Wireless Sensor Route Obfuscation

Mark W. PropstScientific Research Corporation

2

Attack Motivations Vulnerability Classification Traffic Pattern Analysis Testing Barriers Concluding Remarks

Outline

3

Wireless Sensor Network link-layer protocols are derived from mobile ad hoc networks which leaves them vulnerable to the same type of attacks

They are typically deployed in un-secured hostile environments leaving them vulnerable to physical attack

The sensor nodes lack the processing power and battery life to perform countermeasures typically utilized in many fixed and mobile ad hoc networks

Wireless Sensor Network Utilization

4

Unauthorized data observation Unauthorized data manipulation Data unavailability

Three Vulnerability Classifications1

1) Bertino, E., & Sandhu, R. (2005). Database Security-Concepts, Approaches, and Challenges. IEEE Trans. Dependable Secur. Comput., Vol 2, issue 1, pp. 2–19.

5

There is currently a plethora of research attempting to understand and counter the manipulation of individual nodes within a wireless sensor network

◦ Threshold Cryptography and Authentication2 is an example of unique methods to protect and detect

◦ Similarly, Adaptive Intrusion Detection3 detects malicious nodes in a sensor network

Unauthorized Data Observation/Manipulation

2) Piya, T., & Andrew, J. (2007). Adaptive Intrusion Detection in Wireless Sensor Networks. Intelligent Pervasive Computing, International Conference on, 0, 23-28.3) Marianne, A. A., Sherif, M. E.-K., & Magdy, S. E.-S. (2007). Threshold Cryptography and Authentication in Ad Hoc Networks Survey and Challenges. Systems and Networks Communication, International Conference on, 0, 5.

6

Cluster heads typically have greater processing power, provide geo-location, encryption keys, and act as a gateway of information from the sensor network to the outside world

Attacking and defeating a cluster head will render the entire sensor cluster non-operational

Unlike mobile networks, sensor networks are typically static, leading to predictable routing paths

With predictable routing paths, the cluster head of a sensor network can be detected

Data UnavailabilityCluster Head Attack Motivations

7

There are two methods to attack the same static path vulnerability:◦ Route Correlation (Rate Monitoring)◦ Frequency Domain Analysis (Time Correlation)

Both rely on the correlation of time between transmission events on successive nodes to determine the path to the cluster head

Cluster Head Attack Methodology

8

Link-layer encryption, such as onion encryption, can effectively prevent packet sniffing.

To defeat frequency domain analysis, most obfuscation techniques attempt to bring the noise floor up to the transmission level by generating excess packets

Obfuscation Techniques

9

Transmission Time Correlation

1 6 11 16 21 26 31 36 41 46 51 56 61 66 71 76 81 86 91 960

0.2

0.4

0.6

0.8

1

1.2

1 6 11 16 21 26 31 36 41 46 51 56 61 66 71 76 81 86 91 960

0.2

0.4

0.6

0.8

1

1.2

ΔT ΔT

SHF Power SHF Power

Easily identifiable transmission sequence Theoretical obfuscation

10

Most current methodologies attempt to obfuscate routing signatures by introducing superfluous traffic.

◦ Flooding◦ Generic Random Walk◦ Greedy Random Walk◦ Directed Random Walks◦ Store and Forward

Obfuscation Methodology

Mark W. Propst DCIS 730 11

Onion Routing requires every node to encrypt the packet, consuming valuable battery power encrypting every packet for every hop

Bringing up the noise floor through the utilization of random walk strategies effectively obfuscates the traffic, but at the cost of sensor network life

Obfuscation Short Comings

12

How do we test network routing obfuscation?

◦ This is typically done in simulation by applying a propositional satisfiability solver such as GSAT4

◦ Propositional satisfiability solvers are very efficient at comparing obfuscation methodologies, however, the results between different implementers are NOT comparable

◦ There is currently no repeatability in testing

Testing

4) Selman, B., Levesque, H., & Mitchell, D. (1992). A new method for solving hard satisfiability problems. In National conference on artificial intelligence (pp. 440-446).

13

Development of new energy efficient routing protocols with high obfuscation properties which mask the RF signature of the routing topology must happen to stay ahead of current and developing threats

The development of standardized test tools to compare and contrast new obfuscation protocols is just as important as developing the obfuscation protocols

Conclusion