Transcript Denial of service in sensor networks

DENIAL OF SERVICE IN
SENSOR NETWORKS
Pratik Zirpe
Instructor – Dr. T. Andrew Yang
Agenda








Introduction
Concepts
Denial of Service Threat
Physical layer
Link layer
Network layer
Transport layer
Conclusion
Introduction




Real-time data processing
Applications
Availability
Denial of service
Concepts



Application dependent networks
Limited individual capability of nodes
Must continue operating after significant node
failure
Security demands of a network





Network has to face harsh environments and
intelligent opposition
Disasters
Public safety
Home healthcare
Design time consideration
Denial of Service Threat


Any event that diminishes or eliminates a network’s
capacity to perform it’s expected function
Reasons may be hardware failures, software bugs,
resource exhaustion, environmental conditions or
other complicated interactions.
Layered Network Architecture



Improves robustness of the system
Each layer is vulnerable to different DoS attacks
Some attacks may crosscut multiple layers
Layered model
Physical layer

Nodes use wireless communication

Base stations use wired or satellite communication



AttacksJamming
Tampering
Jamming



Interferes with radio frequencies of nodes
Randomly distributed k nodes can put N nodes out
of service (k<<N)
Effective in single frequency networks
Detection



Determined by constant energy that impedes
communication
Constant jamming prevents nodes from exchanging
data or even reporting attack to remote monitoring
stations
Sporadic jamming is also effective
Prevention or mitigation



Spread-spectrum communication – not feasible
solution
Attacked nodes can be put in long-term sleep and
have them wake up periodically to test the channel
High priority messages to defend against
intermittent jamming
Defense against jamming
Tampering



Attacker can physically tamper nodes
Attacker can damage and replace computation
hardware
Sensitive material is exposed
Prevention or mitigation

Camouflaging or hiding nodes

Erase cryptographic or program memory
Link layer





Protocols requires cooperation between nodes to
arbitrate channel use making them more vulnerable
to DoS attack
AttacksCollision
Exhaustion
Unfairness
Collision – detection and prevention





Adversary may need to induce collision in one octet
of transmission
Attacker requires less energy to listen for
transmission
No complete solution is known
Errors are detected using checksum mismatch
Error correction codes can be used
Exhaustion




Repeated retransmissions are triggered by
unusually late collision leading to exhaustion
Affect availability
A node could reportedly request channel access
with RTS
Causes power losses
Detection and mitigation




Random back-offs
Time division multiplexing
MAC admission control rate limiting
Limiting the extraneous responses required
Unfairness




Degrades service rather than denying it
It exploits MAC-Layer priority schemes
It can be prevented using small frames
Adversary can cheat while vying for access
Network and Routing Layer




Messages may traverse many hops before reaching
the destination
The cost of relaying a packet and the probability
of its loss increases in an aggregate network
Every node can act as a router
Routing protocols should be simple and robust
Neglect and Greed




A neglectful node arbitrarily neglects to route some
messages
Its undue priority to messages originating from it
makes it greedy
Multiple routes or sending redundant messages can
reduce its effect
It is difficult to detect
Homing




Important nodes and their identities are exposed to
mount further attacks
A passive adversary observes traffic to learn the
presence and location of critical resources
Shared cryptographic keys are an effective
mechanism to conceal the identity of such nodes
This makes the assumption that none of the nodes
have been subverted
Misdirection




Messages are forwarded in wrong paths
This attack targets the sender
Adversary can forge replies to route discovery
requests and include the spoofed route
Sensor networks can use an approach similar to
egress filtering
Black Holes




Nodes advertise zero cost routes to every other
node
Network traffic is routed towards these nodes
This disrupts message delivery and causes intense
resource contention
These are easily detected but more disruptive
Authorization



Only authorized node can share information
Public-key encryption can be used for routing
updates
The problems are with computational and
communication overheads and key management
Monitoring

Nodes can keep monitoring their neighbors

Nodes become watchdogs for transmitted packets

Each of them has a quality-rating mechanism
Probing



A network probe tests network connectivity
This mechanism can be used to easily detect Black
holes
A distributed probing scheme can detect malicious
nodes
Transport layer





Manages end-to-end connections
Sensor Networks utilize protocols with minimum
overhead
ThreatsFlooding
Desynchronizations
Flooding





Adversary send many connection establishment
request to victim
Each request causes allocation of resources
It can be prevented by limiting the number of
connections
Connectionless protocols are not susceptible to this
attack
Another solution is client puzzles
Desynchronization




The attacker forges messages to one or both ends
with sequence numbers
This causes the end points to request retransmissions
of missed frames
This may lead to lack of availability and resource
exhaustion
Authentication can prevent such an attack
Adaptive rate control


Describe a series of improvements to standard MAC
protocols
Key mechanisms include





Random delay for transmissions
Back-off that shifts an applications periodicity phase
Minimization of overhead in contention control mechanisms
Passive adaptation of originating and route-through admission control
rates
Anticipatory delay for avoiding multihop hidden node problems
RAP



Real-time location based protocol
Velocity monotonic scheduling
RAP can use clock synchronization
Conclusion




Attempts at adding security focus on cryptographicauthentication mechanisms
Use of higher security mechanisms poses serious
complications in Sensor Networks
It is essential to incorporate security considerations
during design-time
Without adequate protection against DoS and other
attacks sensor networks may not be deployable at
all
References



A.D. Wood and J.A. Stankovic, “Denial of Service in Sensor
Networks,” Computer, vol. 35, no. 10, 2002, pp. 54–62.
A.D. Wood and J.A. Stankovic, “A Taxonomy for Denial-of-Service
Attacks in Wireless Sensor Networks”, Handbook of Sensor
Networks: Compact Wireless and Wired Sensing Systems, 2004.
David R. Raymond and Scott F. Midkiff, "Denial-of-Service in
Wireless Sensor Networks: Attacks and Defenses," IEEE Pervasive
Computing, vol. 7, no. 1, 2008, pp. 74-81.