Presentation is loading. Please wait.

Presentation is loading. Please wait.

Denial of Service in Sensor Networks Anthony D. Wood John A. Stanovich Presenter: Todd Fielder.

Published byMartin Riley Modified over 9 years ago

Similar presentations

Presentation on theme: "Denial of Service in Sensor Networks Anthony D. Wood John A. Stanovich Presenter: Todd Fielder."— Presentation transcript:

1 Denial of Service in Sensor Networks Anthony D. Wood John A. Stanovich Presenter: Todd Fielder

2 Denial of Service Any event that diminishes or eliminates a network’s capacity to perform it’s expected function. –Hardware failure –Software bugs –Resource exhaustion This article is primarily concerned with protocol or design level vulnerabilities.

3 Complications in Sensor Networks Harsh environments –Fault tolerant Must be resilient in the presence of failures Subverted nodes which are as powerful as network nodes Potentially more powerful computing capabilities at adversary –i.e. could be wired

4 Network Architecture A layered network architecture –Clean Division Increases robustness by –Clean Division Increases robustness by defining layer interactions and interfaces –Sensor Networks sacrifice robustness, cross layers, to increase performance Each layer vulnerable to different DOS attacks

5 Physical Layer Wireless communication due to large scale ad-hoc network Wired base station rare

6 Jamming Interference with the radio frequency the network is using. Easily detectable due to constant energy Defenses: –Spread Spectrum: frequency hopping based on a predetermined algorithm. Resource intensive –Jamming rarely affects entire network, route around affected area

7 Tampering Attacker can gain access to physical sensor and either analyze device to obtain sensitive information and/or replace sensor. –Obtain cryptographic keys –Reprogram Nodes Defenses: –Tamper proof physical packaging Node should react in fail-complete manner –Camouflage or hide nodes

8 Link Layer Provides channel arbitration for neighbor to neighbor communication Cooperative Schemes, such as carrier sense, are particularly vulnerable to DOS attacks.

9 Collision (corruption) Can disrupt an entire packet by introducing a collision in only small portion of packet –Requires only fractional portion of energy Causes heavy expenditure in energy by target (exponential backoff ) Defenses: –Error correcting codes Usually used for small errors (environmental or probabilistic) –Collision detection Still requires communication among nodes…not completely effective

10 Exhaustion Communicate in such a way so as to drain battery resources –If retransmission is repeated and collision induced near end of frame, nearby nodes would become exhausted of energy. –Self-Sacrificing node Interrogation – node continually sends RTS to attacker to solicit a CTS, thereby exhausting both nodes battery resources Defenses: –Rate-limiting Network ignores excessive requests without transmitting additional packets

11 Unfairness Intermittent application of previous attacks could degrade service of the network –Cause loss of real-time services Defenses: –Small Frame: Allows individual nodes to capture the channel for a small period of time

12 Network and Routing Layer Most nodes will serve as routers –Due to ad-hoc nature of network Causes additional complexities for protocol –Simple enough to scale to large networks –Robust enough to deal with failures several hops from source

13 Neglect and Greed Node-as-Router –Neglect: Does not forward other packets –Greed: Gives undue priority to own packets Difficult to detect Defenses: –Multiple routing paths –Redundant message transmission

14 Homing Passive adversary observes traffic to determine which nodes are critical to network function, then concentrates attack on that node Defenses: –Encrypt headers at each hop, to prevent source and/or destination from becoming discovered

15 Misdirection Forward Packets along wrong paths –Smurf: forge the victim’s address as the source of message, causing all responses to be sent to that address. Defenses: –Egress Filtering Verify source address and only route legitimate packets.

16 Black Holes Nodes advertise zero-cost routes to every other node, causing every other node to route in their direction. Defenses: –Easy to detect

17 Defenses Authorization –Only authorized nodes may exchange routing information Monitoring –Observe neighbors to ensure proper routing behavior Probing –Periodically send probes that cross the network’s diameter Redundancy –Duplicate messages across multiple paths protects against routing failures

18 Transport Layer Provides services for end-to-end communication –Tend to be simple to reduce overhead

19 Flooding Feasible in state protocols, an adversary sends many connection establishments to an adversary, who must keep these SYN request in a Queue, which eventually fills up Defenses: –Limit number of connections Prevents resource exhaustion Can still Deny Service to legitimate connections –Client Puzzles Requires clients to demonstrate resources they are willing to commit to the connectionby solving a puzzle distributed by the server

20 De-synchronization An existing connection is disrupted by an adversary repeatedly forging messages with incorrect timing data (seq. num, control flags) Defenses: –Authenticate each packet

21 Adaptive Rate Control Improvements to standard MAC protocols for Wireless Sensor Nets. –Random transmission delay – –Back off that shifts an application’s periodicity phase – –Minimization of overhead in contention control mechanisms – –Passive adaptation of originating and route through admission control rates – –Anticipatory delay for avoiding multi-hop hidden-node problems. Preference given to route through traffic in admission control protocol (back-off less at distant nodes). –Preserves networks investment in packets that have been forwarded many hops. Problem: Problem: High bandwidth packet streams generated by an adversary will receive preference during collisions. – –The network must not only bear the malicious traffic, it also gives preference to it.

22 Real-Time Location-Based Protocols (RAP) Real-time communication architecture Geographic forwarding with a velocity monotonic scheduling (VMS) policy. –Based on packet deadline and distance to travel. Problem: Problem: Adversary can inject messages with geographic destinations far away. – –Static Velocity: Intermediate nodes only need to make local forwarding decisions. –Dynamic Velocity: I –Dynamic Velocity: Intentionally lowering its velocity so that the packet misses its deadline. Solutions: – –Static Velocity: Use cryptographic keys to authenticate velocity –Dynamic Velocity: –Dynamic Velocity: Clock Synchronization to prioritize packets

23 Questions???

Download ppt "Denial of Service in Sensor Networks Anthony D. Wood John A. Stanovich Presenter: Todd Fielder."

Similar presentations

Nick Feamster CS 4251 Computer Networking II Spring 2008

Nick Feamster CS 4251 Computer Networking II Spring 2008
Chris Karlof and David Wagner

Chris Karlof and David Wagner
Security in Sensor Networks By : Rohin Sethi Aranika Mahajan Twisha Patel.

Security in Sensor Networks By : Rohin Sethi Aranika Mahajan Twisha Patel.
TYPES OF NETWORK.

TYPES OF NETWORK.
Jason Li Jeremy Fowers. Background Information Wireless sensor network characteristics General sensor network security mechanisms DoS attacks and defenses.

Jason Li Jeremy Fowers. Background Information Wireless sensor network characteristics General sensor network security mechanisms DoS attacks and defenses.
1 Denial of Service in Sensor Networks Authors: Anthony D. Wood, John A. Stankovic Presented by: Aiyaz Amin Paniwala.

1 Denial of Service in Sensor Networks Authors: Anthony D. Wood, John A. Stankovic Presented by: Aiyaz Amin Paniwala.
Network security Dr.Andrew Yang.  A wireless sensor network is network a consisting of spatially distributed autonomous devices using sensors to cooperatively.

Network security Dr.Andrew Yang.  A wireless sensor network is network a consisting of spatially distributed autonomous devices using sensors to cooperatively.
HIERARCHY REFERENCING TIME SYNCHRONIZATION PROTOCOL Prepared by : Sunny Kr. Lohani, Roll – 16 Sem – 7, Dept. of Comp. Sc. & Engg.

HIERARCHY REFERENCING TIME SYNCHRONIZATION PROTOCOL Prepared by : Sunny Kr. Lohani, Roll – 16 Sem – 7, Dept. of Comp. Sc. & Engg.
SELF-ORGANIZING MEDIA ACCESS MECHANISM OF A WIRELESS SENSOR NETWORK AHM QUAMRUZZAMAN.

SELF-ORGANIZING MEDIA ACCESS MECHANISM OF A WIRELESS SENSOR NETWORK AHM QUAMRUZZAMAN.
Denial of Service in Sensor Networks Anthony D. Wood and John A. Stankovic.

Denial of Service in Sensor Networks Anthony D. Wood and John A. Stankovic.
Denial of Service in Sensor Networks Szymon Olesiak.

Denial of Service in Sensor Networks Szymon Olesiak.
IPv6 Multihoming Support in the Mobile Internet Presented by Paul Swenson CMSC 681, Fall 2007 Article by M. Bagnulo et. al. and published in the October.

IPv6 Multihoming Support in the Mobile Internet Presented by Paul Swenson CMSC 681, Fall 2007 Article by M. Bagnulo et. al. and published in the October.
DENIAL OF SERVICE IN SENSOR NETWORKS Pratik Zirpe Instructor – Dr. T. Andrew Yang.

DENIAL OF SERVICE IN SENSOR NETWORKS Pratik Zirpe Instructor – Dr. T. Andrew Yang.
A Survey of Secure Wireless Ad Hoc Routing

A Survey of Secure Wireless Ad Hoc Routing
Distributed Detection Of Node Replication Attacks In Sensor Networks Presenter: Kirtesh Patil Acknowledgement: Slides on Paper originally provided by Bryan.

Distributed Detection Of Node Replication Attacks In Sensor Networks Presenter: Kirtesh Patil Acknowledgement: Slides on Paper originally provided by Bryan.
Edith C. H. Ngai1, Jiangchuan Liu2, and Michael R. Lyu1

Edith C. H. Ngai1, Jiangchuan Liu2, and Michael R. Lyu1
1-1 CMPE 259 Sensor Networks Katia Obraczka Winter 2005 Security.

1-1 CMPE 259 Sensor Networks Katia Obraczka Winter 2005 Security.
1 Chapter 9 Computer Networks. 2 Chapter Topics OSI network layers Network Topology Media access control Addressing and routing Network hardware Network.

1 Chapter 9 Computer Networks. 2 Chapter Topics OSI network layers Network Topology Media access control Addressing and routing Network hardware Network.
1 On Handling QoS Traffic in Wireless Sensor Networks 吳勇慶.

1 On Handling QoS Traffic in Wireless Sensor Networks 吳勇慶.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Similar presentations

Ads by Google