Presented by OYA SIMSEK - PowerPoint PPT Presentation

1 / 24
About This Presentation
Title:

Presented by OYA SIMSEK

Description:

WSNs facilitate large-scale, real-time data processing in complex environments. ... implementing tamper reaction such as erasing all program or cryptographic memory. ... – PowerPoint PPT presentation

Number of Views:46
Avg rating:3.0/5.0
Slides: 25
Provided by: Alber92
Category:

less

Transcript and Presenter's Notes

Title: Presented by OYA SIMSEK


1
Denial of Service Attacks (DoS) in Wireless
Sensor Networks (WSNs)
  • Presented by OYA SIMSEK

2
WSNs Applications
  • WSNs facilitate large-scale, real-time data
    processing in complex environments.
  • Their foreseeable applications will help protect
    and monitor military, environmental,
    safety-critical, or domestic infrastructures and
    resources.
  • In a military scenario, WSNs
  • may gather intelligence in battlefield
    conditions,
  • track enemy troop movements,
  • monitor a secured zone for activity, or measure
    damage and casualties.

3
WSNs Applications Cont.
  • WSNs could be used to rescue personnel at
    disaster sites, or they could themselves help
    locate casualties.
  • They could monitor conditions at the rim of a
    volcano, along an earthquake fault, or around a
    critical water reservoir.
  • Such networks could also provide always-on
    monitoring of home healthcare for the elderly or
    detect a chemical or biological threat in an
    airport or stadium.

4
DoS Attacks
  • A DoS attack is any event that diminishes or
    eliminates a networks capacity to perform its
    expected function (Hardware failures, software
    bugs, resource exhaustion, environmental
    conditions, or their combination or intentional
    attack)
  • DoS attacks target availability (which ensures
    that authorized parties can access data,
    services, or other computer and network resources
    when requested) by preventing communication
    between network devices or by preventing a single
    device from sending traffic.

5
WSNs Characteristics
  • WSN platforms (mostly) have limited processing
    capability and memory.
  • A primary weakness shared by all wireless
    networking devices is the inability to secure the
    wireless medium.
  • Any adversary in radio range can eavesdrop
    traffic, transmit bogus data, or jam the network.
  • Sensors are also vulnerable to physical tampering
    and destruction if deployed in an unsecured area.

6
WSNs Characteristics Cont.
  • Another vulnerability is the sensor devices
    extremely limited and often nonreplenishable
    power supplies.
  • Attackers arent always limited by the same
    constraints as the sensor devices.
  • An adversary might have unlimited power supply,
    significant processing capability, and the
    capacity for high-power radio transmission.

7
Layered Model
8
Physical Layer Jamming
  • A well-known attack on wireless communication,
    jamming interferes with the radio frequencies a
    networks nodes are using.
  • An adversary can disrupt the entire network with
    k randomly distributed jamming nodes, putting N
    nodes out of service, where k is much less than
    N.
  • For single frequency networks, this attack is
    simple and effective, rendering the jammed node
    unable to communicate or coordinate with others
    in the network.
  • Constant transmission of a jamming signal is an
    expensive use of energy. If the attacker is
    limited in energy, she may use sporadic or burst
    jamming instead.
  • She jams only when detecting radio transmissions
    in the area of the victim, which requires that
    she be nearby.

9
Defense Against Jamming
  • Spread-spectrum communication is a common defense
    against physical-layer jamming in wireless
    networks.
  • Due to the synchronization and cost requirements,
    low cost, low-power sensor devices may be limited
    to single-frequency use.
  • If the adversary can permanently jam the entire
    network, and if the nodes can identify a jamming
    attack, a logical defense is to put sensors into
    a long-term sleep mode and have them wake
    periodically to test the channel for continued
    jamming.
  • Although this wont prevent a DoS attack, it
    could significantly increase the life of sensor
    nodes by reducing power consumption. An attacker
    would then have to jam for a considerably longer
    period, possibly running out of power before the
    targeted nodes do.

10
Defense Against Jamming Cont.
  • If jamming is intermittent, nodes may be able to
    send a few high-power, high-priority messages
    back to a base station to report the attack.
  • Nodes should cooperate to maximize the
    probability of successfully delivering such
    messages.
  • In a large-scale deployment, an adversary is less
    likely to succeed at jamming the entire network.
  • In this scenario a more appropriate response
    would be to call on the nodes surrounding the
    affected region to cooperatively map and report
    the DoS attack boundary to a base station.

11
Physical Layer Tampering
  • An attacker can also tamper with nodes
    physically, and interrogate and compromise them.
  • An attacker can damage or replace sensor and
    computation hardware or extract sensitive
    material such as cryptographic keys to gain
    unrestricted access to higher levels of
    communication.
  • Node destruction may be indistinguishable from
    fail-silent behavior.

12
Defense Against Tampering
  • Although you cant prevent destruction of nodes
    deployed in an unsecured area, redundant nodes
    and camouflaging can mitigate this threat.
  • Hiding or camouflaging nodes, tamper-proofing
    packages, or implementing tamper reaction such as
    erasing all program or cryptographic memory.
  • These may increase the cost and complexity of WSN
    design.

13
Link Layer Exhaustion
  • A self-sacrificing node could exploit the
    interactive nature of most MAC-layer protocols in
    an interrogation attack.
  • For example,
  • IEEE 802.11-based MAC protocols use Request To
    Send, Clear To Send, and Data/Ack messages to
    reserve channel access and transmit data.
  • The node could repeatedly request channel access
    with RTS, eliciting a CTS response from the
    targeted neighbor node.
  • Constant transmission would exhaust the energy
    resources of both nodes.

14
Defense Against Exhaustion
  • One solution makes the MAC admission control rate
    limiting, so that the network can ignore
    excessive requests without sending expensive
    radio transmissions.
  • Antireplay protection and strong link-layer
    authentication can mitigate these attacks.
  • However, a targeted node receiving the bogus RTS
    messages still consumes energy and network
    bandwidth.

15
Network Layer Homing
  • In most sensor networks, more powerful nodes
    might serve as cryptographic key managers, query
    or monitoring access points, or network uplinks.
    These nodes attract an adversarys interest
    because they provide critical services to the
    network.
  • Location-based network protocols that rely on
    geographic forwarding expose the network to
    homing attacks.
  • A passive adversary observes traffic, learning
    the presence and location of critical resources.
  • Once found, these nodes can be attacked by
    collaborators or mobile adversaries using other
    active means.

16
Defense Against Homing
  • One approach to hiding important nodes provides
    confidentiality for both message headers and
    their content. If all neighbors share
    cryptographic keys, the network can encrypt the
    headers at each hop.
  • This would prevent a passive adversary from
    easily learning about the source or destination
    of overheard messages.

17
Network Layer Black Holes
  • Distance-vector-based protocols provide another
    easy avenue for an even more effective DoS
    attack.
  • Nodes advertise zero-cost routes to every other
    node, forming routing black holes within the
    network.
  • As their advertisement propagates, the network
    routes more traffic in their direction.
  • In addition to disrupting message delivery, this
    causes intense resource contention around the
    malicious node as neighbors compete for limited
    bandwidth.
  • These neighbors may themselves be exhausted
    prematurely, causing a hole or partition in the
    network.

18
Defense Against Black Holes
  • Authorization
  • Through letting only authorized nodes exchange
    routing information.
  • Monitoring
  • Through monitoring their neighbors to ensure that
    they observe proper routing behavior.
  • The node relays a message to the next hop and
    then acts as a watchdog that verifies the
    next-hop transmission of the same packet.
  • The watchdog can detect misbehavior, subject to
    limitations caused by collisions, asymmetric
    physical connectivity, collusion, and so on.

19
Defense Against Black Holes Cont.
  • Probing
  • Networks using geography-based routing can use
    knowledge of the physical topology to detect
    black holes by periodically sending probes that
    cross the networks diameter.
  • Subject to transient routing errors and overload,
    a probing node can identify blackout regions.
  • To detect malicious nodes, probes must be
    indistinguishable from normal traffic.
  • Redundancy
  • The network can send duplicate messages along the
    same path to protect against intermittent routing
    failure.
  • If each message uses a different path, one of
    them might bypass consistently neglectful
    adversaries or even black holes.

20
Transport Layer Flooding
  • As in the classic TCP SYN flood, an adversary
    sends many connection establishment requests to
    the victim. Each request causes the victim to
    allocate resources that maintain state for that
    connection.
  • Limiting the number of connections prevents
    complete resource exhaustion, which would
    interfere with all other processes at the victim.
  • However, this solution also prevents legitimate
    clients from connecting to the victim, as queues
    and tables fill with abandoned connections.

21
Defense Against Flooding
  • One defense requires clients to demonstrate the
    commitment of their own resources to each
    connection by solving client puzzles.
  • The server can create and verify the puzzles
    easily, and storage of client-specific
    information is not required while clients are
    solving the puzzles. Servers distribute the
    puzzle, and clients wishing to connect must solve
    and present the puzzle to the server before
    receiving a connection.
  • An adversary must therefore be able to commit far
    more computational resources per unit time to
    flood the server with valid connections.
  • This solution is most appropriate for combating
    adversaries that possess the same limitations as
    sensor nodes.
  • It has the disadvantage of requiring more
    computational energy for legitimate sensor nodes,
    but it is less costly than wasting radio
    transmissions by flooding.

22
Transport Layer Desynchronization
  • An existing connection between two end points can
    be disrupted by desynchronization.
  • In this attack, the adversary repeatedly forges
    messages to one or both end points.
  • These messages carry sequence numbers or control
    flags that cause the end points to request
    retransmission of missed frames.
  • If the adversary can maintain proper timing, it
    can prevent the end points from exchanging any
    useful information, causing them to waste energy
    in an endless synchronization-recovery protocol.

23
Defense Against Desynchronization
  • One counter to this attack authenticates all
    packets exchanged, including all control fields
    in the transport protocol header.

24
References
  • A.D. Wood and J.A. Stankovic, Denial of Service
    in Sensor Networks, Computer, vol. 35, no. 10,
    2002, pp. 5462.
  • A.D. Wood and J.A. Stankovic, A Taxonomy for
    Denial-of-Service Attacks in Wireless Sensor
    Networks, Handbook of Sensor Networks Compact
    Wireless and Wired Sensing Systems, 2004.
  • David R. Raymond and Scott F. Midkiff,
    "Denial-of-Service in Wireless Sensor Networks
    Attacks and Defenses," IEEE Pervasive Computing,
    vol. 7, no. 1, 2008, pp. 74-81.
Write a Comment
User Comments (0)
About PowerShow.com