Thwart Relay Attacks
E N D
A Low-Cost Method to Thwart Relay Attacks in Wireless Sensor Networks Reza Shokri Tutors: Panos Papadimitratos, Marcin Poturalski 29 January 2008
Agenda • Neighbor Discovery and Relay Attacks • Currently Proposed Defense Methods • Our System Model • A Low-Cost Method to Thwart Relay Attacks • Analysis and Simulation Results • Conclusion
Neighbor Discovery • Neighbor Discovery is the Building Block of Multi-Hop Communication in WSN. • Security Requirements • Authenticity (Authenticating the neighbors) • Availability (Discovering all neighbors) • Correctness (Verifying the neighborhood relation) • Threats • Impersonation Attacks • Denial of Service (e.g. Jamming Attack) • Relay Attack
A1 Relay Attack • Relaying messages between two nodes in a way that: nodes believe they are neighbors while they are not. • Placing a Relay Point in vicinity of BS, the attacker attracts nodes to route their packets through the Relay Channel. • Having control over the channel, he can perpetrate powerful external attack on Fake Links.
Agenda • Neighbor Discovery and Relay Attacks • Currently Proposed Defense Methods • Our System Model • A Low-Cost Method to Thwart Relay Attacks • Analysis and Simulation Results • Conclusion
Currently Proposed Defense Methods • Distance Bounding [BC93, HK05] [BC93] Stefan Brands and David Chaum. Distance-bounding protocols, 1993. • Location-based [HPJ03, SRB01] [HPJ03] Y.-C. Hu, A. Perrig, and D.B. Johnson. Packet leashes: a defense against wormhole attacks in wireless networks, 2003. • Using Directional Antenna [HE04] [HE04] Lingxuan Hu and David Evans. Using directional antennas to prevent wormhole attacks, 2004. • Connectivity-based [BDV05, MGD07] [BDV05] Levente Buttyán, László Dóra, and István Vajda. Statistical wormhole detection in sensor networks, 2005.
Observations • These solutions are • Impractical in wireless sensor networks because they require sophisticated hardware or trustworthy external information • Not resilient against strong adversaries.
Agenda • Neighbor Discovery and Relay Attacks • Currently Proposed Defense Methods • Our System Model • A Low-Cost Method to Thwart Relay Attacks • Analysis and Simulation Results • Conclusion
Received Signal Power (dBm) at Distance d (m) Transmission Signal Power (dBm) Path Loss1 (dBm) at Distance d (m) 1. Path loss (or path attenuation) is the reduction in power density (attenuation) of an electromagnetic wave as it propagates through space. IEEE 802.15.4 Channel Model • The IEEE 802.15.4 standard addresses a simple, low-cost communication network that allows a wireless connectivity between devices with a limited power. • Signal propagation of MicaZ, IEEE 802.15.4 compliant, mote modules (Equipped with CC2420 RF transceivers on 2.4 GHz Frequency band):
IEEE 802.15.4 Channel ModelReceived Signal Strength via Distance (on MicaZ)
Network Model • A static wireless sensor network, composed of tiny motes uniformly distributed in the field. • Nodes are able to transmit with different power levels and can measure the received signal strength. • Inspired from the channel characteristics, neighbors have following properties: • Channel Symmetry • Bidirectional Connection Transitivity • Signal Attenuation • Polygon Distance Plausibility
Channel Symmetry • For any pair of neighbors, the path loss is equivalent in both directions (because it is dependent to distance). • In practice there is a Symmetry Error. • The difference between RSS in two directions should be less than Symmetry Error.
Bidirectional Connection Transitivity • Noise Floor at s < Received Signal Power from v • Received Signal Power from v < Received Signal Power from u • If s can not hear u, maybe there is a selective relay attack in between Suspicious Case
Signal Attenuation • Clearly, based on the path loss model: d0: The reference distance (usually 1m in low-power communication), is chosen to be at a distance at which the propagation can be considered to be close enough to the transmitter such that multi-path and diffraction are negligible and the link is approximately that of free-space.
Polygon Distance Plausibility • Distance between connected nodes should match to a polygon on a plane. • Error in distance estimation will be considered.
S We use currently proposed Security Association (SA) establishment protocol. • SA establishment framework: • After these (at most) three messages, nodes have established a shared key. • We use in our protocol which stands for SA material.
Set B Set A Adversary Model Victims • We look at the network from the attacker’s point of view. • We define Victim Topology as two sets of nodes corresponding to two sides of the attack. Each node is a member of one set and its path loss to the adversary is its representative. {{PLA1M},{PLB1M,PLB2M}}
Attacker Strategy • Attacker Strategy represents how the attacker wants to deceive the victim network (for example by changing the signal power). • A Successful Strategy is the strategy that the attacker can deceive the nodes and remains undetected in the presence of secure neighbor discovery protocol.
Agenda • Neighbor Discovery and Relay Attacks • Currently Proposed Defense Methods • Our System Model • A Low-Cost Method to Thwart Relay Attacks • Analysis and Simulation Results • Conclusion
Protocol has two phases:Neighbor Discovery and Neighbor Verification. • Neighbor Discovery (ND) • Nodes simply look for their neighbors and perform SA establishment. • They check "Channel Symmetry" and "Signal Attenuation" properties. • Neighbor Verification (NV) • Nodes exchange their Neighbor Table and check the "Bidirectional Connection Transitivity" and “Polygon Distance Plausibility” properties.
ND Phase • Consider u performs ND and v is one of its neighbors.
NV Phase • Check following properties in CheckPlausibility: • Polygon Distance Plausibility • Bidirectional Connection Transitivity
Agenda • Neighbor Discovery and Relay Attacks • Currently Proposed Defense Methods • Our System Model • A Low-Cost Method to Thwart Relay Attacks • Analysis and Simulation Results • Conclusion
Finding Successful Strategy for the Adversary • To fulfill the “Symmetry Property”: • Adversary adds a ∆Pi (dBm) to each packet he wants to relay for node i. • To maximize his chance, | ∆Pi - ∆Pj| should be minimized.
What is the best ∆P? ∆P (Number of nodes covered by the signal) ∆P (Probability of violating the “Signal Attenuation” property) For median values, attacker may violate the “Polygon Distance Plausibility” and “Bidirectional Connection Transitivity” properties.
“Selective Relay Strategy” is not always a successful strategy. • Can be detected by “Bidirectional Connection Transitivity” property. • Moreover, if • Nodes randomly use different power levels for NV. • Each node has a different identifier for each power level. • Identifiers of nodes are disclosed to their legitimate neighbors (after authentication). • Then, • Attacker can not link between two messages coming from a single node with different power levels (different identifiers). • Can not have a correct deterministic selective relay.
45 (dBm) 80 (dBm) 50 (dBm) 70 (dBm) Examples of Attack DetectionViolating “Signal Attenuation” Property • Victim Topology = {{45,70}, {50,80}} • PL(d0)=40 (dBm) • Minimum ∆P to cover all nodes is: 60 (dBm) 45-60+50 = 35 < 40 Impossible (Signal Attenuation)
79 (dBm) 73 (dBm) 54 m 72 (dBm) 18.5 m 54 m 11 m Examples of Attack DetectionViolating “Polygon Distance Plausibility” PropertyTriangle Case • Victim Topology = {{73}, {72,79}} • ∆P = 83 (dBm) • Distances through relay channel: • 11 + 18.5 < 54
Examples of Attack DetectionViolating “Polygon Distance Plausibility” PropertyQuadrilateral Case • Victim Topology = {{81,86},{83,89}} • ∆P = 86 (dBm) • Localization error using path loss: 20m
Simulation Model • Victim Network Size: |A|=|B|= 1, …, 10 • Nodes Power level: 0 dBm. • Attacker Transmission range: 80m • Nodes Transmission Range: 70m. • Localization error: 20m • All possible ∆P values checked for a large number of topologies (randomly generated), considering the constraints of ND and NV phases. • The probability of detection is the proportion of cases the attacker is detected by ALERT. • The effectiveness of the attack is the average number of fake links the attacker can make, without being detected.
Victim Network Size |A| = |B| Attack Success Detection Probability ∆P Simulation Results
Agenda • Neighbor Discovery and Relay Attacks • Currently Proposed Defense Methods • Our System Model • A Low-Cost Method to Thwart Relay Attacks • Analysis and Simulation Results • Conclusion
Conclusion and On-Going Work • We proposed a low-cost secure neighbor discovery protocol for wireless sensor networks. • Our protocol is based on basic principles of wireless channel and geometry. • We are implementing our protocol on real sensors to check its effectiveness in real situations. • Challenges are calibration of receivers to reduce the “Symmetry Error” and tuning the path loss model to have more precise distance measurement.
References [BC93] Stefan Brands and David Chaum. Distance-bounding protocols. In Theory and Application of Cryptographic Techniques, 1993. [BDV05] Levente Buttyán, László Dóra, István Vajda. Statistical wormhole detection in sensor networks. Lecture Notes in Computer Science, 2005. [HE04] Lingxuan Hu and David Evans. Using directional antennas to prevent wormhole attacks. In NDSS, 2004. [HK05] Gerhard P. Hancke and Markus G. Kuhn. An RFID distance bounding protocol. In SECURECOMM 2005. [HPJ03] Y.-C. Hu, A. Perrig, and D.B. Johnson. Packet leashes: a defense against wormhole attacks in wireless networks. In INFOCOM 2003. [MGD07] R. Maheshwari, J. Gao, and S. R. Das. Detecting wormhole attacks in wireless networks using connectivity information. In INFOCOM 2007. [PPS+07] Panos Papadimitratos, Marcin Poturalski, Patrick Schaller, Pascal lafourcade, David Basin, Srdjan Capkun, and Jean-Pierre Hubaux. Secure neighborhood discovery: A fundamental element for mobile ad hoc networking. Accepted in IEEE Communication Magazine, 2007. [SRB01] Chris Savarese, Jan M. Rabaey, and Jan Beutel. Locationing in distributed adhoc wireless sensor networks. In ICASSP 2001.