A%20Taxonomy%20for%20Denial-of-Service%20Attacks%20in%20Wireless%20Sensor%20Networks

1
A Taxonomy for Denial-of-Service Attacks
inWireless Sensor Networks
Anthony D. Wood and John A. Stankovic Department
of Computer Science University of Virginia
Presenter Sagar Panchariya
1
2
Introduction

• Wireless sensor networks have transformed into
  real world applications which include sensing and
  actuating types of environment of monitoring
  remote environmental sites or hostile battle
  fields to modern comfort of indoor health
  facilities.
• Like real world application on Internet and
  wireless adhoc networks the WSN have already
  started facing attacks.
• One such attack is DoS.

2
3
WSN Properties

• Their design space centers around small wireless
  devices with magnetic, acoustic, optical,
  chemical or other sensors on board.
• Each node is limited in resources, so nodes must
  communicate and co-ordinate to enact aggregate
  behaviors.
• May not be serviceable once deployed, low power
  operation for network longevity.
• Low cost per unit and effective distributed
  algorithm will enable deployment at a large
  scale, individual sensor may not be identifiable
  or important.

3
4
Limitations

• Robustness, fault-tolerance and cost effective
  operations hinge on inherent resource limitations
  of sensor nodes.
• Memory and processing cycles are limited.
• Wasting processing cycles and especially wasting
  radio transmission is not wise.
• Security adds another dimension that cannot be
  overlooked, as in network of such scarce resource
  improper consumption or destruction is a big
  concern.

4
5
Security Considerations

• Sensitive data collected should be protected from
  unauthorized users.
• Data and control mechanisms should be strictly
  authorized when more critical network can impact
  the environment using actuators or automatic
  responses.
• Inability of the network to perform correctly may
  be a safety hazard, depending on the system being
  monitored or controlled.

5
6
DoS and Users in WSN

• The result of an action that prevents any part of
  a WSN from functioning correctly or in a timely
  manner.
• 3 imp parameters Authorized users, a shared
  service and Maximum waiting time.
• Authorized users when prevent access to a shared
  service or use a service for a longer than some
  maximum waiting time.
• Users Besides humans process executing on behalf
  of those humans are also considered as users of
  the systems.
• In WSN terminology individual sensor nodes are
  users with respect to in network services.

6
7
Shared Services and Waiting times

• WSN provide aggregation services such as
  monitoring or control of an area.
• Eg shared example of these services could take
  form of multiple battlefield commanders querying
  a WSN for the location of chemical or biological
  hazard.
• Services like routing, localization and time
  synchronization are also used by multiple sensor
  nodes concurrently.
• Threshold for maximum waiting time could be hard
  or soft depending on the type of network being
  monitored.

7
8
Immediate Vulnerabilities

• Remote locations Distant or unmonitored networks
  require greater response for physical
  intervention.
• Large scale not cost effective to intervene
  individual node.
• Cost sensitive for large scale deployment
  requires cost and time efficient sensors. This
  adds pressure to hardware and software
  development cost which result in hasty design and
  numerous implementation errors.
• Attractive targets depending on criticality and
  visibility sensor nodes become attractive
  targets also odds of casual physical tampering.

8
9
Vulnerabilities contd.

• Application specificity Due to resource
  constraint that some network layers be merged or
  compressed together. Therefore unforeseen
  interaction between network layers may give rise
  to further vulnerabilities.
• Distributed services Due to symmetric node
  design every node is potential target.

9
10
10
11
Attacker

• Passerby Motivated by spontaneity, not
  determined, very little knowledge few resources.
• Vandal Desires to inflict damage, perhaps
  visibility moderately determined little
  knowledge few resources necessary.
• Hacker Desires access, motivated by curiosity
  and interest highly determined highly
  knowledgeable moderate resources.

11
12
Attacker Contd.

• Raider Driven by personal or organizational
  monetary and/or political gain, highly
  determined, moderately-highly knowledgeable
  moderate resources.
• Terrorist or Foreign Power Causes real-world
  damage by compromise of critical systems,
  motivated by enmity very determined highly
  knowledgeable, very well resourced with time,
  money, and man-power

12
13
Capabilities

• Number of Attackers Attacks may be mounted by
  one or more attackers.
• Co-ordination of Attackers All attacks caused
  may be independent or aggregated similar
  instances of attacks, or attacks possibly
  interfering with each other.
• Autonomous attacks are difficult to trace as
  compared to a centrally controlled attack

13
14
Capabilities Contd.

• Technical Capability
• Receiving only listening/ eaves dropping may
  further lead to other attacks
• Receiving and transmitting Using some channels
  if its able to interact with sensor devices and
  impersonate a legitimate node. E.g.. Send old
  messages.
• Other channels other mean of communication would
  be available to the attackers to coordinate
  attacks despite of disruption of WSN routing.
• Attacker technical infrastructure may include
  higher bandwidth links, side channels, superior
  computational facilities, etc. (capability
  asymmetry)?

14
15
Area of Influence

• Localized region if the capabilities of an
  attacker are same as a WSN, outside nodes
  unaffected.
• Remote nodes getting into routing services can
  allow disruption of remote nodes.
• Multicast flooding could be used to send
  malicious message to a group of nodes.
• Similarly broad cast malicious flooding may be
  used.

15
16
Target

• Type of Service Attack may happen on a
  particular layer or service in the network.
• Service interaction could be exploiting.
• Lower layer attack may affect all the services
  dependent on the layer.
• E.g. services may include localization, time
  synchronization, directory services, routing
  services, code download, aggregation, etc.

16
17
Criticality of Target

• Some services may be expendable such as sensing
  coverage provided by a small number of nodes.
• Some services may be desired, but not critical
  e.g. equalized power consumption
• Critical services should be well protected
  against all forms of security violations. Without
  this the WSN cannot function adequately, e.g.
  routing service or event detection.

17
18
PhysicalVulnerability

• Physical tampering in some way by inserting
  malicious code or reading secret key though its
  memory for use in other attack.(cause low cost
  packaging.)?
• An attacker can falsify local sensor values in
  the area of WSN and may be able to mislead
  monitors in that areas.
• Physical tampering may be detected or more subtle
  tampering may be may go totally undetected.

18
19
Result

• Attack is a nuisance but cannot harm.
• Performance is degraded but not stopped.
• More serious like key services are disrupted for
  the duration of the attack plus there is some
  finite recovery time.
• Severe attack could be of the type the target
  ceases to recover even after the attacks has
  stopped, e.g. physical damage, erased or
  corrupted memory.

19
20
Possible Defenses

• Jamming deliberate interference with radio
  reception to deny the targets use of a
  communication channel.
• Node is not able to communicate and coordinate
  with the network and so is disrupted.
• Defense technique
• Use of spread spectrum, frequency hopping
• Knowledge of jamming detection can allow avoiding
  of jamming route.
• Sending of higher power transmission signal to
  nodes that are not jammed.

20
21
Possible Defenses Contd.

• HELLO floods
• A broadcast to all nodes announcing false
  neighbor status. WSN uses the HELLO messages to
  establish local neighbor tables.
• Every neighbor thinks that the fake WSN is one
  hop radio communication range.
• Also the fake WSN may advertise low-cost routes.
  This causes retransmission by neighboring WSNs
  causing congestion.
• Defense Technique bidirectional verification.
• Nodes could use a trusted third party to verify
  the authenticity of each of its neighbors before
  forwarding messages.

21
22
Possible Defenses Contd.

• Tampering
• Defense Upon the detection of tampering,
  tracking and reporting of human intruders within
  the compass of network, so guards or operators
  could physical intervene.
• Use of tamper resistant packages.
• Camouflaging the package

22
23
Problems and Defenses

• Exhaustion and Interrogation
• If an attacker is able to replay a broadcast
  initialization command causing nodes throughout
  the network to perform localization or time
  synchronization procedure.
• Such messages provide a way of amplification of
  unnecessary traffic.
• Such repeated request for intentional energy
  drain of nodes is called Interrogation.
• Defense technique
• Rate limiting responses to even properly
  authenticated nodes. Excessive request will be
  ignored.

23
24
Possible Defenses Contd.

• Collisions
• By listening and parsing radio transmissions near
  the victim, the attacker can disrupt key elements
  of packets that contribute to checksums.
• With little effort the attacker can cause the
  victim to discard a much long packet wasting both
  channel and transmission energy.
• Defense technique
• Error correcting codes can be used to provide
  some protection against corruption of data
  messages. These add processing and transmission
  overhead.

24
25
Conclusion

• WSN designs could be made resistant to DoS
  attacks by answering some of the question who
  will be the attackers?
• What are their capabilities?
• What could be the target?
• What are the vulnerabilities?
• What could be the result of the attack?

25
26
(No Transcript)
27
Some References

• ACLGM93 E. Ayanoglu, I. Chih-Lin, R. D. Gitlin,
  and J. E. Mazo. Diversity coding for self-healing
  and faulttolerant
• communication networks. IEEE Trans. Comm.,
  COM-411677.1686, November 1993. 3.5
• AK96 Ross Anderson and Markus Kuhn. Tamper
  resistance . a cautionary note. In Proceedings of
  the 2nd
• USENIX Workshop on Electronic Commerce, pages
  1.11, Oakland, California, November 1996. 3.2
• And93 Ross Anderson. Why cryptosystems fail. In
  Proceedings of the 1st ACM Conference on Computer
  and
• Communications Security, pages 215.227, Fairfax,
  Virginia, November 1993. ACM Press. 1.3

27