Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security in Wireless Sensor Networks

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Security in Wireless Sensor Networks"— Presentation transcript:

1 Security in Wireless Sensor Networks
Michael Krishnan

2 Outline Types of Attacks Clusters and Intrusion Detection
Game Theory Approach

3 Characteristics of WSNs
Limited Energy (~6Ah) Wireless: Intruders can see transmissions and add their own Traffic is either source to sink (base station) or broadcast

4 Types of Attacks Steal Data – Confidentiality
Alter Data – Data Integrity Limit Service Availability (DoS) Consume Energy “Denial of Sleep” D.o.Sleep – Reduce chances to go to low-power states

5 Confidentiality Public key? Too computationally expensive
Secret key? Bad if node is compromised Secure Network Encryption Protocol (SNEP)

6 SNEP Both sides keep (pair-wise) shared key, k, & shared counter, C, to use as IV in DES Semantic Security Whole network shares MAC() function for authentication: MAC(k,C|{D}) (8 bytes) (Weak) Freshness – replay protection and ordering MAC = msg authentication code

7 Data Integrity Authentication: Can’t use asymmetric digital signatures – too much overhead SNEP: two-party mTESLA: broadcast

8 Data Integrity - mTESLA
One-way function, F(.) Kn = F(Kn+1) Keys disclosed periodically, not per packet Figure from Perrig et al.

9 Service Availability Bogus Routing Information Flooding
Homing – look at traffic to find important nodes “Black Hole” Attack – compromise neighbors of base-station De-synchronization (transport layer)

10 Energy – Denial of Sleep Attack
Unique to WSNs – can’t use techniques from wired networks Sources of Energy Loss Collision – Frequency Hopping, CDMA, FEC Message Overhearing – RTS/CTS, NAV Idle Listening – schedule sleep Brownfield et al. (2005)

11 Scheduling Sleep – S-MAC
Fixed Sleep Schedule RTS During Listen Period If no RTS  sleep Vulnerable during listen period only Sensor MAC Time sync Broadcast throughout listening period Can keep one awake with RTS (also DoS) Figure from Brownfield et al.

12 Scheduling Sleep – T-MAC
Timeout MAC Sleep Early: wait for timeout period Longest time hidden node must wait before first bit of CTS (TA = 1.5*(tCW_Max + tRTS + tSIFS) Saves energy in absence of attacker, but MORE vulnerable to attacks (if never get timeout, stay awake forever) 1.5 is just to keep stable

13 Scheduling Sleep – B-MAC
No fixed listening start time Periodically wake up and sample channel using low power listening (LPL) Longer preamble (longer than sleep period) Just as vulnerable to attack as T-MAC Figure from Brownfield et al.

14 Scheduling Sleep – G-MAC
Split Frame into Collection and Distribution Period Gateway Sensor (GS) node schedules traffic for cluster Rotate being GS to distribute energy use Gateway can keep misbehaving node in check

15 Scheduling Sleep – G-MAC
Figure from Brownfield et al.

16 Clusters Cluster head (CH) and member nodes (MN)
Popular in routing protocols Nearby nodes have redundancy, compressed at CH (save energy) Can also use for intrusion detection CH monitors MNs, while some subset of MNs monitor CH X MNs can decommission CH (homing) CH = GS, rotate

17 Methods of Intrusion Detection
Anomaly Detection – Actions of monitored node are atypical High probability of false alarm Signature Detection – Actions of monitored node correspond to a type of attack Susceptible to new attacks Typical Attacks: Drop Packets Duplicate Packets Cause Collisions

18 Clusters for Authentification
Everyone watch neighbors? Too much energy BS checks packet at the end? Waste energy transmitting bad packet whole route – need to discover this sooner Check packet everywhere? A lot of computation Check at CH. Send packets first to CH Also send to CH with some probability p so compromised node can’t bypass CH.

19 Game Theory Approach Agah et al. (2004)
Model: 2-player, non-cooperative, nonzero-sum Players: IDS, attacker IDS can choose 1 cluster to defend, Attacker can choose 1 to attack

20 Game Theory Approach - Notation
U = Utility of working WSN Ck = Cost to defend cluster k ALk = Average loss for losing cluster k PI = Attackers profit for intruding CI = Attackers cost to intrude CW = Attacker’s cost to wait

21 Game Theory Approach - Assumptions
PI = SAL CW < PI-CI Ck ~ gk, where gk = # previous attacks to k

22 Game Theory Approach Payoff Matrix (for cluster k): Attack k
Do Nothing Attack k” Defend k U-Ck PI-CI CW U-Ck-ALk” Defend k’ U-Ck’-ALk U-Ck’ U-Ck’-ALk”

23 What’s wrong with this? Attacker benefit is independent of what IDS does… Intuitively, this should matter We defend one cluster at a time Why not more? How do they coordinate? (Extra transmissions)

24 Modified Game Theory Approach
Uk = Utility of cluster k Ck = Cost to defend cluster k We can defend as many clusters as we want If we defend cluster k, utility of cluster is Uk-Ck If we don’t and it’s not attacked, utility is Uk If we don’t and it is attacked, utility is 0 Since attacker always attacks, his utility is proportional to IDS’s loss minus a constant (CI)

25 Modified Game Theory Approach
No Pure NE: Suppose there were, then attacker always attacks one particular cluster, k. IDS should then only defend k. But then utility of attacker is less than it would be for attacking another cluster. Requirement for mixed NE: E[util. of attacker] indep. of k – equally likely to attack any cluster  (1-pk)Uk = const, where pk is probability of defending cluster k

26 Modified Game Theory Approach
Strategy: each cluster knows its own utility (maybe from G-MAC) Defend with probability pk=1-X/Uk where X is a constant known to the whole WSN. Expected utility of cluster k: pk(Uk-Ck)+(1- pk)(Uk*(m-1)/m) where m = # clusters

27 Modified Game Theory Approach
Total expected utility of WSN: S[pk(Uk-Ck)+(1- pk)(Uk*(m-1)/m)] = S[(1-X/Uk )(Uk-Ck)+ X/Uk(Uk*(m-1)/m)] = S[Uk-Ck-X+XCk/Uk + X*(m-1)/m)] = m(X*(m-1)/m-X)+S[Uk-Ck+XCk/Uk] = -X+S[Uk-Ck+XCk/Uk]

28 Modified Game Theory Approach
Total expected utility of WSN always defending (pk = 1 for all k): S[Uk-Ck ] = -X+S[Uk-Ck+XCk/Uk ] Gain for using pk < 1 -X+S[Uk-Ck+XCk/Uk] - S[Uk-Ck ] = -X+S[XCk/Uk ] = X(S[Ck/Uk ] –1)

29 Modified Game Theory Approach
Utility gain = X(S[Ck/Uk ] –1) What does this mean? Goes to -X As Ck  0 Positive for larger Ck and smaller Uk. Increases with X (Counter-intuitive) Conclusion: We can improve our utility by defending less when per cluster utility is low and Ck is relatively high 1-> h for h attackers

30 Review Classified Attacks: Confidentiality, Authenticity, Service Availability, Energy Clusters are useful for intrusion detection Game theory approach

Download ppt "Security in Wireless Sensor Networks"

Similar presentations

Chris Karlof and David Wagner

Chris Karlof and David Wagner
Jason Li Jeremy Fowers. Background Information Wireless sensor network characteristics General sensor network security mechanisms DoS attacks and defenses.

Jason Li Jeremy Fowers. Background Information Wireless sensor network characteristics General sensor network security mechanisms DoS attacks and defenses.
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, 2010. ICWCSC 2010. International.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
An Energy Efficient Routing Protocol for Cluster-Based Wireless Sensor Networks Using Ant Colony Optimization Ali-Asghar Salehpour, Babak Mirmobin, Ali.

An Energy Efficient Routing Protocol for Cluster-Based Wireless Sensor Networks Using Ant Colony Optimization Ali-Asghar Salehpour, Babak Mirmobin, Ali.
Computer Networks Group Universität Paderborn Ad hoc and Sensor Networks Chapter 5: Medium access control protocols Holger Karl.

Computer Networks Group Universität Paderborn Ad hoc and Sensor Networks Chapter 5: Medium access control protocols Holger Karl.
Medium Access Control in Wireless Sensor Networks.

Medium Access Control in Wireless Sensor Networks.
802.11 – Wireless PHY and MAC Stallings 502-507. Types of 802.11 802.11 Infrared 802.11 FHSS (frequency hopping spread spectrum) 802.11 DSSS (direct sequence.

– Wireless PHY and MAC Stallings Types of Infrared FHSS (frequency hopping spread spectrum) DSSS (direct sequence.
Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)

Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)
Edith C. H. Ngai1, Jiangchuan Liu2, and Michael R. Lyu1

Edith C. H. Ngai1, Jiangchuan Liu2, and Michael R. Lyu1
Investigating Mac Power Consumption in Wireless Sensor Network

Investigating Mac Power Consumption in Wireless Sensor Network
PEDS September 18, 2006 Power Efficient System for Sensor Networks1 S. Coleri, A. Puri and P. Varaiya UC Berkeley Eighth IEEE International Symposium on.

PEDS September 18, 2006 Power Efficient System for Sensor Networks1 S. Coleri, A. Puri and P. Varaiya UC Berkeley Eighth IEEE International Symposium on.
1 Cross-Layer Scheduling for Power Efficiency in Wireless Sensor Networks Mihail L. Sichitiu Department of Electrical and Computer Engineering North Carolina.

1 Cross-Layer Scheduling for Power Efficiency in Wireless Sensor Networks Mihail L. Sichitiu Department of Electrical and Computer Engineering North Carolina.
Security Issues In Sensor Networks By Priya Palanivelu.

Security Issues In Sensor Networks By Priya Palanivelu.
Adaptive Security for Wireless Sensor Networks Master Thesis – June 2006.

Adaptive Security for Wireless Sensor Networks Master Thesis – June 2006.
Privacy and Security in Embedded Sensor Networks Daniel Turner 11/18/08 CSE237a.

Privacy and Security in Embedded Sensor Networks Daniel Turner 11/18/08 CSE237a.
INSENS: Intrusion-Tolerant Routing For Wireless Sensor Networks By: Jing Deng, Richard Han, Shivakant Mishra Presented by: Daryl Lonnon.

INSENS: Intrusion-Tolerant Routing For Wireless Sensor Networks By: Jing Deng, Richard Han, Shivakant Mishra Presented by: Daryl Lonnon.
Resilience To Jamming Attacks

Resilience To Jamming Attacks
1 University of Freiburg Computer Networks and Telematics Prof. Christian Schindelhauer Wireless Sensor Networks 7th Lecture 15.11.2006 Christian Schindelhauer.

1 University of Freiburg Computer Networks and Telematics Prof. Christian Schindelhauer Wireless Sensor Networks 7th Lecture Christian Schindelhauer.
Self Organization and Energy Efficient TDMA MAC Protocol by Wake Up For Wireless Sensor Networks Zhihui Chen; Ashfaq Khokhar ECE/CS Dept., University of.

Self Organization and Energy Efficient TDMA MAC Protocol by Wake Up For Wireless Sensor Networks Zhihui Chen; Ashfaq Khokhar ECE/CS Dept., University of.
1 University of Freiburg Computer Networks and Telematics Prof. Christian Schindelhauer Wireless Sensor Networks 9th Lecture 22.11.2006 Christian Schindelhauer.

1 University of Freiburg Computer Networks and Telematics Prof. Christian Schindelhauer Wireless Sensor Networks 9th Lecture Christian Schindelhauer.

Similar presentations

Ads by Google