Secure Cell Relay Routing Protocol for Sensor Networks Xiaojiang Du, Fengiing Lin Department of Computer Science North Dakota State University 24th IEEE International Performance, Computing, and Communications Conference (IPCCC), 2005 Chien-Ku Lai
Outline Introduction System Assumptions and Attacks on Routing The Secure Cell Relay Routing Protocol Performance Evaluation Conclusions
Introduction - Sensor Networks Application areas Military surveillance Environmental monitoring Target tracking Routing protocols for sensor networks Direct Diffusion TTDD Mesh Energy-Aware Delay-Constrained routing
Introduction - Sensor Networks (cont.) The main research focus has been on making sensor networks feasible and useful Less emphasis was placed on security
Introduction - Security Security is important and even critical for many sensor network applications Military Homeland security
Introduction - Recent Researches Most of the existing sensor network routing protocols Do not consider security issues during the design of the protocols
Introduction - Challenges Hardware limitation Processing capability Storage Bandwidth Energy
Introduction - About this paper Secure Cell Relay (SCR) routing protocol is resistant to several attacks on sensor networks is also an energy efficient routing protocol
System Assumptions and Attacks on Routing 1. Network Model 2. System Assumptions 3. Attacks on Routing
Network Model Cell a: side length R: transmission range a = R / 2
System Assumptions Each sensor is static and aware of its own location Base stations are trusted computing base
Attacks on Routing Manipulating routing information Selective forwarding Sybil sinkhole Wormhole Hello flooding (unidirectional) attacks
Attacks on Routing - Sybil sinkhole A B C DH Sink Normal sensor Compromised sensor
Attacks on Routing - Wormhole Normal sensor Compromised sensor
Attacks on Routing - Hello flooding (unidirectional) attacks Can’t reach Normal sensor A powerful device e.g. laptop
The Secure Cell Relay Routing Protocol 1. Initial Deployment of Sensor Networks 2. The Secure Data Dissemination Scheme 3. Defense against Sensor Network Attacks
Initial Deployment of Sensor Networks K G a globally shared key is stored in each sensor node and the base station before sensor deployment All the sensor nodes and the base station are synchronized before deployment
Initial Deployment of Sensor Networks BA Check the time-stamp < pre-set value : valid > pre-set value : discard {node-ID, time-stamp} K G B0 Hello
Initial Deployment of Sensor Networks BA Challeng e {node-ID, time-stamp, nonce N 0 } K G A15
Initial Deployment of Sensor Networks BA {node-ID, time-stamp, K AB, K B, N 0 +1} K G Ack B26
Routing Cells
The Secure Data Dissemination Scheme S R1 R4 R2 R5 R3 {RTS}K S t d = a(t)/ E + t r {CTS}K S
The Secure Data Dissemination Scheme S R1 R4 R2 R5 R3 packet-ID + {Data}K SR1
Defense against Sensor Network Attacks Against The Sybil Attack Against The Wormhole and Sinkhole Attacks Against The Selective Forwarding Attack Against The Hello Flood Attack
Against The Sybil Attack Authentication is used to ensure one node cannot pretend to be other nodes Thus, the Sybil attack can not work
Against The Wormhole and Sinkhole Attacks – Examples A powerful adversary (like a laptop) has a real, high quality route to the base station However the neighbor sensors will not use the advertised route they will only route the packets via the routing cells
Against The Wormhole and Sinkhole Attacks
Against The Wormhole and Sinkhole Attacks – Examples (cont.) An adversary broadcasts to its neighbors about an artificial link to the base station This attack does not work for the same reason as above
Against The Selective Forwarding Attack – Solution If one node serves as the relay node for more than M times (where M is a system parameter) neighbor nodes will send an alarm to the base station and neighbor nodes
Against The Selective Forwarding Attack – Solution (cont.) If one node serves as the relay node for more than M times the upstream node (the sender) will send the packet to another node in the cell encrypted with the corresponding shared secret key
Against The Hello Flood Attack Since sensor nodes use the three-way handshake protocol The hello flood attack does not work
Performance Evaluation
Performance Evaluation - Parameters Simulator: QualNet Compared with SP and Mesh MAC protocol: DCF Base stations: 4 Sensor Nodes: 300 Simulation area: 300m x 300m Transmission range: 60m
Performance Evaluation SCR routing protocol has high delivery ratio and low energy consumption (close to single path routing)
Conclusions 1. Security 2. Energy Efficiency
Conclusions - Security The nature of SCR routing (cell relay via routing cells) makes it resistant to Spoofed routing information Selective forwarding Sinkhole Wormhole attacks
Conclusions - Security (cont.) The three-way handshake can defense against Sybil attack Hello flooding attack
Conclusions - Energy Efficiency In SCR routing only an active node with more remaining energy (than other nodes) in the routing cells forwards packet
Question? Thank you.