Secure Routing in Wireless Sensor Network Soumyajit Manna Kent State University 5/11/2015Kent State University1

Outline  Overview and background  Statement of routing security problem  Attacks on sensor network routing  Attack on specific sensor network protocol  Countermeasure 5/11/2015Kent State University2

Overview and Background  Current Routing Protocol Goal:  Low Energy  Robust  Scalable  Low Latency  Small Footprint  So for Wireless Sensor Network:  Current routing protocol not designed for security & be insecure  Unlike traditional network, they can’t depend on many available resources for security  Goal: to design sensor routing protocol with security in mind 5/11/2015Kent State University3

Problem Statement  Assumption about underlying network  Radio link, sensor node and MAC layer are not secured and easily tampered  Base stations and aggregation points can be trusted to some extend  Different threat models  Mote class Vs Laptop class  Inside Vs Outside  Security goals in this settings  Reliable delivery of messenger in conventional network  Sensor network need in-network processing  Graceful degradation  Confidentiality Protection against Reply of data packet should be handle by higher level 5/11/2015Kent State University4

Attack model  Spoofed, altered or replay routing information  May be used for loop construction, attracting or repelling traffic, extend or shorten source route  Selective forwarding  Refuse to forward certain messengers, selective forwarding packets or simply drop them by trying to follow the path of least resistance and attempt to include itself on the actual data path flow  Sinkhole attacks  Attracting nearly all traffic from a particular area through a specific compromised node 5/11/2015Kent State University5

Attack model  Sybil attacks  Forging of multiple identities – having a set of faulty entities representing through a large set of identities. It undermines assumed mapping between identity to entity  Wormhole attacks  Tunneling of messages over alternative low – latency links like confuse the routing protocol, creates sinkhole  Hello flood attacks  An attacker sends or replays a routing protocol’s hello packets with more energy  Acknowledgement spoofing  Spoof link layer acknowledgement to trick other nodes to believe that link or node is either dead or alive 5/11/2015Kent State University6

General sensor routing protocol type  Flooding  Gradient  Clustering  Geographic  Energy Aware 5/11/2015Kent State University7

Protocols used in sensor network  TinyOS beaconing  Directed diffusion  Geographic routing  Minimal cost forwarding  Cluster – head – LEACH  Rumor routing  Energy conserving topology maintenance 5/11/2015Kent State University8

Attacks on specific protocols  TinyOS beaconing: It constructs a breath first spanning tree rooted at base station. Periodically the base station broadcasts a route updates and mark the base station as parents and broadcast it.  Relevant Attack mode:  Bogus routing information  Selective forwarding  Sinkhole  Wormholes  Hello floods 5/11/2015Kent State University9

TinyOS beacon  Spoof information Bogus and replayed routing information (such as “I am base station”) send by an adversary can easily pollute the entire network. 5/11/2015Kent State University10

TinyOS beacon  Wormhole & Sinkhole Combination  Tunnel packets received in one place of the network and replay them in another place  The attacker can have no key material. All it requires is two transceivers and one high quality out-of-bound channel 5/11/2015Kent State University11

TinyOS beacon  Wormhole & Sinkhole Combination  Most packet will be routed to the wormhole  The wormhole can drop packet directly (sinkhole)  Or more subtly selectively forward packets to avoid detection 5/11/2015Kent State University12

TinyOS beacon  Hello flood attack  A Laptop class adversary that can retransmit a routing updates with enough power to be received by the entire network 5/11/2015Kent State University13

Direct Diffusion  Relevant attack  Suppression – by spoof negative reinforcement  Cloning – by replay information with malicious listed as base station (send both)  Path influence – by spoof positive or negative reinforcements and bogus data events  Selective forwarding and data tampering – by above attack method to put the malicious node in the data flow  Wormholes attack  Sybil attack 5/11/2015Kent State University14

Geographic routing  GEAR & GPSR  Cost function depends on destination location and the neighbor nodes used to determine next hop  It uses greedy geographic query routing technique  Better than Directed Diffusion (e.g. flooding technique)  It restrict broadcast within sampling region 5/11/2015Kent State University15

Geographic routing  Possible attack  Sybil attack  Bogus routing information  Selective forwarding  No wormhole and sinkhole attack An adversary may present multiple identities to other nodes. The Sybil attack can disrupt geographic and multi-path routing protocols by being in more than one place at once and reducing diversity. From B-> C, now will go through B-> A3 ->C 5/11/2015Kent State University16

Geographic routing example 2 From B -> D, A forge a wrong information to claim B is in (2, 1), so C will send packets back to B which cause loop at last. 5/11/2015Kent State University17

Minimum cost forwarding  It is an backoff – based cost field algorithm for efficiently forwarding packets from sensor nodes to base station  Once the field is established the message, carrying dynamic cost information, flows along the minimum cost path in the cost field. Each intermediate node forwards the message only if it finds itself on the optimal path A = 110, will select B for this message. 5/11/2015Kent State University18

Minimum cost forwarding  Possible attacks  Sinkhole attack  Mote – class adversary advertising cost zero anywhere in network  Hello flood attack  Bogus routing information  Selective forwarding  Wormholes 5/11/2015Kent State University19

LEACH  It is termed as Low – Energy Adaptive Clustering Hierarchy.  Randomized and self – configuration  Low energy media access control  Cluster-head collect data and perform processing then transmit to base station.  Possible attack  Hello floods: Cluster – head selection based on signal strength what means a powerful advertisement can make the malicious attack be cluster – head.  Selective forwarding  Sybil attack: Combined with hello floods if nodes try to randomly select cluster – head instead of strongest signal strength. 5/11/2015Kent State University20

Rumor Routing  Designed for query/event ratios between query and event flooding  Lower the energy cost of flooding 5/11/2015Kent State University21

Rumor routing  Possible attack  Bogus routing information  Create tendrils by FWD copies of agent  Send them as long as possible (TTL)  Selective forwarding  Sinkholes  Sybil  Wormholes 5/11/2015Kent State University22

Energy conserving topology maintenance GAF SPAN  Physical space is divided into equal virtual size squares, where nodes know its location and nodes with a square are equivalent  Identifies nodes for routing based on location information  Dense node deployment hence turn off unnecessary nodes ( like sleep, discovery or active state)  Each grid square has one active node  Nodes are ranked with respect to current state & expected lifetime  An energy – efficient coordination algorism for topology maintenance  Backbone for routing fidelity is build by coordinators  A node become eligible to be coordinate if two of its neighbors can’t reach other directly or via one or two coordinators  Traffic only routed by coordinator  Random back off for delay coordinator announcement  Hello messenger being broadcasted periodically 5/11/2015Kent State University23

Energy conserving topology maintenance GAF SPAN  Possible attack  Bogus routing: Broadcasting high ranking discovery messages, then they can use some selective forwarding attack  Sybil & Hello flood: Target individual grids by a high ranking discovery messages with a non – existent node, frequently advertisements can disable the whole network by making most node sleep  Possible attack  Hello floods: Broadcast n Hello messages with fake coordinator and neighbors which will prevent nodes from becoming coordinators when they should, then they can use some selective forwarding attack 5/11/2015Kent State University24

Summary of attacks 5/11/2015Kent State University25

Countermeasures  Selective Forwarding can be limited by implementing multipath and probabilistic routing.  Outsider attack like Bogus routing information, Sybil, Sinkholes can be prevented by implementing key management at the link layer.  Insider attack like HELLO floods can be prevented by establishing link keys with the trusted base station which will verifies bidirectional.  Authenticated broadcast and flooding are important primitives.  Cluster-based protocols and overlays can reduce attack for the nodes closer to base station 5/11/2015Kent State University26

Attacks difficult to defend  Wormhole are difficult to defend. This type of attack is done by mainly laptop-class both from inside and outside. To some extend geographic and clustering based protocol defend against this attack. 5/11/2015Kent State University27

Conclusion  Link layer encryption and authentication, multipath routing, identity verification, bidirectional link verifies and authenticated broadcast is important.  Cryptography is not enough for insider and laptop-class adversaries, careful protocol design is needed as well 5/11/2015Kent State University28