Presentation is loading. Please wait.

Presentation is loading. Please wait.

Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures Chris Karlof and David Wagner.

Similar presentations


Presentation on theme: "Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures Chris Karlof and David Wagner."— Presentation transcript:

1 Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures Chris Karlof and David Wagner

2 Key Contributions Secure routing issues in WSNs Secure routing issues in WSNs –Show how they are different from ad hoc networks –Introduce two new classes of attacks »Sinkhole attack »Hello flood attack Analyze security aspects of major routing protocols Analyze security aspects of major routing protocols Discuss countermeasures & design considerations for secure routing in WSNs Discuss countermeasures & design considerations for secure routing in WSNs

3 WSNs vs. Ad Hoc Networks Multi-hop wireless communications Multi-hop wireless communications Ad hoc nets: communication between two arbitrary nodes Ad hoc nets: communication between two arbitrary nodes WSNs WSNs –Specialized communication patterns »Many-to-one »One-to-many »Local communication –More resource constrained –More trust needed for in-network processing, aggregation, duplicate elimination

4 Assumptions Insecure radio links Insecure radio links Malicious nodes can collude to attack the WSN Malicious nodes can collude to attack the WSN Sensor are not tamper-resistant Sensor are not tamper-resistant Adversary can access all key material, data & code Adversary can access all key material, data & code Base station is trustworthy Base station is trustworthy Aggregation points may not be trustworthy Aggregation points may not be trustworthy

5 Threat Models Device capability Device capability –Mote class attacker –Laptop class attacker: more energy, more powerful CPU, sensitive antenna, more radio power Attacker type Attacker type –Outside attacker: External to the network –Inside attacker: Authorized node in the WSN is compromised or malicious

6 Security Goals Secure routing Secure routing –Support integrity, authenticity, availability of messages in presence of attack –Data confidentiality

7 Potential Attacks Attacks on general WSN routing Attacks on general WSN routing Attacks on specific WSN protocols Attacks on specific WSN protocols

8 Attacks on General WSN Routing Protocols Spoof, alter, or replay routing info. Spoof, alter, or replay routing info. –Create loops, attack or repel network traffic, partition the network, attract or repel network traffic, etc. Selective forwarding Selective forwarding –Malicious node selectively drops incoming packets

9 Sinkhole attacks Sinkhole attacks –Specific to WSNs –All packets are directed to base station –A malicious node advertises a high quality link to the base station to attract a lot of packets –Enable other attacks, e.g., selective forwarding or wormhole attack

10 Sybil attack Sybil attack –A single node presents multiple IDs to other nodes –Affect geographic routing, distributed storage, multi- path routing, topology maintenance Wormholes Wormholes –Two colluding nodes –A node at one end of the wormhole advertises high quality link to the base station –Another node at the other end receives the attracted packets

11 Hello flood attack Hello flood attack –Specific to WSNs –In some protocols, nodes have to periodically broadcast hello to advertise themselves »Not authenticated! –Laptop-class attacker can convince its a neighbor of distant nodes by sending high power hello messages Acknowledge spoofing Acknowledge spoofing –Adversary spoofs ACKs to convince the sender a weak/dead link support good link quality

12 Attacks on Specific Routing Protocols TinyOS beaconing TinyOS beaconing –Construct a BFS rooted at the base station –Beacons are not authenticated! –Adversary can take over the whole WSN by broadcasting beacons

13 Directed diffusion Directed diffusion –Replay interest –Selective forwarding & data tampering Geographic routing Geographic routing –Adversary false, possibly multiple, location info. –Create routing loop –GEAR considers energy in addition to location »Laptop-class attacker can exploit it

14 Countermeasures Shared key & link layer encryption Shared key & link layer encryption –Prevent outsider attacks, e.g., Sybil attacks, selective forwarding, ACK spoofing –Cannot handle insider attacks »Wormhole, Hello flood, TinyOS beaconing Sybil attack Sybil attack –Every node shares a unique secret key with the base station –Create pairwise shared key for msg authentication –Limit the number of neighbors for a node Hello flood attack Hello flood attack –Verify link bidirectionality –Doesnt work if adversary has very sensitive radio

15 Wormhole, sinkhole attack Wormhole, sinkhole attack –Cryptography may not help directly –Good routing protocol design –Geographic routing Geographic routing Geographic routing –Location verification –Use fixed topology, e.g., grid structure Selective forwarding Selective forwarding –Multi-path routing –Route messages over disjoint or Braided paths –Dynamically pick next hop from a set of candidates –Measure the trustworthiness of neighbors

16 Authenticated broadcast Authenticated broadcast –uTESLA Base station floods blacklist Base station floods blacklist –Should be authenticated –Adversaries must not be able to spoof

17 Conclusions WSN security is challenging, new area of research WSN security is challenging, new area of research This paper covers security issues at network layer This paper covers security issues at network layer


Download ppt "Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures Chris Karlof and David Wagner."

Similar presentations


Ads by Google