Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Sybil Attack in Sensor Networks: Analysis & Defenses J. Newsome, E. Shi, D. Song and A. Perrig IPSN’04.

Similar presentations


Presentation on theme: "The Sybil Attack in Sensor Networks: Analysis & Defenses J. Newsome, E. Shi, D. Song and A. Perrig IPSN’04."— Presentation transcript:

1 The Sybil Attack in Sensor Networks: Analysis & Defenses J. Newsome, E. Shi, D. Song and A. Perrig IPSN’04

2 Overview Sybil Attack Taxonomy Attacks Defenses –Radio Resource Testing –Random Key Predistribution –Other Defenses

3 Sybil Attack A malicious node behaves as if it were a large number of nodes –Impersonating –False identities Terminologies –Malicious node –Sybil node –Usable Sybil identity

4 Taxonomy Direct vs. Indirect Communication Fabricated vs. Stolen Identities Simultaneous vs. Non-Simultaneous

5 Attacks Distributed Storage Routing –Multipath or dispersity routing Voting Fair Resource Allocation Misbehavior Detection

6 Defense Validate: only one identity per physical node –Direct Validation –Indirect Validation Previous Defense – Resource Testing –Computation –Storage –Communication

7 Radio Resource Testing Assumption –any physical device has only one radio –a radio is incapable of simultaneously sending or receiving on more than one channel

8 Random Key Predistribution Key Ideas –Associating the node identity with the keys assigned to the node. –Key validation: verify part or all of the keys that an identity claims to have. Key Pool Single-space Pairwise Key Distribution Multi-space Pairwise Key Distribution

9 Key Pool Set of keys assigned to ID: Set of the keys that node ID possesses are determined by A usable Sybil identity must be able to pass the validation –Full Validation –Partial Validation

10 Key Pool (cont. 1) Full Validation: Partial Validation: its d neighbor nodes ID’ can survive the validation of ID 0 iff.

11 Key Pool (cont. 2)

12 Key Pool (cont. 3) m = 20000, k = 200, l = k = 200. If Pr = –Full Validation: c = 150 –Partial Validation: c = 30 (d = 30)

13 Single-space Pairwise Key Distribution Traditional approaches –f(Vi, Uj) = f(Vj, Ui) –λ - secure property: nothing or ALL! A new approach proposed by Chan et al. –No such problem: always nothing. –The network size is limited by l and Pr(any 2 nodes are connected)

14 Multi-space Pairwise Key Distribution Combination of key pool and single space approach –Without validation –With validation Given c, Pr(space i is compromised):

15 Multi-space Pairwise Key Distribution (cont.) Pr(at least k spaces compromised)<= m = 50, k = 4, λ = 49, l = 200 Compromise ≈ 400(w/o V) 465(w/ V), Pr<=0.05

16 Other Defenses Registration –A trusted central authority Position Verification –Upper bound for the sensor density Code Attestation –Different code in malicious node –Verify memory content

17 Comparison of Sybil Defenses Defense Who Can ValidateRemaining Sybil Vulnerabilities RadioNeighborsIndirect Com., Non-Simult. Position Verification NeighborsIndirect Com. RegistrationAnyoneStolen IDs Key Predistribution Anyone w/shared keys Stolen IDs Code AttestationAnyoneNone

18 Summary Main Ideas –Explore Sybil attack problem in sensor network environment –Modify the existing key pool scheme to defend against the Sybil attack

19 Thank You!


Download ppt "The Sybil Attack in Sensor Networks: Analysis & Defenses J. Newsome, E. Shi, D. Song and A. Perrig IPSN’04."

Similar presentations


Ads by Google