A Low-Cost Method to Thwart Relay Attacks in Wireless Sensor Networks Reza Shokri Tutors: Panos Papadimitratos, Marcin Poturalski 29 January 2008

2 Agenda Neighbor Discovery and Relay Attacks Currently Proposed Defense Methods Our System Model A Low-Cost Method to Thwart Relay Attacks Analysis and Simulation Results Conclusion

3 Neighbor Discovery Neighbor Discovery is the Building Block of Multi-Hop Communication in WSN. Security Requirements –Authenticity (Authenticating the neighbors) –Availability (Discovering all neighbors) –Correctness (Verifying the neighborhood relation) Threats –Impersonation Attacks –Denial of Service (e.g. Jamming Attack) –Relay Attack

4 Relay Attack Relaying messages between two nodes in a way that: nodes believe they are neighbors while they are not. Placing a Relay Point in vicinity of BS, the attacker attracts nodes to route their packets through the Relay Channel. Having control over the channel, he can perpetrate powerful external attack on Fake Links. A1A1

5 Agenda Neighbor Discovery and Relay Attacks Currently Proposed Defense Methods Our System Model A Low-Cost Method to Thwart Relay Attacks Analysis and Simulation Results Conclusion

6 Currently Proposed Defense Methods Distance Bounding [BC93, HK05] [BC93] Stefan Brands and David Chaum. Distance-bounding protocols, Location-based [HPJ03, SRB01] [HPJ03] Y.-C. Hu, A. Perrig, and D.B. Johnson. Packet leashes: a defense against wormhole attacks in wireless networks, Using Directional Antenna [HE04] [HE04] Lingxuan Hu and David Evans. Using directional antennas to prevent wormhole attacks, Connectivity-based [BDV05, MGD07] [BDV05] Levente Buttyán, László Dóra, and István Vajda. Statistical wormhole detection in sensor networks, 2005.

7 Observations These solutions are –Impractical in wireless sensor networks because they require sophisticated hardware or trustworthy external information –Not resilient against strong adversaries.

8 Agenda Neighbor Discovery and Relay Attacks Currently Proposed Defense Methods Our System Model A Low-Cost Method to Thwart Relay Attacks Analysis and Simulation Results Conclusion

9 IEEE Channel Model The IEEE standard addresses a simple, low-cost communication network that allows a wireless connectivity between devices with a limited power. Signal propagation of MicaZ, IEEE compliant, mote modules (Equipped with CC2420 RF transceivers on 2.4 GHz Frequency band): Transmission Signal Power (dBm)Received Signal Power (dBm) at Distance d (m) Path Loss 1 (dBm) at Distance d (m) 1. Path loss (or path attenuation) is the reduction in power density (attenuation) of an electromagnetic wave as it propagates through space.attenuationelectromagnetic wave

10 IEEE Channel Model Received Signal Strength via Distance (on MicaZ)

11 Network Model A static wireless sensor network, composed of tiny motes uniformly distributed in the field. Nodes are able to transmit with different power levels and can measure the received signal strength. Inspired from the channel characteristics, neighbors have following properties: –Channel Symmetry –Bidirectional Connection Transitivity –Signal Attenuation –Polygon Distance Plausibility

12 Channel Symmetry For any pair of neighbors, the path loss is equivalent in both directions (because it is dependent to distance). In practice there is a Symmetry Error. The difference between RSS in two directions should be less than Symmetry Error.

13 Bidirectional Connection Transitivity Noise Floor at s < Received Signal Power from v Received Signal Power from v < Received Signal Power from u If s can not hear u, maybe there is a selective relay attack in between Suspicious Case

14 Signal Attenuation Clearly, based on the path loss model: d 0 : The reference distance (usually 1m in low-power communication), is chosen to be at a distance at which the propagation can be considered to be close enough to the transmitter such that multi-path and diffraction are negligible and the link is approximately that of free-space.

15 Polygon Distance Plausibility Distance between connected nodes should match to a polygon on a plane. Error in distance estimation will be considered.

16 We use currently proposed Security Association (SA) establishment protocol. SA establishment framework: After these (at most) three messages, nodes have established a shared key. We use in our protocol which stands for SA material. S

17 Adversary Model We look at the network from the attacker’s point of view. We define Victim Topology as two sets of nodes corresponding to two sides of the attack. Each node is a member of one set and its path loss to the adversary is its representative. {{PL A1M },{PL B1M,PL B2M }} Set B Set A Victims

18 Attacker Strategy Attacker Strategy represents how the attacker wants to deceive the victim network (for example by changing the signal power). A Successful Strategy is the strategy that the attacker can deceive the nodes and remains undetected in the presence of secure neighbor discovery protocol.

19 Agenda Neighbor Discovery and Relay Attacks Currently Proposed Defense Methods Our System Model A Low-Cost Method to Thwart Relay Attacks Analysis and Simulation Results Conclusion

20 Protocol has two phases: Neighbor Discovery and Neighbor Verification. Neighbor Discovery (ND) –Nodes simply look for their neighbors and perform SA establishment. –They check "Channel Symmetry" and "Signal Attenuation" properties. Neighbor Verification (NV) –Nodes exchange their Neighbor Table and check the "Bidirectional Connection Transitivity" and “Polygon Distance Plausibility” properties.

21 ND Phase Consider u performs ND and v is one of its neighbors.

22 NV Phase Check following properties in CheckPlausibility: –Polygon Distance Plausibility –Bidirectional Connection Transitivity

23 Agenda Neighbor Discovery and Relay Attacks Currently Proposed Defense Methods Our System Model A Low-Cost Method to Thwart Relay Attacks Analysis and Simulation Results Conclusion

24 Finding Successful Strategy for the Adversary To fulfill the “Symmetry Property”: –Adversary adds a ∆P i (dBm) to each packet he wants to relay for node i. –To maximize his chance, | ∆P i - ∆P j | should be minimized.

25 What is the best ∆P? ∆P ( Number of nodes covered by the signal ) ∆P ( Probability of violating the “Signal Attenuation” property ) For median values, attacker may violate the “Polygon Distance Plausibility” and “Bidirectional Connection Transitivity” properties.

26 “Selective Relay Strategy” is not always a successful strategy. Can be detected by “Bidirectional Connection Transitivity” property. Moreover, if –Nodes randomly use different power levels for NV. –Each node has a different identifier for each power level. –Identifiers of nodes are disclosed to their legitimate neighbors (after authentication). Then, –Attacker can not link between two messages coming from a single node with different power levels (different identifiers). –Can not have a correct deterministic selective relay.

27 Examples of Attack Detection Violating “Signal Attenuation” Property Victim Topology = {{45,70}, {50,80}} PL(d 0 )=40 (dBm) Minimum ∆P to cover all nodes is: 60 (dBm) 50 (dBm) 45 (dBm) 70 (dBm) 80 (dBm) = 35 < 40 Impossible (Signal Attenuation)

28 Examples of Attack Detection Violating “Polygon Distance Plausibility” Property Triangle Case Victim Topology = {{73}, {72,79}} ∆P = 83 (dBm) Distances through relay channel: < (dBm) 72 (dBm) 73 (dBm) 54 m 11 m 18.5 m

29 Examples of Attack Detection Violating “Polygon Distance Plausibility” Property Quadrilateral Case Victim Topology = {{81,86},{83,89}} ∆P = 86 (dBm) Localization error using path loss: 20m

30 Simulation Model Victim Network Size: |A|=|B|= 1, …, 10 Nodes Power level: 0 dBm. Attacker Transmission range: 80m Nodes Transmission Range: 70m. Localization error: 20m All possible ∆P values checked for a large number of topologies (randomly generated), considering the constraints of ND and NV phases. The probability of detection is the proportion of cases the attacker is detected by ALERT. The effectiveness of the attack is the average number of fake links the attacker can make, without being detected.

31 Simulation Results |A| = |B| ∆P Detection Probability Attack Success Victim Network Size

32 Agenda Neighbor Discovery and Relay Attacks Currently Proposed Defense Methods Our System Model A Low-Cost Method to Thwart Relay Attacks Analysis and Simulation Results Conclusion

33 Conclusion and On-Going Work We proposed a low-cost secure neighbor discovery protocol for wireless sensor networks. Our protocol is based on basic principles of wireless channel and geometry. We are implementing our protocol on real sensors to check its effectiveness in real situations. Challenges are calibration of receivers to reduce the “Symmetry Error” and tuning the path loss model to have more precise distance measurement.

34 References [BC93] Stefan Brands and David Chaum. Distance-bounding protocols. In Theory and Application of Cryptographic Techniques, [BDV05] Levente Buttyán, László Dóra, István Vajda. Statistical wormhole detection in sensor networks. Lecture Notes in Computer Science, [HE04] Lingxuan Hu and David Evans. Using directional antennas to prevent wormhole attacks. In NDSS, [HK05] Gerhard P. Hancke and Markus G. Kuhn. An RFID distance bounding protocol. In SECURECOMM [HPJ03] Y.-C. Hu, A. Perrig, and D.B. Johnson. Packet leashes: a defense against wormhole attacks in wireless networks. In INFOCOM [MGD07] R. Maheshwari, J. Gao, and S. R. Das. Detecting wormhole attacks in wireless networks using connectivity information. In INFOCOM [PPS+07] Panos Papadimitratos, Marcin Poturalski, Patrick Schaller, Pascal lafourcade, David Basin, Srdjan Capkun, and Jean-Pierre Hubaux. Secure neighborhood discovery: A fundamental element for mobile ad hoc networking. Accepted in IEEE Communication Magazine, [SRB01] Chris Savarese, Jan M. Rabaey, and Jan Beutel. Locationing in distributed adhoc wireless sensor networks. In ICASSP 2001.

35 LEAP. Localized encryption and authentication protocol (LEAP):

36 Notations