Computer Science 1 CSC 774 Advanced Network Security Distributed detection of node replication attacks in sensor networks (By Bryan Parno, Adrian Perrig,

Slides:



Advertisements
Similar presentations
Chris Karlof and David Wagner
Advertisements

Security in Sensor Networks By : Rohin Sethi Aranika Mahajan Twisha Patel.
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 6. Security in Mobile Ad-Hoc Networks.
Mitigating Routing Misbehavior in Mobile Ad-Hoc Networks Reference: Mitigating Routing Misbehavior in Mobile Ad Hoc Networks, Sergio Marti, T.J. Giuli,
Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
Distributed Detection of Node Replication Attacks in Sensor Networks Bryan Parno, Adrian Perrig Virgil Gligor Carnegie Mellon UniversityUniversity of Maryland.
Rumor Routing Algorithm For sensor Networks David Braginsky, Computer Science Department, UCLA Presented By: Yaohua Zhu CS691 Spring 2003.
Rumor Routing in Sensor Networks David Braginsky and Deborah Estrin LECS – UCLA Modified and Presented by Sugata Hazarika.
1 Routing Techniques in Wireless Sensor networks: A Survey.
Rumor Routing in Sensor Networks David Braginsky and Deborah Estrin Presented By Tu Tran 1.
© 2007 Levente Buttyán and Jean-Pierre Hubaux Security and Cooperation in Wireless Networks Chapter 4: Naming and addressing.
Computer Science 1 CSC 774 Advanced Network Security Enhancing Source-Location Privacy in Sensor Network Routing (ICDCS ’05) Brian Rogers Nov. 21, 2005.
A Probabilistic Misbehavior Detection Scheme towards Efficient Trust Establishment in Delay-tolerant Networks Haojin Zhu, Suguo Du, Zhaoyu Gao, Mianxiong.
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 7. Wireless Sensor Network Security.
Distributed Detection Of Node Replication Attacks In Sensor Networks Presenter: Kirtesh Patil Acknowledgement: Slides on Paper originally provided by Bryan.
SIA: Secure Information Aggregation in Sensor Networks Bartosz Przydatek, Dawn Song, Adrian Perrig Carnegie Mellon University Carl Hartung CSCI 7143: Secure.
ITIS 6010/8010 Wireless Network Security Dr. Weichao Wang.
Secure Routing in Sensor Networks: Attacks and Countermeasures First IEEE International Workshop on Sensor Network Protocols and Applications 5/11/2003.
Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.
Random Key Predistribution Schemes for Sensor Networks Authors: Haowen Chan, Adrian Perrig, Dawn Song Carnegie Mellon University Presented by: Johnny Flowers.
Dissemination protocols for large sensor networks Fan Ye, Haiyun Luo, Songwu Lu and Lixia Zhang Department of Computer Science UCLA Chien Kang Wu.
INSENS: Intrusion-Tolerant Routing For Wireless Sensor Networks By: Jing Deng, Richard Han, Shivakant Mishra Presented by: Daryl Lonnon.
An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.
Security in Wireless Sensor Networks Perrig, Stankovic, Wagner Jason Buckingham CSCI 7143: Secure Sensor Networks August 31, 2004.
1 Freenet  Addition goals to file location: -Provide publisher anonymity, security -Resistant to attacks – a third party shouldn’t be able to deny the.
Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures ProtocolRelevant Attacks TinyOS beaconingBogus routing information, selective forwarding,
 Structured peer to peer overlay networks are resilient – but not secure.  Even a small fraction of malicious nodes may result in failure of correct.
MOBILE AD-HOC NETWORK(MANET) SECURITY VAMSI KRISHNA KANURI NAGA SWETHA DASARI RESHMA ARAVAPALLI.
Securing Every Bit: Authenticated Broadcast in Wireless Networks Dan Alistarh, Seth Gilbert, Rachid Guerraoui, Zarko Milosevic, and Calvin Newport.
Secure Cell Relay Routing Protocol for Sensor Networks Xiaojiang Du, Fengiing Lin Department of Computer Science North Dakota State University 24th IEEE.
An efficient secure distributed anonymous routing protocol for mobile and wireless ad hoc networks Authors: A. Boukerche, K. El-Khatib, L. Xu, L. Korba.
Denial of Service (DoS) Attacks in Green Mobile Ad–hoc Networks Ashok M.Kanthe*, Dina Simunic**and Marijan Djurek*** MIPRO 2012, May 21-25,2012, Opatija,
Andreas Larsson, Philippas Tsigas SIROCCO Self-stabilizing (k,r)-Clustering in Clock Rate-limited Systems.
Ubiquitous Networks WSN Routing Protocols Lynn Choi Korea University.
Using Directional Antennas to Prevent Wormhole Attacks Lingxuan HuDavid Evans Department of Computer Science University of Virginia.
Freenet: A Distributed Anonymous Information Storage and Retrieval System Presenter: Chris Grier ECE 598nb Spring 2006.
SOS: Security Overlay Service Angelos D. Keromytis, Vishal Misra, Daniel Rubenstein- Columbia University ACM SIGCOMM 2002 CONFERENCE, PITTSBURGH PA, AUG.
Distributed Detection of Node Replication Attacks in Sensor Networks Bryan Parno, Adrian perrig, Virgil Gligor IEEE Symposium on Security and Privacy 2005.
Secure routing in wireless sensor network: attacks and countermeasures Presenter: Haiou Xiang Author: Chris Karlof, David Wagner Appeared at the First.
Securing Distributed Sensor Networks Udayan Kumar Subhajit Sengupta Sharad Sonapeer.
Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures Chris Karlof and David Wagner (modified by Sarjana Singh)
Rushing Attacks and Defense in Wireless Ad Hoc Network Routing Protocols ► Acts as denial of service by disrupting the flow of data between a source and.
Attacks in Sensor Networks Team Members: Subramanian Madhanagopal Sivasankaran Rahul Poondy Mukundan.
Integrating HaSAFSS into R.E.D for Node Replication Detection in Wireless Sensor Networks Shajith Ravi School of EECS - OSU CS519 - Advanced Network Security.
© 2007 Levente Buttyán and Jean-Pierre Hubaux Security and Cooperation in Wireless Networks Chapter 4: Naming and addressing.
Computer Science CSC 774 Adv. Net. Security1 Presenter: Tong Zhou 11/21/2015 Practical Broadcast Authentication in Sensor Networks.
Mangai Vetrivelan Snigdha Joshi Avani Atre. Sensor Network Vulnerabilities o Unshielded Sensor Network Nodes vulnerable to be compromised. o Attacks on.
Computer Science 1 Using Directional Antennas to Prevent Wormhole Attacks Presented by: Juan Du Nov 16, 2005.
Efficient Distribution of Key Chain Commitments for Broadcast Authentication in Distributed Sensor Networks Donggang Liu and Peng Ning Department of Computer.
Tufts Wireless Laboratory School Of Engineering Tufts University Paper Review “An Energy Efficient Multipath Routing Protocol for Wireless Sensor Networks”,
Teknik Routing Pertemuan 10 Matakuliah: H0524/Jaringan Komputer Tahun: 2009.
a/b/g Networks Routing Herbert Rubens Slides taken from UIUC Wireless Networking Group.
Shambhu Upadhyaya 1 Sensor Networks – Hop- by-Hop Authentication Shambhu Upadhyaya Wireless Network Security CSE 566 (Lecture 22)
Algorithms and Techniques in Structured Scalable Peer-to-Peer Networks
Energy Efficient Data Management for Wireless Sensor Networks with Data Sink Failure Hyunyoung Lee, Kyoungsook Lee, Lan Lin and Andreas Klappenecker †
Cross-Layer Scheduling for Power Efficiency in Wireless Sensor Networks Mihail L. Sichitiu Department of Electrical and Computer Engineering North Carolina.
1 An Interleaved Hop-by-Hop Authentication Scheme for Filtering of Injected False Data in Sensor Networks Sencun Zhu, Sanjeev Setia, Sushil Jajodia, Peng.
1 Routing security against Threat models CSCI 5931 Wireless & Sensor Networks CSCI 5931 Wireless & Sensor Networks Darshan Chipade.
A Key Management Scheme for Distributed Sensor Networks Laurent Eschaenauer and Virgil D. Gligor.
Efficient Pairwise Key Establishment Scheme Based on Random Pre-Distribution Keys in Wireless Sensor Networks Source: Lecture Notes in Computer Science,
KAIS T Location-Aided Flooding: An Energy-Efficient Data Dissemination Protocol for Wireless Sensor Networks Harshavardhan Sabbineni and Krishnendu Chakrabarty.
Decentralized Trust Management for Ad-Hoc Peer-to-Peer Networks Thomas Repantis Vana Kalogeraki Department of Computer Science & Engineering University.
 Attacks and threats  Security challenge & Solution  Communication Infrastructure  The CA hierarchy  Vehicular Public Key  Certificates.
Computer Science Least Privilege and Privilege Deprivation: Towards Tolerating Mobile Sink Compromises in Wireless Sensor Network Presented by Jennifer.
Ming Zhang, Vishal Khanapure, Shigang Chen, Xuelian Xiao
Introduction to Wireless Sensor Networks
Key Management Techniques in Wireless Sensor Networks
Path key establishment using multiple secured paths in wireless sensor networks CoNEXT’05 Guanfeng Li  University of Pittsburgh, Pittsburgh, PA Hui Ling.
PRESENTATION COMPUTER NETWORKS
Presentation transcript:

Computer Science 1 CSC 774 Advanced Network Security Distributed detection of node replication attacks in sensor networks (By Bryan Parno, Adrian Perrig, Virgil Gligor) Presenter: Amit Singh 18 th Nov 2005

Computer Science 2 Outline So, what’s the problem? Classical techniques of replication detection Centralized Scheme Neighborhood voting scheme Randomized multicast Line Selected Multicast Comparisons Conclusion & future work

Computer Science 3 The Problem Tamper resistant hardware is expensive, so most wireless sensor networks are composed of unshielded sensor nodes An adversary can easily attack, analyze and clone the unshielded sensor nodes and create replicas and insert them in the network This gives the adversary to carry on a large class of insidious attacks like disrupting communication, subverting data aggregation, eavesdropping etc.

Computer Science 4 Classical techniques of replication detection Central Detection  Each node sends its list of neighbors to a central base station  Base station searches lists for replicas  Disadvantages: oSingle point of failure oExhausts nodes near base station (and makes them targets) oSome applications may not use base stations Localized Detection  Neighborhoods use local voting protocols to detect replica  Disadvantage: oReplication is a global event that cannot be detected in a purely local fashion

Computer Science 5 Distributed approach Node-to-Network broadcast  Each node floods the network with its location information.  Each node stored the location information of it’s neighbors. If it detects a conflicting claim, the offending node is revoked. Advantages  Achieves 100% detection of duplicate nodes (assuming the broadcast reaches throughout the network) Disadvantages  Each node’s location broadcast requires O(n) messages  Total communication cost is O(n 2 ) messages

Computer Science 6 Notation

Computer Science 7 Deterministic Multicast Protocol  A node broadcasts its location claim, which is sent by its neighbors to a set of deterministically chosen witness nodes  Witnesses are chosen as a function of node ID  If a node is replicated, the witnesses will get more than one location claims for a single node ID which can then be revoked.

Computer Science 8 Deterministic Multicast (contd.) Example Node α sends location claim to node γ, which then computes a set of witness nodes from node id α, F(α)={ω 1, ω 2, …, ω n } and sends the location claim to each node in the set. If α claims to be at more than one location, then the witness nodes will detect it and revoke the node id α. Disadvantage  Since, the set of witnesses is a function of node id, and is deterministic, the adversary can determine the witness node id’s which will become targets for subversion.

Computer Science 9 Randomized multicast ConflictDetected!

Computer Science 10 Randomized multicast (contd.) Overview  Extends the multicast protocol to select witness nodes at random (not deterministically), so that adversary cannot detect their identities  In a network of n nodes, if each neighbor produces √n witnesses, then birthday paradox predicts one collision with high probability  So atleast one witness will receive a pair of conflicting location claims

Computer Science 11 Randomized multicast (contd.) Protocol Description  Each node α sends location claim to each of its neighbors γ 1, γ 2,…,γ n  The location claim has the format   Each neighbor γ i verifies the signature of L α, and will then select g random nodes and will forward the location claim along the path to those nodes.  After receiving the location claim, the witness verifies the signature  It then checks the ID against all the location claims received thus far.  If a match is found, the node ID has been replicated and revocation protocol is invoked by flooding the network.

Computer Science 12 Line Selected Multicast Overview  Location claims from node α to γ, travel through several intermediate nodes as well.  If the intermediate nodes store the location claim, then a line is effectively drawn through the network  If a duplicate location claim crosses the line, it is detected and revocation scheme is invoked.  We only need a few lines to detect duplicate location claims.

Computer Science 13 Line Selected Multicast (contd.) Adversary has created a replica of α, namely α ’ Neighbors β i and β i ’ report claims to randomly selected witnesses γ i and γ i ’ and they intersect at σ γ1γ1 β1β1 α α’α’ γ2γ2 β2β2 β3β3 β1’β1’ β2’β2’ β3’β3’ γ1’γ1’ γ3’γ3’ γ3γ3 γ2’γ2’ Trapped! σ

Computer Science 14 Line Selected Multicast (contd.) Protocol  When α’s neighbors send out location claims to the r witnesses, each node along the route stores a copy of the location claims as well  E.g. β i stores a copy of the location claim before sending it along the path of nodes σ 1, σ 2, σ 3,…, σ m to the witness γ i  Each σ k verifies the signature of the claim, stores a copy in its buffer and forwards it along to σ k+1  However before forwarding, it checks if it already has stored a location claim for this node-id before.  If it finds a conflict, it floods the network with both the signed location claims Lα and Lα’ (un-forgeable evidence) resulting in revocation of α

Computer Science 15 Detection probability vs. topology

Computer Science 16 Communication overhead comparison Randomized multicast scales linearly as the no of nodes increases Line selected multicast scales as √n, so it is more scalable

Computer Science 17 Summary of protocol costs Communication costs are for the entire network Memory costs are per node CommunicationMemory BroadcastO(n 2 )O(d) Deterministic multicastO(g. ln(g√n)/d)O(g) Randomized multicastO(n 2 )O(√n) Line-Selected multicastO(n√n)O(√n)

Computer Science 18 Conclusion Emergent algorithms (randomized and line- selected multicast) utilize the collective efforts of multiple sensor nodes to provide capabilities beyond those of any single node They are robust to individual node failures and avoid the problem inherent in centralized solutions Line selected multicast in particular offers less communication and memory overhead and is an attractive choice for selection

Computer Science 19 Future Work An assumption in the above two schemes is that the replicated nodes continue to follow the protocol. Adversary can suppress or drop messages of location claims to avoid detection of replicated nodes. The protocol needs to be extended to work even in case of such misbehaving nodes by detecting such nodes by secure implicit sampling technique. A periodical sweep of the network for replicas helps in preventing the adversary to establish a significant foothold in the network.