Presentation is loading. Please wait.

Presentation is loading. Please wait.

DoS Attacks on Sensor Networks Hossein Nikoonia Department of Computer Engineering Sharif University of Technology

Published byConstance Watson Modified over 9 years ago

Similar presentations

Presentation on theme: "DoS Attacks on Sensor Networks Hossein Nikoonia Department of Computer Engineering Sharif University of Technology"— Presentation transcript:

1 DoS Attacks on Sensor Networks Hossein Nikoonia Department of Computer Engineering Sharif University of Technology nikoonia@ce.sharif.edu

2 Outline Wireless Sensor Networks False-Endorsement-Based DoS Attacks Broadcast Authentication ◦ Broadcast Authentication  Digital Signature  µTESLA Containing DoS Attacks in Broadcast Authentication Mitigating DoS Attacks against Broadcast Authentication Other Types of DoS Attack Future Work

3 WIRELESS SENSOR NETWORKS

4 Introduction Composed of a large number of sensor nodes and one or more sink Sensor Nodes ◦ Collect data ◦ Route data back to the sink Sink [Akyildiz et. al. 2002]

5 Applications Military Health ◦ Monitoring patients Monitoring disaster areas [Akyildiz et. al. 2002]

6 Constraints Sensor Nodes ◦ Energy  Usually battery-powered ◦ Processing power  Public-key operations are expensive  Delay  Energy ◦ Cost  Tamper-proof hardware is not practical Deployment area ◦ Hostile ◦ Unattended

7 Mica2 Motes Developed at UC Berkeley TinyOS ATmega128L 128 KB Program flash memory 4KB Configuration E2PROM 2X AA Battery [Crossbow Technology]

8 Information Security Confidentiality Integrity Availability Denial-of-Service (DoS)

9 FALSE-ENDORSEMENT- BASED DOS ATTACKS IN WIRELESS SENSOR NETWORKS C. Krau β, M Schneider, C. Eckert WiSec ‘08

10 False-Endorsement How to verify correctness of an event? ◦ Message Authentication Code (MAC) Problem ◦ Node capture Solution to the problem ◦ Endorsement ◦ XOR of MACs [Krau β et. al. 2008]

11 False-Endorsement Problem of the solution ◦ False-Endorsement Solution? [Krau β et. al. 2008]

12 Basic Idea Nodes should prove their endorsement. [Krau β et. al. 2008]

13 Details Assumptions ◦ Nodes are loosely time-synchronized ◦ Attacker does not have access to nodes for a period of time ◦ Clusters contain  One cluster head (CH)  Several cluster nodes (CNs) Hash chain ◦ A sequence of n hash values [Krau β et. al. 2008; Ning et. al. 2008]

14 Details Report Generation Verification [Krau β et. al. 2008]

15 BROADCAST AUTHENTICATION

16 Broadcast Authentication Digital signatures µTESLA [Ning et. al. 2008]

17 Digital Signature 160-bit Elliptic Curve Digital Signature Algorithm (ECDSA) on MICAz ◦ Power consumption  Receiving  0.25mJ  Signature verification  38.88mJ  Alkaline Battery  1200 J/cm3 ◦ Delay  1.62s [Ning et. al. 2008; Karl and Willing 2005]

18 µTESLA Delayed authentication Use of a one-way hash chain Nodes should be loosely time synchronized MACs are generated with a key which will be disclosed after a certain period of time. [Ning et. al. 2008]

19 DoS Attack against Broadcast Authentication Digital signature ◦ Power consumption ◦ Delay ◦ It is impractical for the nodes to validate each incoming message before forwarding it. µTESLA ◦ Delayed authentication [Wang et. al. 2007; Ning et. al. 2008]

20 CONTAINING DOS ATTACKS IN BROADCAST AUTHENTICATION IN SENSOR NETWORKS R. Wang, W. Du, P. Ning MobiHoc ‘07

21 The Basic Question First to forward or first to verify? [Wang et. al. 2007]

22 The Ideal Solution ◦ Faked messages  Authentication-first ◦ Authentic messages  Forwarding-first How? [Wang et. al. 2007]

23 Proposed Solution Dynamic Windows ◦ Additive increase, Multiplicative Decrease (AIMD) Each node stores a window size W ◦ Initial value: W max Attach a d a to each message ◦ Number of hops message has passed since its last authentication. [Wang et. al. 2007]

24 Proposed Solution [Wang et. al. 2007]

25 Simulation Result [Wang et. al. 2007]

26 MITIGATING DOS ATTACKS AGAINST BROADCAST AUTHENTICATION IN WIRELESS SENSOR NETWORKS P. Ning, A. Liu, W. Du ACM Transactions on Sensor Networks, 2008.

27 Basic Idea Use of a weak authenticator ◦ Could be verified efficiently by a sensor node. ◦ Cannot be pre-computed. ◦ Takes a reasonable amount of time for sink to compute. ◦ Almost impractical for attacker to forge. Not a replacement of digital signatures [Ning et. al. 2008]

28 Weak authenticator Message-specific puzzle ◦ Based on one-way key chains ◦ Takes 14.6ms on a MICAz mote to verify this weak authenticator. [Ning et. al. 2008]

29 Details Consider a hash chain. This chain is generated offline and is stored in sink. Each node knows the last value of the chain. ◦ Hence, they can authenticate next values [Ning et. al. 2008]

30 Details

31 Other Types of DoS Attacks Jamming ◦ [Wood and Stankovic 2002] Path-based DoS Attack ◦ [Deng et. al. 2005]

32 Future Work DoS attack against sink Multistage digital signature Real-time weak authenticator (puzzle)

33 References I. F. Akyildiz, W. Su, Y. Sankarasubramaniam, E. Cayirci, “A Survey on Sensor Networks”, IEEE Communications Magazine, pp. 102-114, Aug. 2002. [Crossbow Technology] www.xbow.com J. Deng, R. Han, S. Mishra, “Defending against Path-based DoS Attacks in Wireless Sensor Networks”, In Proceedings of SASN’05, pp. 89-96, 2005. C. Krau β, M. Schneider, C. Eckert, “Defending against False-Endorsement-Based DoS Attacks in Wireless Sensor Networks, In Proceedings of WiSec’08, pp. 13-21, 2008. H. Karl, A. Willing, ”Protocols and Architectures for Wireless Sensor Networks”, John Wiley and Sons, 2005. P. Ning, A. Liu, W. Du, “Mitigating DoS Attacks against Broadcast Authentication in Wireless Sensor Networks”, ACM Transactions on Sensor Networks, Vol. 4, No. 1, pp. 1-33, 2008. A. D. Wood, J. A. Stankovic, “Denial of Service in Sensor Networks”, Computer, Vol. 35, pp. 54-62, Oct. 2002. R. Wang, W. Du, P. Ning, ”Containing Denial-of-Service Attacks in Broadcast Authentication in Sensor Networks”, In Proceedings of MobiHoc’07, pp. 71-79, 2007.

Download ppt "DoS Attacks on Sensor Networks Hossein Nikoonia Department of Computer Engineering Sharif University of Technology"

Similar presentations

Jason Li Jeremy Fowers. Background Information Wireless sensor network characteristics General sensor network security mechanisms DoS attacks and defenses.

Jason Li Jeremy Fowers. Background Information Wireless sensor network characteristics General sensor network security mechanisms DoS attacks and defenses.
A Security Protocol for Sensor Networks Khadija Stewart, Themistoklis Haniotakis and Spyros Tragoudas Dept. of Electrical and Computer Engineering Southern.

A Security Protocol for Sensor Networks Khadija Stewart, Themistoklis Haniotakis and Spyros Tragoudas Dept. of Electrical and Computer Engineering Southern.
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, 2010. ICWCSC 2010. International.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
 Introduction  Benefits of VANET  Different types of attacks and threats  Requirements and challenges  Security Architecture  Vehicular PKI.

 Introduction  Benefits of VANET  Different types of attacks and threats  Requirements and challenges  Security Architecture  Vehicular PKI.
A Distributed Security Framework for Heterogeneous Wireless Sensor Networks Presented by Drew Wichmann Paper by Himali Saxena, Chunyu Ai, Marco Valero,

A Distributed Security Framework for Heterogeneous Wireless Sensor Networks Presented by Drew Wichmann Paper by Himali Saxena, Chunyu Ai, Marco Valero,
A Survey of Secure Wireless Ad Hoc Routing

A Survey of Secure Wireless Ad Hoc Routing
CSE 5392By Dr. Donggang Liu1 CSE 5392 Sensor Network Security Introduction to Sensor Networks.

CSE 5392By Dr. Donggang Liu1 CSE 5392 Sensor Network Security Introduction to Sensor Networks.
Containing DoS Attacks in Broadcast Authentication in Sensor Networks (Ronghua Wang, Wenliang Du, Peng Ning) Containing DoS Attacks in Broadcast Authentication.

Containing DoS Attacks in Broadcast Authentication in Sensor Networks (Ronghua Wang, Wenliang Du, Peng Ning) Containing DoS Attacks in Broadcast Authentication.
An Efficient Scheme for Authenticating Public Keys in Sensor Networks Wenliang (Kevin) Du (Syracuse) Ronghua Wang (Syracuse) Peng Ning (North Carolina.

An Efficient Scheme for Authenticating Public Keys in Sensor Networks Wenliang (Kevin) Du (Syracuse) Ronghua Wang (Syracuse) Peng Ning (North Carolina.
Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)

Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)
LOGO Multi-user Broadcast Authentication in Wireless Sensor Networks ICU 20082065 Myunghan Yoo.

LOGO Multi-user Broadcast Authentication in Wireless Sensor Networks ICU Myunghan Yoo.
Using Auxiliary Sensors for Pair-Wise Key Establishment in WSN Source: Lecture Notes in Computer Science (2010) Authors: Qi Dong and Donggang Liu Presenter:

Using Auxiliary Sensors for Pair-Wise Key Establishment in WSN Source: Lecture Notes in Computer Science (2010) Authors: Qi Dong and Donggang Liu Presenter:
Securing Wireless Sensor Networks Wenliang (Kevin) Du Department of Electrical Engineering and Computer Science Syracuse University.

Securing Wireless Sensor Networks Wenliang (Kevin) Du Department of Electrical Engineering and Computer Science Syracuse University.
Edith C. H. Ngai1, Jiangchuan Liu2, and Michael R. Lyu1

Edith C. H. Ngai1, Jiangchuan Liu2, and Michael R. Lyu1
1 Security in Wireless Sensor Networks Group Meeting Fall 2004 Presented by Edith Ngai.

1 Security in Wireless Sensor Networks Group Meeting Fall 2004 Presented by Edith Ngai.
Nov.6, 2002 Secure Routing Protocol for Ad Hoc Networks Li Xiaoqi.

Nov.6, 2002 Secure Routing Protocol for Ad Hoc Networks Li Xiaoqi.
Efficiently Authenticating Code Images in Dynamically Reprogrammed Wireless Sensor Networks PerSec 2006 Speaker: Prof. Rick Han Coauthors Jing Deng and.

Efficiently Authenticating Code Images in Dynamically Reprogrammed Wireless Sensor Networks PerSec 2006 Speaker: Prof. Rick Han Coauthors Jing Deng and.
Security Issues In Sensor Networks By Priya Palanivelu.

Security Issues In Sensor Networks By Priya Palanivelu.
Securing Wireless Sensor Networks Wenliang (Kevin) Du Department of Electrical Engineering and Computer Science Syracuse University.

Securing Wireless Sensor Networks Wenliang (Kevin) Du Department of Electrical Engineering and Computer Science Syracuse University.
INSENS: Intrusion-Tolerant Routing For Wireless Sensor Networks By: Jing Deng, Richard Han, Shivakant Mishra Presented by: Daryl Lonnon.

INSENS: Intrusion-Tolerant Routing For Wireless Sensor Networks By: Jing Deng, Richard Han, Shivakant Mishra Presented by: Daryl Lonnon.

Similar presentations

Ads by Google