The Sybil Attack in Sensor Networks: Analysis & Defenses

Slides:

Advertisements

Similar presentations

Chris Karlof and David Wagner

Advertisements

Message Integrity in Wireless Senor Networks CSCI 5235 Instructor: Dr. T. Andrew Yang Presented by: Steven Turner Abstract.

Trust relationships in sensor networks Ruben Torres October 2004.

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 7.3 Secure and Resilient Location Discovery in Wireless.

Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.

Presented By: Hathal ALwageed 1.  R. Anderson, H. Chan and A. Perrig. Key Infection: Smart Trust for Smart Dust. In IEEE International Conference on.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.

Distributed Detection of Node Replication Attacks in Sensor Networks Bryan Parno, Adrian Perrig Virgil Gligor Carnegie Mellon UniversityUniversity of Maryland.

Authors : Chris Karlof, David Wagner Presenter : Shan Bai Secure Routing in Wireless Sensor Networks : Attacks and Countermeasures.

A Distributed Security Framework for Heterogeneous Wireless Sensor Networks Presented by Drew Wichmann Paper by Himali Saxena, Chunyu Ai, Marco Valero,

KAIS T Message-In-a-Bottle: User-Friendly and Secure Key Deployment for Sensor Nodes Cynthia Kuo, Mark Luk, Rohit Negi, Adrian Perrig(CMU), Sensys

The Sybil Attack in Sensor Networks: Analysis & Defenses J. Newsome, E. Shi, D. Song and A. Perrig IPSN’04.

© 2007 Levente Buttyán and Jean-Pierre Hubaux Security and Cooperation in Wireless Networks Chapter 4: Naming and addressing.

Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)

Security and Privacy Issues in Wireless Communication By: Michael Glus, MSEE EEL

Edith C. H. Ngai1, Jiangchuan Liu2, and Michael R. Lyu1

1 Security in Wireless Sensor Networks Group Meeting Fall 2004 Presented by Edith Ngai.

CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.

ITIS 6010/8010 Wireless Network Security Dr. Weichao Wang.

Secure Routing in Sensor Networks: Attacks and Countermeasures First IEEE International Workshop on Sensor Network Protocols and Applications 5/11/2003.

Random Key Predistribution Schemes for Sensor Networks Authors: Haowen Chan, Adrian Perrig, Dawn Song Carnegie Mellon University Presented by: Johnny Flowers.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering.

INSENS: Intrusion-Tolerant Routing For Wireless Sensor Networks By: Jing Deng, Richard Han, Shivakant Mishra Presented by: Daryl Lonnon.

Security In Wireless Sensor Networks by Adrian Perrig, John Stankovic, and David Wagner.

Random Key Predistribution Schemes For Sensor Networks Haowan Chen, Adrian Perigg, Dawn Song.

1 The Sybil Attack John R. Douceur Microsoft Research Presented for Cs294-4 by Benjamin Poon.

EEC 688/788 Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University

Security in Wireless Sensor Networks Perrig, Stankovic, Wagner Jason Buckingham CSCI 7143: Secure Sensor Networks August 31, 2004.

Wireless Sensor Network Security Anuj Nagar CS 590.

Establishing Pairwise Keys in Distributed Sensor Networks Donggang Liu, Peng Ning Jason Buckingham CSCI 7143: Secure Sensor Networks October 12, 2004.

The Sybil Attack in Sensor Networks: Analysis & Defenses James Newsome, Elaine Shi, Dawn Song, Adrian Perrig Presenter: Yi Xian.

LEAP: Efficient Security Mechanisms for Large-Scale Distributed Sensor Networks By: Sencun Zhu, Sanjeev Setia, and Sushil Jajodia Presented By: Daryl Lonnon.

Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures ProtocolRelevant Attacks TinyOS beaconingBogus routing information, selective forwarding,

 Structured peer to peer overlay networks are resilient – but not secure.  Even a small fraction of malicious nodes may result in failure of correct.

SybilCast: Broadcast on the Open Airwaves SETH GILBERT, CHAODONG ZHENG National University of Singapore.

Computer Science 1 Research on Sensor Network Security Peng Ning Cyber Defense Laboratory Department of Computer Science NC State University 2005 TRES.

Secure Localization Algorithms for Wireless Sensor Networks proposed by A. Boukerche, H. Oliveira, E. Nakamura, and A. Loureiro (2008) Maria Berenice Carrasco.

S ecurity I N W IRELESS S ENSOR N ETWORKS Prepared by: Ahmed ezz-eldin.

Security in Wireless Sensor Networks. Wireless Sensor Networks  Wireless networks consisting of a large number motes  self-organizing  highly integrated.

1 Secure Cooperative MIMO Communications Under Active Compromised Nodes Liang Hong, McKenzie McNeal III, Wei Chen College of Engineering, Technology, and.

MOBILE AD-HOC NETWORK(MANET) SECURITY VAMSI KRISHNA KANURI NAGA SWETHA DASARI RESHMA ARAVAPALLI.

10/31/20051 Designing Secure Sensor Networks Paper Authors: Paper Authors: Elaine Shi and Adrian Perrig, Carnegie Mellon University Presenter: Matt Egyhazy.

An efficient secure distributed anonymous routing protocol for mobile and wireless ad hoc networks Authors: A. Boukerche, K. El-Khatib, L. Xu, L. Korba.

1 A Location-ID Sensitive Key Establishment Scheme in Static Wireless Sensor Networks Proceedings of the international conference on mobile technology,applications,and.

Aggregation in Sensor Networks

Terminodes and Sybil: Public-key management in MANET Dave MacCallum (Brendon Stanton) Apr. 9, 2004.

Hao Yang, Fan Ye, Yuan Yuan, Songwu Lu, William Arbaugh (UCLA, IBM, U. Maryland) MobiHoc 2005 Toward Resilient Security in Wireless Sensor Networks.

Computer Science 1 CSC 774 Advanced Network Security Distributed detection of node replication attacks in sensor networks (By Bryan Parno, Adrian Perrig,

Distributed Detection of Node Replication Attacks in Sensor Networks Bryan Parno, Adrian perrig, Virgil Gligor IEEE Symposium on Security and Privacy 2005.

Authors: Yih-Chun Hu, Adrian Perrig, David B. Johnson

Secure routing in wireless sensor network: attacks and countermeasures Presenter: Haiou Xiang Author: Chris Karlof, David Wagner Appeared at the First.

Securing Distributed Sensor Networks Udayan Kumar Subhajit Sengupta Sharad Sonapeer.

Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures Chris Karlof and David Wagner (modified by Sarjana Singh)

Rushing Attacks and Defense in Wireless Ad Hoc Network Routing Protocols ► Acts as denial of service by disrupting the flow of data between a source and.

A Two-Layer Key Establishment Scheme for Wireless Sensor Networks Yun Zhou, Student Member, IEEE, Yuguang Fang, Senior Member, IEEE IEEE TRANSACTIONS ON.

Secure and Energy-Efficient Disjoint Multi-Path Routing for WSNs Presented by Zhongming Zheng.

Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures Chris Karlof David Wagner University of California at Berkeley 1st IEEE International.

© 2007 Levente Buttyán and Jean-Pierre Hubaux Security and Cooperation in Wireless Networks Chapter 4: Naming and addressing.

Security in Mobile Ad Hoc Networks: Challenges and Solutions (IEEE Wireless Communications 2004) Hao Yang, et al. October 10 th, 2006 Jinkyu Lee.

Shambhu Upadhyaya 1 Sensor Networks – Hop- by-Hop Authentication Shambhu Upadhyaya Wireless Network Security CSE 566 (Lecture 22)

Interleaving and Collusion Attacks on a Dynamic Group Key Agreement Scheme for Low-Power Mobile Devices * Junghyun Nam 1, Juryon Paik 2, Jeeyeon Kim 2,

The Sybil attack “One can have, some claim, as many electronic persons as one has time and energy to create.” – Judith S. Donath.

1 Routing security against Threat models CSCI 5931 Wireless & Sensor Networks CSCI 5931 Wireless & Sensor Networks Darshan Chipade.

A Key Management Scheme for Distributed Sensor Networks Laurent Eschaenauer and Virgil D. Gligor.

Toward Resilient Security in Wireless Sensor Networks Rob Polak Feb CSE 535.

9.2 SECURE CHANNELS JEJI RAMCHAND VEDULLAPALLI. Content Introduction Authentication Message Integrity and Confidentiality Secure Group Communications.

Hao Yang, Fan Ye, Yuan Yuan, Songwu Lu, William Arbaugh (UCLA, IBM, U. Maryland) MobiHoc 2005 Toward Resilient Security in Wireless Sensor Networks.

 Attacks and threats  Security challenge & Solution  Communication Infrastructure  The CA hierarchy  Vehicular Public Key  Certificates.

A Secure Routing Protocol with Intrusion Detection for Clustering Wireless Sensor Networks International Forum on Information Technology and Applications.

Packet Leashes: Defense Against Wormhole Attacks

Presentation transcript:

The Sybil Attack in Sensor Networks: Analysis & Defenses Presentation By Ravinder Rao Chikkaraju Instructor: T. Andrew Yang

AGENDA INTRODUCTION SYBIL ATTACK TAXONOMY ATTACKS DEFENSES CONCLUSION REFERENCES

INTRODUCTION Sensor networks are a promising new technology to enable economically viable solutions to a variety of applications, for example pollution sensing, structural integrity monitoring, and traffic monitoring. sensor nodes have limited storage and computational resources, rendering public key cryptography impractical. In the Sybil attack, a malicious node behaves as if it were a larger number of nodes, for example by impersonating other nodes or simply by claiming false identities.

SYBIL ATTACK TAXONOMY We define the Sybil attack as a malicious device illegitimately taking on multiple identities. We refer to a malicious device’s additional identities as Sybil nodes. We propose three orthogonal dimensions: Dimension I: Direct vs. Indirect Communication Dimension II: Fabricated vs. Stolen Identities Dimension III: Simultaneity

ATTACKS In this section, we examine how the Sybil attack can be used to attack several types of protocols in wireless sensor networks. Known Attacks Distributed Storage: The Sybil attack can defeat replication and fragmentation mechanisms in peer-to-peer storage systems. While the system may be designed to replicate or fragment data across several nodes, it could actually be storing data on Sybil identities generated by the same malicious node. Routing: The Sybil attack can be used against routing algorithms in sensor networks. One vulnerable mechanism is multipath or dispersity routing where seemingly disjoint paths could in fact go through a single malicious node presenting several Sybil identities. Another vulnerable mechanism is geographic routing where instead of having one set of coordinates, a Sybil node could appear in more than one place at once.

New Attacks Data Aggregation: By using the Sybil attack, one malicious node may be able to contribute to the aggregate many times. Voting: Wireless sensor networks could use voting for a number of tasks. The Sybil attack could be used to “stuff the ballot box” in any such vote. Fair Resource Allocation: The Sybil attack can be used to allow a malicious node to obtain an unfair share of any resource shared. Misbehavior Detection: Suppose that the network can potentially detect a particular type of misbehavior. An attacker with many Sybil nodes could “spread the blame”, by not having any one Sybil identity misbehave enough for the system to take action.

DEFENSES To defend against the Sybil attack, we would like to validate that each node identity is the only identity presented by the corresponding physical node. There are two ways to validate an identity. The first type is direct validation, in which a node directly tests whether another node identity is valid. The second type is indirect validation, in which nodes that have already been verified are allowed to vouch for or refute other nodes.

Radio Resource Testing We present a novel approach to direct validation. As a form of resource testing, this approach relies on the assumption that any physical device has only one radio. We also assume that a radio is incapable of simultaneously sending or receiving on more than one channel. consider that a node wants to verify that none of its neighbors are Sybil identities. It can assign each of its n neighbors a different channel to broadcast some message on. Suppose that ‘s’ of the verifier's ‘n’ neighbors are actually Sybil nodes. In that case, the probability of choosing to listen to a channel that is not being transmitted on, and thus detecting a Sybil node, is s/n. Conversely, the probability of not detecting a Sybil node is (n-s)/n. If the test is repeated for ’r’ rounds, then the chance of no Sybil nodes being detected is ((n-s)/n)^r.

A more difficult case is when there are not enough channels to assign each neighbor a different channel. In this case, a node can only test some subset of its neighbors at one time. If there are c channels, then the node can test c neighbors at once. Suppose that in a node's set of n neighbors, there are s Sybil nodes, m malicious nodes, and g good (correct) nodes. Of these, a node can only test c neighbors at one time. Of these c neighbors, there are S Sybil nodes, M malicious nodes, and G good (correct) nodes. The probability of a Sybil node being detected is then Pr(detection) = ∑ Pr(S, M, G)Pr(detection |S, M, G) all S,M,G Now suppose that we repeat this test for r rounds, then (Pr(detection))^r.

Random Key Predistribution In random key predistribution, we assign a random set of keys or key-related information to each sensor node, so that in the key set-up phase, each node can discover or compute the common keys it shares with its neighbors; the common keys will be used as a shared secret session key to ensure node-to-node secrecy. Our key ideas are: 1. Associating the node identity with the keys assigned to the node. 2. Key validation i.e., the network being able to verify part or all of the keys that an identity claims to have. Again, for key validation, we have indirect and direct validation.

Key Pool The key pool scheme randomly assigns k keys to each node from a pool of m keys. During the initialization phase, if any two neighboring nodes discover that they share q common keys, they can establish a secret link. The problem with this approach is that if an attacker compromises multiple nodes, he can use every combination of the compromised keys to generate new identities. An attacker may attempt to generate new identities to use in the Sybil attack. A usable Sybil identity must be able to pass the validation by other nodes. Validation could be done at different granularities. One extreme is the case of full validation where the sensor network tries to verify as many of a node’s keys as possible, rendering a Sybil attack more difficult.

Single-space Pairwise Key Distribution In the random key pool distribution scheme, keys can be issued multiple times out of the key pool, and node-to-node authentication is not possible. By contrast, pairwise key distribution assigns a unique key to each pair of nodes. Multi-space Pairwise Key Distribution The idea of introducing multiple key spaces can be viewed as the combination of the basic key 9 pool scheme and the above single space approaches. The probability that attacker can generate Sybil IDs is less if validation is done and more without validation.

Summary of Random Key Predistribution For the basic key pool approach, a randomly generated identity has only probability p of being usable. An adversary has to try 1/p times on average to obtain a usable Sybil identity, thus for the sensor network to be immune to the Sybil attack, p has to be very small. Single-space pairwise key distribution, is intrinsically resistant to the Sybil attack as long as the attacker does not capture more nodes. Here, direct validation ensures a globally consistent validation outcome. Multi-space pairwise key distribution is superior to the single-space case in that the attacker has to compromise far more nodes. We believe that the multi-space pairwise approach to be the best among these approaches.

Other Defenses Registration :One obvious way to prevent the Sybil attack is to perform identity registration. Registration is likely to be a good initial defense in many scenarios, with the following drawbacks. The list of known identities must be protected from being maliciously modified. Position Verification :Another promising approach to defending against the Sybil attack is position verification. In this approach, the network verifies the physical position of each node. While there has been research on automatic location determination , it remains an open research question how to securely verify a node’s exact position. Code Attestation : The basic idea is to exploit the fact that the code running on a malicious node must be different from that on a legitimate node. Though this technique is not readily applicable to a wireless network environment, hopefully in the near future code verification will become possible in wireless sensor networks, helping solve many problems including the Sybil attack.

CONCLUSION We present several novel methods by which a node can verify whether other identities are Sybil identities, including radio resource testing, key validation for random key predistribution, position verification and registration. The most promising method among these is the random key predistribution which associates a node's keys with its identity.Random key predistribution will be used in many scenarios for secure communication, and because it relies on well understood cryptographic principles it is easier to analyze than other methods.

REFERENCES Newsome J., E. Shi, D. Song, and A. Perrig, “The Sybil Attack in Sensor Networks: Analysis and Defenses,” Proc. IEEE Information Processing on Sensor Networks (IPSN), Berkeley, CA, Apr. 2004.