Presentation is loading. Please wait.

Presentation is loading. Please wait.

Denial of Service in Sensor Networks Anthony D. Wood and John A. Stankovic.

Published byDallas Alfrey Modified over 9 years ago

Similar presentations

Presentation on theme: "Denial of Service in Sensor Networks Anthony D. Wood and John A. Stankovic."— Presentation transcript:

1 Denial of Service in Sensor Networks Anthony D. Wood and John A. Stankovic

2 Why Security? Battlefield Battlefield Disasters Disasters –Protect the location and status of casualties from unauthorized disclosure, particularly if the disaster relates to ongoing terrorist activities Public safety Public safety –False alarms about chemical, biological, or environmental threats could cause panic or disregard for warning systems. An attack on the system’s availability could precede a real attack on the protected resource. Home healthcare Home healthcare –Because protecting privacy is paramount, only authorized users can query or monitor the network. These networks can also form critical pieces of an accident-notification chain, thus they must be protected from failure.

3 THE DENIAL OF SERVICE THREAT A DoS attack is any event that diminishes or eliminates a network’s capacity to perform its expected function. Hardware failures, software bugs, resource exhaustion, environmental conditions, or their combination Hardware failures, software bugs, resource exhaustion, environmental conditions, or their combination Intentional Attack Intentional Attack

4 Adversary Capability Physically damaged or manipulated node Physically damaged or manipulated node –May be less powerful than a normally functioning node. Subverted nodes (or added ones) Subverted nodes (or added ones) –Interact with the network only through software –As powerful as other nodes Immensely more powerful adversaries Immensely more powerful adversaries –Existing wired network with virtually unlimited computational and energy resources possible.

5 Attacks on Physical Layer Jamming Jamming –Defenses Spread-spectrum Spread-spectrum Region mapping Region mapping –Lower duty cycle Tampering Tampering –Defenses: Tamper-proofing, hiding

6 Link Layer Attacks Collision Collision –Use error-correcting codes Exhaustion Exhaustion –Rate limitation Unfairness Unfairness –Small frames

7 Network and Routing Attacks Neglect and greed Neglect and greed –Redundancy, probing Homing/traffic analysis Homing/traffic analysis –Encryption: enough? Misdirection Misdirection –Egress filtering, authorization, monitoring Black holes Black holes –Authorization, monitoring, probing, redundancy

8 Neglect and Greed Neglect Neglect –Drops packets arbitrarily Greed Greed –Gives undue priority to it’s own messages Use multiple paths and/or redundant messages to mitigate these effects. Use multiple paths and/or redundant messages to mitigate these effects.

9 Homing Geographic forwarding allows attacker to figure out where important nodes are. Geographic forwarding allows attacker to figure out where important nodes are. Encrypting headers as well as content might alleviate this issue. Encrypting headers as well as content might alleviate this issue.

10 Misdirection Diverting traffic away from intended destination Diverting traffic away from intended destination – targets the sender Misdirecting many flows in one direction Misdirecting many flows in one direction – targets an arbitrary victim (receiver) Defense Defense –Egress Filtering Verification of source addresses Verification of source addresses Legitimately generated from below? Legitimately generated from below?

11 Black Holes Distance-vector-based protocol weakness Distance-vector-based protocol weakness Nodes advertise zero-cost routes to every other node. Nodes advertise zero-cost routes to every other node. Fixes: Fixes: –Authorization –Monitoring watchdog the next hop transmission of your packets by neighbors watchdog the next hop transmission of your packets by neighbors –Probing Send periodic messages across topology to test for blackout regions Send periodic messages across topology to test for blackout regions –Redundancy

12 Transport Layer DoS Flooding Flooding –Client puzzles Make the adversary commit resources Make the adversary commit resources Only useful if the adversary has limited resources Only useful if the adversary has limited resources Desynchronization Desynchronization –Authentication

13 PROTOCOL VULNERABILITIES Analyzing these vulnerabilities helps show why developers should consider DoS susceptibility at design time.

14 Adaptive Rate Control – MAC Protocol by Woo & Cull Give preference to route-through traffic Give preference to route-through traffic –This preserves the network’s investment in packets that may have already traversed many hops. Makes flooding attacks more effective. Makes flooding attacks more effective. –High bandwidth packet streams that an adversary generates will receive preference during collisions that can occur at every hop along their route. –Thus, the network gives preference to malicious traffic.

15 RAP Real-time communication architecture Real-time communication architecture –query-event service API –geographic forwarding –Velocity monotonic scheduling (VMS) policy. Originator of message sets deadline, and destination Originator of message sets deadline, and destination –VMS layer computes velocity based on time to deadline and distance remaining

16 RAP Vulnerability Flood with high velocity packets Flood with high velocity packets –Set destination at long distance Possibly outside the network Possibly outside the network Intermediate node adversary could lower the velocity of route through traffic Intermediate node adversary could lower the velocity of route through traffic –Causes missed deadline several hops away If relying on a synchronized clock, attacking that mechanism could cause another node to always drop If relying on a synchronized clock, attacking that mechanism could cause another node to always drop –inadvertent black hole

Download ppt "Denial of Service in Sensor Networks Anthony D. Wood and John A. Stankovic."

Similar presentations

Chris Karlof and David Wagner

Chris Karlof and David Wagner
Jason Li Jeremy Fowers. Background Information Wireless sensor network characteristics General sensor network security mechanisms DoS attacks and defenses.

Jason Li Jeremy Fowers. Background Information Wireless sensor network characteristics General sensor network security mechanisms DoS attacks and defenses.
1 Denial of Service in Sensor Networks Authors: Anthony D. Wood, John A. Stankovic Presented by: Aiyaz Amin Paniwala.

1 Denial of Service in Sensor Networks Authors: Anthony D. Wood, John A. Stankovic Presented by: Aiyaz Amin Paniwala.
Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
COS 461 Fall 1997 Routing COS 461 Fall 1997 Typical Structure.

COS 461 Fall 1997 Routing COS 461 Fall 1997 Typical Structure.
Denial of Service in Sensor Networks Szymon Olesiak.

Denial of Service in Sensor Networks Szymon Olesiak.
Security in Wireless Sensor Networks Adrian Perrig, John Stankovic, and David Wagner.

Security in Wireless Sensor Networks Adrian Perrig, John Stankovic, and David Wagner.
DENIAL OF SERVICE IN SENSOR NETWORKS Pratik Zirpe Instructor – Dr. T. Andrew Yang.

DENIAL OF SERVICE IN SENSOR NETWORKS Pratik Zirpe Instructor – Dr. T. Andrew Yang.
A Distributed Security Framework for Heterogeneous Wireless Sensor Networks Presented by Drew Wichmann Paper by Himali Saxena, Chunyu Ai, Marco Valero,

A Distributed Security Framework for Heterogeneous Wireless Sensor Networks Presented by Drew Wichmann Paper by Himali Saxena, Chunyu Ai, Marco Valero,
Optimal Jamming Attacks and Network Defense Policies in Wireless Sensor Networks Mingyan Li, Iordanis Koutsopoulos, Radha Poovendran (InfoComm ’07) Presented.

Optimal Jamming Attacks and Network Defense Policies in Wireless Sensor Networks Mingyan Li, Iordanis Koutsopoulos, Radha Poovendran (InfoComm ’07) Presented.
Security and Privacy Issues in Wireless Communication By: Michael Glus, MSEE EEL 6788 11.

Security and Privacy Issues in Wireless Communication By: Michael Glus, MSEE EEL
Introduction to Sensor Networks Rabie A. Ramadan, PhD Cairo University 4.

Introduction to Sensor Networks Rabie A. Ramadan, PhD Cairo University 4.
Edith C. H. Ngai1, Jiangchuan Liu2, and Michael R. Lyu1

Edith C. H. Ngai1, Jiangchuan Liu2, and Michael R. Lyu1
1-1 CMPE 259 Sensor Networks Katia Obraczka Winter 2005 Security.

1-1 CMPE 259 Sensor Networks Katia Obraczka Winter 2005 Security.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
SUMP: A Secure Unicast Messaging Protocol for Wireless Ad Hoc Sensor Networks Jeff Janies, Chin-Tser Huang, Nathan L. Johnson.

SUMP: A Secure Unicast Messaging Protocol for Wireless Ad Hoc Sensor Networks Jeff Janies, Chin-Tser Huang, Nathan L. Johnson.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
1 Denial-of-Service Resilience in P2P File Sharing Systems Dan Dumitriu (EPFL) Ed Knightly (Rice) Aleksandar Kuzmanovic (Northwestern) Ion Stoica (Berkeley)

1 Denial-of-Service Resilience in P2P File Sharing Systems Dan Dumitriu (EPFL) Ed Knightly (Rice) Aleksandar Kuzmanovic (Northwestern) Ion Stoica (Berkeley)
Denial of Service Resilience in Ad Hoc Networks Imad Aad, Jean-Pierre Hubaux, and Edward W. Knightly Designed by Yao Zhao.

Denial of Service Resilience in Ad Hoc Networks Imad Aad, Jean-Pierre Hubaux, and Edward W. Knightly Designed by Yao Zhao.

Similar presentations

Ads by Google