1. Secure routing in wireless sensor network: attacks and countermeasures Presenter: Haiou Xiang Author: Chris Karlof, David Wagner Appeared at the First IEEE International Workshop on Sensor Network Protocols and Applications, May 11, 2003

2. Contribution Propose threat models and security goals for secure routing in wireless sensor networks Introduce seven attack techniques, including two novel attacks, sinkhole and HELLO floods. Present the detailed security analysis of all major routing protocols. Discuss countermeasures and design considerations for security routing protocols

3. Background What is sensor network? Outside Network Base station Sensor node Event Aggregation node

4. Background The properties of sensor network –Sensor Node: Lower-power, Lower-bandwidth, shorter-range Multihop wireless network –Aggregation node: Eliminate the redundancy, saving energy –Base station (Sink) More powerful than sensor nodes

5. Background Security limitation: UC berkeley lab: Mica mote –Limit Power Power: Two AA batteries Only two weeks at full power –Limit memory and computational power 4MHz 8-bit CPU, 4KB RAM, 512KB flash memory

6. Attacks on sensor network routing

7. Spoofed, altered, or replayed routing information Behavior: –Create routing loops, attract or repel network traffic, extend or shorten source routes Goal: –Generate false error messages, partition the network, increase end-to-end latency

8. Example

9. Selective forwarding Behavior: –Malicious nodes may refuse to forward certain messages and simply drop them, ensuring that they are not propagated any further. Goal: –Attempt to include herself on the actual path of the data flow

10. Example Outside Network Base station Sensor node Event Aggregation node Malicious node Drop

11. Acknoledgement spoofing Behavior –Spoof link layer acknowledgments for “overheard” packet addressed to neighboring nodes Goal –Convincing the sender that a weak link is strong or that a dead or disabled node is alive –Enable selecting forward attack

12. Example Outside Network Base station Sensor node Event Aggregation node Malicious node Lost bad node

13. Sinkhole attacks Behavior –Making a compromised node look especially attractive to surrounding nodes Goal –Lure nearly all the traffic from a particular area through a compromised node, create a metaphorical sinkhole with the adversary at the center –Enable selecting forward attack

14. Example Sinkhole attack

15. Wormholes Behavior –Tunnel messages received in one part of network over a low-latency link and replays them in a different part Goal: –May be able to completely disrupt routing if an adversary situated close to a base station –Enable sinkhole attack –Exploit routing race condition

16. Example

17. Sybil attack Behavior –A single node presents multiple identities to other nodes in the network Goal: –Significantly reduce the effectiveness of fault- tolerant schemes

18. Example

19. HELLO flood attack Behavior –A laptop-class attacker broadcasting routing or other information with large enough transmission power could convince every node in the network that the adversary is its neighbor Goal –Enable wormhole attack by broadcasting wormholes

20. Example

21. Summary of attack

22. Countermeasures

23. Outsider attacks and link layer security Solution: –Global share key: link layer encryption and authentication Limitation: ineffective –Wormhole and HELLO flood attack –Insider attack or compromised node

24. Sybil attack Solution –Every node share a unique symmetric key with base station –Two node establish a shared key and verify each other’s identity –Base station limit the number of neighbors around a node –When a node is compromised, it is restricted to communicating only with its verified neighbors Limitation –Adversary can still use a wormhole to create an artificial link between two nodes to convince them

25. HELLO flood attacks Solution: –Verify the bidirectionality of a link before taking meaningful action –Every node authenticate each of its neighbors with an identity verification protocol using a trusted base station

26. Wormhole and sinkhole attacks Solution –Design routing protocols which avoid routing race conditions and make these attacks less meaningful Geographic routing protocols: construct a topology on demand using only localized interactions and information

27. Selective forwarding Solution: –Multipath routing: message routed over n paths whose nodes are completely disjoint –Nodes dynamically choose a packet’s next hop probabilistically from a set of possible candidates Limitation: –Completely disjoint paths is difficult to create

28. Countermeasure summary AttacksCountermeasure Outersiders, Sybil, HELLO floods, ACKs spoofing Link-layer encryption and authentication, multipath routing, identity verification, bidirectional link verification, authenticated broadcast Sinkhole attack wormhole attack Geographic routing protocols

29. Strength Demonstrate current routing protocols for wireless sensor networks are insecure Provide several countermeasures to against attacks: link layer encryption and authentication and so on

30. Questions?