1. EKC Journal Paper Scouting A Presentation for the ResiliNets Group © 2008 Egemen Cetinkaya July 2008 Egemen Çetinkaya Department of Electrical Engineering & Computer Science The University of Kansas ecetin01@ittc.ku.edu http://wiki.ittc.ku.edu/resilinets_wiki/index.php/Main_Page

2. EKC July 20082 Outline Overall Security and Privacy in Sensor Networks –Haowen Chan and Adrian Perrig, CMU –IEEE Computer, October 2003, pp. 103-105 Denial of Service in Sensor Networks –Anthony D. Wood and John A. Stankovic, Univ. of Virginia –IEEE Computer, October 2002, pp. 54-62 Secure routing in wireless sensor networks: attacks and countermeasures –Chris Karlof and David Wagner, UC-Berkeley –Elsevier Ad-Hoc Networks, September 2003, pp. 293-315

3. EKC July 20083 Security and Privacy in Sensor Nets Outline Sensor Node Compromise Eavesdropping Privacy of Sensed Data Denial of Service Attacks Malicious Use of Commodity Networks

4. EKC July 20084 Security and Privacy in Sensor Nets Sensor Node Compromise Sensor Node Compromise –Large scale sensor nets, hard to protect against physical and logical attacks –Countermeasures: Tamper resistant hardware – expensive Node-to-node authentication in software Sensor Networks must be made resilient: “able to function at high effectiveness even with a small number of malicious nodes. For example, routing protocols must be resilient against compromised nodes that behave maliciously.”

5. EKC July 20085 Security and Privacy in Sensor Nets Eavesdropping Eavesdropping –Passive attack –Countermeasure: Encryption Must be robust Must be feasible for limited resources Hard to implement E2E encryption due to large scale (too many keys need to be stored) HBH encryption is a solution, but conflicts with E2E arguments Multipath routing is a solution, where parts of a message is sent over multiple disjoint paths ?!?

6. EKC July 20086 Security and Privacy in Sensor Nets Privacy Privacy of Sensed Data –Access to stored data or by querying or by eavesdropping –Countermeasures: Encryption Access control Reduction in sensed data details (e.g. aggregation) Distributed processing, where no one node has access to queried results

7. EKC July 20087 Security and Privacy in Sensor Nets DoS Denial of Service Attacks –Aims to destroy network functionality At the physical layer – e.g. radio jamming Battery exhaustion Creating routing loops –Countermeasures: Spread spectrum techniques Proper authentication, e.g. authentication techniques itself can be used to exhaust battery

8. EKC July 20088 Security and Privacy in Sensor Nets Malicious Commodity Networks Malicious use of commodity networks –Use of sensor networks for illegal purposes, e.g. planting them in computers to extract private information –Countermeasure: Deploy sensor detectors to detect malicious sensor nets It will not protect illegal sensor network deployment, but will make attacks expensive This is not an attack on sensor nets ?!?

9. EKC July 20089 Denial of Service in Sensor Networks Outline Theory and application The denial of service threat Physical layer Link layer Network and routing layer Transport layer Protocol vulnerabilities

10. EKC July 200810 Denial of Service in Sensor Networks Theory and Application Small nodes, wireless communication Data centric vs. address centric Military, healthcare, environmental monitoring Large scale Network must be resilient to individual node failure Security in the original design of protocols and software applications for all networks

11. EKC July 200811 Denial of Service in Sensor Networks Denial of Service Threat “A DoS attack is any event that diminishes or eliminates a network’s capacity to perform its expected function. Hardware failures, software bugs, resource exhaustion, environmental conditions, or any complicated interaction between these factors can cause a DoS” Detection of DoS is harder due to large scale Layered network architecture can improve robustness (e.g. attacks exploiting interactions between layers)

12. EKC July 200812 Denial of Service in Sensor Networks DoS Attacks at the Physical Layer Jamming –Simple –k jamming node, N out of service nodes, where k<<N –Defense – Spread Spectrum, reporting attack to BS, buffering during the attack, use of IR or optical during the attack Tampering –Tampering physically –Defense – erase cryptographic or program memory, camouflaging

13. EKC July 200813 Denial of Service in Sensor Networks DoS Attacks at the Link Layer Collision –Corrupting data or control packets for checksum mismatch or back-off –Defense – error correcting codes but expensive Exhaustion (battery exhaustion) –Retransmissions, interrogation attack (e.g. RTS/CTS) –Defense - MAC admission control rate limiting Unfairness –Weaker DoS, causing real time MAC to miss the deadline –Defense – use of small frames

14. EKC July 200814 Denial of Service in Sensor Networks DoS Attacks at the Network Layer 1 Neglect and greed –Malicious nodes randomly drops packets (neglectful node) –Malicious node gives priority to its own messages (greedy) –Defense – multiple routing path and redundant messages Homing –Passive attack to identify critical nodes - e.g. BS, clusterhead, sink –Once identified an active attack can be launched –Defense – hiding using shared cryptographic keys

15. EKC July 200815 Denial of Service in Sensor Networks DoS Attacks at the Network Layer 2 Misdirection –Active attack, messages are forwarded along wrong paths –Defense – egress filtering approach Black holes –Malicious nodes advertise zero-cost routes, making them attractive for traffic path –Nodes around the malicious node exhausted causing a hole or partition –Easy to detect, but very disruptive –Defense – detection of inconsistent advertisements

16. EKC July 200816 Denial of Service in Sensor Networks DoS Defenses at the Network Layer Authorization –Defense against misdirection and black holes Monitoring –Monitoring proper routing –Simple, less expensive IDS Probing –Probes should be indistinguishable from normal traffic –Defense against neglect and greedy attacks Redundancy –Diversity coding, less expensive

17. EKC July 200817 Denial of Service in Sensor Networks DoS Attacks at the Transport Layer Flooding –Memory exhaustion for stateful connections –Defense 1 – limiting number of connections –Defense 2 – client puzzles, computationally expensive Desynchronization –Forged messages (e.g. sequence numbers, control flags) for end systems to retransmission –Defense – authentication

18. EKC July 200818 Denial of Service in Sensor Networks Protocol Vulnerabilities Adaptive rate control –High BW traffic generated by malicious nodes are given priority Real-time location based protocols (RAP) –Flooding the network with high velocity packets

19. EKC July 200819 Secure Routing in WSNs Outline Introduction and contributions Background Sensor networks vs. ad-hoc wireless networks Related work Problem statement Attacks on sensor network routing Attacks on specific sensor network protocols Countermeasures

20. EKC July 200820 Secure Routing in WSNs Introduction The paper is about routing security of WSNs Conventional networks –Routing is concerned with message availability –Higher layers handle: Integrity, Authenticity, Confidentiality –E2E security is handled by higher layers - e.g. SSH, SSL Wireless Sensor Networks –In-network processing makes it impossible for E2E security –LL security can alleviate some of the security problems

21. EKC July 200821 Secure Routing in WSNs Contributions Propose threat models and security goals Introduce sinkhole and HELLO floods attacks against sensor networks (relevant to MANETs) Show MANET and P2P attacks can be adapted to WSNs Detailed security analysis of major routing protocols Discuss countermeasures and design considerations

22. EKC July 200822 Secure Routing in WSNs Background Small, large scale, stationary, low cost & power Berkeley TinyOS platform is examined –Low power & memory Data aggregation occurs, thus time delay of message Security –Public-key cryptography is computationally expensive –Fast symmetric-key cryptography must be used sparingly Moore’s law seems unlikely –Instead cheaper systems with fixed performance

23. EKC July 200823 Secure Routing in WSNs Sensor Network Legends and Architecture BS sink Low latency, high BW link Sensor node (mote) Low power radio Adversary

24. EKC July 200824 Secure Routing in WSNs Sensor Nets vs. MANETs Similarities –Both are multihop Differences –Traffic pattern in WSNs Many-to-one One-to-many Local communication –WSNs are more resource constrained –Aggregation, in-network processing occurs WSNs

25. EKC July 200825 Secure Routing in WSNs Related Work Security issues are similar (MANET vs. WSNs) but not the defense mechanisms Public-key cryptography is expensive for WSNs WSNs must rely on private-key cryptography Symmetric-key cryptography based on SR or DV is not suitable for WSNs Punishing, reporting selfish or misbehaving nodes is a promising work SNEP and µTESLA are security protocols optimized for WSNs

26. EKC July 200826 Secure Routing in WSNs Problem Statement 1 Network assumptions –Wireless communication, i.e. insecure radio links –Many sensor nodes, few malicious nodes Malicious nodes can be bought separately Legitimate nodes can be converted to malicious nodes –Adversary might be much powerful (e.g. laptop) –Physical and MAC layer attacks are not the focus –Nodes are not tamper-resistant Trust requirements –Base stations are trustworthy –Aggregation points may or may not be trustworthy

27. EKC July 200827 Secure Routing in WSNs Problem Statement 2 Threat models –Mote class attackers vs. laptop-class attackers –Outsider attacks vs. insider attacks Security goals –Ideally the security objective is CIAA of all messages –Due to aggregation E2E security is not possible –Outsider attacks can be prevented by link layer security –Insider attacks are challenging, LL security is not enough –Replay attacks should be prevented by the application layer

28. EKC July 200828 Secure Routing in WSNs Attacks on Sensor Network Routing 1 Attack categories: –Spoofed, altered, or replayed routing information –Selective forwarding –Sinkhole attacks –Sybil attacks –Wormholes –HELLO flood attacks –Acknowledgement spoofing Attacks differ based on: –Manipulating user data –Underlying routing topology

29. EKC July 200829 Secure Routing in WSNs Attacks on Sensor Network Routing 2 Spoofed, altered, or replayed routing information –Targets the routing info exchanged between nodes –Creates routing loops, partitions network, inc. E2E delay etc. The Sybil attack –A single node presents multiple identities to other nodes –Significantly reduces effectiveness of fault tolerance schemes: distributed storage, dispersity, multipath routing, topology maintenance –Significant threat to geographic routing protocols

30. EKC July 200830 Secure Routing in WSNs Attacks on Sensor Network Routing 3 D (1,0) B (0,1)C (1,1)D (2,1) Bogus routing info: D (1,0) A (0,2) 1 2 Spoofed, altered routing information Sybil attack

31. EKC July 200831 Secure Routing in WSNs Attacks on Sensor Network Routing 4 Selective forwarding –Malicious nodes refuse to forward certain messages –If all messages are dropped a black hole is created –Black holes are easy to detect, i.e. may not serve an attackers objective –Most effective when the malicious node is on the data path –If not on data path, sinkhole or Sybil attacks are effective Sinkhole attacks –Attacker attracts all traffic nearby –Attraction occurs w.r.t. routing algorithm – e.g. high quality route advertisement via laptop-class adversary –Enables selective forwarding (SF) but makes SF trivial

32. EKC July 200832 Secure Routing in WSNs Attacks on Sensor Network Routing 5 S Selective forwarding, adversary on the data path D

33. EKC July 200833 Secure Routing in WSNs Attacks on Sensor Network Routing 6 Wormholes –Adversary tunnels messages in one part of the network to a different part via low latency link –Involvement of two adversaries is more common –Essentially a sinkhole attack –Exploits the routing race condition – ignoring later messages –Detection is difficult when used with Sybil attack

34. EKC July 200834 Secure Routing in WSNs Attacks on Sensor Network Routing 7 BS Wormhole Illustration Sinkhole creation

35. EKC July 200835 Secure Routing in WSNs Attacks on Sensor Network Routing 8 HELLO flood attack –Nodes broadcast HELLO messages announce themselves to neighbors –Powerful laptop-class device can be used to convince network that the adversary is node’s neighbor –Nodes hearing this message will use this route Acknowledgement spoofing –Several routing protocols rely on link layer acknowledgement –Adversary spoofs these messages to notify neighboring nodes a weak link is strong, or a dead node is alive –Spoofed messages can be used to launch SF attack

36. EKC July 200836 Secure Routing in WSNs Attacks on Sensor Network Routing 9 HELLO flood attack BS

37. EKC July 200837 Secure Routing in WSNs Attacks on Sensor Network Protocols 1 All proposed sensor network routing protocols are susceptible to attacks The routing protocols analyzed are: –TinyOS beaconing –Directed diffusion –Geographic routing –Minimum cost forwarding –LEACH: low-energy adaptive clustering hierarchy –Rumor routing –Energy conserving topology maintenance (GAF, SPAN)

38. EKC July 200838 Secure Routing in WSNs Attacks on Sensor Network Protocols 2 TinyOS beaconing operation –Based on spanning tree construction –BS broadcasts route update periodically –Packets forwarded to parent node until they reach to BS Attacks against TinyOS beaconing –No authenticated routing updates, any device can claim BS –Wormhole/sinkhole attacks –HELLO flood attacks –Routing loops

39. EKC July 200839 Secure Routing in WSNs Attacks on Sensor Network Protocols 3 Directed diffusion operation –Sinks flood interest, gradients set-up –Nodes propagate data back to sink Attacks against directed diffusion –Hard to attack during flooding phase –Suppression: spoof control messages –Cloning: enables eavesdropping –Path influence: spoof control messages –Selective forwarding and tampering: –Multipath version is more robust against attacks –Sybil attacks are possible

40. EKC July 200840 Secure Routing in WSNs Attacks on Sensor Network Protocols 4 Geographic routing protocols operation –Greedy Perimeter Stateless Routing (GPSR) Greedy forwarding, packets routed to the closest neighbor –Geographic and Energy Aware Routing (GEAR) Energy is weighted in forwarding decisions Attacks against geographic routing protocols –Sybil attack to misrepresent a node’s location False advertisements of location information –Selective forwarding –Routing loops

41. EKC July 200841 Secure Routing in WSNs Attacks on Sensor Network Protocols 5 Minimum cost forwarding operation –Essentially Distributed Shortest Path algorithm Attacks against minimum cost forwarding –Sinkhole attacks False advertisement of zero cost from an adversary A laptop-class adversary can utilize wormhole to help sinkhole attacks –HELLO flood attacks

42. EKC July 200842 Secure Routing in WSNs Attacks on Sensor Network Protocols 6 Low Energy Adaptive Clustering Hierarchy operation –Two phases: Setup: Clusterheads are randomly picked for energy savings Steady-state: Clusterheads send/receive aggregated data to BS in TDMA Attacks against LEACH –HELLO flood attacks Adversary acts as clusterhead by sending powerful signal –Small size networks are prone to selective forwarding –Sybil attacks are possible –Attacks aim higher levels in the hierarchy

43. EKC July 200843 Secure Routing in WSNs Attacks on Sensor Network Protocols 7 Rumor routing operation –Probabilistic selection of next hop –Agents carry the events, TTL etc. –Energy saving compared to flooding Attacks against rumor routing –Selective forwarding Can be easier by creating wormhole

44. EKC July 200844 Secure Routing in WSNs Attacks on Sensor Network Protocols 8 Energy conserving topology maintenance –Essentially more nodes are deployed than what is needed –GAF, SPAN, CEC, AFECA are examples Attacks against GAF and SPAN –Broadcasting high-ranking control messages –Selective forwarding –HELLO flood attack –Sybil attack

45. EKC July 200845 Secure Routing in WSNs Countermeasures 1 Outsider attacks and link layer security The Sybil attack HELLO flood attacks Wormhole and sinkhole attacks Leveraging global knowledge Selective forwarding Authenticated broadcast and flooding

46. EKC July 200846 Secure Routing in WSNs Countermeasures 2 Outsider attacks and link layer security –Major outsider attacks can be prevented via link layer encryption and authentication using global shared key –Sybil attack is irrelevant –Sinkhole attack and SF is not possible –LL mechanisms are not sufficient for wormhole or HELLO flood attacks Link layer security cannot encounter against insider attacks

47. EKC July 200847 Secure Routing in WSNs Countermeasures 3 The Sybil attack can be prevented via identity verification Identity verification can be done using public key cryptography which generates digital signatures DS is costly for resource constrained Sensor Nets To overcome this: Nodes can share unique shared key with the BS, and verify each other’s identity and establish a shared key This is still costly but the cost is lower

48. EKC July 200848 Secure Routing in WSNs Countermeasures 4 HELLO flood attacks can simply prevented via verification of bidirectionality of the link If the attacker has a sensitive receiver, this is useless To prevent attacks: –Use identity verification for authentication –Adversary claiming to be neighbor of unusual large number nodes should raise an alarm

49. EKC July 200849 Secure Routing in WSNs Countermeasures 5 Wormhole and sinkhole attacks are hard to defend Harder when used in combination Geographic routing protocols are resistant to sinkhole attacks Base station initiated topology construction protocols are most susceptible to wormhole attacks Defensive mechanisms should be considered at the design phase of the protocols

50. EKC July 200850 Secure Routing in WSNs Countermeasures 6 Leveraging global knowledge –Keep inventory of the network (# nodes, topology), and be alerted during suspicious changes –Probabilistic selection of next hop against sink hole attacks –Placement of nodes to known locations Selective forwarding –Multipath routing to counter selective forwarding attacks Authenticated broadcast and flooding –Authenticated broadcast protocol µTESLA –Use of flooding which is robust, attackers need to partition –Flooding is expensive, SPIN and gossiping is more efficient

51. EKC July 200851 Overall Conclusions Highlights on WSN Security WSNs are not secure –Attacks similar to other networks (e.g. MANET, wireless) –Different defense mechanisms (limited res. & large scale) E2E security is not possible due to in network processing of WSNs Flooding is robust to attacks, FT helps defense The security should be considered during the design phase of protocols, not afterwards Addition of security is expensive in terms of processing, energy, memory, cost

52. EKC July 200852 Backup Key Management in WSNs 1 A networkwide shared key –Pros: simple –Cons: even 1 node compromise can reveal everything One key for link establishment, one per pair for communication, erase networkwide key after session establishment –Cons: doesn’t allow addition of new nodes after initial key- establishment Public-key cryptography –Pros: any node can set-up secure key with any other node –Cons: expensive for WSNs

53. EKC July 200853 Backup Key Management in WSNs 2 Preconfigure the network with a shared unique key between nodes –Cons: Doesn’t scale well, need n.(n-1)/2 keys. Also how would you know location info in a random deployment? Bootstraping keys using a base station –Cons: BS becomes single point of failure Random-key predistribution –Pros: require less keys (memory) in the node –Cons: sufficient amount of compromised nodes can reveal the scheme