DENIAL OF SERVICE IN SENSOR NETWORKS Pratik Zirpe Instructor – Dr. T. Andrew Yang

Agenda  Introduction  Concepts  Denial of Service Threat  Physical layer  Link layer  Network layer  Transport layer  Conclusion

Introduction  Real-time data processing  Applications  Availability  Denial of service

Concepts  Application dependent networks  Limited individual capability of nodes  Must continue operating after significant node failure

Security demands of a network  Network has to face harsh environments and intelligent opposition  Disasters  Public safety  Home healthcare  Design time consideration

Denial of Service Threat  Any event that diminishes or eliminates a network’s capacity to perform it’s expected function  Reasons may be hardware failures, software bugs, resource exhaustion, environmental conditions or other complicated interactions.

Layered Network Architecture  Improves robustness of the system  Each layer is vulnerable to different DoS attacks  Some attacks may crosscut multiple layers

Layered model

Physical layer  Nodes use wireless communication  Base stations use wired or satellite communication  Attacks-  Jamming  Tampering

Jamming  Interferes with radio frequencies of nodes  Randomly distributed k nodes can put N nodes out of service (k<<N)  Effective in single frequency networks

Detection  Determined by constant energy that impedes communication  Constant jamming prevents nodes from exchanging data or even reporting attack to remote monitoring stations  Sporadic jamming is also effective

Prevention or mitigation  Spread-spectrum communication – not feasible solution  Attacked nodes can be put in long-term sleep and have them wake up periodically to test the channel  High priority messages to defend against intermittent jamming

Defense against jamming

Tampering  Attacker can physically tamper nodes  Attacker can damage and replace computation hardware  Sensitive material is exposed

Prevention or mitigation  Camouflaging or hiding nodes  Erase cryptographic or program memory

Link layer  Protocols requires cooperation between nodes to arbitrate channel use making them more vulnerable to DoS attack  Attacks-  Collision  Exhaustion  Unfairness

Collision – detection and prevention  Adversary may need to induce collision in one octet of transmission  Attacker requires less energy to listen for transmission  No complete solution is known  Errors are detected using checksum mismatch  Error correction codes can be used

Exhaustion  Repeated retransmissions are triggered by unusually late collision leading to exhaustion  Affect availability  A node could reportedly request channel access with RTS  Causes power losses

Detection and mitigation  Random back-offs  Time division multiplexing  MAC admission control rate limiting  Limiting the extraneous responses required

Unfairness  Degrades service rather than denying it  It exploits MAC-Layer priority schemes  It can be prevented using small frames  Adversary can cheat while vying for access

Network and Routing Layer  Messages may traverse many hops before reaching the destination  The cost of relaying a packet and the probability of its loss increases in an aggregate network  Every node can act as a router  Routing protocols should be simple and robust

Neglect and Greed  A neglectful node arbitrarily neglects to route some messages  Its undue priority to messages originating from it makes it greedy  Multiple routes or sending redundant messages can reduce its effect  It is difficult to detect

Homing  Important nodes and their identities are exposed to mount further attacks  A passive adversary observes traffic to learn the presence and location of critical resources  Shared cryptographic keys are an effective mechanism to conceal the identity of such nodes  This makes the assumption that none of the nodes have been subverted

Misdirection  Messages are forwarded in wrong paths  This attack targets the sender  Adversary can forge replies to route discovery requests and include the spoofed route  Sensor networks can use an approach similar to egress filtering

Black Holes  Nodes advertise zero cost routes to every other node  Network traffic is routed towards these nodes  This disrupts message delivery and causes intense resource contention  These are easily detected but more disruptive

Authorization  Only authorized node can share information  Public-key encryption can be used for routing updates  The problems are with computational and communication overheads and key management

Monitoring  Nodes can keep monitoring their neighbors  Nodes become watchdogs for transmitted packets  Each of them has a quality-rating mechanism

Probing  A network probe tests network connectivity  This mechanism can be used to easily detect Black holes  A distributed probing scheme can detect malicious nodes

Transport layer  Manages end-to-end connections  Sensor Networks utilize protocols with minimum overhead  Threats-  Flooding  Desynchronizations

Flooding  Adversary send many connection establishment request to victim  Each request causes allocation of resources  It can be prevented by limiting the number of connections  Connectionless protocols are not susceptible to this attack  Another solution is client puzzles

Desynchronization  The attacker forges messages to one or both ends with sequence numbers  This causes the end points to request retransmissions of missed frames  This may lead to lack of availability and resource exhaustion  Authentication can prevent such an attack

Adaptive rate control  Describe a series of improvements to standard MAC protocols  Key mechanisms include Random delay for transmissions Back-off that shifts an applications periodicity phase Minimization of overhead in contention control mechanisms Passive adaptation of originating and route-through admission control rates Anticipatory delay for avoiding multihop hidden node problems

RAP  Real-time location based protocol  Velocity monotonic scheduling  RAP can use clock synchronization

Conclusion  Attempts at adding security focus on cryptographic- authentication mechanisms  Use of higher security mechanisms poses serious complications in Sensor Networks  It is essential to incorporate security considerations during design-time  Without adequate protection against DoS and other attacks sensor networks may not be deployable at all

References  A.D. Wood and J.A. Stankovic, “Denial of Service in Sensor Networks,” Computer, vol. 35, no. 10, 2002, pp. 54–62.  A.D. Wood and J.A. Stankovic, “A Taxonomy for Denial-of-Service Attacks in Wireless Sensor Networks”, Handbook of Sensor Networks: Compact Wireless and Wired Sensing Systems,  David R. Raymond and Scott F. Midkiff, "Denial-of-Service in Wireless Sensor Networks: Attacks and Defenses," IEEE Pervasive Computing, vol. 7, no. 1, 2008, pp