Denial of Service Attacks in Sensor Ad Hoc Networks

1
Denial of Service Attacks in Sensor Ad Hoc
Networks

• Huijuan Jiang
• April 14, 2003

2
Outline

• Overview of possible DoS (Denial of Service)
  attacks in sensor Ad Hoc networks
• A case study of making routing protocol immune to
  malicious nodes in mobile Ad Hoc networks

3
Overview of DoS Attacks

• Anthony Wood, John A. Stankovic, Denial of
  Service in Sensor Networks, IEEE Computer,
  35(10)54-62, October 2002.

4
What is DoS?

• A denial of service attack is any event that
  diminishes or eliminates a networks capacity to
  perform its expected function.

5
Sensor Network Layers and DoS Defenses
6
Physical Layer

• Jamming An adversary keeps sending useless
  signals making other nodes unable to communicate
• Defense
• 1) Sleep
• 2) Spread Spectrum
• 3) Frequency Hopping
• 4) Reroute Traffic

7
Reroute the Traffic in Case of Jamming
8
Physical Layer Continued

• Tampering An Attacker can tamper with nodes
  physically
• Defense
• 1)React to tampering in a fail-complete
  manner, e.g. erase memory
• 2) hiding the nodes

9
Link Layer

• Collision Attacker only need to disrupt part of
  the transmission.
• Defense Error-correcting codes
• Exhaustion Retransmission repeatedly will cause
  battery exhaustion In IEEE802.11 based MAC,
  continuous RTS requests cause battery exhaustion
  at targeted neighbor
• Defense Make MAC admission control rate
  limiting
• Unfairness Above attacks could cause unfairness
• Defense use small frames

10
Network and Routing Layer

• Misdirection Forwards messages along wrong
  paths provide wrong route information
• Defense
• 1) Egress filtering - In hierarchical routing,
  parent can verify the source of the packets and
  make sure that all packets are from its children
• 2) Authorization Only authorized nodes
  can exchange routing information
• 3) Monitoring Every node monitors if its
  neighbors are behaving correctly

11
Network and Routing Layer - Continued

• Neglect and greed Malicious and selfish nodes
• Defense Redundancy (Multiple paths or
  multiple packets along same route)
• Homing Nodes have special responsibilities are
  vulnerable
• Defense Hiding the important nodes( e.g.
  encryption)
• Black holes Attackers make neighbors to route
  traffic to them, but dont relay the traffic
• Defense Authorization, Monitoring, Redundancy

12
Transportation Layer

• Flooding An attacker sends many connection
  establishment requests to victim, making the
  victim run out of resources
• Defense 1) Limit number of connections
• 2) Make flow connectionless
• 3) Client Puzzle challenging the
  client
• Desynchronization An attacker forges messages
  carrying wrong sequence number to one or both
  endpoints
• Defense Authenticates all packets including
  transport protocol header.

13
Conclusion from this paper

• Adding Security functions to existing Ad Hoc
  network is painful
• Consideration of security at design time is the
  best way to ensure successful network deployment

14
Mitigate misbehaviors in routing protocol

• Sergio Marti, T.J. Giuli, Kevin Lai and Mary
  Baker, "Mitigating Routing Misbehavior in Mobile
  Ad Hoc Networks, Proceedings of MOBICOM 2000,
  August 2000.

15
Overview of this paper

• Introduce Watchdog and Pathrater mechanisms to
  DSR (Dynamic Source Routing), to detect and
  mitigate the effect of routing misbehavior
• Evaluate the proposal through simulation

16
Dynamic Source Routing

• Intermediate nodes
• If has a route to D in route cache, initiate
  route reply to S
• Otherwise, adds its own ID to RREQ, rebroadcast it

Route Request (RREQ)
17
Dynamic Source Routing
Route Reply (RREP)
18
Watchdog
(a) Normal case
(b) Collision at A
(c) Collision at C
19
Pathrater

• Each node maintains a rating for every other node
  it knows about in the network
• Always 1.0 for itself
• Newly known nodes starting from 0.5
• Increase 0.01 if the node is used by active route
• Decrease 0.05 if detects a link break, and the
  node becomes unreachable during packet relay
• Assign 100 to misbehaving nodes

20
Pathrater - Continued

• Calculates the path metric by averaging the node
  ratings in the path, and choose the path with
  highest metric
• If no path free of misbehaving nodes is found,
  Send Route Request (SRR) to search for more
  routes

21
Simulation Model

• Total nodes 50
• Percentage of misbehaving nodes 40
• Movement model random waypoint model
• Nodes choose destination, move in a straight
  line towards the destination with a random speed,
  stay there for a pause time, and then move again.
  

22
Metrics

• Throughput percentage of data packets sent
  actually received by the intended destinations
• Overhead the ratio of routing- related
  transmissions to data transmissions

23
Throughput
WDON PRON SRRON WDON PRON
SRROFF WDOFF PRON SRROFF WDOFF PROFF
SRROFF
WDON PRON SRRON WDON PRON
SRROFF WDOFF PRON SRROFF WDOFF PROFF
SRROFF
24
Routing Overhead
25
Summary

• Probably the first paper on detection of routing
  misbehavior for Ad Hoc networks
• Not perfect
• Only deals with selfish nodes
• Not work well in face of collision
• Not able to tell replay attack
• Can not tell if next-hop node is selfish, or just
  has traveled away