secure routing in sensor networks: attacks and countermeasures first ieee international workshop on...
Post on 20-Dec-2015
215 views
TRANSCRIPT
![Page 1: Secure Routing in Sensor Networks: Attacks and Countermeasures First IEEE International Workshop on Sensor Network Protocols and Applications 5/11/2003](https://reader036.vdocuments.us/reader036/viewer/2022081519/56649d415503460f94a1b741/html5/thumbnails/1.jpg)
Secure Routing in Sensor Networks: Attacks and
Countermeasures
First IEEE International Workshop on Sensor Network Protocols and Applications
5/11/2003
Chris Karlof and David WagnerUniversity of California at Berkeley
![Page 2: Secure Routing in Sensor Networks: Attacks and Countermeasures First IEEE International Workshop on Sensor Network Protocols and Applications 5/11/2003](https://reader036.vdocuments.us/reader036/viewer/2022081519/56649d415503460f94a1b741/html5/thumbnails/2.jpg)
Security in sensor networks
Security is critical Military apps Building monitoring Burglar alarms Emergency response
Yet security is hard Wireless links are inherently
insecure Resource constraints Lossy, low bandwidth
communication Lack of physical security
![Page 3: Secure Routing in Sensor Networks: Attacks and Countermeasures First IEEE International Workshop on Sensor Network Protocols and Applications 5/11/2003](https://reader036.vdocuments.us/reader036/viewer/2022081519/56649d415503460f94a1b741/html5/thumbnails/3.jpg)
Our contributions
Threat models and security goals New attacks against sensor network routing
protocols Detailed security analysis of 15 routing protocols
Countermeasure suggestions
![Page 4: Secure Routing in Sensor Networks: Attacks and Countermeasures First IEEE International Workshop on Sensor Network Protocols and Applications 5/11/2003](https://reader036.vdocuments.us/reader036/viewer/2022081519/56649d415503460f94a1b741/html5/thumbnails/4.jpg)
Base stations and sensor nodes Low overhead protocols Specialized traffic patterns In-network processing These differences necessitate
new secure routing protocols
Routing in sensor networks
base station
sensor node
![Page 5: Secure Routing in Sensor Networks: Attacks and Countermeasures First IEEE International Workshop on Sensor Network Protocols and Applications 5/11/2003](https://reader036.vdocuments.us/reader036/viewer/2022081519/56649d415503460f94a1b741/html5/thumbnails/5.jpg)
Secure routing goals and threat models
Security goals: Confidentiality: messages are secret Integrity: messages are not tampered with Availability
In-network processing makes end-to-end security hard
Link layer security still possible Need to consider compromised nodes
(insiders) and resourceful attackers
![Page 6: Secure Routing in Sensor Networks: Attacks and Countermeasures First IEEE International Workshop on Sensor Network Protocols and Applications 5/11/2003](https://reader036.vdocuments.us/reader036/viewer/2022081519/56649d415503460f94a1b741/html5/thumbnails/6.jpg)
Attacks
![Page 7: Secure Routing in Sensor Networks: Attacks and Countermeasures First IEEE International Workshop on Sensor Network Protocols and Applications 5/11/2003](https://reader036.vdocuments.us/reader036/viewer/2022081519/56649d415503460f94a1b741/html5/thumbnails/7.jpg)
TinyOS Beaconing
![Page 8: Secure Routing in Sensor Networks: Attacks and Countermeasures First IEEE International Workshop on Sensor Network Protocols and Applications 5/11/2003](https://reader036.vdocuments.us/reader036/viewer/2022081519/56649d415503460f94a1b741/html5/thumbnails/8.jpg)
Attack: Bogus routing information
Bogus routing information can cause havoc
Example: spoof routing beacons and claim to be base station
Lessons:
• Authenticate routing info
• Trust but verify
![Page 9: Secure Routing in Sensor Networks: Attacks and Countermeasures First IEEE International Workshop on Sensor Network Protocols and Applications 5/11/2003](https://reader036.vdocuments.us/reader036/viewer/2022081519/56649d415503460f94a1b741/html5/thumbnails/9.jpg)
Attack: HELLO floods Assumption: the sender of a
received packet is within normal radio range
False! A powerful transmitter could reach the entire network
Can be launched by insiders and outsiders
Lesson: Verify the bidirectionality of links
![Page 10: Secure Routing in Sensor Networks: Attacks and Countermeasures First IEEE International Workshop on Sensor Network Protocols and Applications 5/11/2003](https://reader036.vdocuments.us/reader036/viewer/2022081519/56649d415503460f94a1b741/html5/thumbnails/10.jpg)
Attack: Wormholes Tunnel packets
received in one part of the network and replay them in a different part
Can be launched by insiders and outsiders
Lesson: Avoid routing race conditions
![Page 11: Secure Routing in Sensor Networks: Attacks and Countermeasures First IEEE International Workshop on Sensor Network Protocols and Applications 5/11/2003](https://reader036.vdocuments.us/reader036/viewer/2022081519/56649d415503460f94a1b741/html5/thumbnails/11.jpg)
Attack: Sybil attack
An adversary may present multiple identities to other nodes
Lesson: Verify identities
A
B
![Page 12: Secure Routing in Sensor Networks: Attacks and Countermeasures First IEEE International Workshop on Sensor Network Protocols and Applications 5/11/2003](https://reader036.vdocuments.us/reader036/viewer/2022081519/56649d415503460f94a1b741/html5/thumbnails/12.jpg)
Protocols analyzed
Protocol Relevant attacksTinyOS beaconing Bogus routing information, selective forwarding, sinkholes,
Sybil, wormholes, HELLO floods
Directed diffusion and multipath variant
Bogus routing information, selective forwarding, sinkholes, Sybil, wormholes, HELLO floods
Geographic routing (GPSR,GEAR)
Bogus routing information, selective forwarding, Sybil
Minimum cost forwarding Bogus routing information, selective forwarding, sinkholes, wormholes, HELLO floods
Clustering based protocols (LEACH,TEEN,PEGASIS)
Selective forwarding, HELLO floods
Rumor routing Bogus routing information, selective forwarding, sinkholes, Sybil, wormholes
Energy conserving topology maintenance
Bogus routing information, Sybil, HELLO floods
All insecure
![Page 13: Secure Routing in Sensor Networks: Attacks and Countermeasures First IEEE International Workshop on Sensor Network Protocols and Applications 5/11/2003](https://reader036.vdocuments.us/reader036/viewer/2022081519/56649d415503460f94a1b741/html5/thumbnails/13.jpg)
Countermeasures
We have countermeasure suggestions and design considerations
See paper for details
![Page 14: Secure Routing in Sensor Networks: Attacks and Countermeasures First IEEE International Workshop on Sensor Network Protocols and Applications 5/11/2003](https://reader036.vdocuments.us/reader036/viewer/2022081519/56649d415503460f94a1b741/html5/thumbnails/14.jpg)
Conclusions
End-to-end security is limited in sensor networks
Link layer security is importantIt is not enoughDesign time security
![Page 15: Secure Routing in Sensor Networks: Attacks and Countermeasures First IEEE International Workshop on Sensor Network Protocols and Applications 5/11/2003](https://reader036.vdocuments.us/reader036/viewer/2022081519/56649d415503460f94a1b741/html5/thumbnails/15.jpg)
Questions?
![Page 16: Secure Routing in Sensor Networks: Attacks and Countermeasures First IEEE International Workshop on Sensor Network Protocols and Applications 5/11/2003](https://reader036.vdocuments.us/reader036/viewer/2022081519/56649d415503460f94a1b741/html5/thumbnails/16.jpg)
Extra Slides
![Page 17: Secure Routing in Sensor Networks: Attacks and Countermeasures First IEEE International Workshop on Sensor Network Protocols and Applications 5/11/2003](https://reader036.vdocuments.us/reader036/viewer/2022081519/56649d415503460f94a1b741/html5/thumbnails/17.jpg)
Countermeasures
Access control with link layer crypto Globally shared key outsiders Per link keys insiders Authenticated broadcast and flooding
Verify neighbors’ identities Prevents Sybil attack
Verify bidirectionality of links Prevents HELLO floods
Multipath and probabilistic routing Limits effects of selective forwarding
![Page 18: Secure Routing in Sensor Networks: Attacks and Countermeasures First IEEE International Workshop on Sensor Network Protocols and Applications 5/11/2003](https://reader036.vdocuments.us/reader036/viewer/2022081519/56649d415503460f94a1b741/html5/thumbnails/18.jpg)
Countermeasures (cont.)
Wormholes are difficult to defend against Can be launched by insiders and outsiders Defenses exist for outsiders, but are not cheap Best solution avoid routing race conditions Geographic routing protocols hold promise
Nodes near base stations are attractive to compromise Overlays
![Page 19: Secure Routing in Sensor Networks: Attacks and Countermeasures First IEEE International Workshop on Sensor Network Protocols and Applications 5/11/2003](https://reader036.vdocuments.us/reader036/viewer/2022081519/56649d415503460f94a1b741/html5/thumbnails/19.jpg)
Why is this a problem?
Wireless security has been spotty WEP/802.11b GSM
Secure routing mechanisms for ad-hoc wireless networks are not necessarily applicable Too much functionality any-to-any routing Not enough functionality sensor nets are often
app. specific Too much overhead public key cryptography
![Page 20: Secure Routing in Sensor Networks: Attacks and Countermeasures First IEEE International Workshop on Sensor Network Protocols and Applications 5/11/2003](https://reader036.vdocuments.us/reader036/viewer/2022081519/56649d415503460f94a1b741/html5/thumbnails/20.jpg)
Wormhole attacks A wormhole is created when
an adversary tunnels packets received in one part of the network and replays them in a different part.
Exploits routing race conditions
Enables other attacks Can be launched by insiders
and outsiders
![Page 21: Secure Routing in Sensor Networks: Attacks and Countermeasures First IEEE International Workshop on Sensor Network Protocols and Applications 5/11/2003](https://reader036.vdocuments.us/reader036/viewer/2022081519/56649d415503460f94a1b741/html5/thumbnails/21.jpg)
![Page 22: Secure Routing in Sensor Networks: Attacks and Countermeasures First IEEE International Workshop on Sensor Network Protocols and Applications 5/11/2003](https://reader036.vdocuments.us/reader036/viewer/2022081519/56649d415503460f94a1b741/html5/thumbnails/22.jpg)
![Page 23: Secure Routing in Sensor Networks: Attacks and Countermeasures First IEEE International Workshop on Sensor Network Protocols and Applications 5/11/2003](https://reader036.vdocuments.us/reader036/viewer/2022081519/56649d415503460f94a1b741/html5/thumbnails/23.jpg)
![Page 24: Secure Routing in Sensor Networks: Attacks and Countermeasures First IEEE International Workshop on Sensor Network Protocols and Applications 5/11/2003](https://reader036.vdocuments.us/reader036/viewer/2022081519/56649d415503460f94a1b741/html5/thumbnails/24.jpg)