1. Authors : Chris Karlof, David Wagner Presenter : Shan Bai Secure Routing in Wireless Sensor Networks : Attacks and Countermeasures

2. Presentation Outline Introduction Introduction Background Background Sensor Networks vs. Ad-Hoc networks Sensor Networks vs. Ad-Hoc networks Problem Statement Problem Statement Attacks Attacks Countermeasures Countermeasures

3. Introduction Propose security goals for routing in wireless Sensor networks Propose security goals for routing in wireless Sensor networks Show how certain attacks against Ad-hoc networks and peer-to-peer networks can be adapted into more powerful attacks against sensor networks Show how certain attacks against Ad-hoc networks and peer-to-peer networks can be adapted into more powerful attacks against sensor networks Provide a list of attacks and their countermeasures Provide a list of attacks and their countermeasures

4. Contributions Propose threat models and security goals for secure routing in wireless sensor networks Propose threat models and security goals for secure routing in wireless sensor networks Introduce TWO new classes of Attacks for Sensor networks Introduce TWO new classes of Attacks for Sensor networks SinkHole attacks SinkHole attacks HELLO flood attacks HELLO flood attacks Show how the attacks against Ad-hoc networks and peer-to-peer networks can be adapted into powerful attacks against sensor networks Show how the attacks against Ad-hoc networks and peer-to-peer networks can be adapted into powerful attacks against sensor networks Give a thorough security analysis of major routing protocols and energy conservation topology maintenance algorithms for sensor networks Give a thorough security analysis of major routing protocols and energy conservation topology maintenance algorithms for sensor networks Discuss countermeasures and design considerations for secure routing protocols Discuss countermeasures and design considerations for secure routing protocols

5. Background Sensor Network : Heterogeneous system consisting of tiny sensors and actuators having some computing elements Sensor Network : Heterogeneous system consisting of tiny sensors and actuators having some computing elements Base Station : Base Station : Point of centralized control Point of centralized control Gateway to another network, powerful data processing unit, or point of human interface Gateway to another network, powerful data processing unit, or point of human interface More processing capability, memory & power More processing capability, memory & power Aggregation points : Node at which the messages are processed before sending to base station Aggregation points : Node at which the messages are processed before sending to base station POWER constrained environment POWER constrained environment

6. Sensor N/w vs. Ad-Hoc N/w Similarity : Support Multi-hop networking Similarity : Support Multi-hop networking Differences : Differences : Ad-hoc : Routing between any two nodes Ad-hoc : Routing between any two nodes Sensor : Supports Specialized communication patterns Sensor : Supports Specialized communication patterns Many-to-One Many-to-One One-to-Many One-to-Many Local Communication Local Communication Sensor nodes more resource constrained than Ad- hoc nodes Sensor nodes more resource constrained than Ad- hoc nodes Higher level of trust relationship among sensor nodes  In-network processing, aggregation, duplication elimination Higher level of trust relationship among sensor nodes  In-network processing, aggregation, duplication elimination

8. Problem Statement Network Assumptions Network Assumptions Insecure Radio links Insecure Radio links Malicious node collude to attack the system Malicious node collude to attack the system No tamper resistance on nodes No tamper resistance on nodes Adversary can access all key material, data, and code stored on the captured node Adversary can access all key material, data, and code stored on the captured node Trust Requirements Trust Requirements Base stations are trustworthy Base stations are trustworthy Aggregation points not necessarily trustworthy Aggregation points not necessarily trustworthy

9. Problem Statement contd. Threat Models : 2 types Threat Models : 2 types Based on device capability Based on device capability Mote-class attacker  access to few sensor nodes Mote-class attacker  access to few sensor nodes Laptop-class attacker  Access to more powerful devices. Have more battery power, better CPU, sensitive antenna, powerful radio Tx, etc Laptop-class attacker  Access to more powerful devices. Have more battery power, better CPU, sensitive antenna, powerful radio Tx, etc Based on attacker type / attacker location Based on attacker type / attacker location Outside attacks  attacker external to the network Outside attacks  attacker external to the network Inside attacks  Authorized node in the network is malicious/compromised Inside attacks  Authorized node in the network is malicious/compromised

10. Problem Statement contd. Security Goals Secure routing protocol should guarantee integrity, authenticity, availability of messages in presence of adversaries Secrecy of application data is must

11. Attacks Two Categories : Two Categories : Attacks on general sensor network routing Attacks on general sensor network routing Attacks on specific sensor network protocols Attacks on specific sensor network protocols

12. Attacks on General Routing By Spoofing, Altering, or Replaying routing information  Attacker can create loops, attract or repel network traffic, generate false message, partition network, induce delay, etc By Spoofing, Altering, or Replaying routing information  Attacker can create loops, attract or repel network traffic, generate false message, partition network, induce delay, etc Selective forwarding  Malicious node forwards only some messages, drop others. Attacker tries to be on the actual path of data flow Selective forwarding  Malicious node forwards only some messages, drop others. Attacker tries to be on the actual path of data flow Sinkhole Attacks  Sinkhole Attacks  Main Reason : Specialized communication patterns supported by wsn ; All packets have same destination i.e. base station Main Reason : Specialized communication patterns supported by wsn ; All packets have same destination i.e. base station Adversary tries to attract traffic from a particular area to pass through a compromised node, thereby creating sinkhole with adversary at the center Adversary tries to attract traffic from a particular area to pass through a compromised node, thereby creating sinkhole with adversary at the center A node may be made to look attractive to neighbors in some routing algorithm A node may be made to look attractive to neighbors in some routing algorithm Laptop class adversary provide a high quality route to base station by transmitting at high power OR creating a wormhole Laptop class adversary provide a high quality route to base station by transmitting at high power OR creating a wormhole Can enable other attacks e.g. selective forwarding Can enable other attacks e.g. selective forwarding

13. Attacks on General Routing Contd. Sybil Attack  Sybil Attack  Single node presents multiple identities to other nodes Single node presents multiple identities to other nodes Significantly affect fault-tolerance schemes like distributed storage, multi- path routing, topology maintenance Significantly affect fault-tolerance schemes like distributed storage, multi- path routing, topology maintenance Threat to geographical routing protocols Threat to geographical routing protocols Wormholes  do I need to explain this ? Wormholes  do I need to explain this ? HELLO flood attack  HELLO flood attack  Some protocols require that nodes broadcast ‘ hello ’ packets to advertise themselves Some protocols require that nodes broadcast ‘ hello ’ packets to advertise themselves Laptop-class attacker can convince every node that it is their neighbor by transmitting at high power Laptop-class attacker can convince every node that it is their neighbor by transmitting at high power Acknowledgement spoofing  Acknowledgement spoofing  Some routing algorithms require explicit/implicit link layer ACKs Some routing algorithms require explicit/implicit link layer ACKs Adversary can spoof ACKs for control packets and try to convince the sender that a weak link is strong or a dead link is alive; causing packet losses Adversary can spoof ACKs for control packets and try to convince the sender that a weak link is strong or a dead link is alive; causing packet losses

14. Attacks on specific protocols TinyOS beaconing  TinyOS beaconing  Protocol Desc. Protocol Desc. It constructs a ‘ Breadth first ’ spanning tree rooted at the base station It constructs a ‘ Breadth first ’ spanning tree rooted at the base station Base station periodically broadcast route updates Base station periodically broadcast route updates Immediate nodes  parent, base station; other nodes  parent, from who they receive the first update Immediate nodes  parent, base station; other nodes  parent, from who they receive the first update Packets travel through the paths along tree Packets travel through the paths along tree Attacks: Attacks: Unauthenticated route updates  Malicious node acts as base station Unauthenticated route updates  Malicious node acts as base station Authenticated route updates  Authenticated route updates  Two colluding nodes (laptop-class attacker) form wormhole to direct all traffic through them Two colluding nodes (laptop-class attacker) form wormhole to direct all traffic through them Laptop-class attacker use HELLO flood attack  every node marks attacker as parent Laptop-class attacker use HELLO flood attack  every node marks attacker as parent Mote-class attacker can cause ‘ Routing loops ’ between two nodes Mote-class attacker can cause ‘ Routing loops ’ between two nodes

16. Attacks on specific protocols Directed diffusion  Directed diffusion  Protocol desc.  Protocol desc.  Data-centric routing algorithm Data-centric routing algorithm Base station send the ‘ named ’ data which is flooded as ‘ interests ’ throughout the network Base station send the ‘ named ’ data which is flooded as ‘ interests ’ throughout the network ‘ Gradients ’ are set up to ‘ draw ’ events (data matching the interests) ‘ Gradients ’ are set up to ‘ draw ’ events (data matching the interests) Base station positively reinforces high data rates paths Base station positively reinforces high data rates paths Attacks  Attacks  Cloning i.e. Replay of interest by the adversary Cloning i.e. Replay of interest by the adversary Selective forwarding and data tampering Selective forwarding and data tampering

17. Attacks on specific protocols Geographic routing  Geographic routing  Two protocols: Two protocols: GEAR (Geographic and Energy Aware Routing) GEAR (Geographic and Energy Aware Routing) GPSR (Greedy Perimeter Stateless Routing) GPSR (Greedy Perimeter Stateless Routing) Leverage nodes ’ positions & explicit geographic packet destinations to efficiently disseminate queries and route updates Leverage nodes ’ positions & explicit geographic packet destinations to efficiently disseminate queries and route updates Require exchange of location information Require exchange of location information Attack : Location information misrepresented  Attack : Location information misrepresented  Adversary advertise wrong location info. so as to place himself in the path Adversary advertise wrong location info. so as to place himself in the path Adversary forge location advertisements creating routing loops Adversary forge location advertisements creating routing loops In GEAR, energy is also considered  adversary advertise maximum energy (Laptop class attacker again !!) In GEAR, energy is also considered  adversary advertise maximum energy (Laptop class attacker again !!)

18. Countermeasures Secret shared key & Link layer encryption  Secret shared key & Link layer encryption  Prevents ‘ Outsider attacks ’ like Sybil attacks, Selective forwarding, Sinkhole attacks, ACK spoofing Prevents ‘ Outsider attacks ’ like Sybil attacks, Selective forwarding, Sinkhole attacks, ACK spoofing Ineffective against ‘ Insider attacks ’ like Wormhole, Hello floods, TinyOS beaconing Ineffective against ‘ Insider attacks ’ like Wormhole, Hello floods, TinyOS beaconing Hello flood, Sybil  Hello flood, Sybil  Every node shares a unique symmetric key with the base station Every node shares a unique symmetric key with the base station Then two nodes generate pair-wise shared secret key between them (Needham – Schroeder symmetric key exchange) for ‘ Identity verification ’ Then two nodes generate pair-wise shared secret key between them (Needham – Schroeder symmetric key exchange) for ‘ Identity verification ’ Limit the number of neighbors for a node  prevent adversary from establishing shared keys with everyone Limit the number of neighbors for a node  prevent adversary from establishing shared keys with everyone Wormhole, SinkHole  “ No viable solution ” except ‘ Good routing protocol design ’ to avoid them e.g. Geographical Routing protocols Wormhole, SinkHole  “ No viable solution ” except ‘ Good routing protocol design ’ to avoid them e.g. Geographical Routing protocols

19. Countermeasures contd. Geographical routing attacks  Restrict the structure of topology to eliminate the need for location information by the node. Use fixed topology like square, triangular or Hex Grid structure Geographical routing attacks  Restrict the structure of topology to eliminate the need for location information by the node. Use fixed topology like square, triangular or Hex Grid structure Selective forwarding  Use Multipath Routing; messages routed over disjoint paths Selective forwarding  Use Multipath Routing; messages routed over disjoint paths Authenticated Broadcast and flooding  Authenticated Broadcast and flooding  μTESLA protocol to prevent replay of broadcast messages issued by the base station μTESLA protocol to prevent replay of broadcast messages issued by the base station Flood the information about the malicious nodes in the network Flood the information about the malicious nodes in the network

20. Conclusions Paper describes … Too... many types of attacks! With lots of (overlapping) details …. Too... many types of attacks! With lots of (overlapping) details …. Two new types of attacks (Attn : Bad Guys! want to try them?) Two new types of attacks (Attn : Bad Guys! want to try them?) And their countermeasures... And their countermeasures... Over to contrarian ………..

21. Countermeasures Outsider attacks vs. Insider attacks Outsider attacks vs. Insider attacks The majority of outsider attacks can be prevented by Secret shared key & Link layer encryption. The majority of outsider attacks can be prevented by Secret shared key & Link layer encryption. Prevents Sybil attacks, Selective forwarding, Sinkhole attacks Prevents Sybil attacks, Selective forwarding, Sinkhole attacks Ineffective against Wormhole, Hello floods attacks. Ineffective against Wormhole, Hello floods attacks. Completely ineffective in the presence of insider attacks Completely ineffective in the presence of insider attacks Bogus routing information Bogus routing information Create sinkholes Create sinkholes Selectively forward packets Selectively forward packets Sybil attacks Sybil attacks HELLO floods HELLO floods

22. Countermeasures Countermeasure to Insider Sybil attacks Countermeasure to Insider Sybil attacks Every node shares a unique symmetric key with the base station Every node shares a unique symmetric key with the base station A pair of neighbor nodes use the resulting key to implement an authenticated, encrypted link between them. A pair of neighbor nodes use the resulting key to implement an authenticated, encrypted link between them. Base station limit the number of neigbors a node is allowed to have – prevent an insider attacker establishing shared keys with every node in the network. Base station limit the number of neigbors a node is allowed to have – prevent an insider attacker establishing shared keys with every node in the network. Not perfect Not perfect Malicious nodes can still communicating with its verified neighbors Malicious nodes can still communicating with its verified neighbors Two or more colluding nodes may attack the network more powerfully Two or more colluding nodes may attack the network more powerfully

23. Countermeasures Countermeasure to HELLO flood attacks Countermeasure to HELLO flood attacks Verify the bidirectionality of the link between two nodes Verify the bidirectionality of the link between two nodes How about the adversary have highly sensitive receivers? How about the adversary have highly sensitive receivers?

24. Countermeasures Countermeasure to Wormhole, SinkHole attacks Countermeasure to Wormhole, SinkHole attacks Geographical Routing protocols. Geographical Routing protocols. Problems: How to get the location information – attackers may disseminate spoofed location information Problems: How to get the location information – attackers may disseminate spoofed location information Solution: Restrict the structure of topology to eliminate the need for location information by the node. Use fixed topology like square, triangular or Hex Grid structure. However, it also restrict its application. Solution: Restrict the structure of topology to eliminate the need for location information by the node. Use fixed topology like square, triangular or Hex Grid structure. However, it also restrict its application. Suggestions: using multipath routing, and design effective evaluation methods to determine the quality of each routes. Suggestions: using multipath routing, and design effective evaluation methods to determine the quality of each routes.

25. Countermeasures Countermeasure to Selective forwarding Countermeasure to Selective forwarding Multipath routing using completely disjoint paths or Braided paths Multipath routing using completely disjoint paths or Braided paths Allowing nodes dynamically choose a packet ’ s next hop from a set of possible candidates. Allowing nodes dynamically choose a packet ’ s next hop from a set of possible candidates. Not enough: add evaluation method to discriminate different routes Not enough: add evaluation method to discriminate different routes

26. Countermeasures Authenticate Broadcast and flooding Authenticate Broadcast and flooding Base station is trustworthy. Base station is trustworthy. Adversaries must not be able to spoof broadcast or flooded messages from any base station. Adversaries must not be able to spoof broadcast or flooded messages from any base station. HELLO message from neighbor nodes should be authenticated and impossible to spoof. HELLO message from neighbor nodes should be authenticated and impossible to spoof. Attention: authentication should be efficient – public key cryptography and digital signatures is beyond the capabilities of sensor nodes. Attention: authentication should be efficient – public key cryptography and digital signatures is beyond the capabilities of sensor nodes.