Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chris Karlof and David Wagner

Published byShane Angley Modified over 10 years ago

Similar presentations

Presentation on theme: "Chris Karlof and David Wagner"— Presentation transcript:

1 Chris Karlof and David Wagner
Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures Chris Karlof and David Wagner

2 Key Contributions Secure routing issues in WSNs
Show how they are different from ad hoc networks Introduce two new classes of attacks Sinkhole attack Hello flood attack Analyze security aspects of major routing protocols Discuss countermeasures & design considerations for secure routing in WSNs

3 WSNs vs. Ad Hoc Networks Multi-hop wireless communications
Ad hoc nets: communication between two arbitrary nodes WSNs Specialized communication patterns Many-to-one One-to-many Local communication More resource constrained More trust needed for in-network processing, aggregation, duplicate elimination

4 Assumptions Insecure radio links
Malicious nodes can collude to attack the WSN Sensor are not tamper-resistant Adversary can access all key material, data & code Base station is trustworthy Aggregation points may not be trustworthy

5 Threat Models Device capability Attacker type Mote class attacker
Laptop class attacker: more energy, more powerful CPU, sensitive antenna, more radio power Attacker type Outside attacker: External to the network Inside attacker: Authorized node in the WSN is compromised or malicious

6 Security Goals Secure routing
Support integrity, authenticity, availability of messages in presence of attack Data confidentiality

7 Potential Attacks Attacks on general WSN routing
Attacks on specific WSN protocols

8 Attacks on General WSN Routing Protocols
Spoof, alter, or replay routing info. Create loops, attack or repel network traffic, partition the network, attract or repel network traffic, etc. Selective forwarding Malicious node selectively drops incoming packets

9 Sinkhole attacks Specific to WSNs
All packets are directed to base station A malicious node advertises a high quality link to the base station to attract a lot of packets Enable other attacks, e.g., selective forwarding or wormhole attack

10 Sybil attack Wormholes
A single node presents multiple ID’s to other nodes Affect geographic routing, distributed storage, multi-path routing, topology maintenance Wormholes Two colluding nodes A node at one end of the wormhole advertises high quality link to the base station Another node at the other end receives the attracted packets

11 Hello flood attack Acknowledge spoofing Specific to WSNs
In some protocols, nodes have to periodically broadcast “hello” to advertise themselves Not authenticated! Laptop-class attacker can convince it’s a neighbor of distant nodes by sending high power hello messages Acknowledge spoofing Adversary spoofs ACKs to convince the sender a weak/dead link support good link quality

12 Attacks on Specific Routing Protocols
TinyOS beaconing Construct a BFS rooted at the base station Beacons are not authenticated! Adversary can take over the whole WSN by broadcasting beacons

13 Directed diffusion Geographic routing Replay interest
Selective forwarding & data tampering Geographic routing Adversary false, possibly multiple, location info. Create routing loop GEAR considers energy in addition to location Laptop-class attacker can exploit it

14 Countermeasures Shared key & link layer encryption
Prevent outsider attacks, e.g., Sybil attacks, selective forwarding, ACK spoofing Cannot handle insider attacks Wormhole, Hello flood, TinyOS beaconing Sybil attack Every node shares a unique secret key with the base station Create pairwise shared key for msg authentication Limit the number of neighbors for a node Hello flood attack Verify link bidirectionality Doesn’t work if adversary has very sensitive radio

15 Wormhole, sinkhole attack
Cryptography may not help directly Good routing protocol design Geographic routing Location verification Use fixed topology, e.g., grid structure Selective forwarding Multi-path routing Route messages over disjoint or Braided paths Dynamically pick next hop from a set of candidates Measure the trustworthiness of neighbors

16 Authenticated broadcast Base station floods blacklist
uTESLA Base station floods blacklist Should be authenticated Adversaries must not be able to spoof

17 Conclusions WSN security is challenging, new area of research
This paper covers security issues at network layer

Download ppt "Chris Karlof and David Wagner"

Similar presentations

Authors: Chris Karlof and David Wagner

Authors: Chris Karlof and David Wagner
Security in Wireless Sensor Networks: Key Management Approaches

Security in Wireless Sensor Networks: Key Management Approaches
Jason Li Jeremy Fowers. Background Information Wireless sensor network characteristics General sensor network security mechanisms DoS attacks and defenses.

Jason Li Jeremy Fowers. Background Information Wireless sensor network characteristics General sensor network security mechanisms DoS attacks and defenses.
An Interleaved Hop-by-Hop Authentication Scheme for Filtering of Injected False Data in Sensor Networks Presenter: Dinesh Reddy Gudibandi.

An Interleaved Hop-by-Hop Authentication Scheme for Filtering of Injected False Data in Sensor Networks Presenter: Dinesh Reddy Gudibandi.
Denial of Service in Sensor Networks Anthony D. Wood and John A. Stankovic.

Denial of Service in Sensor Networks Anthony D. Wood and John A. Stankovic.
Security in Wireless Sensor Networks Adrian Perrig, John Stankovic, and David Wagner.

Security in Wireless Sensor Networks Adrian Perrig, John Stankovic, and David Wagner.
EKC Journal Paper Scouting A Presentation for the ResiliNets Group © 2008 Egemen Cetinkaya July 2008 Egemen Çetinkaya Department of Electrical Engineering.

EKC Journal Paper Scouting A Presentation for the ResiliNets Group © 2008 Egemen Cetinkaya July 2008 Egemen Çetinkaya Department of Electrical Engineering.
Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures Chris Karlof David Wagner University of Califonia at Berkeley Paper review and.

Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures Chris Karlof David Wagner University of Califonia at Berkeley Paper review and.
Authors : Chris Karlof, David Wagner Presenter : Shan Bai Secure Routing in Wireless Sensor Networks : Attacks and Countermeasures.

Authors : Chris Karlof, David Wagner Presenter : Shan Bai Secure Routing in Wireless Sensor Networks : Attacks and Countermeasures.
A Distributed Security Framework for Heterogeneous Wireless Sensor Networks Presented by Drew Wichmann Paper by Himali Saxena, Chunyu Ai, Marco Valero,

A Distributed Security Framework for Heterogeneous Wireless Sensor Networks Presented by Drew Wichmann Paper by Himali Saxena, Chunyu Ai, Marco Valero,
Secure Routing in Wireless Sensor Network Soumyajit Manna Kent State University 5/11/2015Kent State University1.

Secure Routing in Wireless Sensor Network Soumyajit Manna Kent State University 5/11/2015Kent State University1.
Presented by Guillaume Marceau Using slides from Ivor Rodrigues Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures by Chris Karlof,

Presented by Guillaume Marceau Using slides from Ivor Rodrigues Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures by Chris Karlof,
Introduction to Sensor Networks Rabie A. Ramadan, PhD Cairo University 4.

Introduction to Sensor Networks Rabie A. Ramadan, PhD Cairo University 4.
Secure Routing in WSNs: Attacks & Countermeasures Chris Karlof & David Wagner, UC Berkeley 1 st IEEE International Workshop on Sensor Network Protocols.

Secure Routing in WSNs: Attacks & Countermeasures Chris Karlof & David Wagner, UC Berkeley 1 st IEEE International Workshop on Sensor Network Protocols.
1-1 CMPE 259 Sensor Networks Katia Obraczka Winter 2005 Security.

1-1 CMPE 259 Sensor Networks Katia Obraczka Winter 2005 Security.
Efficiently Authenticating Code Images in Dynamically Reprogrammed Wireless Sensor Networks PerSec 2006 Speaker: Prof. Rick Han Coauthors Jing Deng and.

Efficiently Authenticating Code Images in Dynamically Reprogrammed Wireless Sensor Networks PerSec 2006 Speaker: Prof. Rick Han Coauthors Jing Deng and.
Security Issues In Sensor Networks By Priya Palanivelu.

Security Issues In Sensor Networks By Priya Palanivelu.
Secure Routing in Sensor Networks: Attacks and Countermeasures First IEEE International Workshop on Sensor Network Protocols and Applications 5/11/2003.

Secure Routing in Sensor Networks: Attacks and Countermeasures First IEEE International Workshop on Sensor Network Protocols and Applications 5/11/2003.
SUMP: A Secure Unicast Messaging Protocol for Wireless Ad Hoc Sensor Networks Jeff Janies, Chin-Tser Huang, Nathan L. Johnson.

SUMP: A Secure Unicast Messaging Protocol for Wireless Ad Hoc Sensor Networks Jeff Janies, Chin-Tser Huang, Nathan L. Johnson.
Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures by Chris Karlof, David Wagner Presented by William Scott December 01, 2009 Note:

Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures by Chris Karlof, David Wagner Presented by William Scott December 01, 2009 Note:

Similar presentations

Ads by Google