1 Denial of Service in Sensor Networks Authors: Anthony D. Wood, John A. Stankovic Presented by: Aiyaz Amin Paniwala
2 The paper Introduction Theory and Application Denial of Service Threat Physical Layer Link Layer Networking Layer Transport Layer Conclusion References
3 Introduction WSN involves large-scale, real time data processing in complex environments WSN is used for various applications Availability is of great importance Consideration of security at design time is essential
4 Theory Growing use of application dependent sensor networks Many limitations exist in WSN like power reserves, wireless communication, identifiers Network must operate under partial failure Network must meet real time requirements Data may be intrinsically valid for short time
5 Application Sensor Networks are used in different environments with different needs Military application is primary Can be used in inaccessible locations like volcanoes Can be used in critical situations like natural or man made disasters In all applications network must be resilient to individual node failure
6 Denial of Service Threat Any event that diminishes or eliminates a network’s capacity to perform it’s expected function Caused by hardware failures, software bugs, resource exhaustion, environmental conditions or other complicated interactions
7 The Layered Approach A layered network architecture improves robustness Each layer has different attacks and different defensive mechanisms Some attacks are applicable across multiple layers
8 Tabular Representation
9 Physical Layer This layer deals with the physical transmission in the form of signals Nodes use wireless communication Base Stations use wired or satellite communication. Attacks Jamming Tampering
10 Jamming Interferes with radio frequencies An adversary can use k randomly distributed jamming nodes These k nodes can put N nodes out of service (k<<N) Effective for single frequency network
11 Detection of Jamming Determined by constant energy as opposed to lack of response Jamming can be sporadic and hence more difficult to detect yet effective Jamming itself prevents exchanging data or even reporting the attack
12 Prevention and Mitigation Spread spectrum communication (code spreading) It is less feasible due to design complexity, more power and more cost Attacked nodes can switch to lower duty cycle and wake up to check for jamming For intermittent jamming nodes send few high power, high priority messages to report attack
13 Local Jamming
14 Tampering Attacker can physically tamper nodes Likewise nodes can be interrogated and compromised Attacker can damage or replace sensor and computation hardware Attacker can extract sensitive material and use it for further attacks
15 Prevention and Mitigation Tamper proofing against physical damage Camouflaging or hiding nodes React to tampering by erasing cryptographic or program memory
16 Link Layer Provides Channel arbitration Cooperative schemes are vulnerable to DoS attacks Sensor Network is susceptible to Collision Exhaustion Unfairness
17 Collision Adversary may cause disruption by inducing collision in just one octet of transmission Corruption of ACK can induce costly exponential back-off The attacker requires minimum energy for listening
18 Detection, Prevention and Mitigation Errors are detected using checksum mismatch There is no effective way of defending against such an attack Error Correcting codes can be used at the cost of increased overheads
19 Exhaustion Repeated retransmissions are triggered even by unusually late collisions This leads to exhaustion of battery source It can potentially block availability A node could repeatedly request channel access with RTS This causes power losses on both requesting and responding node
20 Detection, Prevention and Mitigation Random back-offs can be used for prevention Ineffective as they would only decrease probability of inadvertent collisions Time division multiplexing Solve the indefinite postponement problem MAC admission control rate limiting Limiting the extraneous responses required
21 Unfairness It is a weaker form of DoS It mostly degrades service than denies it It exploits MAC-Layer priority schemes It can be prevented by use of small frames This may increase framing overheads Adversary can cheat while vying for access
22 Network and Routing Layer Messages may traverse many hops before reaching the destination The cost of relaying a packet and the probability of its loss increases in an aggregate network Every node can act as a router Hence the routing protocols should be simple and robust
23 Neglect and Greed A neglectful node arbitrarily neglects to route some messages Its undue priority to messages originating from it makes it greedy Multiple routes or sending redundant messages can reduce its effect. It is difficult to detect
24 Homing Important nodes and their identities are exposed to mount further attacks A passive adversary observes traffic to learn the presence and location of critical resources Shared cryptographic keys are an effective mechanism to conceal the identity of such nodes This makes the assumption that none of the nodes have been subverted
25 Misdirection Messages are forwarded in wrong paths This attack targets the sender Adversary can forge replies to route discovery requests and include the spoofed route Sensor networks can use an approach similar to egress filtering
26 Black Holes Nodes advertise zero cost routes to every other node Network traffic is routed towards these nodes This disrupts message delivery and causes intense resource contention These are easily detected but more disruptive
27 Authorization This is a defense mechanism against misdirection and black-hole Only authorized node can share information Public-key encryption can be used for routing updates The problems are with computational and communication overheads and key management
28 Monitoring Nodes can keep monitoring their neighbors Nodes become watchdogs for transmitted packets Each of them has a quality-rating mechanism
29 Probing A network probe tests network connectivity This mechanism can be used to easily detect Black holes A distributed probing scheme can detect malicious nodes
30 Redundancy Lessens the probability of encountering a malicious node Duplicate messages can also be sent using same path to deal with intermittent failure
31 Transport Layer Manages end-to-end connections Sensor Networks utilize protocols with minimum overhead The potential threats are Flooding Desynchronization
32 Flooding Adversary send many connection establishment request to victim Each request causes allocation of resources It can be prevented by limiting the number of connections Connectionless protocols are not susceptible to this attack Another solution is client puzzles
33 Desynchronization The attacker forges messages to one or both ends with sequence numbers This causes the end points to request retransmissions of missed frames This may lead to lack of availability and resource exhaustion Authentication can prevent such an attack
34 Adaptive rate control Describe a series of improvements to standard MAC protocols Key mechanisms include Random delay for transmissions Back-off that shifts an applications periodicity phase Minimization of overhead in contention control mechanisms Passive adaptation of originating and route-through admission control rates Anticipatory delay for avoiding multihop hidden node problems
35 Conclusion Attempts at adding security focus on cryptographic-authentication mechanisms Use of higher security mechanisms poses serious complications in Sensor Networks It is essential to incorporate security considerations during design-time Without adequate protection against DoS and other attacks sensor networks may not be deployable at all
36 References C.L.Schuba et al., “Analysis of a Denial of Service Attack on TCP”, Proc. IEEE Symp. Security and Privacy, IEEE Press, Piscataway, N.J., 1997, pp A Perrig et al., “SPIN: Security Protocols for Sensor Networks,” Proc. 7 th Ann. Intl. Conf. Mobile Computing and Networking (MobiCom 2001), ACM Press, New York, 2001, pp CERT Coordination Center, “Smurf IP Denial-of-Service Attacks”, CERT Advisory CA-98:01,Jan A. Woo and D.E. Culler, “A Transmission Control Scheme for Media Access in Sensor Networks,” Proc. 7 th Ann Int’l Conf. Mobile Computing and Networking (MobiCom 2001), ACM Press, New York, 2001, pp