Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Taxonomy for Denial-of-Service Attacks in Wireless Sensor Networks Anthony D. Wood and John A. Stankovic Department of Computer Science University of.

Similar presentations

Presentation on theme: "A Taxonomy for Denial-of-Service Attacks in Wireless Sensor Networks Anthony D. Wood and John A. Stankovic Department of Computer Science University of."— Presentation transcript:

1 A Taxonomy for Denial-of-Service Attacks in Wireless Sensor Networks Anthony D. Wood and John A. Stankovic Department of Computer Science University of Virginia Presenter: Sagar Panchariya 1

2 Introduction Wireless sensor networks have transformed into real world applications which include sensing and actuating types of environment of monitoring remote environmental sites or hostile battle fields to modern comfort of indoor health facilities. Like real world application on Internet and wireless adhoc networks the WSN have already started facing attacks. One such attack is DoS. 2

3 WSN Properties Their design space centers around small wireless devices with magnetic, acoustic, optical, chemical or other sensors on board. Each node is limited in resources, so nodes must communicate and co-ordinate to enact aggregate behaviors. May not be serviceable once deployed, low power operation for network longevity. Low cost per unit and effective distributed algorithm will enable deployment at a large scale, individual sensor may not be identifiable or important. 3

4 Limitations Robustness, fault-tolerance and cost effective operations hinge on inherent resource limitations of sensor nodes. Memory and processing cycles are limited. Wasting processing cycles and especially wasting radio transmission is not wise. Security adds another dimension that cannot be overlooked, as in network of such scarce resource improper consumption or destruction is a big concern. 4

5 Security Considerations Sensitive data collected should be protected from unauthorized users. Data and control mechanisms should be strictly authorized when more critical network can impact the environment using actuators or automatic responses. Inability of the network to perform correctly may be a safety hazard, depending on the system being monitored or controlled. 5

6 DoS and Users in WSN The result of an action that prevents any part of a WSN from functioning correctly or in a timely manner. 3 imp parameters: Authorized users, a shared service and Maximum waiting time. Authorized users when prevent access to a shared service or use a service for a longer than some maximum waiting time. Users: Besides humans process executing on behalf of those humans are also considered as users of the systems. In WSN terminology individual sensor nodes are users with respect to in network services. 6

7 Shared Services and Waiting times WSN provide aggregation services such as monitoring or control of an area. Eg: shared example of these services could take form of multiple battlefield commanders querying a WSN for the location of chemical or biological hazard. Services like routing, localization and time synchronization are also used by multiple sensor nodes concurrently. Threshold for maximum waiting time could be hard or soft depending on the type of network being monitored. 7

8 Immediate Vulnerabilities Remote locations: Distant or unmonitored networks require greater response for physical intervention. Large scale: not cost effective to intervene individual node. Cost sensitive: for large scale deployment requires cost and time efficient sensors. This adds pressure to hardware and software development cost which result in hasty design and numerous implementation errors. Attractive targets: depending on criticality and visibility sensor nodes become attractive targets also odds of casual physical tampering. 8

9 Vulnerabilities contd. Application specificity: Due to resource constraint that some network layers be merged or compressed together. Therefore unforeseen interaction between network layers may give rise to further vulnerabilities. Distributed services: Due to symmetric node design every node is potential target. 9

10 10

11 Attacker Passerby: Motivated by spontaneity, not determined, very little knowledge; few resources. Vandal: Desires to inflict damage, perhaps visibility; moderately determined; little knowledge; few resources necessary. Hacker: Desires access, motivated by curiosity and interest; highly determined; highly knowledgeable; moderate resources. 11

12 Attacker Contd. Raider: Driven by personal or organizational monetary and/or political gain, highly determined, moderately- highly knowledgeable; moderate resources. Terrorist or Foreign Power: Causes real-world damage by compromise of critical systems, motivated by enmity; very determined; highly knowledgeable, very well resourced with time, money, and man-power 12

13 Capabilities Number of Attackers: Attacks may be mounted by one or more attackers. Co-ordination of Attackers: All attacks caused may be independent or aggregated similar instances of attacks, or attacks possibly interfering with each other. Autonomous attacks are difficult to trace as compared to a centrally controlled attack 13

14 Capabilities Contd. Technical Capability: Receiving only: listening/ eaves dropping may further lead to other attacks Receiving and transmitting: Using some channels if its able to interact with sensor devices and impersonate a legitimate node. E.g.. Send old messages. Other channels: other mean of communication would be available to the attackers to coordinate attacks despite of disruption of WSN routing. Attacker technical infrastructure: may include higher bandwidth links, side channels, superior computational facilities, etc. (capability asymmetry)‏ 14

15 Area of Influence: Localized region: if the capabilities of an attacker are same as a WSN, outside nodes unaffected. Remote nodes: getting into routing services can allow disruption of remote nodes. Multicast flooding: could be used to send malicious message to a group of nodes. Similarly broad cast malicious flooding may be used. 15

16 Target Type of Service: Attack may happen on a particular layer or service in the network. Service interaction could be exploiting. Lower layer attack: may affect all the services dependent on the layer. E.g.: services may include: localization, time synchronization, directory services, routing services, code download, aggregation, etc. 16

17 Criticality of Target Some services may be expendable such as sensing coverage provided by a small number of nodes. Some services may be desired, but not critical e.g.: equalized power consumption Critical services should be well protected against all forms of security violations. Without this the WSN cannot function adequately, e.g.: routing service or event detection. 17

18 Physical Vulnerability Physical tampering in some way by inserting malicious code or reading secret key though its memory for use in other attack.(cause low cost packaging.)‏ An attacker can falsify local sensor values in the area of WSN and may be able to mislead monitors in that areas. Physical tampering may be detected or more subtle tampering may be may go totally undetected. 18

19 Result Attack is a nuisance but cannot harm. Performance is degraded but not stopped. More serious like key services are disrupted for the duration of the attack plus there is some finite recovery time. Severe attack could be of the type the target ceases to recover even after the attacks has stopped, e.g.: physical damage, erased or corrupted memory. 19

20 Possible Defenses Jamming: deliberate interference with radio reception to deny the target’s use of a communication channel. Node is not able to communicate and coordinate with the network and so is disrupted. Defense technique: Use of spread spectrum, frequency hopping Knowledge of jamming detection can allow avoiding of jamming route. Sending of higher power transmission signal to nodes that are not jammed. 20

21 Possible Defenses Contd. HELLO floods: A broadcast to all nodes announcing false neighbor status. WSN uses the HELLO messages to establish local neighbor tables. Every neighbor thinks that the fake WSN is one hop radio communication range. Also the fake WSN may advertise low-cost routes. This causes retransmission by neighboring WSN’s causing congestion. Defense Technique: bidirectional verification. Nodes could use a trusted third party to verify the authenticity of each of its neighbors before forwarding messages. 21

22 Possible Defenses Contd. Tampering: Defense: Upon the detection of tampering, tracking and reporting of human intruders within the compass of network, so guards or operators could physical intervene. Use of tamper resistant packages. Camouflaging the package 22

23 Problems and Defenses Exhaustion and Interrogation If an attacker is able to replay a broadcast initialization command causing nodes throughout the network to perform localization or time synchronization procedure. Such messages provide a way of amplification of unnecessary traffic. Such repeated request for intentional energy drain of nodes is called Interrogation. Defense technique: Rate limiting responses to even properly authenticated nodes. Excessive request will be ignored. 23

24 Possible Defenses Contd. Collisions By listening and parsing radio transmissions near the victim, the attacker can disrupt key elements of packets that contribute to checksums. With little effort the attacker can cause the victim to discard a much long packet wasting both channel and transmission energy. Defense technique: Error correcting codes can be used to provide some protection against corruption of data messages. These add processing and transmission overhead. 24

25 Conclusion WSN designs could be made resistant to DoS attacks by answering some of the question who will be the attackers? What are their capabilities? What could be the target? What are the vulnerabilities? What could be the result of the attack? 25

26 Q and A 26

27 Some References [ACLGM93] E. Ayanoglu, I. Chih-Lin, R. D. Gitlin, and J. E. Mazo. Diversity coding for self-healing and faulttolerant communication networks. IEEE Trans. Comm., COM- 41:1677.1686, November 1993. 3.5 [AK96] Ross Anderson and Markus Kuhn. Tamper resistance. a cautionary note. In Proceedings of the 2nd USENIX Workshop on Electronic Commerce, pages 1.11, Oakland, California, November 1996. 3.2 [And93] Ross Anderson. Why cryptosystems fail. In Proceedings of the 1st ACM Conference on Computer and Communications Security, pages 215.227, Fairfax, Virginia, November 1993. ACM Press. 1.3 27

Download ppt "A Taxonomy for Denial-of-Service Attacks in Wireless Sensor Networks Anthony D. Wood and John A. Stankovic Department of Computer Science University of."

Similar presentations

Ads by Google