vampire attacks
DESCRIPTION
TRANSCRIPT
Vampire attacks: Draining life from wireless ad-hoc sensor networks
IntroductionAd hoc Wireless Sensor Network : decentralized type of wireless network Ad hoc : It does not rely on pre existing infrastructure such as routers in wired networks and access points in managed wireless networks. Each node participates in routing by forwarding packets. all devices have equal status in the network
Applications:
Ubiquitous on demand computing power Continuous connectivity Instantly deployable communication for military and first responders Monitor environmental conditions , factory performance and troop deployment.
Vampire attack:Definition: : Vampire attack means creating and sending messages
by malicious node which causes more energy consumption by the network leading to slow depletion of node’s battery life.
Features: Vampire attacks are not protocol specific They don’t disrupt immediate availability Vampires use protocol compliant messages Transmit little data with largest energy drain Vampires do not disrupt or alter discovered paths
Areas of Seminar & Technology Area related to seminar: PROTECTION FROM VAMPIRE
ATTACK ON ROUTING PROTOCOL
Areas of seminar includes: Evaluates vulnerabilities of existing protocols to battery
depletion attacks Show Simulation results quantifying the performance of
several protocols in the presence of a single Vampire Modification of an existing sensor network routing protocol
to bound the damage from Vampire attacks
Literature SurveyATTACK FEATURES
DISADVANTAGES
OF DEFENSES
REFERENCES
Sleep Deprivation Torture
Prevents nodes from entering sleep cycle and depletes batteries faster
It considers attacks only at the Medium Access Control(MAC)
David R Raymond and Randy C Marchany ,2009
Resource Exhaustion
Mentions resource exhaustion at MAC and transport layers
Only offers rate limiting and elimination of insider adversaries
Anthony D Wood and John A.Stankovic,2002
Flood Attack
Multiple request connections to server ,run out of resources
Punishes nodes that produce bursty traffic but may not send much data
Daniel J. Bernstein,1996
ATTACKS FEATURES DISADVANTAGES REFERENCES
Reduction of Quality Attacks
Produce long term degradation in networks
Focus is only on transport layer and not on routing protocols.
Sharon Goldberg and David Xiao,2008
DoS Attacks Malefactor overwhelms honest nodes with large amounts of data
Applicable only to traditional DoS, Doesn’t work with intelligent adversaries i.e. protocol compliant
Jing Deng and Richard Han,2005
Wormhole attack & Directional Antenna attack
Allows connection b/w two non neighbouring malicious nodes : disrupt route discovery
Packet Leashes: Solution comes at high cost and is not always applicable
INFOCOM,2003
TECHNOLOGY
FEATURES DISADVANTAGES
REFERENCES
Minimal Energy Routing
Increase the lifetime of power constrained networks using less energy to transmit and receive packets
Vampire attacks increase energy usage even in minimal energy routing
Jae-Hwan Chang and Leandros Tassiulas,2004
Vampire attack Definition: Vampire attack [1] means creating and sending
messages by malicious node which causes more energy consumption by the network leading to slow depletion of node’s battery life.
Two types: Attack on Stateless Protocols Attack on Stateful Protocols
Stateless Protocols: Same as source routing protocol Source node specifies entire route to destination within packet
header. Intermediaries don’t make independent forwarding decisions.
Stateful Protocols: Nodes are aware of their topology, state, forwarding decisions. Nodes make local forwarding decisions on that stored state. Two important classes are : link state and distance –vector
Attacks on Stateless ProtocolsTypes of attacks :
Carousel attack Stretch attack
Carousel Attack: Adversary sends packets with routes composed of a series of loops. Exploits limited verification of message headers at forwarding nodes Used to increase the route length beyond no of nodes in network Theoretical limit: energy usage increase by a factor of O(λ), where λ is the maximum route length.
•Stretch Attack adversary constructs artificially long routes traversing every node in the network.
Causes packets to traverse larger than optimal no of nodes
Causes nodes that doesn’t lie on optimal path to process packets
Theoretical limit: energy usage increase of factor O(min(N, λ)), where N is the number of nodesin the network and λ is the maximum path length allowed.
Potentially less damaging per packet than the carousel attack, as the no of hops per packet is bounded by the number of network nodes.
Attack on Stateful Protocols Types of attacks:
Directional antenna attack Malicious Discovery attack
Directional Antenna attack:Energy can be wasted by restarting packet in various parts of network
Using a directional antenna adversaries can deposit packets in arbitrary parts of the network.
Consumes energy of nodes that would not have had to process the original packet.
Half Wormhole attack – as a directional antenna constitutes a private communication channel.
Packet leashes cannot prevent this attack as they are not to protect against malicious message sources only intermediaries.
Malicious Discovery Attack:Also known as Spurious route discovery.
Falsely claims that a link is down or claim a new link to non existent node
More serious when nodes claim a long distance route has changed.
Trivial in open networks
In closed networks : repeatedly announce and withdraw routes
Theoretical energy usage increase of a factor of O(N) per packet.
Packet leashes cannot prevent: originators are malicious
Existing System & DisadvantagesClean Slate Sensor Network Routing Developed By Parno,Luk, Gaustad and Perrig (PLGP).
Original version is vulnerable to vampire attacks
Can be Modified to resist vampire attacks
Two phases: Topology Discovery PhasePacket Forwarding phase
Discovery organizes nodes to trees
Initially : each node knows only itself
At end of discovery each node should compute the same address tree as other nodes.
All leaf nodes are physical nodes in network and virtual addresses corresponds to their position in the network.
Clean Slate Sensor Network Routing (Contd..)
Topology Discovery Phase:Every node broadcast certificate of identity including public key.Each node starts as its own group size one ,with virtual address zeroGroups merge with smallest neighbouring groupEach group chooses 0 or 1 when merge with another group.Each member prepends group address to their own addressGateway nodesBy end each node knows every nodes virtual address ,public key and certificate.Network converges to a single group
Packet forwarding phase:
All decisions are made independently by each node
A node when receives a packet determines next hop by finding the most significant bit of its address that differs from the message originators address.
Every forwarding event shortens the logical distance to destination
PLGP in presence of vampires: forwarding nodes don’t know the path of a packet and allowing adversaries to divert packet to any part of the network.
Honest node may be farther away from the destination than malicious nodes.
But honest node knows only its address and destination address.
Vampire moves packet away from the destination
Theoretical energy increase of O(d) where d is the network diameter and N the number of network nodes.
Worse if packet returns to vampire as it can reroute
Provable Security against vampire attacks•No-backtracking property:Satisfied for a given packet if and only if it consistently makes progress toward its destination in the logical network address space. More formally:No-backtracking is satisfied if every packet p traverses the same number of hops whether or not an adversary is present in the network. Case 1: L is honestCase 2: L is Malicious
L
L
…(hops) …
…(hops) …DD
•Same no of Hops•Same network wide energy utilization•is independent of the actions of malicious nodes
No-backtracking implies Vampire resistance
Nodes keep track of route cost
Provable Security against vampire attacks (contd..)
PLGP does not satisfy No-backtracking property:
In PLGP packets are forwarded along the shortest route through the tree that is allowed by the physical topology. Since the tree implicitly mirrors the topology and since every node holds an identical copy of the address tree, every node can verify the optimal next logical hop.
However, this is not sufficient for no-backtracking to hold, since nodes cannot becertain of the path previously traversed by a packet.
Adversaries can always lie about their local metric cost
PLGP is still vulnerable
Proposed System:Propose PLGP with attestations (PLGPa): Add a verifiable path history to every PLGP packet PLGPa uses this packet history together with PLGP’s tree routing structure so every node can securely verify progress, preventing any significant adversarial influence on the path taken by any packet which traverses at least one honest node.These signatures form a chain attached to every packet, allowing any node receiving it to validate its path. Every forwarding node verifies the attestation chain to ensure that the packet has never traveled away from its destination in the logical address space.
packet forwarding for PLGPa
PLGPa satisfies no-backtracking
•All messages are signed by their originator .
•adversary can only alter packet fields that are changed en route, so only the route attestation field can be altered, shortened, or removed entirely.
•To prevent truncation, use one-way signature chain construction
•The hop count of a packet is defined as follows:
Definition. The hop count of packet p, received or forwarded by an honest node, is no greater than the number of entries in p’s route attestation field, plus 1.
•When any node receives a message, it checks that every node in the path attestation 1) has a corresponding entry in the signature chain, and 2) is logically closer to the destination than the previous hop in the chain. This way, forwarding nodes can enforce the forward progress of a message, preserving no-backtracking.
Theorem 1. A PLGPa packet p satisfies no-backtracking in the presence of an adversary controlling m < N - 3 nodes if p passes through at least one honest node.
Proof:
…Since each possible adversarial action which results in backtracking violates an assumption , The proof is complete
Comparison of Existing Vs Proposed System
PLGP PLGPa
PLGP does not have attestation It is PLGP with attestation
Forwarding nodes doesn’t know the path of the packet
Each packet has a verifiable path history
Does not hold Backtracking Holds Backtracking
Vulnerable to Vampire attacks Resistant to vampire attacks
Advantages of Proposed SystemPLGPa never floodsPacket forwarding overhead is favourableDemonstrates more equitable routing load
distribution and path diversityEven without dedicated hardware, the
cryptographic computation required for PLGPa is tractable even on 8-bit processors.
Future ScopeAd hoc wireless sensor networks promise
exciting new applications in the near future.As WSN’s become more and more crucial to
everyday life availability faults become less tolerable
Thus high availability of these nodes is critical and must hold even under malicious conditions.
References[1] Frank Stajano and Ross Anderson, The resurrecting duckling: securityissues for ad-hoc wireless networks, International workshop on securityprotocols, 1999.
[2] Haowen Chan and Adrian Perrig, Security and privacy in sensor networks,Computer 36 (2003)
[3] Denial of service attacks(Timothy J. McNevin, Jung-Min Park), 2004
[4] Path-quality monitoring in the presence of adversaries(] Sharon Goldberg, David Xiao),2008.
[5] Packet leashes: A defence against wormhole attacks in wirelessad hoc networks, INFOCOM, 2003.
[6] Securing ad hoc routing protocols,(Manel Guerrero Zapata and N. Asokan), 2002
Thank you!!!
QUESTIONS
?