Presentation is loading. Please wait.

Presentation is loading. Please wait.

DENIAL OF SERVICE IN SENSOR NETWORKS Pratik Zirpe Instructor – Dr. T. Andrew Yang.

Published byMadelynn Ashby Modified over 9 years ago

Similar presentations

Presentation on theme: "DENIAL OF SERVICE IN SENSOR NETWORKS Pratik Zirpe Instructor – Dr. T. Andrew Yang."— Presentation transcript:

1 DENIAL OF SERVICE IN SENSOR NETWORKS Pratik Zirpe Instructor – Dr. T. Andrew Yang

2 Agenda  Introduction  Concepts  Denial of Service Threat  Physical layer  Link layer  Network layer  Transport layer  Conclusion

3 Introduction  Real-time data processing  Applications  Availability  Denial of service

4 Concepts  Application dependent networks  Limited individual capability of nodes  Must continue operating after significant node failure

5 Security demands of a network  Network has to face harsh environments and intelligent opposition  Disasters  Public safety  Home healthcare  Design time consideration

6 Denial of Service Threat  Any event that diminishes or eliminates a network’s capacity to perform it’s expected function  Reasons may be hardware failures, software bugs, resource exhaustion, environmental conditions or other complicated interactions.

7 Layered Network Architecture  Improves robustness of the system  Each layer is vulnerable to different DoS attacks  Some attacks may crosscut multiple layers

8 Layered model

9 Physical layer  Nodes use wireless communication  Base stations use wired or satellite communication  Attacks-  Jamming  Tampering

10 Jamming  Interferes with radio frequencies of nodes  Randomly distributed k nodes can put N nodes out of service (k<<N)  Effective in single frequency networks

11 Detection  Determined by constant energy that impedes communication  Constant jamming prevents nodes from exchanging data or even reporting attack to remote monitoring stations  Sporadic jamming is also effective

12 Prevention or mitigation  Spread-spectrum communication – not feasible solution  Attacked nodes can be put in long-term sleep and have them wake up periodically to test the channel  High priority messages to defend against intermittent jamming

13 Defense against jamming

14 Tampering  Attacker can physically tamper nodes  Attacker can damage and replace computation hardware  Sensitive material is exposed

15 Prevention or mitigation  Camouflaging or hiding nodes  Erase cryptographic or program memory

16 Link layer  Protocols requires cooperation between nodes to arbitrate channel use making them more vulnerable to DoS attack  Attacks-  Collision  Exhaustion  Unfairness

17 Collision – detection and prevention  Adversary may need to induce collision in one octet of transmission  Attacker requires less energy to listen for transmission  No complete solution is known  Errors are detected using checksum mismatch  Error correction codes can be used

18 Exhaustion  Repeated retransmissions are triggered by unusually late collision leading to exhaustion  Affect availability  A node could reportedly request channel access with RTS  Causes power losses

19 Detection and mitigation  Random back-offs  Time division multiplexing  MAC admission control rate limiting  Limiting the extraneous responses required

20 Unfairness  Degrades service rather than denying it  It exploits MAC-Layer priority schemes  It can be prevented using small frames  Adversary can cheat while vying for access

21 Network and Routing Layer  Messages may traverse many hops before reaching the destination  The cost of relaying a packet and the probability of its loss increases in an aggregate network  Every node can act as a router  Routing protocols should be simple and robust

22 Neglect and Greed  A neglectful node arbitrarily neglects to route some messages  Its undue priority to messages originating from it makes it greedy  Multiple routes or sending redundant messages can reduce its effect  It is difficult to detect

23 Homing  Important nodes and their identities are exposed to mount further attacks  A passive adversary observes traffic to learn the presence and location of critical resources  Shared cryptographic keys are an effective mechanism to conceal the identity of such nodes  This makes the assumption that none of the nodes have been subverted

24 Misdirection  Messages are forwarded in wrong paths  This attack targets the sender  Adversary can forge replies to route discovery requests and include the spoofed route  Sensor networks can use an approach similar to egress filtering

25 Black Holes  Nodes advertise zero cost routes to every other node  Network traffic is routed towards these nodes  This disrupts message delivery and causes intense resource contention  These are easily detected but more disruptive

26 Authorization  Only authorized node can share information  Public-key encryption can be used for routing updates  The problems are with computational and communication overheads and key management

27 Monitoring  Nodes can keep monitoring their neighbors  Nodes become watchdogs for transmitted packets  Each of them has a quality-rating mechanism

28 Probing  A network probe tests network connectivity  This mechanism can be used to easily detect Black holes  A distributed probing scheme can detect malicious nodes

29 Transport layer  Manages end-to-end connections  Sensor Networks utilize protocols with minimum overhead  Threats-  Flooding  Desynchronizations

30 Flooding  Adversary send many connection establishment request to victim  Each request causes allocation of resources  It can be prevented by limiting the number of connections  Connectionless protocols are not susceptible to this attack  Another solution is client puzzles

31 Desynchronization  The attacker forges messages to one or both ends with sequence numbers  This causes the end points to request retransmissions of missed frames  This may lead to lack of availability and resource exhaustion  Authentication can prevent such an attack

32 Adaptive rate control  Describe a series of improvements to standard MAC protocols  Key mechanisms include Random delay for transmissions Back-off that shifts an applications periodicity phase Minimization of overhead in contention control mechanisms Passive adaptation of originating and route-through admission control rates Anticipatory delay for avoiding multihop hidden node problems

33 RAP  Real-time location based protocol  Velocity monotonic scheduling  RAP can use clock synchronization

34 Conclusion  Attempts at adding security focus on cryptographic- authentication mechanisms  Use of higher security mechanisms poses serious complications in Sensor Networks  It is essential to incorporate security considerations during design-time  Without adequate protection against DoS and other attacks sensor networks may not be deployable at all

35 References  A.D. Wood and J.A. Stankovic, “Denial of Service in Sensor Networks,” Computer, vol. 35, no. 10, 2002, pp. 54–62.  A.D. Wood and J.A. Stankovic, “A Taxonomy for Denial-of-Service Attacks in Wireless Sensor Networks”, Handbook of Sensor Networks: Compact Wireless and Wired Sensing Systems, 2004.  David R. Raymond and Scott F. Midkiff, "Denial-of-Service in Wireless Sensor Networks: Attacks and Defenses," IEEE Pervasive Computing, vol. 7, no. 1, 2008, pp. 74-81.

Download ppt "DENIAL OF SERVICE IN SENSOR NETWORKS Pratik Zirpe Instructor – Dr. T. Andrew Yang."

Similar presentations

Nick Feamster CS 4251 Computer Networking II Spring 2008

Nick Feamster CS 4251 Computer Networking II Spring 2008
Chris Karlof and David Wagner

Chris Karlof and David Wagner
Security in Sensor Networks By : Rohin Sethi Aranika Mahajan Twisha Patel.

Security in Sensor Networks By : Rohin Sethi Aranika Mahajan Twisha Patel.
Jason Li Jeremy Fowers. Background Information Wireless sensor network characteristics General sensor network security mechanisms DoS attacks and defenses.

Jason Li Jeremy Fowers. Background Information Wireless sensor network characteristics General sensor network security mechanisms DoS attacks and defenses.
1 Denial of Service in Sensor Networks Authors: Anthony D. Wood, John A. Stankovic Presented by: Aiyaz Amin Paniwala.

1 Denial of Service in Sensor Networks Authors: Anthony D. Wood, John A. Stankovic Presented by: Aiyaz Amin Paniwala.
A 2 -MAC: An Adaptive, Anycast MAC Protocol for Wireless Sensor Networks Hwee-Xian TAN and Mun Choon CHAN Department of Computer Science, School of Computing.

A 2 -MAC: An Adaptive, Anycast MAC Protocol for Wireless Sensor Networks Hwee-Xian TAN and Mun Choon CHAN Department of Computer Science, School of Computing.
SELF-ORGANIZING MEDIA ACCESS MECHANISM OF A WIRELESS SENSOR NETWORK AHM QUAMRUZZAMAN.

SELF-ORGANIZING MEDIA ACCESS MECHANISM OF A WIRELESS SENSOR NETWORK AHM QUAMRUZZAMAN.
Denial of Service in Sensor Networks Anthony D. Wood and John A. Stankovic.

Denial of Service in Sensor Networks Anthony D. Wood and John A. Stankovic.
Denial of Service in Sensor Networks Szymon Olesiak.

Denial of Service in Sensor Networks Szymon Olesiak.
Security in Wireless Sensor Networks Adrian Perrig, John Stankovic, and David Wagner.

Security in Wireless Sensor Networks Adrian Perrig, John Stankovic, and David Wagner.
A Transmission Control Scheme for Media Access in Sensor Networks 2006. 9. 28 Lee, dooyoung AN lab A.Woo, D.E. Culler Mobicom’01.

A Transmission Control Scheme for Media Access in Sensor Networks Lee, dooyoung AN lab A.Woo, D.E. Culler Mobicom’01.
Defending Against Traffic Analysis Attacks in Wireless Sensor Networks Security Team 2009.07.20.

Defending Against Traffic Analysis Attacks in Wireless Sensor Networks Security Team
Distributed Detection Of Node Replication Attacks In Sensor Networks Presenter: Kirtesh Patil Acknowledgement: Slides on Paper originally provided by Bryan.

Distributed Detection Of Node Replication Attacks In Sensor Networks Presenter: Kirtesh Patil Acknowledgement: Slides on Paper originally provided by Bryan.
Edith C. H. Ngai1, Jiangchuan Liu2, and Michael R. Lyu1

Edith C. H. Ngai1, Jiangchuan Liu2, and Michael R. Lyu1
Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Anand Patwardhan Jim.

Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Secure Routing and Intrusion Detection For Mobile Ad Hoc Networks Anand Patwardhan Jim.
1-1 CMPE 259 Sensor Networks Katia Obraczka Winter 2005 Security.

1-1 CMPE 259 Sensor Networks Katia Obraczka Winter 2005 Security.
Secure Routing in Sensor Networks: Attacks and Countermeasures First IEEE International Workshop on Sensor Network Protocols and Applications 5/11/2003.

Secure Routing in Sensor Networks: Attacks and Countermeasures First IEEE International Workshop on Sensor Network Protocols and Applications 5/11/2003.
SUMP: A Secure Unicast Messaging Protocol for Wireless Ad Hoc Sensor Networks Jeff Janies, Chin-Tser Huang, Nathan L. Johnson.

SUMP: A Secure Unicast Messaging Protocol for Wireless Ad Hoc Sensor Networks Jeff Janies, Chin-Tser Huang, Nathan L. Johnson.
Denial of Service Resilience in Ad Hoc Networks Imad Aad, Jean-Pierre Hubaux, and Edward W. Knightly Designed by Yao Zhao.

Denial of Service Resilience in Ad Hoc Networks Imad Aad, Jean-Pierre Hubaux, and Edward W. Knightly Designed by Yao Zhao.
1 Somya Kapoor Jorge Chang Amarnath Kolla. 2 Agenda Introduction and Architecture of WSN –Somya Kapoor Security threats on WSN – Jorge Chang & Amarnath.

1 Somya Kapoor Jorge Chang Amarnath Kolla. 2 Agenda Introduction and Architecture of WSN –Somya Kapoor Security threats on WSN – Jorge Chang & Amarnath.

Similar presentations

Ads by Google