DENIAL OF SERVICE IN SENSOR NETWORKSPratik Zirpe

Instructor – Dr. T. Andrew Yang

Agenda

Introduction Concepts Denial of Service Threat Physical layer Link layer Network layer Transport layer Conclusion

Introduction

Real-time data processing Applications Availability Denial of service

Concepts

Application dependent networks Limited individual capability of nodes Must continue operating after significant

node failure

Security demands of a network Network has to face harsh environments

and intelligent opposition Disasters Public safety Home healthcare Design time consideration

Denial of Service Threat

Any event that diminishes or eliminates a network’s capacity to perform it’s expected function

Reasons may be hardware failures, software bugs, resource exhaustion, environmental conditions or other complicated interactions.

Layered Network Architecture Improves robustness of the system Each layer is vulnerable to different DoS

attacks Some attacks may crosscut multiple

layers

Layered model

Physical layer

Nodes use wireless communication

Base stations use wired or satellite communication

Attacks- Jamming Tampering

Jamming

Interferes with radio frequencies of nodes

Randomly distributed k nodes can put N nodes out of service (k<<N)

Effective in single frequency networks

Detection

Determined by constant energy that impedes communication

Constant jamming prevents nodes from exchanging data or even reporting attack to remote monitoring stations

Sporadic jamming is also effective

Prevention or mitigation

Spread-spectrum communication – not feasible solution

Attacked nodes can be put in long-term sleep and have them wake up periodically to test the channel

High priority messages to defend against intermittent jamming

Defense against jamming

Tampering

Attacker can physically tamper nodes Attacker can damage and replace

computation hardware Sensitive material is exposed

Prevention or mitigation

Camouflaging or hiding nodes

Erase cryptographic or program memory

Link layer

Protocols requires cooperation between nodes to arbitrate channel use making them more vulnerable to DoS attack

Attacks- Collision Exhaustion Unfairness

Collision – detection and prevention Adversary may need to induce collision

in one octet of transmission Attacker requires less energy to listen for

transmission No complete solution is known Errors are detected using checksum

mismatch Error correction codes can be used

Exhaustion

Repeated retransmissions are triggered by unusually late collision leading to exhaustion

Affect availability A node could reportedly request channel

access with RTS Causes power losses

Detection and mitigation

Random back-offs Time division multiplexing MAC admission control rate limiting Limiting the extraneous responses

required

Unfairness

Degrades service rather than denying it It exploits MAC-Layer priority schemes It can be prevented using small frames Adversary can cheat while vying for

access

Network and Routing Layer

Messages may traverse many hops before reaching the destination

The cost of relaying a packet and the probability of its loss increases in an aggregate network

Every node can act as a router Routing protocols should be simple and

robust

Neglect and Greed

A neglectful node arbitrarily neglects to route some messages

Its undue priority to messages originating from it makes it greedy

Multiple routes or sending redundant messages can reduce its effect

It is difficult to detect

Homing

Important nodes and their identities are exposed to mount further attacks

A passive adversary observes traffic to learn the presence and location of critical resources

Shared cryptographic keys are an effective mechanism to conceal the identity of such nodes

This makes the assumption that none of the nodes have been subverted

Misdirection

Messages are forwarded in wrong paths This attack targets the sender Adversary can forge replies to route

discovery requests and include the spoofed route

Sensor networks can use an approach similar to egress filtering

Black Holes

Nodes advertise zero cost routes to every other node

Network traffic is routed towards these nodes

This disrupts message delivery and causes intense resource contention

These are easily detected but more disruptive

Authorization

Only authorized node can share information

Public-key encryption can be used for routing updates

The problems are with computational and communication overheads and key management

Monitoring

Nodes can keep monitoring their neighbors

Nodes become watchdogs for transmitted packets

Each of them has a quality-rating mechanism

Probing

A network probe tests network connectivity

This mechanism can be used to easily detect Black holes

A distributed probing scheme can detect malicious nodes

Transport layer

Manages end-to-end connections Sensor Networks utilize protocols with

minimum overhead Threats- Flooding Desynchronizations

Flooding

Adversary send many connection establishment request to victim

Each request causes allocation of resources

It can be prevented by limiting the number of connections

Connectionless protocols are not susceptible to this attack

Another solution is client puzzles

Desynchronization

The attacker forges messages to one or both ends with sequence numbers

This causes the end points to request retransmissions of missed frames

This may lead to lack of availability and resource exhaustion

Authentication can prevent such an attack

Adaptive rate control

Describe a series of improvements to standard MAC protocols

Key mechanisms include Random delay for transmissions Back-off that shifts an applications periodicity phase Minimization of overhead in contention control

mechanisms Passive adaptation of originating and route-through

admission control rates Anticipatory delay for avoiding multihop hidden node

problems

RAP

Real-time location based protocol Velocity monotonic scheduling RAP can use clock synchronization

Conclusion

Attempts at adding security focus on cryptographic-authentication mechanisms

Use of higher security mechanisms poses serious complications in Sensor Networks

It is essential to incorporate security considerations during design-time

Without adequate protection against DoS and other attacks sensor networks may not be deployable at all

References

A.D. Wood and J.A. Stankovic, “Denial of Service in Sensor Networks,” Computer, vol. 35, no. 10, 2002, pp. 54–62.

A.D. Wood and J.A. Stankovic, “A Taxonomy for Denial-of-Service Attacks in Wireless Sensor Networks”, Handbook of Sensor Networks: Compact Wireless and Wired Sensing Systems, 2004.

David R. Raymond and Scott F. Midkiff, "Denial-of-Service in Wireless Sensor Networks: Attacks and Defenses," IEEE Pervasive Computing, vol. 7, no. 1, 2008, pp. 74-81.