Presentation is loading. Please wait.

Presentation is loading. Please wait.

NDSS 2004Hu and Evans, UVa1 Using Directional Antennas to Prevent Wormhole Attacks Lingxuan Hu and David Evans [lingxuan, Department.

Published byAlicia Wilson Modified over 8 years ago

Similar presentations

Presentation on theme: "NDSS 2004Hu and Evans, UVa1 Using Directional Antennas to Prevent Wormhole Attacks Lingxuan Hu and David Evans [lingxuan, Department."— Presentation transcript:

1 NDSS 2004Hu and Evans, UVa1 Using Directional Antennas to Prevent Wormhole Attacks Lingxuan Hu and David Evans [lingxuan, evans]@cs.virginia.edu Department of Computer Science University of Virginia NDSS 20045 February 2004 http://www.cs.virginia.edu/evans/

2 NDSS 2004Hu and Evans, UVa2 Wormhole Attack S D A B C Attacker needs a transceivers at two locations in the network, connected by a low latency link Attacker replays (selectively) packets heard at one location at the other location X Y Pirate image by Donald Synstelien

3 NDSS 2004Hu and Evans, UVa3 Beacon Routing 0 1 2 3 4 Nodes select parents based on minimum hops to base station

4 NDSS 2004Hu and Evans, UVa4 Wormhole vs. Beacon Routing 0 1 2 X Y 0 1 2 Wormhole attack disrupts network without needing to break any cryptography! [Karlof and Wagner, 2003]; [Hu, Perrig, Johnson 2003]

5 NDSS 2004Hu and Evans, UVa5 0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1 0 50 100 150 200 250 300 350 400 450 500 Fraction of Routes to Base Station Disrupted Position of Endpoint (x,x) Base Station at Corner Base Station at Center Wormhole Impact 0 500 0 A randomly placed wormhole disrupts ~5% of links A single wormhole can disrupt 40% of links (center)

6 NDSS 2004Hu and Evans, UVa6 Possible Solutions Packet Arrival Time –Packet Leashes [Hu, Perrig, Johnson 2003] –Signal is transmitted at speed of light –Requires tightly synchronized clocks (temporal leashes) or precise location information (geographic leashes) Packet Arrival Direction

7 NDSS 2004Hu and Evans, UVa7 Directional Antennas Model based on [Choudhury and Vaidya, 2002] General benefits: power saving, less collisions 1 23 4 56 North Aligned to magnetic North, so zone 1 always faces East Omnidirectional Transmission Directional Transmission from Zone 4

8 NDSS 2004Hu and Evans, UVa8 Assumptions Legitimate nodes can establish secure node- node links –All critical messages are encrypted Network is fairly dense Nodes are stationary Most links are bidirectional (unidirectional links cannot be established) Transmissions are perfect wedges Nodes are aligned perfectly (relaxed in paper)

9 NDSS 2004Hu and Evans, UVa9 Protocol Idea Wormhole attack depends on a node that is not nearby convincing another node it is Verify neighbors are really neighbors Only accept messages from verified neighbors

10 NDSS 2004Hu and Evans, UVa10 Directional Neighbor Discovery A 1. A  RegionHELLO | ID A Sent by all antenna elements (sweeping) 2. B  AID B | E K BA (ID A | R | zone (B, A)) Sent by zone (B, A) element, R is nonce 3.A  BR Checks zone is opposite, sent by zone (A, B) B zone (B, A) = 4 is the antenna zone in which B hears A 1 23 4 56

11 NDSS 2004Hu and Evans, UVa11 A B zone (B, A[Y]) = 1 zone (A, B [X]) = 1 False Neighbor: zone (A, B) should be opposite zone (B, A) Detecting False Neighbors 1 23 4 56 X Y

12 NDSS 2004Hu and Evans, UVa12 A B zone (B, A[Y]) = 4 zone (A, B [X]) = 1 Undetected False Neighbor: zone (A, B) = opposite of zone (B, A) Not Detecting False Neighbors 1 23 4 56 X Y Directional neighbor discovery prevents 1/6 of false direct links…but doesn’t prevent disruption

13 NDSS 2004Hu and Evans, UVa13 Observation: Cooperate! Wormhole can only trick nodes in particular locations Verify neighbors using other nodes Based on the direction from which you hear the verifier node, and it hears the announcer, can distinguish legitimate neighbor

14 NDSS 2004Hu and Evans, UVa14 Verifier Region v zone (B, A) = 4 zone (V, A) = 3 1 23 4 56 A verifier must satisfy these two properties: 1. Be heard by B in a different zone: zone (B, A) ≠ zone (B, V) 2. B and V hear A in different zones: zone (B, A) ≠ zone (V, A) zone (B, A) = 4 zone (B, V) = 5 (one more constraint will be explained soon)

15 NDSS 2004Hu and Evans, UVa15 V Verified Neighbor Discovery 1. A  RegionAnnouncement, done through sequential sweeping 2. B  AInclude nonce and zone information in the message 3. A  BCheck zone information and send back the nonce A B 4. INQUIRY | ID B | ID A | zone (B, A) 5. ID V | E KBV (ID A | zone (V, B)) Same as before 4. B  RegionRequest for verifier to validate A 5. V  BIf V is a valid verifier, sends confirmation 6. B  AAccept A as its neighbor and notify A

16 NDSS 2004Hu and Evans, UVa16 Verifier Analysis v B A Region 1 Region 2 X Y 1 23 4 56 1 23 4 56 Wormhole cannot trick a valid verifier: zone (V, A [Y]) = 5 zone (A, V [X]) = 1 Not opposites: verification fails

17 NDSS 2004Hu and Evans, UVa17 Worawannotai Attack v B A Region 1 Region 2 X 1 23 56 23 4 56 V hears A and B directly A and B hear V directly But, A and B hear each other only through repeated X

18 NDSS 2004Hu and Evans, UVa18 Preventing Attack 1. zone (B, A)  zone (B, V) 2. zone (B, A)  zone (V, A) 3. zone (B, V) cannot be both adjacent to zone (B, A) and adjacent to zone (V, A)

19 NDSS 2004Hu and Evans, UVa19 Cost Analysis Communication Overhead –Minimal –Establishing link keys typically requires announcement, challenge and response –Adds messages for inquiry, verification and acceptance Connectivity –How many legitimate links are lost because they cannot be verified?

20 NDSS 2004Hu and Evans, UVa20 Lose Some Legitimate Links 0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1 0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1 Link Disconnection Probability Node Distance (r) Verified Protocol Strict Protocol (Preventing W Attack) Network Density = 10 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1 Node Distance (r) 0 Verified Protocol Strict Protocol (Preventing W Attack) Network Density = 3

21 NDSS 2004Hu and Evans, UVa21 …but small effect on connectivity and routing 0 1 2 3 4 5 6 7 8 9 10 4 6 8 12 14 16 18 20 Average Path Length Omnidirectional Node Density Strict Protocol Trust All Verified Protocol Network with density = 10 Verified protocol: 0.5% links are lost no nodes disconnected Strict protocol: 40% links are lost 0.03% nodes disconnected (More details and experiments in paper)

22 NDSS 2004Hu and Evans, UVa22 Vulnerabilities Attacker with multiple wormhole endpoints –Can create packets coming from different directions to appear neighborly Magnet Attacks –Protocol depends on compass alignment of nodes Antenna, orientation inaccuracies –Real transmissions are not perfect wedges

23 NDSS 2004Hu and Evans, UVa23 Conclusion/Moral An attacker with few resources and no crypto keys can substantially disrupt a network with a wormhole attack Mr. Rogers was right: “Be a good neighbor” –If you know your neighbors, can detect wormhole –Need to cooperate with your neighbors to know who your legitimate neighbors are

24 NDSS 2004Hu and Evans, UVa24 http://www.cs.virginia.edu/evans/ndss04

Download ppt "NDSS 2004Hu and Evans, UVa1 Using Directional Antennas to Prevent Wormhole Attacks Lingxuan Hu and David Evans [lingxuan, Department."

Similar presentations

Chris Karlof and David Wagner

Chris Karlof and David Wagner
Jason Li Jeremy Fowers. Background Information Wireless sensor network characteristics General sensor network security mechanisms DoS attacks and defenses.

Jason Li Jeremy Fowers. Background Information Wireless sensor network characteristics General sensor network security mechanisms DoS attacks and defenses.
Localization for Mobile Sensor Networks ACM MobiCom 2004 Lingxuan HuDavid Evans Department of Computer Science University of Virginia.

Localization for Mobile Sensor Networks ACM MobiCom 2004 Lingxuan HuDavid Evans Department of Computer Science University of Virginia.
Secure Location Verification with Hidden and Mobile Base Stations -TMC Apr, 2008 Srdjan Capkun, Kasper Bonne Rasmussen, Mario Cagalj, Mani Srivastava.

Secure Location Verification with Hidden and Mobile Base Stations -TMC Apr, 2008 Srdjan Capkun, Kasper Bonne Rasmussen, Mario Cagalj, Mani Srivastava.
A 2 -MAC: An Adaptive, Anycast MAC Protocol for Wireless Sensor Networks Hwee-Xian TAN and Mun Choon CHAN Department of Computer Science, School of Computing.

A 2 -MAC: An Adaptive, Anycast MAC Protocol for Wireless Sensor Networks Hwee-Xian TAN and Mun Choon CHAN Department of Computer Science, School of Computing.
A Survey of Secure Wireless Ad Hoc Routing

A Survey of Secure Wireless Ad Hoc Routing
Secure Routing in Wireless Sensor Network Soumyajit Manna Kent State University 5/11/2015Kent State University1.

Secure Routing in Wireless Sensor Network Soumyajit Manna Kent State University 5/11/2015Kent State University1.
Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)

Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)
Computer Science 1 CSC 774 Advanced Network Security Enhancing Source-Location Privacy in Sensor Network Routing (ICDCS ’05) Brian Rogers Nov. 21, 2005.

Computer Science 1 CSC 774 Advanced Network Security Enhancing Source-Location Privacy in Sensor Network Routing (ICDCS ’05) Brian Rogers Nov. 21, 2005.
Detecting Phantom Nodes in Wireless Sensor Networks Joengmin Hwang Tian He Yongdae Kim Department of Computer Science, University of Minnesota, Minneapolis.

Detecting Phantom Nodes in Wireless Sensor Networks Joengmin Hwang Tian He Yongdae Kim Department of Computer Science, University of Minnesota, Minneapolis.
Introduction to Sensor Networks Rabie A. Ramadan, PhD Cairo University 4.

Introduction to Sensor Networks Rabie A. Ramadan, PhD Cairo University 4.
Using Directional Antennas to Prevent Wormhole Attacks Lingxuan Hu, David Evans Jason Buckingham CSCI 7143: Secure Sensor Networks November 2, 2004.

Using Directional Antennas to Prevent Wormhole Attacks Lingxuan Hu, David Evans Jason Buckingham CSCI 7143: Secure Sensor Networks November 2, 2004.
A Low-Cost Method to Thwart Relay Attacks in Wireless Sensor Networks Reza Shokri Tutors: Panos Papadimitratos, Marcin Poturalski 29 January 2008.

A Low-Cost Method to Thwart Relay Attacks in Wireless Sensor Networks Reza Shokri Tutors: Panos Papadimitratos, Marcin Poturalski 29 January 2008.
Detecting Wormhole Attacks in Wireless Networks Using Connectivity Information 97598039 梁紀翔 97598050 王謙志 NETLab.

Detecting Wormhole Attacks in Wireless Networks Using Connectivity Information 梁紀翔 王謙志 NETLab.
Secure Data Communication in Mobile Ad Hoc Networks Authors: Panagiotis Papadimitratos and Zygmunt J Haas Presented by Sarah Casey Authors: Panagiotis.

Secure Data Communication in Mobile Ad Hoc Networks Authors: Panagiotis Papadimitratos and Zygmunt J Haas Presented by Sarah Casey Authors: Panagiotis.
Secure Routing in Sensor Networks: Attacks and Countermeasures First IEEE International Workshop on Sensor Network Protocols and Applications 5/11/2003.

Secure Routing in Sensor Networks: Attacks and Countermeasures First IEEE International Workshop on Sensor Network Protocols and Applications 5/11/2003.
Packet Leashes: A Defense against Wormhole Attacks in Wireless Networks Yih-Chun Hu (Carnegie Mellon University) Adrian Perrig (Carnegie Mellon University)

Packet Leashes: A Defense against Wormhole Attacks in Wireless Networks Yih-Chun Hu (Carnegie Mellon University) Adrian Perrig (Carnegie Mellon University)
SUMP: A Secure Unicast Messaging Protocol for Wireless Ad Hoc Sensor Networks Jeff Janies, Chin-Tser Huang, Nathan L. Johnson.

SUMP: A Secure Unicast Messaging Protocol for Wireless Ad Hoc Sensor Networks Jeff Janies, Chin-Tser Huang, Nathan L. Johnson.
Yih-Chun Hu Carnegie Mellon University

Yih-Chun Hu Carnegie Mellon University
Challenge: Securing Routing Protocols Adrian Perrig

Challenge: Securing Routing Protocols Adrian Perrig

Similar presentations

Ads by Google