security in wireless sensor networks
DESCRIPTION
Security in Wireless Sensor Networks. Michael Krishnan. Outline. Types of Attacks Clusters and Intrusion Detection Game Theory Approach. Characteristics of WSNs. Limited Energy (~6Ah) Wireless: Intruders can see transmissions and add their own - PowerPoint PPT PresentationTRANSCRIPT
Security in Wireless Sensor Networks
Michael Krishnan
Outline
Types of Attacks Clusters and Intrusion Detection Game Theory Approach
Characteristics of WSNs
Limited Energy (~6Ah) Wireless: Intruders can see transmissions and
add their own Traffic is either source to sink (base station) or
broadcast
Types of Attacks
Steal Data – Confidentiality Alter Data – Data Integrity Limit Service Availability (DoS) Consume Energy “Denial of Sleep”
Confidentiality
Public key? Too computationally expensive Secret key? Bad if node is compromised Secure Network Encryption Protocol (SNEP)
SNEP
Both sides keep (pair-wise) shared key, , & shared counter, C, to use as IV in DES– Semantic Security
Whole network shares MAC() function for authentication: MAC(,C|{D}) (8 bytes)
(Weak) Freshness – replay protection and ordering
Data Integrity
Authentication: Can’t use asymmetric digital signatures – too much overhead
SNEP: two-party TESLA: broadcast
Data IntegrityTESLA
One-way function, F(.) Kn = F(Kn+1)
Keys disclosed periodically, not per packet
Figure from Perrig et al.
Service Availability
Bogus Routing Information Flooding Homing – look at traffic to find important nodes “Black Hole” Attack – compromise neighbors of
base-station De-synchronization (transport layer)
Energy – Denial of Sleep Attack
Unique to WSNs – can’t use techniques from wired networks
Sources of Energy Loss– Collision – Frequency Hopping, CDMA, FEC– Message Overhearing – RTS/CTS, NAV– Idle Listening – schedule sleep
Brownfield et al. (2005)
Scheduling Sleep – S-MAC
Fixed Sleep Schedule RTS During Listen Period
– If no RTS sleep
Vulnerable during listen period only
Figure from Brownfield et al.
Scheduling Sleep – T-MAC
Timeout MAC Sleep Early: wait for timeout period
– Longest time hidden node must wait before first bit of CTS (TA = 1.5*(tCW_Max + tRTS + tSIFS)
Saves energy in absence of attacker, but MORE vulnerable to attacks (if never get timeout, stay awake forever)
Scheduling Sleep – B-MAC
No fixed listening start time Periodically wake up and sample channel using low
power listening (LPL) Longer preamble (longer than sleep period)
Just as vulnerable to attack as T-MAC
Figure from Brownfield et al.
Scheduling Sleep – G-MAC
Split Frame into Collection and Distribution Period
Gateway Sensor (GS) node schedules traffic for cluster– Rotate being GS to distribute energy use
Gateway can keep misbehaving node in check
Scheduling Sleep – G-MAC
Figure from Brownfield et al.
Clusters
Cluster head (CH) and member nodes (MN) Popular in routing protocols
– Nearby nodes have redundancy, compressed at CH (save energy)
Can also use for intrusion detection– CH monitors MNs, while some subset of MNs
monitor CH– X MNs can decommission CH (homing)
Methods of Intrusion Detection
Anomaly Detection – Actions of monitored node are atypical
– High probability of false alarm
Signature Detection – Actions of monitored node correspond to a type of attack
– Susceptible to new attacks– Typical Attacks:
Drop Packets Duplicate Packets Cause Collisions
Clusters for Authentification
Everyone watch neighbors? Too much energy BS checks packet at the end? Waste energy
transmitting bad packet whole route – need to discover this sooner
Check packet everywhere? A lot of computation Check at CH. Send packets first to CH Also send to CH with some probability p so
compromised node can’t bypass CH.
Game Theory Approach
Agah et al. (2004) Model: 2-player, non-cooperative, nonzero-
sum Players: IDS, attacker IDS can choose 1 cluster to defend, Attacker
can choose 1 to attack
Game Theory Approach - Notation
U = Utility of working WSN Ck = Cost to defend cluster k
ALk = Average loss for losing cluster k PI = Attackers profit for intruding CI = Attackers cost to intrude CW = Attacker’s cost to wait
Game Theory Approach - Assumptions
PI = AL CW < PI-CI Ck ~ k, where k = # previous attacks to k
Game Theory Approach
Payoff Matrix (for cluster k):Attack k Do Nothing Attack k”
Defend k U-Ck
PI-CI
U-Ck
CW
U-Ck-ALk”
PI-CI
Defend k’ U-Ck’-ALk
PI-CI
U-Ck’
CW
U-Ck’-ALk”
PI-CI
What’s wrong with this?
Attacker benefit is independent of what IDS does…– Intuitively, this should matter
We defend one cluster at a time– Why not more?– How do they coordinate? (Extra transmissions)
Modified Game Theory Approach
Uk = Utility of cluster k Ck = Cost to defend cluster k We can defend as many clusters as we want If we defend cluster k, utility of cluster is Uk-Ck
If we don’t and it’s not attacked, utility is Uk
If we don’t and it is attacked, utility is 0 Since attacker always attacks, his utility is
proportional to IDS’s loss minus a constant (CI)
Modified Game Theory Approach
No Pure NE:Suppose there were, then attacker always attacks one
particular cluster, k. IDS should then only defend k. But then utility of attacker is less than it would be for attacking another cluster.
Requirement for mixed NE:– E[util. of attacker] indep. of k – equally likely to
attack any cluster (1-pk)Uk = const, where pk is probability of defending cluster k
Modified Game Theory Approach
Strategy:– each cluster knows its own utility (maybe from G-
MAC)– Defend with probability pk=1-X/Uk where X is a
constant known to the whole WSN.
Expected utility of cluster k:– pk(Uk-Ck)+(1- pk)(Uk*(m-1)/m) where m = # clusters
Modified Game Theory Approach
Total expected utility of WSN:
pk(Uk-Ck)+(1- pk)(Uk*(m-1)/m)= (1-X/Uk )(Uk-Ck)+ X/Uk(Uk*(m-1)/m)= Uk-Ck-X+XCk/Uk + X*(m-1)/m)= m(X*(m-1)/m-X)+Uk-Ck+XCk/Uk= -X+Uk-Ck+XCk/Uk
Modified Game Theory Approach
Total expected utility of WSN always defending (pk = 1 for all k):
Uk-Ck = -X+Uk-Ck+XCk/Uk
Gain for using pk < 1
-X+Uk-Ck+XCk/Uk] - Uk-Ck = -X+XCk/Uk = X(Ck/Uk –1)
Modified Game Theory Approach
Utility gain = X(Ck/Uk –1) What does this mean?
– Goes to -X As Ck 0– Positive for larger Ck and smaller Uk.– Increases with X (Counter-intuitive)
Conclusion: We can improve our utility by defending less when per cluster utility is low and Ck is relatively high
Review
Classified Attacks: Confidentiality, Authenticity, Service Availability, Energy
Clusters are useful for intrusion detection Game theory approach