Denial of service in sensor networks
Download
Report
Transcript Denial of service in sensor networks
DENIAL OF SERVICE IN
SENSOR NETWORKS
Pratik Zirpe
Instructor – Dr. T. Andrew Yang
Agenda
Introduction
Concepts
Denial of Service Threat
Physical layer
Link layer
Network layer
Transport layer
Conclusion
Introduction
Real-time data processing
Applications
Availability
Denial of service
Concepts
Application dependent networks
Limited individual capability of nodes
Must continue operating after significant node
failure
Security demands of a network
Network has to face harsh environments and
intelligent opposition
Disasters
Public safety
Home healthcare
Design time consideration
Denial of Service Threat
Any event that diminishes or eliminates a network’s
capacity to perform it’s expected function
Reasons may be hardware failures, software bugs,
resource exhaustion, environmental conditions or
other complicated interactions.
Layered Network Architecture
Improves robustness of the system
Each layer is vulnerable to different DoS attacks
Some attacks may crosscut multiple layers
Layered model
Physical layer
Nodes use wireless communication
Base stations use wired or satellite communication
AttacksJamming
Tampering
Jamming
Interferes with radio frequencies of nodes
Randomly distributed k nodes can put N nodes out
of service (k<<N)
Effective in single frequency networks
Detection
Determined by constant energy that impedes
communication
Constant jamming prevents nodes from exchanging
data or even reporting attack to remote monitoring
stations
Sporadic jamming is also effective
Prevention or mitigation
Spread-spectrum communication – not feasible
solution
Attacked nodes can be put in long-term sleep and
have them wake up periodically to test the channel
High priority messages to defend against
intermittent jamming
Defense against jamming
Tampering
Attacker can physically tamper nodes
Attacker can damage and replace computation
hardware
Sensitive material is exposed
Prevention or mitigation
Camouflaging or hiding nodes
Erase cryptographic or program memory
Link layer
Protocols requires cooperation between nodes to
arbitrate channel use making them more vulnerable
to DoS attack
AttacksCollision
Exhaustion
Unfairness
Collision – detection and prevention
Adversary may need to induce collision in one octet
of transmission
Attacker requires less energy to listen for
transmission
No complete solution is known
Errors are detected using checksum mismatch
Error correction codes can be used
Exhaustion
Repeated retransmissions are triggered by
unusually late collision leading to exhaustion
Affect availability
A node could reportedly request channel access
with RTS
Causes power losses
Detection and mitigation
Random back-offs
Time division multiplexing
MAC admission control rate limiting
Limiting the extraneous responses required
Unfairness
Degrades service rather than denying it
It exploits MAC-Layer priority schemes
It can be prevented using small frames
Adversary can cheat while vying for access
Network and Routing Layer
Messages may traverse many hops before reaching
the destination
The cost of relaying a packet and the probability
of its loss increases in an aggregate network
Every node can act as a router
Routing protocols should be simple and robust
Neglect and Greed
A neglectful node arbitrarily neglects to route some
messages
Its undue priority to messages originating from it
makes it greedy
Multiple routes or sending redundant messages can
reduce its effect
It is difficult to detect
Homing
Important nodes and their identities are exposed to
mount further attacks
A passive adversary observes traffic to learn the
presence and location of critical resources
Shared cryptographic keys are an effective
mechanism to conceal the identity of such nodes
This makes the assumption that none of the nodes
have been subverted
Misdirection
Messages are forwarded in wrong paths
This attack targets the sender
Adversary can forge replies to route discovery
requests and include the spoofed route
Sensor networks can use an approach similar to
egress filtering
Black Holes
Nodes advertise zero cost routes to every other
node
Network traffic is routed towards these nodes
This disrupts message delivery and causes intense
resource contention
These are easily detected but more disruptive
Authorization
Only authorized node can share information
Public-key encryption can be used for routing
updates
The problems are with computational and
communication overheads and key management
Monitoring
Nodes can keep monitoring their neighbors
Nodes become watchdogs for transmitted packets
Each of them has a quality-rating mechanism
Probing
A network probe tests network connectivity
This mechanism can be used to easily detect Black
holes
A distributed probing scheme can detect malicious
nodes
Transport layer
Manages end-to-end connections
Sensor Networks utilize protocols with minimum
overhead
ThreatsFlooding
Desynchronizations
Flooding
Adversary send many connection establishment
request to victim
Each request causes allocation of resources
It can be prevented by limiting the number of
connections
Connectionless protocols are not susceptible to this
attack
Another solution is client puzzles
Desynchronization
The attacker forges messages to one or both ends
with sequence numbers
This causes the end points to request retransmissions
of missed frames
This may lead to lack of availability and resource
exhaustion
Authentication can prevent such an attack
Adaptive rate control
Describe a series of improvements to standard MAC
protocols
Key mechanisms include
Random delay for transmissions
Back-off that shifts an applications periodicity phase
Minimization of overhead in contention control mechanisms
Passive adaptation of originating and route-through admission control
rates
Anticipatory delay for avoiding multihop hidden node problems
RAP
Real-time location based protocol
Velocity monotonic scheduling
RAP can use clock synchronization
Conclusion
Attempts at adding security focus on cryptographicauthentication mechanisms
Use of higher security mechanisms poses serious
complications in Sensor Networks
It is essential to incorporate security considerations
during design-time
Without adequate protection against DoS and other
attacks sensor networks may not be deployable at
all
References
A.D. Wood and J.A. Stankovic, “Denial of Service in Sensor
Networks,” Computer, vol. 35, no. 10, 2002, pp. 54–62.
A.D. Wood and J.A. Stankovic, “A Taxonomy for Denial-of-Service
Attacks in Wireless Sensor Networks”, Handbook of Sensor
Networks: Compact Wireless and Wired Sensing Systems, 2004.
David R. Raymond and Scott F. Midkiff, "Denial-of-Service in
Wireless Sensor Networks: Attacks and Defenses," IEEE Pervasive
Computing, vol. 7, no. 1, 2008, pp. 74-81.