1. Mark W. Propst Scientific Research Corporation

2.  Attack Motivations  Vulnerability Classification  Traffic Pattern Analysis  Testing Barriers  Concluding Remarks 2

3.  Wireless Sensor Network link-layer protocols are derived from mobile ad hoc networks which leaves them vulnerable to the same type of attacks  They are typically deployed in un-secured hostile environments leaving them vulnerable to physical attack  The sensor nodes lack the processing power and battery life to perform countermeasures typically utilized in many fixed and mobile ad hoc networks 3

4.  Unauthorized data observation  Unauthorized data manipulation  Data unavailability 4 1) Bertino, E., & Sandhu, R. (2005). Database Security-Concepts, Approaches, and Challenges. IEEE Trans. Dependable Secur. Comput., Vol 2, issue 1, pp. 2–19.

5. There is currently a plethora of research attempting to understand and counter the manipulation of individual nodes within a wireless sensor network ◦ Threshold Cryptography and Authentication 2 is an example of unique methods to protect and detect ◦ Similarly, Adaptive Intrusion Detection 3 detects malicious nodes in a sensor network 5 2) Piya, T., & Andrew, J. (2007). Adaptive Intrusion Detection in Wireless Sensor Networks. Intelligent Pervasive Computing, International Conference on, 0, 23-28. 3) Marianne, A. A., Sherif, M. E.-K., & Magdy, S. E.-S. (2007). Threshold Cryptography and Authentication in Ad Hoc Networks Survey and Challenges. Systems and Networks Communication, International Conference on, 0, 5.

6.  Cluster heads typically have greater processing power, provide geo-location, encryption keys, and act as a gateway of information from the sensor network to the outside world  Attacking and defeating a cluster head will render the entire sensor cluster non-operational  Unlike mobile networks, sensor networks are typically static, leading to predictable routing paths  With predictable routing paths, the cluster head of a sensor network can be detected 6

7.  There are two methods to attack the same static path vulnerability: ◦ Route Correlation (Rate Monitoring) ◦ Frequency Domain Analysis (Time Correlation)  Both rely on the correlation of time between transmission events on successive nodes to determine the path to the cluster head 7

8.  Link-layer encryption, such as onion encryption, can effectively prevent packet sniffing.  To defeat frequency domain analysis, most obfuscation techniques attempt to bring the noise floor up to the transmission level by generating excess packets 8

9. ΔT SHF Power 9 Easily identifiable transmission sequence Theoretical obfuscation

10. Most current methodologies attempt to obfuscate routing signatures by introducing superfluous traffic. ◦ Flooding ◦ Generic Random Walk ◦ Greedy Random Walk ◦ Directed Random Walks ◦ Store and Forward 10

11.  Onion Routing requires every node to encrypt the packet, consuming valuable battery power encrypting every packet for every hop  Bringing up the noise floor through the utilization of random walk strategies effectively obfuscates the traffic, but at the cost of sensor network life 11Mark W. Propst DCIS 730

12. How do we test network routing obfuscation? ◦ This is typically done in simulation by applying a propositional satisfiability solver such as GSAT 4 ◦ Propositional satisfiability solvers are very efficient at comparing obfuscation methodologies, however, the results between different implementers are NOT comparable ◦ There is currently no repeatability in testing 12 4) Selman, B., Levesque, H., & Mitchell, D. (1992). A new method for solving hard satisfiability problems. In National conference on artificial intelligence (pp. 440-446).

13.  Development of new energy efficient routing protocols with high obfuscation properties which mask the RF signature of the routing topology must happen to stay ahead of current and developing threats  The development of standardized test tools to compare and contrast new obfuscation protocols is just as important as developing the obfuscation protocols 13