1. Attacks in Sensor Networks Team Members: Subramanian Madhanagopal Sivasankaran Rahul Poondy Mukundan

2. Sensor Networks  Wireless sensor networks enable wide range of applications in both military and civilian domains  Consists small, low-cost, resource limited nodes.  Forward data in a multi-hop fashion  This lack of infrastructure makes them susceptible to numerous attacks

3. Typical Attacks ATTACKS ON CONTROL TRAFFIC  Wormhole  Sybil Attack  Used to attack data traffic attacks ATTACKS ON DATA TRAFFIC  Blackhole  Selective forwarding  Artificial delaying of packets

4. Existing Countermeasures  HMAC and digital signatures  Intermediate node authentication  Hash trees  U(Mu) Tesla The drawbacks of these measures are,  Highly complex  High communication overhead  Require infrastructure Not feasible for Sensor networks

5. DICAS - Framework  DICAS is a lightweight framework, which mitigates the earlier mentioned attacks.  Achieved by detection and isolation of malicious nodes.  DICAS provides the following,  Primitives:  Neighbor Discovery  One-Hop Authentication  Modules:  Local Monitoring  Local Response

6. System Model and Assumptions  Model  Attacker can control both external and/or internal nodes  A malicious node can perform any of the attack individually or by colluding with other nodes  Assumptions  Attacker can’t compromise more than an application defined threshold of guards in a certain transmission range in a given amount of time  Key management protocol is used to pre distribute pair wise keys for secure communication  Static Topology

7. Primitives  Neighbor discovery  Every node joining the network find its immediate two hops by secure communication between its neighbors.  The communication is carried out using the shared secret keys (Authentication)  One Hop Source Authentication  Commitment key for neighbor verification along with message authentication  Undisclosed Commitment key piggybacked with response for source authentication

8. Local Monitoring - Detection  Guard Node  Can monitor a node  Neighbor to both communicating nodes  Functions  Maintains a watch buffer  Contains immediate and original Source/Destination pairs  Packet ID  Packet Information  Drop, Delay Detection – Packet header  Modification Detection – Entire Payload  Malicious Counter (incremented with malicious activity)

9. Local Response – Isolation of Nodes  Node deemed malicious if Malicious counter exceeds threshold value  Guard Node (say M) revokes malicious node (say A) from neighbor list  M alerts A’s neighbor (say D)  D stores A in Alert Buffer  Number of messages per isolation = number of neighbors for guard  Light weight property

10. Lightweight Source Routing (LSR)  Routing protocol similar to AODV  More resilient and secure  Appropriate for Sensor Networks  Working  Route Request  Route Reply

11. Route Request

12. Route Response

13. Analysis  Collision Probability increases with increase in nodes  Detection rate equals zero for number nodes > 24  ADVANTAGE  Lightweight  Secure  Negligible False Alarm Rate  DISADVANTAGE  Not Feasible for large number of nodes  Works only for static topology  Requires pairwise keys to be distributed among the nodes (N*N-1 Keys)

14. Conclusion  Can be extended to mobile networks in future  Might require Neighbor Discovery throughout the communication

15. Reference  DICAS: Detection, Diagnosis and Isolation of Control Attacks in Sensor Networks, Issa Khalil, Saurabh Bagchi, Cristina Nina-Rotaru, IEEE Conference on Security and Privacy for Emerging Areas in Communication Networks (SecureComm), Athens, Greece from 5 - 9 September, 2005 DICAS: Detection, Diagnosis and Isolation of Control Attacks in Sensor Networks, Issa Khalil, Saurabh Bagchi, Cristina Nina-Rotaru, IEEE Conference on Security and Privacy for Emerging Areas in Communication Networks (SecureComm), Athens, Greece from 5 - 9 September, 2005