210 likes | 304 Views
CSC 774 Advanced Network Security. Distributed detection of node replication attacks in sensor networks (By Bryan Parno, Adrian Perrig, Virgil Gligor) Presenter: Amit Singh 18 th Nov 2005. Outline. So, what’s the problem? Classical techniques of replication detection Centralized Scheme
E N D
CSC 774 Advanced Network Security Distributed detection of node replication attacks in sensor networks (By Bryan Parno, Adrian Perrig, Virgil Gligor) Presenter: Amit Singh 18th Nov 2005
Outline • So, what’s the problem? • Classical techniques of replication detection • Centralized Scheme • Neighborhood voting scheme • Randomized multicast • Line Selected Multicast • Comparisons • Conclusion & future work
The Problem • Tamper resistant hardware is expensive, so most wireless sensor networks are composed of unshielded sensor nodes • An adversary can easily attack, analyze and clone the unshielded sensor nodes and create replicas and insert them in the network • This gives the adversary to carry on a large class of insidious attacks like disrupting communication, subverting data aggregation, eavesdropping etc.
Classical techniques of replication detection • Central Detection • Each node sends its list of neighbors to a central base station • Base station searches lists for replicas • Disadvantages: • Single point of failure • Exhausts nodes near base station (and makes them targets) • Some applications may not use base stations • Localized Detection • Neighborhoods use local voting protocols to detect replica • Disadvantage: • Replication is a global event that cannot be detected in a purely local fashion
Distributed approach • Node-to-Network broadcast • Each node floods the network with its location information. • Each node stored the location information of it’s neighbors. If it detects a conflicting claim, the offending node is revoked. • Advantages • Achieves 100% detection of duplicate nodes (assuming the broadcast reaches throughout the network) • Disadvantages • Each node’s location broadcast requires O(n) messages • Total communication cost is O(n2) messages
Deterministic Multicast • Protocol • A node broadcasts its location claim, which is sent by its neighbors to a set of deterministically chosen witness nodes • Witnesses are chosen as a function of node ID • If a node is replicated, the witnesses will get more than one location claims for a single node ID which can then be revoked.
Deterministic Multicast (contd.) • Example Node α sends location claim to node γ, which then computes a set of witness nodes from node id α, F(α)={ω1,ω2,…,ωn} and sends the location claim to each node in the set. If α claims to be at more than one location, then the witness nodes will detect it and revoke the node id α. • Disadvantage • Since, the set of witnesses is a function of node id, and is deterministic, the adversary can determine the witness node id’s which will become targets for subversion.
Randomized multicast Conflict Detected!
Randomized multicast (contd.) • Overview • Extends the multicast protocol to select witness nodes at random (not deterministically), so that adversary cannot detect their identities • In a network of n nodes, if each neighbor produces √n witnesses, then birthday paradox predicts one collision with high probability • So atleast one witness will receive a pair of conflicting location claims
Randomized multicast (contd.) • Protocol Description • Each node α sends location claim to each of its neighbors γ1, γ2,…,γn • The location claim has the format • <IDα, Lα,{H(IDα, Lα)}Kα-1> • Each neighbor γi verifies the signature of Lα, and will then select g random nodes and will forward the location claim along the path to those nodes. • After receiving the location claim, the witness verifies the signature • It then checks the ID against all the location claims received thus far. • If a match is found, the node ID has been replicated and revocation protocol is invoked by flooding the network.
Line Selected Multicast • Overview • Location claims from node α to γ, travel through several intermediate nodes as well. • If the intermediate nodes store the location claim, then a line is effectively drawn through the network • If a duplicate location claim crosses the line, it is detected and revocation scheme is invoked. • We only need a few lines to detect duplicate location claims.
Line Selected Multicast (contd.) • Adversary has created a replica of α, namely α’ • Neighbors βi and βi’ report claims to randomly selected witnesses γi and γi’and they intersect at σ γ3’ β3’ γ3 Trapped! α’ σ β2’ γ2’ β1’ γ2 β3 γ1’ β2 γ1 α β1
Line Selected Multicast (contd.) • Protocol • When α’s neighbors send out location claims to the r witnesses, each node along the route stores a copy of the location claims as well • E.g. βi stores a copy of the location claim before sending it along the path of nodes σ1, σ2, σ3,…, σm to the witness γi • Each σk verifies the signature of the claim, stores a copy in its buffer and forwards it along to σk+1 • However before forwarding, it checks if it already has stored a location claim for this node-id before. • If it finds a conflict, it floods the network with both the signed location claims Lα and Lα’ (un-forgeable evidence) resulting in revocation of α
Communication overhead comparison • Randomized multicast scales linearly as the no of nodes increases • Line selected multicast scales as √n, so it is more scalable
Summary of protocol costs • Communication costs are for the entire network • Memory costs are per node
Conclusion • Emergent algorithms (randomized and line-selected multicast) utilize the collective efforts of multiple sensor nodes to provide capabilities beyond those of any single node • They are robust to individual node failures and avoid the problem inherent in centralized solutions • Line selected multicast in particular offers less communication and memory overhead and is an attractive choice for selection
Future Work • An assumption in the above two schemes is that the replicated nodes continue to follow the protocol. • Adversary can suppress or drop messages of location claims to avoid detection of replicated nodes. • The protocol needs to be extended to work even in case of such misbehaving nodes by detecting such nodes by secure implicit sampling technique. • A periodical sweep of the network for replicas helps in preventing the adversary to establish a significant foothold in the network.