1

Routing security against Threat Routing security against Threat modelsmodels

CSCI 5931 Wireless & Sensor CSCI 5931 Wireless & Sensor Networks  Networks 

Darshan ChipadeDarshan Chipade

2

IntroductionIntroduction

Routing security a major issueRouting security a major issue Key contributionKey contribution

-Show how they are different from ad hoc -Show how they are different from ad hoc networksnetworks-Introduce two new classes of attacks-Introduce two new classes of attacks

Sinkhole attackSinkhole attackHello flood attackHello flood attack

-Security analysis of all major routing -Security analysis of all major routing protocolsprotocols

3

WSN vs. Ad-Hoc NetworksWSN vs. Ad-Hoc Networks

Multi-hop wireless communicationMulti-hop wireless communication WSNWSN

-Specialized communication patterns-Specialized communication patterns-Many-to-one-Many-to-one-One-to-many-One-to-many-Local communication-Local communication--More resource constrained i.e. limited More resource constrained i.e. limited

energyenergy--More trust needed for in-network processing, More trust needed for in-network processing,

aggregation, duplicate eliminationaggregation, duplicate elimination

4

AssumptionsAssumptions

Radio links insecureRadio links insecure

Malicious node can collude to attack WSNMalicious node can collude to attack WSN

Sensor nodes are not tamper resistantSensor nodes are not tamper resistant

Base station are trustworthyBase station are trustworthy

Aggregation points may not be trustedAggregation points may not be trusted

5

Distinction of threat ModelsDistinction of threat Models

Mote class attacker have access to few Mote class attacker have access to few sensor nodes with similar capabilitiessensor nodes with similar capabilities

Laptop class attacker are powerful Laptop class attacker are powerful devices with greater battery power, more devices with greater battery power, more capable CPU, high power transmittercapable CPU, high power transmitter

Attacker types-outside attacker, inside Attacker types-outside attacker, inside attackerattacker

6

Attacks on WSN routing protocolAttacks on WSN routing protocol

Spoof altered or replayed routing attackSpoof altered or replayed routing attack Target the routing information exchanged Target the routing information exchanged

between nodesbetween nodes Spoofing, routing altering the routing Spoofing, routing altering the routing

information, information, adversaries may create the routing loops, adversaries may create the routing loops,

repel, extend or shorten the routing source repel, extend or shorten the routing source routesroutes

Generate false messages, partition network Generate false messages, partition network

7

Selective forwarding attackSelective forwarding attack Malicious nodes may simply refuse to Malicious nodes may simply refuse to

forward certain messages and simply drop forward certain messages and simply drop them ensuring that they are not them ensuring that they are not propagated furtherpropagated further

Adversary can also modify these packets Adversary can also modify these packets and forward these messagesand forward these messages

8

Sinkhole attackSinkhole attack All the packets are directed to base All the packets are directed to base

stationstation A malicious node advertises a high A malicious node advertises a high

quality link to the base station to attract a quality link to the base station to attract a lot of packetslot of packets

Specialized communication patternSpecialized communication pattern Enable other attacks, e.g., selective Enable other attacks, e.g., selective

forwarding forwarding

9

Sybil attackSybil attack A single node represents multiple ID’s to A single node represents multiple ID’s to

other nodesother nodes The attack affects the multiple path The attack affects the multiple path

routing, topology maintenancerouting, topology maintenance It is believed to affect a significant threat It is believed to affect a significant threat

to the geographic routing protocolsto the geographic routing protocols More than one place at same timeMore than one place at same time

10

Wormholes attackWormholes attack Tunneling of messagesTunneling of messages A node at one end of the wormhole A node at one end of the wormhole

advertises high quality link to the base advertises high quality link to the base stationstation

Another node at the other end receives Another node at the other end receives the attracted packets the attracted packets

11

Hello Flood attackHello Flood attack Many protocols require nodes to broadcast Many protocols require nodes to broadcast

HELLO packets to announce themselves to HELLO packets to announce themselves to neighborsneighbors

Laptop-class attacker can convince it’s a Laptop-class attacker can convince it’s a neighbor of distant nodes by sending high neighbor of distant nodes by sending high power hello messagespower hello messages

Acknowledgement attackAcknowledgement attack Adversary spoofs ACKs to convince the sender Adversary spoofs ACKs to convince the sender

a weak/dead link supports good link qualitya weak/dead link supports good link quality

12

Attacks on specific sensor network Attacks on specific sensor network protocolprotocol

Tiny OS beaconingTiny OS beaconing Construct a Breadth First Spanning tree Construct a Breadth First Spanning tree

(BFS) rooted at the base station(BFS) rooted at the base station Beacons are not authenticatedBeacons are not authenticated Adversary can take over the whole WSN Adversary can take over the whole WSN

by broadcasting beaconsby broadcasting beacons

13

Directed DiffusionDirected Diffusion Base station floods interest for named data Base station floods interest for named data

and setting up gradients designed to draw and setting up gradients designed to draw eventsevents

Suppression- Flow suppression is done by Suppression- Flow suppression is done by spoofing negative reinforcementspoofing negative reinforcement

Cloning- Cloning a flow enables Cloning- Cloning a flow enables eavesdroppingeavesdropping

Path influence- Spoofing the data path as Path influence- Spoofing the data path as positive and negative path reinforcementpositive and negative path reinforcement

14

CountermeasuresCountermeasures

Outsider attacks and link layer securityOutsider attacks and link layer security Majority of the attacks against WSN Majority of the attacks against WSN

routing protocols can be prevented by link routing protocols can be prevented by link layer encryption using shared keylayer encryption using shared key

Selective forwarding and sinkhole attacks Selective forwarding and sinkhole attacks are not possible as adversary is prevented are not possible as adversary is prevented from joining the topologyfrom joining the topology

Cannot handle insider attack like Cannot handle insider attack like Wormhole, HELLO floodWormhole, HELLO flood

15

Sybil attackSybil attack Every nodes shares unique symmetric key Every nodes shares unique symmetric key

with the base stationwith the base station Creates a pair wise shared key for message Creates a pair wise shared key for message

authenticationauthentication Base station limits the number of neighbors Base station limits the number of neighbors

for a nodefor a node Hello Flood attackHello Flood attack Verify link bidirectionalVerify link bidirectional

16

Wormhole and sink hole attackWormhole and sink hole attack They use private out of bound channel They use private out of bound channel

invisible to the underlying sensor networkinvisible to the underlying sensor network Good routing protocol requiredGood routing protocol required

Selective forwardingSelective forwarding Multi path routingMulti path routing Route messages over disjointRoute messages over disjoint Dynamically pick up next hop from set of Dynamically pick up next hop from set of

candidatecandidate

17

Limitation of securing multi hop Limitation of securing multi hop routingrouting

Nodes which are one or two hops away Nodes which are one or two hops away from the to base station are more likely to from the to base station are more likely to be attacked or compromisedbe attacked or compromised

Using the cluster nodes which Using the cluster nodes which communicate directly to base station is communicate directly to base station is one solution against node compromiseone solution against node compromise

Using the virtual base station Using the virtual base station

18

Countermeasures SummaryCountermeasures Summary

Link layer authentication, encryption, Link layer authentication, encryption, multi path routing, identity verification, multi path routing, identity verification, bidirectional link verification and bidirectional link verification and authenticated broadcast can protect the authenticated broadcast can protect the sensor network routing protocolssensor network routing protocols

It is necessary to build such counter It is necessary to build such counter measures so that different attacks can be measures so that different attacks can be ineffective against themineffective against them

19

ConclusionConclusion

This paper covers the security issues at This paper covers the security issues at network levelnetwork level

Securing the routing protocols is most Securing the routing protocols is most essential essential

Link layer encryption can be used against Link layer encryption can be used against the mote class outsidersthe mote class outsiders

20

THANK YOU!!!!THANK YOU!!!!

21

QuestionQuestion

It is said that using the good routing It is said that using the good routing protocol we can minimize the protocol we can minimize the wormhole and sinkhole attack i.e. by wormhole and sinkhole attack i.e. by minimizing the number of hops to minimizing the number of hops to the base station. How it can be the base station. How it can be done?done?