Transcript Denial Of Service in Sensor Networks

Denial of Service in
Sensor Networks
Authors: Anthony D. Wood,
John A. Stankovic
Presented by: Aiyaz Amin Paniwala
1
The paper









Introduction
Theory and Application
Denial of Service Threat
Physical Layer
Link Layer
Networking Layer
Transport Layer
Conclusion
References
2
Introduction
WSN involves large-scale, real time data
processing in complex environments
 WSN is used for various applications
 Availability is of great importance
 Consideration of security at design time is
essential

3
Theory





Growing use of application dependent sensor
networks
Many limitations exist in WSN like power
reserves, wireless communication, identifiers
Network must operate under partial failure
Network must meet real time requirements
Data may be intrinsically valid for short time
4
Application





Sensor Networks are used in different
environments with different needs
Military application is primary
Can be used in inaccessible locations like
volcanoes
Can be used in critical situations like natural or
man made disasters
In all applications network must be resilient to
individual node failure
5
Denial of Service Threat
Any event that diminishes or eliminates a
network’s capacity to perform it’s expected
function
 Caused by hardware failures, software
bugs, resource exhaustion, environmental
conditions or other complicated
interactions

6
The Layered Approach
A layered network architecture improves
robustness
 Each layer has different attacks and
different defensive mechanisms
 Some attacks are applicable across
multiple layers

7
Tabular Representation
8
Physical Layer
This layer deals with the physical
transmission in the form of signals
 Nodes use wireless communication
 Base Stations use wired or satellite
communication.
 Attacks

Jamming
 Tampering

9
Jamming
Interferes with radio frequencies
 An adversary can use k randomly
distributed jamming nodes
 These k nodes can put N nodes out of
service (k<<N)
 Effective for single frequency network

10
Detection of Jamming
Determined by constant energy as
opposed to lack of response
 Jamming can be sporadic and hence more
difficult to detect yet effective
 Jamming itself prevents exchanging data
or even reporting the attack

11
Prevention and Mitigation




Spread spectrum communication (code
spreading)
It is less feasible due to design complexity, more
power and more cost
Attacked nodes can switch to lower duty cycle
and wake up to check for jamming
For intermittent jamming nodes send few high
power, high priority messages to report attack
12
Local Jamming
13
Tampering
Attacker can physically tamper nodes
 Likewise nodes can be interrogated and
compromised
 Attacker can damage or replace sensor
and computation hardware
 Attacker can extract sensitive material and
use it for further attacks

14
Prevention and Mitigation
Tamper proofing against physical damage
 Camouflaging or hiding nodes
 React to tampering by erasing
cryptographic or program memory

15
Link Layer
Provides Channel arbitration
 Cooperative schemes are vulnerable to
DoS attacks
 Sensor Network is susceptible to

Collision
 Exhaustion
 Unfairness

16
Collision
Adversary may cause disruption by
inducing collision in just one octet of
transmission
 Corruption of ACK can induce costly
exponential back-off
 The attacker requires minimum energy for
listening

17
Detection, Prevention and
Mitigation
Errors are detected using checksum
mismatch
 There is no effective way of defending
against such an attack
 Error Correcting codes can be used at the
cost of increased overheads

18
Exhaustion





Repeated retransmissions are triggered even by
unusually late collisions
This leads to exhaustion of battery source
It can potentially block availability
A node could repeatedly request channel access
with RTS
This causes power losses on both requesting
and responding node
19
Detection, Prevention and
Mitigation






Random back-offs can be used for prevention
Ineffective as they would only decrease
probability of inadvertent collisions
Time division multiplexing
Solve the indefinite postponement problem
MAC admission control rate limiting
Limiting the extraneous responses required
20
Unfairness
It is a weaker form of DoS
 It mostly degrades service than denies it
 It exploits MAC-Layer priority schemes
 It can be prevented by use of small frames
 This may increase framing overheads
 Adversary can cheat while vying for
access

21
Network and Routing Layer




Messages may traverse many hops before
reaching the destination
The cost of relaying a packet and the probability
of its loss increases in an aggregate network
Every node can act as a router
Hence the routing protocols should be simple
and robust
22
Neglect and Greed
A neglectful node arbitrarily neglects to
route some messages
 Its undue priority to messages originating
from it makes it greedy
 Multiple routes or sending redundant
messages can reduce its effect.
 It is difficult to detect

23
Homing




Important nodes and their identities are exposed
to mount further attacks
A passive adversary observes traffic to learn the
presence and location of critical resources
Shared cryptographic keys are an effective
mechanism to conceal the identity of such nodes
This makes the assumption that none of the
nodes have been subverted
24
Misdirection
Messages are forwarded in wrong paths
 This attack targets the sender
 Adversary can forge replies to route
discovery requests and include the
spoofed route
 Sensor networks can use an approach
similar to egress filtering

25
Black Holes




Nodes advertise zero cost routes to every other
node
Network traffic is routed towards these nodes
This disrupts message delivery and causes
intense resource contention
These are easily detected but more disruptive
26
Authorization




This is a defense mechanism against
misdirection and black-hole
Only authorized node can share information
Public-key encryption can be used for routing
updates
The problems are with computational and
communication overheads and key management
27
Monitoring
Nodes can keep monitoring their
neighbors
 Nodes become watchdogs for transmitted
packets
 Each of them has a quality-rating
mechanism

28
Probing
A network probe tests network connectivity
 This mechanism can be used to easily
detect Black holes
 A distributed probing scheme can detect
malicious nodes

29
Redundancy
Lessens the probability of encountering a
malicious node
 Duplicate messages can also be sent
using same path to deal with intermittent
failure

30
Transport Layer
Manages end-to-end connections
 Sensor Networks utilize protocols with
minimum overhead
 The potential threats are

Flooding
 Desynchronization

31
Flooding





Adversary send many connection establishment
request to victim
Each request causes allocation of resources
It can be prevented by limiting the number of
connections
Connectionless protocols are not susceptible to
this attack
Another solution is client puzzles
32
Desynchronization
The attacker forges messages to one or
both ends with sequence numbers
 This causes the end points to request
retransmissions of missed frames
 This may lead to lack of availability and
resource exhaustion
 Authentication can prevent such an attack

33
Adaptive rate control


Describe a series of improvements to standard
MAC protocols
Key mechanisms include





Random delay for transmissions
Back-off that shifts an applications periodicity phase
Minimization of overhead in contention control mechanisms
Passive adaptation of originating and route-through
admission control rates
Anticipatory delay for avoiding multihop hidden node
problems
34
Conclusion




Attempts at adding security focus on
cryptographic-authentication mechanisms
Use of higher security mechanisms poses
serious complications in Sensor Networks
It is essential to incorporate security
considerations during design-time
Without adequate protection against DoS and
other attacks sensor networks may not be
deployable at all
35
References




C.L.Schuba et al., “Analysis of a Denial of Service Attack on TCP”,
Proc. IEEE Symp. Security and Privacy, IEEE Press, Piscataway,
N.J., 1997, pp. 208-223
A Perrig et al., “SPIN: Security Protocols for Sensor Networks,”
Proc. 7th Ann. Intl. Conf. Mobile Computing and Networking
(MobiCom 2001), ACM Press, New York, 2001, pp. 189-199
CERT Coordination Center, “Smurf IP Denial-of-Service Attacks”,
CERT Advisory CA-98:01,Jan. 1998.
A. Woo and D.E. Culler, “A Transmission Control Scheme for Media
Access in Sensor Networks,” Proc. 7th Ann Int’l Conf. Mobile
Computing and Networking (MobiCom 2001), ACM Press, New
York, 2001, pp. 221-235
36