Presentation is loading. Please wait.

Presentation is loading. Please wait.

Mitigating DoS Attacks against Broadcast Authentication in Wireless Sensor Networks Peng Ning, An Liu North Carolina State University and Wenliang Du Syracuse.

Published byRuby Fields Modified over 8 years ago

Similar presentations

Presentation on theme: "Mitigating DoS Attacks against Broadcast Authentication in Wireless Sensor Networks Peng Ning, An Liu North Carolina State University and Wenliang Du Syracuse."— Presentation transcript:

1 Mitigating DoS Attacks against Broadcast Authentication in Wireless Sensor Networks Peng Ning, An Liu North Carolina State University and Wenliang Du Syracuse University

2 Introduction Broadcast is an important communication primitive in wireless sensor networks. – Large number of sensor nodes – Limited signal range

3 Two approached for broadcast authentication: – Public key based digital signature [Gura et al. 2004], Signature: 0.81s ---multiplication on a 160-bit EC. Verification: 1.62s – uTESLA-based approaches [Perrig et.al. 2000; 2001], provides broadcast authentication based on symmetric cryptography by delayed disclosure of authentication keys. advantage: much more efficient and less resource consuming; disadvantage: cannot provide authentication immediately after broadcast packets are received.

4 Problem Both of them are vulnerable to Denial of Service attacks, which is a fatal threat to sensor networks because of the limited and depletable battery power on sensor nodes.

5 Against signature-based broadcast authentication An attacker may simply forge a large number of broadcast messages with digital signatures, force sensor nodes to verify these signatures, and eventually deplete their battery power. Using MICAz, DoS attacker can consume the receiver’s energy in at least two steps. 1.Receiving the packet; [CC2 2006], 0.25mJ 2.Processing the packet and verifying the signature. 38.88mJ

6 Proposed Approach Basic idea : weak authenticator, can be efficiently verified and takes a amount of time to forge. Receiving a packet 1.First, verifies the weak authenticator. if yes, go to next; 2.Second, performs the expensive signature verification.

7 Cont. When digital signatures are used for broadcast authentication, a sensor node does not have to verify the digital signature if the weak authenticator cannot be verified. This approach is not a replacement of digital signatures but uses as an additional layer of protection to filter out forged broadcast packets so as to reduce the resource consumption due to DoS attacks.

8 Limitation powerful sender. introduces sender-side delay.

9 One-Way Key Chains: A Strawman Approach K_i = F(K_{i+1}), F is hash function and 0<i<n-1 Assumption, every nodes know K_0. i-th packet: index i, the message M_i, the broadcast authenticator BA_i, the i-th weak authenticator K_i.

10 Each receiver keeps the most recently authenticated weak authenticator K_j and the corresponding index j. Initially, j = 0 and K_j = K_0. On receiving a packet with index i, each receiver checks: 1.The i-th packet has not been previously authenticated.2.

11 Nice properties: – Each weak authenticator Ki can be easily verified by regular sensor nodes. – Before the broadcast of the i-th packet, an attacker does not have access to Ki, and thus cannot forge the weak authenticator (due to the one-way property of hash function F). Weak: A malicious node may exploit an observed weak authenticator to forge broadcast packets and the communication delay to forge broadcast packets. (wormhole)

12 Message Specific puzzles Idea: to use cryptographic puzzles to reduce the possibility that an attacker may exploit an observed weak authenticator to forge broadcast packets. 1. Sender(or an attacker) has to solve a cryptographic puzzle in order to generate a valid weak authenticator. 2. Puzzle solution is then used as the weak authenticator. 3. A receiver can efficiently verify a weak authenticator. 4. It take an attacker a substantial amount of time to forge a weak authenticator.

13 Solution Keyed message specific puzzles based on one-way key chains (message specific puzzles) Puzzle: Message, message index and broadcast authenticator Add a previously undisclosed key in the one-way key chain to prevent an attacker pre-compute a puzzle solution until such a key is released by the sender. On receiving a packet, any node can verify the puzzle solution. As result, even if the key known by an attacker, it can not immediately solve the puzzle for a forged packet, and thus cannot immediately launch DoS attacks.

14 Basic Construction 1. Sender generate a one way chain, K 0,K 1, ….., K n, and distributed K 0 to all potential receivers. 2. K i is i-th key and used for the weak authentication of the i-th broadcast packet. 3. i-th message specific: The index i, the message Mi, the broadcast authenticator BAi, and Ki.

15 Cont’ Solution must satisfy the following two conditions:

16 Cont’ Use puzzle key Ki and the puzzle solution P_i together as the weak authenticator for the i-th broadcast packet. Sender: Given the i-th broadcast message Mi, the sender first generates the broadcast authenticator BAi, retrieves the puzzle key Ki, and computes the puzzle solution Pi. The sender then broadcasts the packet with the payload i|Mi|BAi|Ki|Pi. Receiver: using F and K 0 (or a previously verified puzzle key)

17 Minimizing Reuse of Forged Puzzle Solutions Problem: the attacker may compute only a few forged puzzle solutions, but force receivers to perform signature verifications or packet forwarding many times. Consider: puzzle solution is valid, but broadcast authenticator is NOT right. Receiver can identify a forged puzzle solution after verifying the signature in the packet. Keep a buffer at each node for broadcast packets with potentially forged puzzle solution

18 Analysis Cost of finding a puzzle solution Given a puzzle strength l, the probability of finding a puzzle solution within x trials is E{x} = 2^l

19 Choice of parameters l: the network designer should determine the value l through balancing the maximum delay the sender can tolerate before sending the broadcast packet and the risk of DoS attacks against signature verifications. m: The larger packet hash buffer a node has, the better it can minimize the reuse of forged puzzle solutions.

20 we may set m = 50. Based on the benchmark result for Crypto++ 5.2.1 [Dai 2004], it takes about 3.766 seconds on average for a 2.1 GHz Pentium 4 processor to solve one puzzle if SHA-1 is used. Thus, this setting can force an attacker with such a machine to spend about 196 seconds on average (after finding 52 solutions) in order to have a chance to reuse a previously forged puzzle solution.

21 Implementation TinyECC, SHA-1, 64-bit Kn

22 Experimental Evaluation one laptop sender(connected to a MICAz mote through a programming board) thirty regular sensor node receivers

23 Computational Cost

24 Delay

25 Optimistic mode and pessimistic mode In the optimistic mode: a node rebroadcasts the packet locally once it verifies the weak authenticator. In the pessimistic mode, a node verifies both the weak authenticator and the signature, and rebroadcasts the packet only when both verifications pass. The switch between these two modes is determined by a detection metric N_f, w is a system parameter determined by the security policy. N_f represents the number of forged broadcast packets with valid weak authenticators but invalid signatures.

Download ppt "Mitigating DoS Attacks against Broadcast Authentication in Wireless Sensor Networks Peng Ning, An Liu North Carolina State University and Wenliang Du Syracuse."

Similar presentations

Giuseppe Bianchi Lecture 6.1: Extras: Merkle Trees.

Giuseppe Bianchi Lecture 6.1: Extras: Merkle Trees.
Chris Karlof and David Wagner

Chris Karlof and David Wagner
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 6. Security in Mobile Ad-Hoc Networks.

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 6. Security in Mobile Ad-Hoc Networks.
CSC 774 Advanced Network Security

CSC 774 Advanced Network Security
CSC 774 Advanced Network Security

CSC 774 Advanced Network Security
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, 2010. ICWCSC 2010. International.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
A Distributed Security Framework for Heterogeneous Wireless Sensor Networks Presented by Drew Wichmann Paper by Himali Saxena, Chunyu Ai, Marco Valero,

A Distributed Security Framework for Heterogeneous Wireless Sensor Networks Presented by Drew Wichmann Paper by Himali Saxena, Chunyu Ai, Marco Valero,
A Survey of Secure Wireless Ad Hoc Routing

A Survey of Secure Wireless Ad Hoc Routing
DoS Attacks on Sensor Networks Hossein Nikoonia Department of Computer Engineering Sharif University of Technology

DoS Attacks on Sensor Networks Hossein Nikoonia Department of Computer Engineering Sharif University of Technology
Containing DoS Attacks in Broadcast Authentication in Sensor Networks (Ronghua Wang, Wenliang Du, Peng Ning) Containing DoS Attacks in Broadcast Authentication.

Containing DoS Attacks in Broadcast Authentication in Sensor Networks (Ronghua Wang, Wenliang Du, Peng Ning) Containing DoS Attacks in Broadcast Authentication.
An Efficient Scheme for Authenticating Public Keys in Sensor Networks Wenliang (Kevin) Du (Syracuse) Ronghua Wang (Syracuse) Peng Ning (North Carolina.

An Efficient Scheme for Authenticating Public Keys in Sensor Networks Wenliang (Kevin) Du (Syracuse) Ronghua Wang (Syracuse) Peng Ning (North Carolina.
Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)

Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)
LOGO Multi-user Broadcast Authentication in Wireless Sensor Networks ICU 20082065 Myunghan Yoo.

LOGO Multi-user Broadcast Authentication in Wireless Sensor Networks ICU Myunghan Yoo.
Raphael Frank 20 October 2007 Authentication & Intrusion Prevention for Multi-Link Wireless Networks.

Raphael Frank 20 October 2007 Authentication & Intrusion Prevention for Multi-Link Wireless Networks.
Network Access Control for Mobile Ad Hoc Network Pan Wang North Carolina State University.

Network Access Control for Mobile Ad Hoc Network Pan Wang North Carolina State University.
Roberto Di Pietro, Luigi V. Mancini and Alessandro Mei.

Roberto Di Pietro, Luigi V. Mancini and Alessandro Mei.
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
Efficiently Authenticating Code Images in Dynamically Reprogrammed Wireless Sensor Networks PerSec 2006 Speaker: Prof. Rick Han Coauthors Jing Deng and.

Efficiently Authenticating Code Images in Dynamically Reprogrammed Wireless Sensor Networks PerSec 2006 Speaker: Prof. Rick Han Coauthors Jing Deng and.
Security Issues In Sensor Networks By Priya Palanivelu.

Security Issues In Sensor Networks By Priya Palanivelu.
Securing Wireless Sensor Networks Wenliang (Kevin) Du Department of Electrical Engineering and Computer Science Syracuse University.

Securing Wireless Sensor Networks Wenliang (Kevin) Du Department of Electrical Engineering and Computer Science Syracuse University.

Similar presentations

Ads by Google