Denial of service in sensor networks

1
Denial of service in sensor networks

• Pratik Zirpe
• Instructor Dr. T. Andrew Yang

2
Agenda

• Introduction
• Concepts
• Denial of Service Threat
• Physical layer
• Link layer
• Network layer
• Transport layer
• Conclusion

3
Introduction

• Real-time data processing
• Applications
• Availability
• Denial of service

4
Concepts

• Application dependent networks
• Limited individual capability of nodes
• Must continue operating after significant node
  failure

5
Security demands of a network

• Network has to face harsh environments and
  intelligent opposition
• Disasters
• Public safety
• Home healthcare
• Design time consideration

6
Denial of Service Threat

• Any event that diminishes or eliminates a
  networks capacity to perform its expected
  function
• Reasons may be hardware failures, software bugs,
  resource exhaustion, environmental conditions or
  other complicated interactions.

7
Layered Network Architecture

• Improves robustness of the system
• Each layer is vulnerable to different DoS attacks
• Some attacks may crosscut multiple layers

8
Layered model
9
Physical layer

• Nodes use wireless communication
• Base stations use wired or satellite
  communication
• Attacks-
• Jamming
• Tampering

10
Jamming

• Interferes with radio frequencies of nodes
• Randomly distributed k nodes can put N nodes out
  of service (kltltN)
• Effective in single frequency networks

11
Detection

• Determined by constant energy that impedes
  communication
• Constant jamming prevents nodes from exchanging
  data or even reporting attack to remote
  monitoring stations
• Sporadic jamming is also effective

12
Prevention or mitigation

• Spread-spectrum communication not feasible
  solution
• Attacked nodes can be put in long-term sleep and
  have them wake up periodically to test the
  channel
• High priority messages to defend against
  intermittent jamming

13
Defense against jamming
14
Tampering

• Attacker can physically tamper nodes
• Attacker can damage and replace computation
  hardware
• Sensitive material is exposed

15
Prevention or mitigation

• Camouflaging or hiding nodes
• Erase cryptographic or program memory

16
Link layer

• Protocols requires cooperation between nodes to
  arbitrate channel use making them more vulnerable
  to DoS attack
• Attacks-
• Collision
• Exhaustion
• Unfairness

17
Collision detection and prevention

• Adversary may need to induce collision in one
  octet of transmission
• Attacker requires less energy to listen for
  transmission
• No complete solution is known
• Errors are detected using checksum mismatch
• Error correction codes can be used

18
Exhaustion

• Repeated retransmissions are triggered by
  unusually late collision leading to exhaustion
• Affect availability
• A node could reportedly request channel access
  with RTS
• Causes power losses

19
Detection and mitigation

• Random back-offs
• Time division multiplexing
• MAC admission control rate limiting
• Limiting the extraneous responses required

20
Unfairness

• Degrades service rather than denying it
• It exploits MAC-Layer priority schemes
• It can be prevented using small frames
• Adversary can cheat while vying for access

21
Network and Routing Layer

• Messages may traverse many hops before reaching
  the destination
• The cost of relaying a packet and the probability
  of its loss increases in an aggregate network
• Every node can act as a router
• Routing protocols should be simple and robust

22
Neglect and Greed

• A neglectful node arbitrarily neglects to route
  some messages
• Its undue priority to messages originating from
  it makes it greedy
• Multiple routes or sending redundant messages can
  reduce its effect
• It is difficult to detect

23
Homing

• Important nodes and their identities are exposed
  to mount further attacks
• A passive adversary observes traffic to learn the
  presence and location of critical resources
• Shared cryptographic keys are an effective
  mechanism to conceal the identity of such nodes
• This makes the assumption that none of the nodes
  have been subverted

24
Misdirection

• Messages are forwarded in wrong paths
• This attack targets the sender
• Adversary can forge replies to route discovery
  requests and include the spoofed route
• Sensor networks can use an approach similar to
  egress filtering

25
Black Holes

• Nodes advertise zero cost routes to every other
  node
• Network traffic is routed towards these nodes
• This disrupts message delivery and causes intense
  resource contention
• These are easily detected but more disruptive

26
Authorization

• Only authorized node can share information
• Public-key encryption can be used for routing
  updates
• The problems are with computational and
  communication overheads and key management

27
Monitoring

• Nodes can keep monitoring their neighbors
• Nodes become watchdogs for transmitted packets
• Each of them has a quality-rating mechanism

28
Probing

• A network probe tests network connectivity
• This mechanism can be used to easily detect Black
  holes
• A distributed probing scheme can detect malicious
  nodes

29
Transport layer

• Manages end-to-end connections
• Sensor Networks utilize protocols with minimum
  overhead
• Threats-
• Flooding
• Desynchronizations

30
Flooding

• Adversary send many connection establishment
  request to victim
• Each request causes allocation of resources
• It can be prevented by limiting the number of
  connections
• Connectionless protocols are not susceptible to
  this attack
• Another solution is client puzzles

31
Desynchronization

• The attacker forges messages to one or both ends
  with sequence numbers
• This causes the end points to request
  retransmissions of missed frames
• This may lead to lack of availability and
  resource exhaustion
• Authentication can prevent such an attack

32
Adaptive rate control

• Describe a series of improvements to standard MAC
  protocols
• Key mechanisms include
• Random delay for transmissions
• Back-off that shifts an applications periodicity
  phase
• Minimization of overhead in contention control
  mechanisms
• Passive adaptation of originating and
  route-through admission control rates
• Anticipatory delay for avoiding multihop hidden
  node problems

33
RAP

• Real-time location based protocol
• Velocity monotonic scheduling
• RAP can use clock synchronization

34
Conclusion

• Attempts at adding security focus on
  cryptographic-authentication mechanisms
• Use of higher security mechanisms poses serious
  complications in Sensor Networks
• It is essential to incorporate security
  considerations during design-time
• Without adequate protection against DoS and other
  attacks sensor networks may not be deployable at
  all

35
References

• A.D. Wood and J.A. Stankovic, Denial of Service
  in Sensor Networks, Computer, vol. 35, no. 10,
  2002, pp. 5462.
• A.D. Wood and J.A. Stankovic, A Taxonomy for
  Denial-of-Service Attacks in Wireless Sensor
  Networks, Handbook of Sensor Networks Compact
  Wireless and Wired Sensing Systems, 2004.
• David R. Raymond and Scott F. Midkiff,
  "Denial-of-Service in Wireless Sensor Networks
  Attacks and Defenses," IEEE Pervasive Computing,
  vol. 7, no. 1, 2008, pp. 74-81.