Date post: | 02-Jan-2016 |
Category: |
Documents |
Upload: | flavia-pittman |
View: | 24 times |
Download: | 2 times |
DENIAL OF SERVICE IN SENSOR NETWORKSPratik Zirpe
Instructor – Dr. T. Andrew Yang
Agenda
Introduction Concepts Denial of Service Threat Physical layer Link layer Network layer Transport layer Conclusion
Introduction
Real-time data processing Applications Availability Denial of service
Concepts
Application dependent networks Limited individual capability of nodes Must continue operating after significant
node failure
Security demands of a network Network has to face harsh environments
and intelligent opposition Disasters Public safety Home healthcare Design time consideration
Denial of Service Threat
Any event that diminishes or eliminates a network’s capacity to perform it’s expected function
Reasons may be hardware failures, software bugs, resource exhaustion, environmental conditions or other complicated interactions.
Layered Network Architecture Improves robustness of the system Each layer is vulnerable to different DoS
attacks Some attacks may crosscut multiple
layers
Layered model
Physical layer
Nodes use wireless communication
Base stations use wired or satellite communication
Attacks- Jamming Tampering
Jamming
Interferes with radio frequencies of nodes
Randomly distributed k nodes can put N nodes out of service (k<<N)
Effective in single frequency networks
Detection
Determined by constant energy that impedes communication
Constant jamming prevents nodes from exchanging data or even reporting attack to remote monitoring stations
Sporadic jamming is also effective
Prevention or mitigation
Spread-spectrum communication – not feasible solution
Attacked nodes can be put in long-term sleep and have them wake up periodically to test the channel
High priority messages to defend against intermittent jamming
Defense against jamming
Tampering
Attacker can physically tamper nodes Attacker can damage and replace
computation hardware Sensitive material is exposed
Prevention or mitigation
Camouflaging or hiding nodes
Erase cryptographic or program memory
Link layer
Protocols requires cooperation between nodes to arbitrate channel use making them more vulnerable to DoS attack
Attacks- Collision Exhaustion Unfairness
Collision – detection and prevention Adversary may need to induce collision
in one octet of transmission Attacker requires less energy to listen for
transmission No complete solution is known Errors are detected using checksum
mismatch Error correction codes can be used
Exhaustion
Repeated retransmissions are triggered by unusually late collision leading to exhaustion
Affect availability A node could reportedly request channel
access with RTS Causes power losses
Detection and mitigation
Random back-offs Time division multiplexing MAC admission control rate limiting Limiting the extraneous responses
required
Unfairness
Degrades service rather than denying it It exploits MAC-Layer priority schemes It can be prevented using small frames Adversary can cheat while vying for
access
Network and Routing Layer
Messages may traverse many hops before reaching the destination
The cost of relaying a packet and the probability of its loss increases in an aggregate network
Every node can act as a router Routing protocols should be simple and
robust
Neglect and Greed
A neglectful node arbitrarily neglects to route some messages
Its undue priority to messages originating from it makes it greedy
Multiple routes or sending redundant messages can reduce its effect
It is difficult to detect
Homing
Important nodes and their identities are exposed to mount further attacks
A passive adversary observes traffic to learn the presence and location of critical resources
Shared cryptographic keys are an effective mechanism to conceal the identity of such nodes
This makes the assumption that none of the nodes have been subverted
Misdirection
Messages are forwarded in wrong paths This attack targets the sender Adversary can forge replies to route
discovery requests and include the spoofed route
Sensor networks can use an approach similar to egress filtering
Black Holes
Nodes advertise zero cost routes to every other node
Network traffic is routed towards these nodes
This disrupts message delivery and causes intense resource contention
These are easily detected but more disruptive
Authorization
Only authorized node can share information
Public-key encryption can be used for routing updates
The problems are with computational and communication overheads and key management
Monitoring
Nodes can keep monitoring their neighbors
Nodes become watchdogs for transmitted packets
Each of them has a quality-rating mechanism
Probing
A network probe tests network connectivity
This mechanism can be used to easily detect Black holes
A distributed probing scheme can detect malicious nodes
Transport layer
Manages end-to-end connections Sensor Networks utilize protocols with
minimum overhead Threats- Flooding Desynchronizations
Flooding
Adversary send many connection establishment request to victim
Each request causes allocation of resources
It can be prevented by limiting the number of connections
Connectionless protocols are not susceptible to this attack
Another solution is client puzzles
Desynchronization
The attacker forges messages to one or both ends with sequence numbers
This causes the end points to request retransmissions of missed frames
This may lead to lack of availability and resource exhaustion
Authentication can prevent such an attack
Adaptive rate control
Describe a series of improvements to standard MAC protocols
Key mechanisms include Random delay for transmissions Back-off that shifts an applications periodicity phase Minimization of overhead in contention control
mechanisms Passive adaptation of originating and route-through
admission control rates Anticipatory delay for avoiding multihop hidden node
problems
RAP
Real-time location based protocol Velocity monotonic scheduling RAP can use clock synchronization
Conclusion
Attempts at adding security focus on cryptographic-authentication mechanisms
Use of higher security mechanisms poses serious complications in Sensor Networks
It is essential to incorporate security considerations during design-time
Without adequate protection against DoS and other attacks sensor networks may not be deployable at all
References
A.D. Wood and J.A. Stankovic, “Denial of Service in Sensor Networks,” Computer, vol. 35, no. 10, 2002, pp. 54–62.
A.D. Wood and J.A. Stankovic, “A Taxonomy for Denial-of-Service Attacks in Wireless Sensor Networks”, Handbook of Sensor Networks: Compact Wireless and Wired Sensing Systems, 2004.
David R. Raymond and Scott F. Midkiff, "Denial-of-Service in Wireless Sensor Networks: Attacks and Defenses," IEEE Pervasive Computing, vol. 7, no. 1, 2008, pp. 74-81.