Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Somya Kapoor Jorge Chang Amarnath Kolla. 2 Agenda Introduction and Architecture of WSN –Somya Kapoor Security threats on WSN – Jorge Chang & Amarnath.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Somya Kapoor Jorge Chang Amarnath Kolla. 2 Agenda Introduction and Architecture of WSN –Somya Kapoor Security threats on WSN – Jorge Chang & Amarnath."— Presentation transcript:

1 1 Somya Kapoor Jorge Chang Amarnath Kolla

2 2 Agenda Introduction and Architecture of WSN –Somya Kapoor Security threats on WSN – Jorge Chang & Amarnath Kolla

3 3 What is WSN? “ A wireless sensor network (WSN) is a network made of numerous small independent sensor nodes. The sensor nodes, typically the size of a 35 mm, are self- contained units consisting of a battery, radio, sensors, and a minimal amount of on-board computing power. The nodes self-organize their networks, rather than having a pre-programmed network topology. Because of the limited electrical power available, nodes are built with power conservation in mind, and generally spend large amounts.”

4 4 Uses or Benefits Buildings automation for controlling lights, fire alarms or access control, refrigeration control Industrial automation Habitat monitoring Medical field Military

5 5 Layout of WSN

6 6 Layout of a mote

7 7 Picture

8 8 Doesn’t it sound amazing?

9 9 Requirements of WSN Small in size and low power consumption Concurrency–intensive operation Diversity in design and usage Low cost Low cost Security!

10 10 Security Threats Denial of Service. Denial of Service. Spoofed, altered, or replayed routing info. Spoofed, altered, or replayed routing info. Selective forwarding. Selective forwarding. Sinkhole attacks. Sinkhole attacks. Sybil attacks. Sybil attacks. Wormhole attacks. Wormhole attacks. Hello flood attacks. Hello flood attacks. Acknowledgement spoofing. Acknowledgement spoofing.

11 11 Denial of Service Network Layer DoS Attack Defenses PhysicalJamming Spread-spectrum, priority messages, lower duty cycle, region mapping, mode change Tampering Tamper-proofing, hiding

12 12 Defense Against Jamming

13 13 Denial of Service Network Layer DoS Attack Defenses PhysicalJamming Spread-spectrum, priority messages, lower duty cycle, region mapping, mode change Tampering Tamper-proofing, hiding LinkCollision Error correcting code Exhaustion Rate limitation Unfairness Small frames

14 14 Denial of Service (cont.) Network and routing Neglect and Greed Redundancy, probing HomingEncryption Misdirection Egress filtering, authorization, monitoring Black holes Authorization, monitoring, redundancy

15 15 Denial of Service (cont.) Network and routing Neglect and Greed Redundancy, probing HomingEncryption Misdirection Egress filtering, authorization, monitoring Black holes Authorization, monitoring, redundancy TransportFlooding Client puzzles DesynchronizationAuthentication

16 16 Spoofed, Altered, or Replayed Routing Info Issues: Issues: Routing info altered/falsified to attract/repel traffic from nodes. Routing info altered/falsified to attract/repel traffic from nodes. Malicious nodes can create traffic loops. Malicious nodes can create traffic loops. Counter Measures: Authentication. Counter Measures: Authentication.

17 17 Selective Forwarding Issues: Issues: Relies on routing methodology. Relies on routing methodology. Subvert a node on a major traffic path. Subvert a node on a major traffic path. Selectively forward only some data. Selectively forward only some data. Counter Measures: Counter Measures: Redundant routes. Redundant routes. Redundant messages. Redundant messages.

18 18 Sinkhole Attack Issues: Issues: Subverted nodes close to base advertise attractive routing information. Subverted nodes close to base advertise attractive routing information. Base Station Sinkhole

19 19 Sinkhole Attack Issues: Issues: Subverted nodes close to base advertise attractive routing information. Subverted nodes close to base advertise attractive routing information. Force nodes in the region to route data towards it. Force nodes in the region to route data towards it. Creates a ‘sphere of influence’. Creates a ‘sphere of influence’. Counter Measures: Counter Measures: Hierarchical routing. Hierarchical routing. Geographic routing. Geographic routing. Base Station Sinkhole

20 20 Sybil Attack An adversary node assumes identity of multiple nodes. An adversary node assumes identity of multiple nodes. This causes ineffectiveness in a network. Specially target for networks with: This causes ineffectiveness in a network. Specially target for networks with: Fault Tolerance Fault Tolerance Geographic routing protocol Geographic routing protocol

21 21 Sybil Attack (cont.) Geographic routing network where each intermediate node is allowed up to five connected nodes. Geographic routing network where each intermediate node is allowed up to five connected nodes. Here, an adversary node assumes the identity of two nodes, leaving one node starved. Here, an adversary node assumes the identity of two nodes, leaving one node starved. A B Base Station A B

22 22 Sybil Attack (cont.) In a network with fault tolerance, each node sends data to multiple intermediate node. In a network with fault tolerance, each node sends data to multiple intermediate node. Adversary intermediate node assumes multiple identity, removing the fault tolerance requirement. Adversary intermediate node assumes multiple identity, removing the fault tolerance requirement.

23 23 Sybil Attack Counter measure Counter measure Each node is assigned one or more “verified neighbors” Each node is assigned one or more “verified neighbors” Traffic can go through verified or non-verified nodes. Traffic can go through verified or non-verified nodes. Base station keeps track of how many neighbors each node has, and if the number is higher than normal, this indicates Sybil attack. Base station keeps track of how many neighbors each node has, and if the number is higher than normal, this indicates Sybil attack. At this point, traffic can only be routed through verified nodes. At this point, traffic can only be routed through verified nodes. Neighbor verification can be done through certificates or public key cryptosystem. Neighbor verification can be done through certificates or public key cryptosystem.

24 24 Wormhole Attack Two powerful adversary nodes placed in two strategic location Two powerful adversary nodes placed in two strategic location Advertise a low cost path to the sink Advertise a low cost path to the sink All nodes in the network are attracted to them looking for an optimal route All nodes in the network are attracted to them looking for an optimal route This is attack is usually applied in conjunction with selective forwarding or eavesdropping attack. This is attack is usually applied in conjunction with selective forwarding or eavesdropping attack.

25 25 Wormhole Attack (cont.) The two adversary nodes advertise a route that’s two hops away. The two adversary nodes advertise a route that’s two hops away. Normal route is longer, so it’s not used. Normal route is longer, so it’s not used. The adversaries are now in control of all the traffic in the network. The adversaries are now in control of all the traffic in the network.

26 26 Wormhole Attack (cont.) Hard to detect because communication medium between the two bad nodes are unknown. Hard to detect because communication medium between the two bad nodes are unknown. Control and verify hop count. This limits the self-organizing criteria of an ad-hoc network. Control and verify hop count. This limits the self-organizing criteria of an ad-hoc network. Use protocol that is not based on hop count. In geographic routing, a route is based on coordinates of intermediate nodes. But if adversary nodes can mimic its location, this doesn’t work. Use protocol that is not based on hop count. In geographic routing, a route is based on coordinates of intermediate nodes. But if adversary nodes can mimic its location, this doesn’t work.

27 27 HELLO flood attack New sensor node broadcasts “Hello” to find its neighbors. New sensor node broadcasts “Hello” to find its neighbors. Also broadcast its route to the base station. Other nodes may choose to route data through this new node if the path is shorter. Also broadcast its route to the base station. Other nodes may choose to route data through this new node if the path is shorter. Adversary node broadcast a short path to the base station using a high power transmission. Adversary node broadcast a short path to the base station using a high power transmission. Target nodes attempt to reply, but the adversary node is out of range. Target nodes attempt to reply, but the adversary node is out of range. This attack puts the network in a state of confusion. This attack puts the network in a state of confusion.

28 28 HELLO flood attack Counter this attack by using a three-way handshake. Counter this attack by using a three-way handshake. New node sends HELLO. New node sends HELLO. Any receiving nodes reply with randomly generated message. Any receiving nodes reply with randomly generated message. The new node must resend the message back to the receiving nodes. The new node must resend the message back to the receiving nodes. This guarantees the bi- directionality of the link. This guarantees the bi- directionality of the link.

29 29 Acknowledgement Spoofing Adversary can easily intercept messages between two parties Adversary can easily intercept messages between two parties Spoofs an acknowledge of a message to the sender. Spoofs an acknowledge of a message to the sender. Goal is to convince the sender that a weak link is strong, or a dead link is still active. Goal is to convince the sender that a weak link is strong, or a dead link is still active. Counter the attack by appending a random number to the message and encrypt the whole thing. Acknowledge by sending the decrypted random number. Counter the attack by appending a random number to the message and encrypt the whole thing. Acknowledge by sending the decrypted random number.

30 30 Wireless sensor network is a growing field and has many different applications. Wireless sensor network is a growing field and has many different applications. Most security threats to wireless ad-hoc network are applicable to wireless sensor network. Most security threats to wireless ad-hoc network are applicable to wireless sensor network. These threats are further complicated by the physical limitations of sensor nodes. These threats are further complicated by the physical limitations of sensor nodes. Some of these threats can be countered by encryption, data integrity and authentication. Some of these threats can be countered by encryption, data integrity and authentication. Security of wireless sensor network remains an intensive studied field. Security of wireless sensor network remains an intensive studied field. Conclusion

31 31 Questions and Comments?

Download ppt "1 Somya Kapoor Jorge Chang Amarnath Kolla. 2 Agenda Introduction and Architecture of WSN –Somya Kapoor Security threats on WSN – Jorge Chang & Amarnath."

Similar presentations

Chris Karlof and David Wagner

Chris Karlof and David Wagner
Security in Sensor Networks By : Rohin Sethi Aranika Mahajan Twisha Patel.

Security in Sensor Networks By : Rohin Sethi Aranika Mahajan Twisha Patel.
Security in Wireless Sensor Networks: Key Management Approaches

Security in Wireless Sensor Networks: Key Management Approaches
Jason Li Jeremy Fowers. Background Information Wireless sensor network characteristics General sensor network security mechanisms DoS attacks and defenses.

Jason Li Jeremy Fowers. Background Information Wireless sensor network characteristics General sensor network security mechanisms DoS attacks and defenses.
1 Denial of Service in Sensor Networks Authors: Anthony D. Wood, John A. Stankovic Presented by: Aiyaz Amin Paniwala.

1 Denial of Service in Sensor Networks Authors: Anthony D. Wood, John A. Stankovic Presented by: Aiyaz Amin Paniwala.
Denial of Service in Sensor Networks Anthony D. Wood and John A. Stankovic.

Denial of Service in Sensor Networks Anthony D. Wood and John A. Stankovic.
Denial of Service in Sensor Networks Szymon Olesiak.

Denial of Service in Sensor Networks Szymon Olesiak.
Security in Wireless Sensor Networks Adrian Perrig, John Stankovic, and David Wagner.

Security in Wireless Sensor Networks Adrian Perrig, John Stankovic, and David Wagner.
EKC Journal Paper Scouting A Presentation for the ResiliNets Group © 2008 Egemen Cetinkaya July 2008 Egemen Çetinkaya Department of Electrical Engineering.

EKC Journal Paper Scouting A Presentation for the ResiliNets Group © 2008 Egemen Cetinkaya July 2008 Egemen Çetinkaya Department of Electrical Engineering.
DENIAL OF SERVICE IN SENSOR NETWORKS Pratik Zirpe Instructor – Dr. T. Andrew Yang.

DENIAL OF SERVICE IN SENSOR NETWORKS Pratik Zirpe Instructor – Dr. T. Andrew Yang.
Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures Chris Karlof David Wagner University of Califonia at Berkeley Paper review and.

Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures Chris Karlof David Wagner University of Califonia at Berkeley Paper review and.
Authors : Chris Karlof, David Wagner Presenter : Shan Bai Secure Routing in Wireless Sensor Networks : Attacks and Countermeasures.

Authors : Chris Karlof, David Wagner Presenter : Shan Bai Secure Routing in Wireless Sensor Networks : Attacks and Countermeasures.
A Distributed Security Framework for Heterogeneous Wireless Sensor Networks Presented by Drew Wichmann Paper by Himali Saxena, Chunyu Ai, Marco Valero,

A Distributed Security Framework for Heterogeneous Wireless Sensor Networks Presented by Drew Wichmann Paper by Himali Saxena, Chunyu Ai, Marco Valero,
Secure Routing in Wireless Sensor Network Soumyajit Manna Kent State University 5/11/2015Kent State University1.

Secure Routing in Wireless Sensor Network Soumyajit Manna Kent State University 5/11/2015Kent State University1.
Defending Against Traffic Analysis Attacks in Wireless Sensor Networks Security Team 2009.07.20.

Defending Against Traffic Analysis Attacks in Wireless Sensor Networks Security Team
Introduction to Sensor Networks Rabie A. Ramadan, PhD Cairo University 4.

Introduction to Sensor Networks Rabie A. Ramadan, PhD Cairo University 4.
Edith C. H. Ngai1, Jiangchuan Liu2, and Michael R. Lyu1

Edith C. H. Ngai1, Jiangchuan Liu2, and Michael R. Lyu1
Secure Routing in WSNs: Attacks & Countermeasures Chris Karlof & David Wagner, UC Berkeley 1 st IEEE International Workshop on Sensor Network Protocols.

Secure Routing in WSNs: Attacks & Countermeasures Chris Karlof & David Wagner, UC Berkeley 1 st IEEE International Workshop on Sensor Network Protocols.
1-1 CMPE 259 Sensor Networks Katia Obraczka Winter 2005 Security.

1-1 CMPE 259 Sensor Networks Katia Obraczka Winter 2005 Security.
Nov.6, 2002 Secure Routing Protocol for Ad Hoc Networks Li Xiaoqi.

Nov.6, 2002 Secure Routing Protocol for Ad Hoc Networks Li Xiaoqi.

Similar presentations

Ads by Google