Secure Cell Relay Routing Protocol for Sensor Networks Xiaojiang Du, Fengiing Lin Department of Computer Science North Dakota State University 24th IEEE International Performance, Computing, and Communications Conference (IPCCC), 2005 Chien-Ku Lai

Outline Introduction System Assumptions and Attacks on Routing The Secure Cell Relay Routing Protocol Performance Evaluation Conclusions

Introduction - Sensor Networks Application areas  Military surveillance  Environmental monitoring  Target tracking Routing protocols for sensor networks  Direct Diffusion  TTDD  Mesh  Energy-Aware Delay-Constrained routing

Introduction - Sensor Networks (cont.) The main research focus has been on making sensor networks feasible and useful  Less emphasis was placed on security

Introduction - Security Security is important and even critical for many sensor network applications  Military  Homeland security

Introduction - Recent Researches Most of the existing sensor network routing protocols  Do not consider security issues during the design of the protocols

Introduction - Challenges Hardware limitation  Processing capability  Storage  Bandwidth  Energy

Introduction - About this paper Secure Cell Relay (SCR) routing protocol  is resistant to several attacks on sensor networks  is also an energy efficient routing protocol

System Assumptions and Attacks on Routing 1. Network Model 2. System Assumptions 3. Attacks on Routing

Network Model Cell a: side length R: transmission range a = R / 2

System Assumptions Each sensor is static and aware of its own location Base stations are trusted computing base

Attacks on Routing Manipulating routing information Selective forwarding Sybil sinkhole Wormhole Hello flooding (unidirectional) attacks

Attacks on Routing - Sybil sinkhole A B C DH Sink Normal sensor Compromised sensor

Attacks on Routing - Wormhole Normal sensor Compromised sensor

Attacks on Routing - Hello flooding (unidirectional) attacks Can’t reach Normal sensor A powerful device e.g. laptop

The Secure Cell Relay Routing Protocol 1. Initial Deployment of Sensor Networks 2. The Secure Data Dissemination Scheme 3. Defense against Sensor Network Attacks

Initial Deployment of Sensor Networks K G  a globally shared key  is stored in each sensor node and the base station before sensor deployment All the sensor nodes and the base station are synchronized before deployment

Initial Deployment of Sensor Networks BA Check the time-stamp < pre-set value : valid > pre-set value : discard {node-ID, time-stamp} K G B0 Hello

Initial Deployment of Sensor Networks BA Challeng e {node-ID, time-stamp, nonce N 0 } K G A15

Initial Deployment of Sensor Networks BA {node-ID, time-stamp, K AB, K B, N 0 +1} K G Ack B26

Routing Cells

The Secure Data Dissemination Scheme S R1 R4 R2 R5 R3 {RTS}K S t d = a(t)/ E + t r {CTS}K S

The Secure Data Dissemination Scheme S R1 R4 R2 R5 R3 packet-ID + {Data}K SR1

Defense against Sensor Network Attacks Against The Sybil Attack Against The Wormhole and Sinkhole Attacks Against The Selective Forwarding Attack Against The Hello Flood Attack

Against The Sybil Attack Authentication is used to ensure one node cannot pretend to be other nodes Thus, the Sybil attack can not work

Against The Wormhole and Sinkhole Attacks – Examples A powerful adversary (like a laptop) has a real, high quality route to the base station However  the neighbor sensors will not use the advertised route  they will only route the packets via the routing cells

Against The Wormhole and Sinkhole Attacks

Against The Wormhole and Sinkhole Attacks – Examples (cont.) An adversary broadcasts to its neighbors about an artificial link to the base station This attack does not work for the same reason as above

Against The Selective Forwarding Attack – Solution If one node serves as the relay node for more than M times (where M is a system parameter)  neighbor nodes will send an alarm to the base station and neighbor nodes

Against The Selective Forwarding Attack – Solution (cont.) If one node serves as the relay node for more than M times  the upstream node (the sender) will send the packet to another node in the cell encrypted with the corresponding shared secret key

Against The Hello Flood Attack Since sensor nodes use the three-way handshake protocol The hello flood attack does not work

Performance Evaluation

Performance Evaluation - Parameters Simulator: QualNet Compared with SP and Mesh MAC protocol: DCF Base stations: 4 Sensor Nodes: 300 Simulation area: 300m x 300m Transmission range: 60m

Performance Evaluation SCR routing protocol has high delivery ratio and low energy consumption (close to single path routing)

Conclusions 1. Security 2. Energy Efficiency

Conclusions - Security The nature of SCR routing (cell relay via routing cells) makes it resistant to  Spoofed routing information  Selective forwarding  Sinkhole  Wormhole attacks

Conclusions - Security (cont.) The three-way handshake can defense against  Sybil attack  Hello flooding attack

Conclusions - Energy Efficiency In SCR routing  only an active node with more remaining energy (than other nodes) in the routing cells forwards packet

Question? Thank you.