Security in Wireless Sensor Networks

1
Security in Wireless Sensor Networks

• Michael Krishnan

2
Outline

• Types of Attacks
• Clusters and Intrusion Detection
• Game Theory Approach

3
Characteristics of WSNs

• Limited Energy (6Ah)
• Wireless Intruders can see transmissions and add
  their own
• Traffic is either source to sink (base station)
  or broadcast

4
Types of Attacks

• Steal Data Confidentiality
• Alter Data Data Integrity
• Limit Service Availability (DoS)
• Consume Energy Denial of Sleep

5
Confidentiality

• Public key? Too computationally expensive
• Secret key? Bad if node is compromised
• Secure Network Encryption Protocol (SNEP)

6
SNEP

• Both sides keep (pair-wise) shared key, k,
  shared counter, C, to use as IV in DES
• Semantic Security
• Whole network shares MAC() function for
  authentication MAC(k,CD) (8 bytes)
• (Weak) Freshness replay protection and ordering

7
Data Integrity

• Authentication Cant use asymmetric digital
  signatures too much overhead
• SNEP two-party
• mTESLA broadcast

8
Data Integrity - mTESLA

• One-way function, F(.)
• Kn F(Kn1)
• Keys disclosed periodically, not per packet

Figure from Perrig et al.
9
Service Availability

• Bogus Routing Information
• Flooding
• Homing look at traffic to find important nodes
• Black Hole Attack compromise neighbors of
  base-station
• De-synchronization (transport layer)

10
Energy Denial of Sleep Attack

• Unique to WSNs cant use techniques from wired
  networks
• Sources of Energy Loss
• Collision Frequency Hopping, CDMA, FEC
• Message Overhearing RTS/CTS, NAV
• Idle Listening schedule sleep
• Brownfield et al. (2005)

11
Scheduling Sleep S-MAC

• Fixed Sleep Schedule
• RTS During Listen Period
• If no RTS ? sleep
• Vulnerable during listen period only

Figure from Brownfield et al.
12
Scheduling Sleep T-MAC

• Timeout MAC
• Sleep Early wait for timeout period
• Longest time hidden node must wait before first
  bit of CTS (TA 1.5(tCW_Max tRTS tSIFS)
• Saves energy in absence of attacker, but MORE
  vulnerable to attacks (if never get timeout, stay
  awake forever)

13
Scheduling Sleep B-MAC

• No fixed listening start time
• Periodically wake up and sample channel using low
  power listening (LPL)
• Longer preamble (longer than sleep period)
• Just as vulnerable to attack as T-MAC

Figure from Brownfield et al.
14
Scheduling Sleep G-MAC

• Split Frame into Collection and Distribution
  Period
• Gateway Sensor (GS) node schedules traffic for
  cluster
• Rotate being GS to distribute energy use
• Gateway can keep misbehaving node in check

15
Scheduling Sleep G-MAC
Figure from Brownfield et al.
16
Clusters

• Cluster head (CH) and member nodes (MN)
• Popular in routing protocols
• Nearby nodes have redundancy, compressed at CH
  (save energy)
• Can also use for intrusion detection
• CH monitors MNs, while some subset of MNs monitor
  CH
• X MNs can decommission CH (homing)

17
Methods of Intrusion Detection

• Anomaly Detection Actions of monitored node are
  atypical
• High probability of false alarm
• Signature Detection Actions of monitored node
  correspond to a type of attack
• Susceptible to new attacks
• Typical Attacks
• Drop Packets
• Duplicate Packets
• Cause Collisions

18
Clusters for Authentification

• Everyone watch neighbors? Too much energy
• BS checks packet at the end? Waste energy
  transmitting bad packet whole route need to
  discover this sooner
• Check packet everywhere? A lot of computation
• Check at CH. Send packets first to CH
• Also send to CH with some probability p so
  compromised node cant bypass CH.

19
Game Theory Approach

• Agah et al. (2004)
• Model 2-player, non-cooperative, nonzero-sum
• Players IDS, attacker
• IDS can choose 1 cluster to defend, Attacker can
  choose 1 to attack

20
Game Theory Approach - Notation

• U Utility of working WSN
• Ck Cost to defend cluster k
• ALk Average loss for losing cluster k
• PI Attackers profit for intruding
• CI Attackers cost to intrude
• CW Attackers cost to wait

21
Game Theory Approach - Assumptions

• PI SAL
• CW lt PI-CI
• Ck gk, where gk previous attacks to k

22
Game Theory Approach

• Payoff Matrix (for cluster k)

Attack k Do Nothing Attack k
Defend k U-Ck PI-CI U-Ck CW U-Ck-ALk PI-CI
Defend k U-Ck-ALk PI-CI U-Ck CW U-Ck-ALk PI-CI
23
Whats wrong with this?

• Attacker benefit is independent of what IDS does
• Intuitively, this should matter
• We defend one cluster at a time
• Why not more?
• How do they coordinate? (Extra transmissions)

24
Modified Game Theory Approach

• Uk Utility of cluster k
• Ck Cost to defend cluster k
• We can defend as many clusters as we want
• If we defend cluster k, utility of cluster is
  Uk-Ck
• If we dont and its not attacked, utility is Uk
• If we dont and it is attacked, utility is 0
• Since attacker always attacks, his utility is
  proportional to IDSs loss minus a constant (CI)

25
Modified Game Theory Approach

• No Pure NE
• Suppose there were, then attacker always attacks
  one particular cluster, k. IDS should then only
  defend k. But then utility of attacker is less
  than it would be for attacking another cluster.
• Requirement for mixed NE
• Eutil. of attacker indep. of k equally likely
  to attack any cluster ? (1-pk)Uk const, where
  pk is probability of defending cluster k

26
Modified Game Theory Approach

• Strategy
• each cluster knows its own utility (maybe from
  G-MAC)
• Defend with probability pk1-X/Uk where X is a
  constant known to the whole WSN.
• Expected utility of cluster k
• pk(Uk-Ck)(1- pk)(Uk(m-1)/m) where m clusters

27
Modified Game Theory Approach

• Total expected utility of WSN
• Spk(Uk-Ck)(1- pk)(Uk(m-1)/m)
• S(1-X/Uk )(Uk-Ck) X/Uk(Uk(m-1)/m)
• SUk-Ck-XXCk/Uk X(m-1)/m)
• m(X(m-1)/m-X)SUk-CkXCk/Uk
• -XSUk-CkXCk/Uk

28
Modified Game Theory Approach

• Total expected utility of WSN always defending
  (pk 1 for all k)
• SUk-Ck
• -XSUk-CkXCk/Uk
• Gain for using pk lt 1
• -XSUk-CkXCk/Uk - SUk-Ck
• -XSXCk/Uk
• X(SCk/Uk 1)

29
Modified Game Theory Approach

• Utility gain X(SCk/Uk 1)
• What does this mean?
• Goes to -X As Ck ? 0
• Positive for larger Ck and smaller Uk.
• Increases with X (Counter-intuitive)
• Conclusion We can improve our utility by
  defending less when per cluster utility is low
  and Ck is relatively high

30
Review

• Classified Attacks Confidentiality,
  Authenticity, Service Availability, Energy
• Clusters are useful for intrusion detection
• Game theory approach