Security Issues in Distributed Sensor Networks Yi Sun Department of Computer Science and Electrical Engineering University of Maryland, Baltimore County

2 Outline 1. Introduction 2. Security Criteria 3. Vulnerabilities 4. Attack Types 5. Security Schemes 6. Intrusion Detection Techniques 7. Secure Routing Techniques 8. Key Management Schemes

3 1. Introduction Explosive growth of mobile computing devices laptops personal digital assistants (PDAs) handheld digital devices … Ubiquitous computing Individual users utilize, at the same time, several electronic platforms through which they can access all the required information whenever and wherever they may be

4 2. Security Criteria Availability Provide all the designed services Integrity Malicious altering, accidental altering Confidentiality Accessible to authorized nodes Authenticity Prove identities

5 2. Security Criteria Nonrepudiation Cannot disavow sent or received a message Authorization Specifies the privileges and permissions Anonymity Privacy preserving

6 3. Vulnerabilities Lack of secure boundaries No need to gain the physical access to visit the network Threats from compromised nodes inside the network Behavioral diversity of different nodes, mobility Lack of centralized management facility Benign failures, cooperative algorithm Restricted power supply Battery, DoS, selfish node Scalability Efficient routing protocol, key management service

7 4. Attack types Denial of Service (DoS) Radio jamming, battery exhaustion Impersonation Compromised nodes join the network as normal nodes Eavesdropping Obtain confidential information during communication Attacks against routing Attacks on routing protocols, attacks on packet forwarding/delivery

8 5. Security Schemes Intrusion Detection Techniques Distributed and cooperative to meet with the needs of sensor networks Secure Routing Techniques Defend specific attacks and general attacks Medium Access Control Guaranteed or controlled access, random access Key Management Cryptography

9 6. Intrusion Detection Techniques Intrusion Detection System (IDS) Detect unwanted manipulations to systems Difference with Wired Network No fixed infrastructure No traffic concentration points Limited radio range audit data Limited communication Local-dependent computing No Clear Separation of normal and abnormal behavior …… IDS in sensor networks should be distributed and cooperative to meet with these characteristics

10 6. Intrusion Detection Techniques Cooperative IDS Architecture for Sensor Networks

11 6. Intrusion Detection Techniques Cooperative IDS Architecture for Sensor Networks Every node participate in intrusion detection and response activities by detecting signs of intrusion behavior locally and independently. Neighboring nodes can share their investigation results with each other and cooperate in a broader range. Cooperation generally happens when a certain node detects an anomaly but does not have enough evidence to figure out what kind of intrusion it belongs to.

12 6. Intrusion Detection Techniques Corresponding Conceptual Model of IDS Agents

13 6. Intrusion Detection Techniques Local Data Collection Module Deal with the data gathering issue, in which the real-time audit data may come from various resources. Local Detection Engine Examine the local data collected by the local data collection module and inspect if there is any anomaly shown in the data.

14 6. Intrusion Detection Techniques Cooperative Detection Engine Work with other IDS agents when there are some needs to find more evidences for some suspicious anomalies detected in some certain nodes. Intrusion Response Module Deal with the response to the intrusion when it has been confirmed.

15 6. Intrusion Detection Techniques Cluster-based Intrusion Detection Technique All the nodes in cooperative intrusion detection architecture need to participate if cooperation needed. Limited power supply, selfish manner. Organize sensors into clusters, every node belongs to at least one cluster. In each cluster, only one node take care of monitoring issues during a period of time.

16 6. Intrusion Detection Techniques Finite State Machine of the Cluster Formation Protocol

17 6. Intrusion Detection Techniques Cluster-based Intrusion Detection Technique All the nodes in the network will be in the initial state at first, they will monitor their own traffic and detect intrusion behaviors independently. Use clique computation and clusterhead computation to get the clusterhead of the network. Use Cluster Valid Assertion Protocol to check if the connection between the clusterhead and itself is maintained or not. After timeout for the clusterhead, all the nodes begin a new round of clusterhead election. Cluster Recovery Protocol is used when a node loses its connection with previous clusterhead.

18 6. Intrusion Detection Techniques Clusterhead Computation Protocol 1. Generate a random integer Ri. 2. Broadcast a message ELECTION_START=(IDi, HASH(IDi,Ri)) to CL ' i. HASH is a common hash function. A corresponding timer T1 is setup. 3. On Receiving all ELECTION_START from CL ' i, broadcast the message ELECTION=(IDi,Ri) to clique CL ' i. 4. If T1 is timeout, every node for whom ELECTION_START has not be received is excluded from CLi. 5. On Receiving ELECTION from node j, verify its hash value matches the value in the ELECTION_START message from j. Store Rj locally.

19 6. Intrusion Detection Techniques 6. If all Rj from CL ' i have arrived, compute H=SEL(R0,R1,R2,…,Rs c-1 ) where SEL is the selection function. Determine the cluster head H as the h-th node in the clique since all IDs are ordered. 7. If H ≠ i (i.e., as a citizen), do the following. (a) Send ELECTION_DONE to H. (b) Wait for ELECTION_REPLY from H, then enter DONE state. 8. Otherwise, as a cluster head, H performs following. (a) Setup a timer T2. (b) On Receiving ELECTION_DONE, verify it is from CL ' i. (c) If T2 is timeout, citizens from whom ELECTION_DONE has not be received are excluded from CLi. Broadcast ELECTION_REPLY to CL ' i and enter DONE state.

20 6. Intrusion Detection Techniques Cluster Valid Assertion Protocol 1. Since the network topology tends to change in sensor networks, connections between the elected cluster head and some citizens nodes may be broken from time to time. If a link between a citizen Z and a cluster head H has been broken, Z will check if it is in another cluster. If not, it enters LOST state and activates the Cluster Recovery Protocol. Also, Z is removed from H's citizen list CTC. If there is no more citizens in cluster C, H becomes a citizen if it belongs to another cluster. Otherwise, H enters LOST state and activates the Cluster Recovery Protocol.

21 6. Intrusion Detection Techniques 2. Even if no membership change has occurred, the cluster head cannot function forever because it is neither fair in terms of service and unsafe in terms of the long time single-point control and monitoring. So enforce a mandatory re-election timeout, Tr. Once the Tr expires, all nodes in the cluster enters the INITIAL state and start a new cluster head setup round. If the clique property still holds, the Clique Computation step can be skipped.

22 6. Intrusion Detection Techniques Cluster Recovery Protocol 1. A request message ADD REQUEST=(IDi) is broadcast with a timer T3. 2. A clusterhead H receives the request and replies ADD REPLY=(IDH) only after a short delay Td. The delay is introduced in hope that a connection has been stable for Td can remain to be stable for a fairly long time. 3. Node i replies the rst ADD REPLY it received. And enters DONE state. Additional ADD REPLYs are ignored. 4. On Receiving ADD ACK, H adds i into its CTC. 5. If T3 is timeout and no ADD REPLY is received, there is no active clusterhead nearby. Node i enters INITIAL state to wait for other lost citizens to form new cliques and elect their new clusterheads.

23 6. Intrusion Detection Techniques Cross-Layer Integrated Intrusion Detection Simultaneously exploit several vulnerabilities at multiple layers. Keep the attack to each of the vulnerabilities stay below the detection threshold so as to escape from capture by the single-layer misbehavior detector. Easily skipped by the single-layer misbehavior detector. Cross-layer misbehavior detector, inputs from all layers of the network stack are combined and analyzed.

24 7. Secure Routing Techniques Defense Method against Wormhole Attacks Attacker receives packets at one point in the network, tunnels them to another point in the network, and then replays them into the network from that point. For tunneled distances longer than the normal wireless transmission range of a single hop, it is simple for the attacker to make the tunneled packet arrive sooner than other packets transmitted over a normal multi-hop route.

25 7. Secure Routing Techniques Packet Leash Any information that is added to a packet designed to restrict the packet’s maximum allowed transmission distance. There are two main leashes. Geographical Leash Ensure the recipient of the packet is within a certain distance from the sender. Temporal Leash Ensure the packet has an upper bound on its lifetime, which restricts the maximum travel distance, since the packet can travel at most at the speed-of-light.

26 7. Secure Routing Techniques Mechanism Against Rushing Attacks Result in denial of service. Prevent routing protocols to find routes longer than two- hops.

27 7. Secure Routing Techniques Mechanism Against Rushing Attacks Initiator node initiates a Route Discovery for the target node. If the ROUTE REQUESTs for this Discovery forwarded by the attacker are the first to reach each neighbor of the target, then any route discovered by this Route Discovery will include a hop through the attacker. That is, when a neighbor of the target receives the rushed REQUEST from the attacker, it forwards that REQUEST, and will not forward any further REQUESTs from this Route Discovery. When non-attacking REQUESTs arrive later at these nodes, they will discard those legitimate REQUESTs. As a result, the initiator will be unable to discover any usable routes.

28 7. Secure Routing Techniques Combined Mechanisms against Rushing Attack Secure Neighbor Detection Secure route delegation Randomized ROUTE REQUEST forwarding

29 7. Secure Routing Techniques Secure Neighbor Detection Allow each neighbor to verify the other is within a given maximum transmission range. Once a node A forwarding a ROUTE REQUEST determines that node B is a neighbor, it signs a Route Delegation message, allowing node B to forward the ROUTE REQUEST. When node B determines that node A is within the allowable range, it signs an Accept Delegation message. In this way, the neighborhood relationships between nodes can be verified and guaranteed to be genuine.

30 7. Secure Routing Techniques Watchdog Watchdog method detects misbehaving nodes. Suppose there exists a path from node S to D through intermediate nodes A, B, and C. Node A cannot transmit all the way to node C, but it can listen in on node B's traffic. When A transmits a packet for B to forward to C, A can often tell if B transmits the packet. If encryption is not performed separately for each link, which can be expensive, then A can also tell if B has tampered with the payload or the header.

31 7. Secure Routing Techniques Pathrater Combine knowledge of misbehaving nodes with link reliability data to pick the route most likely to be reliable. Each node maintains a rating for every other node it knows about in the network. It calculates a path metric by averaging the node ratings in the path.

32 8. Key Management Schemes Features of Key Management Schemes Applicability Scalability Security Robustness Simple Classification of Key Management Schemes Public Key Schemes: Identity Based, Certificate Based Symmetric Schemes: MANET Schemes, WSN Schemes

33 8. Key Management Schemes Threshold Cryptography (k, n) threshold cryptography scheme: Share secret scheme. n parties share the ability of performing a cryptographic operation or information and k threshold value. Any k-1 (or less) parties cannot handle. Any k of those n parties can handle jointly Classification of Key Management Schemes.

34 8. Key Management Schemes Ubiquitous Security Support It relies on a threshold signature system with a (k, n) secret sharing of the private certification authority (CA) key. All nodes get a share of the private CA key. The nodes earn trust in the entire network when they receive a valid certificate. A new secret share is calculated by adding partial shares received from a coalition of k neighbors.

35 8. Key Management Schemes Ubiquitous Security Support When network starts, Have dealer: The first nodes receive their certificates from a dealer before joining the network. After k nodes have been initialized, the dealer is removed. No dealer: Localized self initialization.

36 8. Key Management Schemes Identity-Based Signature To verify a signature, it is enough to know the ID of the sender with the public system parameters. The public system parameters defined by the private key generator (PKG) during system set up. The PKG also generates the private signature keys corresponding to the user IDs.

37 8. Key Management Schemes Identity-Based Public Key An identity-based public key (IBC-K) for sensor networks combining identity-based cryptography with threshold cryptography. The nodes that initialize the sensor networks form a threshold PKG, spreading the PKG private master key over the initial set of nodes by a (k, n) threshold scheme.

38 8. Key Management Schemes Symmetric schemes SKiMPy is designed for MANETs in emergency and rescue operations. SKiMPy seeks to establish a MANET-wide symmetric key for protection of network-layer routing information or application-layer user data. Steps: 1. Generate a random symmetric key. 2. Transfer it to one-hop neighborhoods. 3. The best key is chosen as the local group key. 4. Transfer it to the nodes with worse keys through a secure channel, and until the “best” key has been shared with all nodes in the MANET.

39 8. Key Management Schemes Key Infection (INF) The scheme assumes static sensor nodes and mass deployment. INF sets up symmetric keys between the nodes and their one-hop neighbors. At bootstrap time, every node simply generates a symmetric key and sends it to its neighbors. A key whispering approach is used, that is, the key is initially transmitted at a low power level.

40 Thanks!

41 References Y. Zhang and W. Lee, Intrusion Detection in Wireless Ad-hoc Networks, in Proceedings of the 6th International Conference on Mobile Computing and Networking (MobiCom 2000), pages 275–283, Boston, Massachusetts, August Jim Parker, Anand Patwardhan, and Anupam Joshi, Detecting Wireless Misbehavior through Cross-layer Analysis, in Proceedings of the IEEE Consumer Communications and Networking Conference Special Sessions (CCNC’2006), Las Vegas, Nevada, Y. Hu, A. Perrig and D. Johnson, Rushing Attacks and Defense in Wireless Ad Hoc Network Routing Protocols, in Proceedings of ACM MobiCom Workshop - WiSe’03, Yi-an Huang and Wenke Lee, A Cooperative Intrusion Detection System for Ad Hoc Networks, in Proceedings of the 1st ACM Workshop on Security of Ad hoc and Sensor Networks, Fairfax, Virginia, 2003, pp. 135 – 147. Panagiotis Papadimitraos and Zygmunt J. Hass, Securing Mobile Ad Hoc Networks, in Book The Handbook of Ad Hoc Wireless Networks (Chapter 31), CRC Press LLC, 2003.

42 References Y. Hu, A. Perrig and D. Johnson, Packet Leashes: A Defense against Wormhole Attacks in Wireless Ad Hoc Networks, in Proceedings of IEEE INFOCOM’03, Wenjia Li and Anupam Joshi, Security Issues in Mobile Ad Hoc Networks – A Survey, Technical report, Y. Hu, A. Perrig and D. Johnson, Wormhole Attacks in Wireless Networks, IEEE Journal on Selected Areas in Communications, Vol. 24, No. 2, February A. Khalili, J. Katz, and W. A. Arbaugh, Towards Secure Key Distribution in Truly Ad-Hoc Networks, in IEEE Workshop on Security and Assurance in Ad- Hoc Networks, Sergio Marti, T. J. Giuli, Kevin Lai and Mary Baker, Mitigating routing misbehavior in mobile ad hoc networks, in Proceedings of the 6th annual international conference on Mobile computing and networking (MobiCom’00), pages 255–265, Boston, MA, 2000.