Denial Of Service in Sensor Networks - CSE Buffalo

Download Report

Transcript Denial Of Service in Sensor Networks - CSE Buffalo

ADVANCED TOPICS
Shambhu Upadhyaya
Computer Science & Eng.
University at Buffalo
Buffalo, New York 14260
Shambhu Upadhyaya
1
Mesh Networks
and Security
Shambhu Upadhyaya
2
What are Wireless Mesh Networks?

Similar to Wi-Fi Networks


Instead of multiple wireless hotspots (WHS),
WMNs use one WHS and several transit access
points (TAP), also called routers
Clients connect to TAPs, which connect
wirelessly to the WHS either directly or
multi-hopping over other TAPs
Shambhu Upadhyaya
3
WMNs




WMN provides reliability through redundancy
It is a special case of wireless ad hoc networks
Wireless mesh networks can be implemented
with various wireless technologies including
802.11 (802.11s), 802.15, 802.16
Examples



MIT RoofNet (2001)
Quail Ridge WMN (QuRiNet) at Napa Valley, CA
(2004)
Also useful in smart grid for automatic meter reading
Shambhu Upadhyaya
4
Advantages/Disadvantages

•
Advantages
 The TAPs themselves are cheaper than WHS
 Since TAPs communicate by wireless signals, they
do not require cabling to be run to add new TAPs
• Allows for rapid deployment of temporary
networks
Disadvantages
 TAPs are often placed in unprotected locations
 Lack of physical security guarantees
 Communications are wireless and therefore
susceptible to all the vulnerabilities of wireless
transmissions
Shambhu Upadhyaya
5
Three Security Challenges
Posed by WMNs

Securing the routing mechanism



Detection of corrupt TAPs


WMNs rely on multi-hop transmissions over a
predominantly wireless network
Routing protocol is very important and a tempting target
The TAPs are likely to be stored in unprotected locations,
so they may be easily accessed by malicious entities and
can be corrupted or stolen
Providing fairness

The protocol needs to be designed to distribute
bandwidth between the TAPs in a manner fair to the
users to prevent bandwidth starvation of devices far from
the WHS
Shambhu Upadhyaya
6
Fairness

There are several ways in which bandwidth can
be distributed among TAPs
• What may be the best solution is to
distribute bandwidth proportional to the
number of clients using a TAP
Shambhu Upadhyaya
7
Attack Model
 Four simple types of attacks possible
 The first attack is removal and
replacement of the device
 easily detected by change of topology
 Access the internal state of the device
 Modify internal state
 Clone TAPs
 Other sophisticated attacks possible
 Blocking attacks, black hole, sybil, etc.
Shambhu Upadhyaya
8
Access Internal State
 This is a passive attack and is difficult to
detect
 In this attack the attacker need not
disconnect the device from WMN
 Even the disconnection cannot be
detected
 The effect of the attack can be reduced
by changing the TAP data at regular
intervals
Shambhu Upadhyaya
9
Modify Internal State
 In this type of attack, the attacker
can modify the routing algorithm
 This type attack also changes the
topology
 It can also be detected by WHS
Shambhu Upadhyaya
10
Clone TAP
 In this type of attack the attacker is
able to create a replica of the TAP
and place this in a strategic location
in WMN
 It also allows the attacker to inject
some false data or to disconnect
some parts of network
 It can damage the routing
mechanisms but can be detected
Shambhu Upadhyaya
11
Jamming and Countermeasure


The first diagram shows the attack by the
adversary
The second diagram shows the protection
measure for this attack after detection
Shambhu Upadhyaya
12
Attacks on Multihop Routing in
WMN


Rational attack vs. malicious attack
A rational attack



Does only if misbehaving is beneficial in terms of
price, QoS, or resource saving
For instance, force the traffic through a specific TAP
in order to monitor the traffic of a given mobile client
or region
A malicious attack


Involves partitioning the network or isolating the
TAPs
For instance, the routes between WHS and TAPs are
artificially increased leading to poor performance
Shambhu Upadhyaya
13
Securing Multihop Routing
 Using secure routing protocols to
prevent attacks against routing
messages
 If the state of one or more TAPs is
modified, the attack can be detected
and the network reconfigured
 DoS attacks can be prevented by
identifying the source of disturbance
and disabling it
Shambhu Upadhyaya
14
Generalized WMNs
 Vehicular Networks is special case of
WMNs where TAPs are represented by
cars and roadside WHS
 Involves applications such as reporting
events (accidents), cooperative driving,
payment services and location based
services
 Multi-Operator WMNs include several
operators and various devices: mobile
phones, laptops, base stations and APs
Shambhu Upadhyaya
15
Conclusion
 WMNs extend the coverage of WHS in
an inexpensive manner
 The three fundamental security issues
that have to be addressed in WMNs
• Detection of corrupt TAPs
• Defining and using a secure routing
protocol
• Defining and implementing a proper
fairness metric
Shambhu Upadhyaya
16
Reference

Ben Salem, N.; Hubaux, J-P, "Securing wireless
mesh networks ,“ Wireless Communications,
IEEE, vol.13, no.2, pp.50,55, April 2006
Shambhu Upadhyaya
17
Energy-Aware
Computing
Shambhu Upadhyaya
18
Issues in Sensor Networks





Localization
Synchronization
In-network processing
Data-centric querying
Energy-aware computing
Shambhu Upadhyaya
19
Energy Constraints


Battery-powered devices
Communication is much more energy
consuming than computation






Transmitting 1 bit costs as much energy as running
1,000 instructions
Gap is only going to be larger in the future
Load balancing
Coordinated sleeping schedules
Explore correlation in sensing data
Power saving techniques integral to most
sensor networks
Shambhu Upadhyaya
20
MAC Protocols for Sensor
Networks
 Contention-Based:
 CSMA protocols (IEEE 802.15.4)
 Random access to avoid collisions
 IEEE 802.11 type with power saving
methods
 Scheduling-Based:
 Assign transmission schedules
(sleep/awake patterns) to each node
 Variants of TDMA
 Hybrid schemes
Shambhu Upadhyaya
21
MAC Protocol Examples




PAMAS [SR98]:

Power-aware Medium-Access Protocol with Signaling

Contention-based access

Powers off nodes that are not receiving or forwarding packets

Uses a separate signaling channel
S-MAC [YHE02]:

Sensor Medium Access Control protocol

Contention-based access
TRAMA [ROGLA03]:

Traffic-adaptive medium access protocol

Schedule- and contention-based access
Wave scheduling [TYD+04]:

Schedule- and contention-based access
Shambhu Upadhyaya
22
S-MAC

Identifies sources of energy waste [YHE03]:






Collision
Overhearing
Overhead due to control traffic
Idle listening
Trade off latency and fairness for reducing
energy consumption
Components of S-MAC:


A periodic sleep and listen pattern for each node
Collision and overhearing avoidance
Shambhu Upadhyaya
23
S-MAC: Sleep and Listen
Schedules


Each node has a sleep and listen schedule and
maintains a table of schedules of neighboring
nodes
Before selecting a schedule, node listens for a
period of time:




If it hears a schedule broadcast, then it adopts that
schedule and rebroadcasts it after a random delay
Otherwise, it selects a schedule and broadcasts it
If a node receives a different schedule after
selecting its schedule, it adopts both schedules
Need significant degree of synchronization
Shambhu Upadhyaya
24
S-MAC: Collision and
Overhearing Avoidance
 Collision avoidance:
 Within a listen phase, senders contending to
send messages to same receiver use 802.11
 Overhearing avoidance:
 When a node hears an RTS or CTS packet,
then it goes to sleep
 All neighbors of a sender and the receiver
sleep until the current transmission is over
Shambhu Upadhyaya
25
Routing Strategies

Geographic routing:




Attribute-based routing:




Greedy routing
Perimeter or face routing
Geographic localization
Directed diffusion
Rumor routing
Geographic hash tables
Energy-aware routing:


Minimum-energy broadcast
Energy-aware routing to a region
Shambhu Upadhyaya
26
Energy-Aware Routing


Need energy-efficient paths
Notions of energy-efficiency:


Select path with smallest energy consumption
Select paths so that network lifetime is maximized




When network gets disconnected
When one node dies
When area being sensed is not covered any more
Approaches:


Combine geographic routing with energy-awareness
Minimum-energy broadcast
Shambhu Upadhyaya
27
Minimum Energy Broadcast
Routing







Given a set of nodes in the plane
Goal: Broadcast from a source to all nodes
In a single step, a node may broadcast within a range by
appropriately adjusting transmit power
Energy consumed by a broadcast over range γ is
proportional to γα
Problem: Compute the sequence of broadcast steps that
consume minimum total energy
Centralized solutions
NP-complete [ZHE02]
Shambhu Upadhyaya
28
Three Greedy Heuristics

In each tree, power for each node proportional
to αth exponent of distance to farthest child in
tree

Shortest Paths Tree (SPT) [WNE02]


Minimum Spanning Tree (MST) [WNE02]


Maintains an arborescence rooted at source
Broadcasting Incremental Power (BIP) [WNE02]


“Node” version of Dijkstra’s SPT algorithm
In each step, add a node that can be reached with
minimum increment in total cost
SPT is Ω(n)-approximate, MST and BIP have
approximation ratio of at most 12 [WCLF01]
Shambhu Upadhyaya
29
References

Feng Zhao and Leonidas Guibas, Wireless Sensor
Networks: An Information Processing Approach, Morgan
Kaufman, 2004

Jeffrey E. Wieselthier, Gam D. Nguyen, and Anthony
Ephremides. 2002. Energy-efficient broadcast and
multicast trees in wireless networks. Mob. Netw. Appl. 7,
6 (December 2002)
Shambhu Upadhyaya
30
Advanced Metering
Infrastructure
(AMI)
Shambhu Upadhyaya
31
A Typical Smart Grid
Shambhu Upadhyaya
32
Advanced Meter Reading






Advanced Metering Infrastructure (AMI) or smart meters
(2-way)
Used for revenue accounting
Wireless based

Many proprietary

Moderate range, drive-by reading

Mesh (Zigbee) and WiFi sometimes
About 50Million AMR/AMI installed (USA)
Suggested standard: ANSI C12.18
Smart meters (at Microgrid level) provide information
needed to analyze energy usage and thus allow energy
minimization algorithms to be implemented
Shambhu Upadhyaya
33
Prospects for Smart Appliances

Examples: smart refrigerator, smart dryer

Two-way communication via Internet

Logical extension of smart grid/buildings

Technically possible for years but …

Hardware costs high; Installation may be complex; Standards lacking

Forms a SCADA or CPS system

Security and privacy concerns high

Benefits unclear

Futuristic discussion mostly
Shambhu Upadhyaya
34
Smart Metering Communication




Zigbee is ideal for AMI
Can network a no. of sensors and controllers in
a household
Possibly in a mesh network
Can operate in one of 3 frequency bands
Shambhu Upadhyaya
35
Potential Concerns

WiFi and Zigbee interference


Security concerns of ad hoc and mesh networks apply





Can be handled by separating the channels by 30MHz
Eavesdropping
Traffic analysis
Replay attacks
Additionally:
 Employee mistakes, equipment malfunctions, virus,
coordinated attacks from a state or terrorist group
Privacy concerns
 Smart meters collect personally identifiable info
 Cyber criminals could use them for identity theft
Shambhu Upadhyaya
36
A Privacy Compromise Scenario

Electricity use patterns could lead to disclosure

Could leak info on customers





When they’re at home (sleeping versus watching
television)
When at work, or traveling
It might also be possible to discover what types of
appliances and devices are present
Increases in power draw could suggest changes in
business operations
Impacts


Criminal targeting of home
Business intelligence to competitors
Shambhu Upadhyaya
37
Hacking Attacks and Mitigation

Two-way communication between customers and utility companies
means more risk

Two-way meters accessible to both users and enemies (use buggy
s/w)

Smart meter is the pain point (may be hacked)



Simulation of a worm injected into a meter shows

how it would spread

how it can be used to cause power grids to surge or shut off

Common vulnerabilities exist, but no powerful devices to implement

Devices do not have cycles to implement strong crypto solutions
Mitigation techniques

Zigbee security (uses hierarchy of keys)

Machine-to-machine strong authentication

Encryption

Data hashing, digital signing, etc.
This is an active research area today
Shambhu Upadhyaya
38
References


Darold Wobschall, University at Buffalo, 2012
M. Nabeel, J. Zage, S. Kerr, E. Bertino,
Cryptographic Key Management for Smart
Power Grids, 2012,
http://www.cerias.purdue.edu/apps/reports_an
d_papers/view/4591
Shambhu Upadhyaya
39
Internet of Things
(IoT)
Shambhu Upadhyaya
40
What is IoT?




Loosely coupled decentralized system of smart objects
Ubiquitous computing, 100B to be connected to the
Internet by 2020
After the WWW, IoT represents the most potentially
disruptive technological revolution
What inspired IoT?




RFID, Short-range wireless communication
Real-time localization
Sensor networks
What does it entail?



Scientific theory
Engineering design
User experience
Shambhu Upadhyaya
41
IoT Curriculum




Universities have started building special curricula
Open University in UK has developed a learning
infrastructure for collaborative learning in IoT

Merging of the physical and digital realms (CPS)

Physical objects become true actors on the Internet

Huge increase in the number of internetconnected devices,
objects, sensors and actuators

Huge increase in the amount and value of data (Big Data)

Emergence of novel embedded device platforms below the level of
personal mobile devices

Novel applications in energy, transport, health, business and daily
life
Expectation is that MOOCs may take up the challenge
Companies such as Cisco, IBM, Intel are engaging
Shambhu Upadhyaya
42
Skills Set for IoT



Algorithms
Programming skills
Distribution and collaboration




Creative design
Collaborative design
Ethical issues


Ability to develop networked sensing apps
Privacy and security
Computing in society
Shambhu Upadhyaya
43
Typical Components of IoT






iPod
Nokia, Android cell phones
Nintendo DS, Game Boy Advance
Roomba 500 iRobot
Sirius Satellite Radio Receivers
Automobiles
Shambhu Upadhyaya
44
IoT Protocol Details
 IEEE 802.15.4 is the standard for low
rate WPANs
 802.15.4 handles the physical and
MAC layer but not upper layers
 Can be used with 6LoWPAN and
standard IP protocols to build a
wireless embedded Internet
 6LoWPAN is the low power IPv6 version
developed for small devices
Shambhu Upadhyaya
45
Internet of Nano Things
Shambhu Upadhyaya
46
Security Challenges in IoT

Cryptographic security


Traditional tools may not be suitable due to limited processor speed and
memory
Key management



Credentialing



Credentialing users and devices required
may not scale due to the sheer size of the nework
Identity management




Manual key management may not scale
Limited user interfaces will make security deployment difficult
A devise identity may need to be mapped to groups of users
Usability is also an issue
Limited user interface
Privacy


Sensitive information on health front
“network guards” may be needed
Shambhu Upadhyaya
47
References
 http://prezi.com/aordc8uod3rj/intern
et-of-things-presentation/
 IEEE Computer, February 2013
 I. Akyildiz and J. Jornet, The Internet
of Nano-Things, IEEE Wireless
Communications, 2010
Shambhu Upadhyaya
48