DoS Attacks on Sensor Networks Hossein Nikoonia Department of Computer Engineering Sharif University of Technology

Slides:



Advertisements
Similar presentations
Jason Li Jeremy Fowers. Background Information Wireless sensor network characteristics General sensor network security mechanisms DoS attacks and defenses.
Advertisements

A Security Protocol for Sensor Networks Khadija Stewart, Themistoklis Haniotakis and Spyros Tragoudas Dept. of Electrical and Computer Engineering Southern.
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
 Introduction  Benefits of VANET  Different types of attacks and threats  Requirements and challenges  Security Architecture  Vehicular PKI.
A Distributed Security Framework for Heterogeneous Wireless Sensor Networks Presented by Drew Wichmann Paper by Himali Saxena, Chunyu Ai, Marco Valero,
A Survey of Secure Wireless Ad Hoc Routing
CSE 5392By Dr. Donggang Liu1 CSE 5392 Sensor Network Security Introduction to Sensor Networks.
Containing DoS Attacks in Broadcast Authentication in Sensor Networks (Ronghua Wang, Wenliang Du, Peng Ning) Containing DoS Attacks in Broadcast Authentication.
An Efficient Scheme for Authenticating Public Keys in Sensor Networks Wenliang (Kevin) Du (Syracuse) Ronghua Wang (Syracuse) Peng Ning (North Carolina.
Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)
LOGO Multi-user Broadcast Authentication in Wireless Sensor Networks ICU Myunghan Yoo.
Using Auxiliary Sensors for Pair-Wise Key Establishment in WSN Source: Lecture Notes in Computer Science (2010) Authors: Qi Dong and Donggang Liu Presenter:
Securing Wireless Sensor Networks Wenliang (Kevin) Du Department of Electrical Engineering and Computer Science Syracuse University.
Edith C. H. Ngai1, Jiangchuan Liu2, and Michael R. Lyu1
1 Security in Wireless Sensor Networks Group Meeting Fall 2004 Presented by Edith Ngai.
Nov.6, 2002 Secure Routing Protocol for Ad Hoc Networks Li Xiaoqi.
Efficiently Authenticating Code Images in Dynamically Reprogrammed Wireless Sensor Networks PerSec 2006 Speaker: Prof. Rick Han Coauthors Jing Deng and.
Security Issues In Sensor Networks By Priya Palanivelu.
Securing Wireless Sensor Networks Wenliang (Kevin) Du Department of Electrical Engineering and Computer Science Syracuse University.
INSENS: Intrusion-Tolerant Routing For Wireless Sensor Networks By: Jing Deng, Richard Han, Shivakant Mishra Presented by: Daryl Lonnon.
ITIS 6010/8010 Wireless Network Security Dr. Weichao Wang.
Key Distribution in Sensor Networks (work in progress report) Adrian Perrig UC Berkeley.
SPINS: Security Protocols for Sensor Networks Adrian Perrig, Robert Szewczyk, Victor Wen, David Culler, J.D. Tygar Research Topics in Security in the context.
SPINS: Security Protocols for Sensor Networks Adrian Perrig, Robert Szewczyk, Victor Wen, David Culler, and J.D. Tygar – University of California, Berkeley.
SPINS: Security Protocols for Sensor Networks Adrian Perrig Robert Szewczyk Victor Wen David Culler Doug TygarUC Berkeley.
Wireless Sensor Network Security Anuj Nagar CS 590.
ITIS 6010/8010: Wireless Network Security Weichao Wang.
Key management in wireless sensor networks Kevin Wang.
1 Energy Efficient Communication in Wireless Sensor Networks Yingyue Xu 8/14/2015.
Security Considerations for Wireless Sensor Networks Prabal Dutta (614) Security Considerations for Wireless Sensor Networks.
Mitigating DoS Attacks against Broadcast Authentication in Wireless Sensor Networks Peng Ning, An Liu North Carolina State University and Wenliang Du Syracuse.
Secure Aggregation for Wireless Networks Lingxuan Hu David Evans [lingxuan, Department of Computer.
Secure Cell Relay Routing Protocol for Sensor Networks Xiaojiang Du, Fengiing Lin Department of Computer Science North Dakota State University 24th IEEE.
SENSOR NETWORK SECURITY Group Members Pardeep Kumar Md. Iftekhar Salam Ahmed Galib Reza 1 Presented by: Iftekhar Salam 1.
1 Securing Wireless Sensor Networks Wenliang (Kevin) Du Department of Electrical Engineering and Computer Science Syracuse University Excerpted from
Security in Wireless Sensor Networks using Cryptographic Techniques By, Delson T R, Assistant Professor, DEC, RSET 123rd August 2014Department seminar.
Security Patterns in Wireless Sensor Networks By Y. Serge Joseph October 8 th, 2009 Part I.
Providing Transparent Security Services to Sensor Networks Hamed Soroush, Mastooreh Salajegheh and Tassos Dimitriou IEEE ICC 2007 Reporter :呂天龍 1.
Hao Yang, Fan Ye, Yuan Yuan, Songwu Lu, William Arbaugh (UCLA, IBM, U. Maryland) MobiHoc 2005 Toward Resilient Security in Wireless Sensor Networks.
Multi-Resolution Spatial and Temporal Coding in a Wireless Sensor Network for Long-Term Monitoring Applications You-Chiun Wang, Member, IEEE, Yao-Yu Hsieh,
Secure routing in wireless sensor network: attacks and countermeasures Presenter: Haiou Xiang Author: Chris Karlof, David Wagner Appeared at the First.
Sensor Network Security: Survey Team Members Pardeep Kumar Md. Iftekhar Salam Ah. Galib Reza 110/28/2015.
TinySec: A Link Layer Security Architecture for Wireless Sensor Networks Chris Karlof :: Naveen Sastry :: David Wagner Presented by Roh, Yohan October.
Rushing Attacks and Defense in Wireless Ad Hoc Network Routing Protocols ► Acts as denial of service by disrupting the flow of data between a source and.
Computer Science 1 TinySeRSync: Secure and Resilient Time Synchronization in Wireless Sensor Networks Speaker: Sangwon Hyun Acknowledgement: Slides were.
Security in Mobile Ad Hoc Networks: Challenges and Solutions (IEEE Wireless Communications 2004) Hao Yang, et al. October 10 th, 2006 Jinkyu Lee.
Multi-user Broadcast Authentication in Wireless Sensor Networks Kui Ren, Wenjing Lou, Yanchao Zhang SECON2007 Manar Mahmoud Abou elwafa.
Efficient Distribution of Key Chain Commitments for Broadcast Authentication in Distributed Sensor Networks Donggang Liu and Peng Ning Department of Computer.
Shambhu Upadhyaya 1 Ad Hoc Networks – Network Access Control Shambhu Upadhyaya Wireless Network Security CSE 566 (Lecture 20)
User authentication schemes with pseudonymity for ubiquitous sensor network in NGN Authors: Binod Vaidya, Joel J. Rodrigues and Jong Hyuk Park Source:
Shambhu Upadhyaya 1 Sensor Networks – Hop- by-Hop Authentication Shambhu Upadhyaya Wireless Network Security CSE 566 (Lecture 22)
A Dynamic Query-tree Energy Balancing Protocol for Sensor Networks H. Yang, F. Ye, and B. Sikdar Department of Electrical, Computer and systems Engineering.
Interleaving and Collusion Attacks on a Dynamic Group Key Agreement Scheme for Low-Power Mobile Devices * Junghyun Nam 1, Juryon Paik 2, Jeeyeon Kim 2,
Overview of Wireless Networks: Cellular Mobile Ad hoc Sensor.
1 An Interleaved Hop-by-Hop Authentication Scheme for Filtering of Injected False Data in Sensor Networks Sencun Zhu, Sanjeev Setia, Sushil Jajodia, Peng.
Efficient Pairwise Key Establishment Scheme Based on Random Pre-Distribution Keys in Wireless Sensor Networks Source: Lecture Notes in Computer Science,
Network Security Celia Li Computer Science and Engineering York University.
Author: Na Ruan, Yoshiaki Hori Published in:
International Conference Security in Pervasive Computing(SPC’06) MMC Lab. 임동혁.
On Mobile Sink Node for Target Tracking in Wireless Sensor Networks Thanh Hai Trinh and Hee Yong Youn Pervasive Computing and Communications Workshops(PerComW'07)
1 Self-Certified Group Key-Generation for Ad Hoc Clusters in Wireless Sensor Networks Ortal Arazi, Hairong Qi Dept. Electrical & Computer Engineering The.
Hao Yang, Fan Ye, Yuan Yuan, Songwu Lu, William Arbaugh (UCLA, IBM, U. Maryland) MobiHoc 2005 Toward Resilient Security in Wireless Sensor Networks.
Sensor Networks Jason Turbyfill 16 February 2005.
Unpredictable Software-based Attestation Solution for Node Compromise Detection in Mobile WSN Xinyu Jin 1 Pasd Putthapipat 1 Deng Pan 1 Niki Pissinou 1.
Overview of Wireless Networks:
SPINS: Security Protocols for Sensor Networks
Securing Wireless Sensor Networks
SPINS: Security Protocols for Sensor Networks
Outline A. Perrig, R. Szewczyk, V. Wen, D. Culler, and J. D. Tygar. SPINS: Security protocols for sensor networks. In Proceedings of MOBICOM, 2001 Sensor.
Presentation transcript:

DoS Attacks on Sensor Networks Hossein Nikoonia Department of Computer Engineering Sharif University of Technology

Outline Wireless Sensor Networks False-Endorsement-Based DoS Attacks Broadcast Authentication ◦ Broadcast Authentication  Digital Signature  µTESLA Containing DoS Attacks in Broadcast Authentication Mitigating DoS Attacks against Broadcast Authentication Other Types of DoS Attack Future Work

WIRELESS SENSOR NETWORKS

Introduction Composed of a large number of sensor nodes and one or more sink Sensor Nodes ◦ Collect data ◦ Route data back to the sink Sink [Akyildiz et. al. 2002]

Applications Military Health ◦ Monitoring patients Monitoring disaster areas [Akyildiz et. al. 2002]

Constraints Sensor Nodes ◦ Energy  Usually battery-powered ◦ Processing power  Public-key operations are expensive  Delay  Energy ◦ Cost  Tamper-proof hardware is not practical Deployment area ◦ Hostile ◦ Unattended

Mica2 Motes Developed at UC Berkeley TinyOS ATmega128L 128 KB Program flash memory 4KB Configuration E2PROM 2X AA Battery [Crossbow Technology]

Information Security Confidentiality Integrity Availability Denial-of-Service (DoS)

FALSE-ENDORSEMENT- BASED DOS ATTACKS IN WIRELESS SENSOR NETWORKS C. Krau β, M Schneider, C. Eckert WiSec ‘08

False-Endorsement How to verify correctness of an event? ◦ Message Authentication Code (MAC) Problem ◦ Node capture Solution to the problem ◦ Endorsement ◦ XOR of MACs [Krau β et. al. 2008]

False-Endorsement Problem of the solution ◦ False-Endorsement Solution? [Krau β et. al. 2008]

Basic Idea Nodes should prove their endorsement. [Krau β et. al. 2008]

Details Assumptions ◦ Nodes are loosely time-synchronized ◦ Attacker does not have access to nodes for a period of time ◦ Clusters contain  One cluster head (CH)  Several cluster nodes (CNs) Hash chain ◦ A sequence of n hash values [Krau β et. al. 2008; Ning et. al. 2008]

Details Report Generation Verification [Krau β et. al. 2008]

BROADCAST AUTHENTICATION

Broadcast Authentication Digital signatures µTESLA [Ning et. al. 2008]

Digital Signature 160-bit Elliptic Curve Digital Signature Algorithm (ECDSA) on MICAz ◦ Power consumption  Receiving  0.25mJ  Signature verification  38.88mJ  Alkaline Battery  1200 J/cm3 ◦ Delay  1.62s [Ning et. al. 2008; Karl and Willing 2005]

µTESLA Delayed authentication Use of a one-way hash chain Nodes should be loosely time synchronized MACs are generated with a key which will be disclosed after a certain period of time. [Ning et. al. 2008]

DoS Attack against Broadcast Authentication Digital signature ◦ Power consumption ◦ Delay ◦ It is impractical for the nodes to validate each incoming message before forwarding it. µTESLA ◦ Delayed authentication [Wang et. al. 2007; Ning et. al. 2008]

CONTAINING DOS ATTACKS IN BROADCAST AUTHENTICATION IN SENSOR NETWORKS R. Wang, W. Du, P. Ning MobiHoc ‘07

The Basic Question First to forward or first to verify? [Wang et. al. 2007]

The Ideal Solution ◦ Faked messages  Authentication-first ◦ Authentic messages  Forwarding-first How? [Wang et. al. 2007]

Proposed Solution Dynamic Windows ◦ Additive increase, Multiplicative Decrease (AIMD) Each node stores a window size W ◦ Initial value: W max Attach a d a to each message ◦ Number of hops message has passed since its last authentication. [Wang et. al. 2007]

Proposed Solution [Wang et. al. 2007]

Simulation Result [Wang et. al. 2007]

MITIGATING DOS ATTACKS AGAINST BROADCAST AUTHENTICATION IN WIRELESS SENSOR NETWORKS P. Ning, A. Liu, W. Du ACM Transactions on Sensor Networks, 2008.

Basic Idea Use of a weak authenticator ◦ Could be verified efficiently by a sensor node. ◦ Cannot be pre-computed. ◦ Takes a reasonable amount of time for sink to compute. ◦ Almost impractical for attacker to forge. Not a replacement of digital signatures [Ning et. al. 2008]

Weak authenticator Message-specific puzzle ◦ Based on one-way key chains ◦ Takes 14.6ms on a MICAz mote to verify this weak authenticator. [Ning et. al. 2008]

Details Consider a hash chain. This chain is generated offline and is stored in sink. Each node knows the last value of the chain. ◦ Hence, they can authenticate next values [Ning et. al. 2008]

Details

Other Types of DoS Attacks Jamming ◦ [Wood and Stankovic 2002] Path-based DoS Attack ◦ [Deng et. al. 2005]

Future Work DoS attack against sink Multistage digital signature Real-time weak authenticator (puzzle)

References I. F. Akyildiz, W. Su, Y. Sankarasubramaniam, E. Cayirci, “A Survey on Sensor Networks”, IEEE Communications Magazine, pp , Aug [Crossbow Technology] J. Deng, R. Han, S. Mishra, “Defending against Path-based DoS Attacks in Wireless Sensor Networks”, In Proceedings of SASN’05, pp , C. Krau β, M. Schneider, C. Eckert, “Defending against False-Endorsement-Based DoS Attacks in Wireless Sensor Networks, In Proceedings of WiSec’08, pp , H. Karl, A. Willing, ”Protocols and Architectures for Wireless Sensor Networks”, John Wiley and Sons, P. Ning, A. Liu, W. Du, “Mitigating DoS Attacks against Broadcast Authentication in Wireless Sensor Networks”, ACM Transactions on Sensor Networks, Vol. 4, No. 1, pp. 1-33, A. D. Wood, J. A. Stankovic, “Denial of Service in Sensor Networks”, Computer, Vol. 35, pp , Oct R. Wang, W. Du, P. Ning, ”Containing Denial-of-Service Attacks in Broadcast Authentication in Sensor Networks”, In Proceedings of MobiHoc’07, pp , 2007.