1

Denial of Service in Sensor Networks

Authors: Anthony D. Wood,

John A. Stankovic

Presented by: Aiyaz Amin Paniwala

2

The paper

Introduction Theory and Application Denial of Service Threat Physical Layer Link Layer Networking Layer Transport Layer Conclusion References

3

Introduction

WSN involves large-scale, real time data processing in complex environments

WSN is used for various applications Availability is of great importance Consideration of security at design time is

essential

4

Theory

Growing use of application dependent sensor networks

Many limitations exist in WSN like power reserves, wireless communication, identifiers

Network must operate under partial failure Network must meet real time requirements Data may be intrinsically valid for short time

5

Application

Sensor Networks are used in different environments with different needs

Military application is primary Can be used in inaccessible locations like

volcanoes Can be used in critical situations like natural or

man made disasters In all applications network must be resilient to

individual node failure

6

Denial of Service Threat

Any event that diminishes or eliminates a network’s capacity to perform it’s expected function

Caused by hardware failures, software bugs, resource exhaustion, environmental conditions or other complicated interactions

7

The Layered Approach

A layered network architecture improves robustness

Each layer has different attacks and different defensive mechanisms

Some attacks are applicable across multiple layers

8

Tabular Representation

9

Physical Layer

This layer deals with the physical transmission in the form of signals

Nodes use wireless communication Base Stations use wired or satellite

communication. Attacks

Jamming Tampering

10

Jamming

Interferes with radio frequencies An adversary can use k randomly

distributed jamming nodes These k nodes can put N nodes out of

service (k<<N) Effective for single frequency network

11

Detection of Jamming

Determined by constant energy as opposed to lack of response

Jamming can be sporadic and hence more difficult to detect yet effective

Jamming itself prevents exchanging data or even reporting the attack

12

Prevention and Mitigation

Spread spectrum communication (code spreading)

It is less feasible due to design complexity, more power and more cost

Attacked nodes can switch to lower duty cycle and wake up to check for jamming

For intermittent jamming nodes send few high power, high priority messages to report attack

13

Local Jamming

14

Tampering

Attacker can physically tamper nodes Likewise nodes can be interrogated and

compromised Attacker can damage or replace sensor

and computation hardware Attacker can extract sensitive material and

use it for further attacks

15

Prevention and Mitigation

Tamper proofing against physical damage Camouflaging or hiding nodes React to tampering by erasing

cryptographic or program memory

16

Link Layer

Provides Channel arbitration Cooperative schemes are vulnerable to

DoS attacks Sensor Network is susceptible to

Collision Exhaustion Unfairness

17

Collision

Adversary may cause disruption by inducing collision in just one octet of transmission

Corruption of ACK can induce costly exponential back-off

The attacker requires minimum energy for listening

18

Detection, Prevention and Mitigation Errors are detected using checksum

mismatch There is no effective way of defending

against such an attack Error Correcting codes can be used at the

cost of increased overheads

19

Exhaustion

Repeated retransmissions are triggered even by unusually late collisions

This leads to exhaustion of battery source It can potentially block availability A node could repeatedly request channel access

with RTS This causes power losses on both requesting

and responding node

20

Detection, Prevention and Mitigation Random back-offs can be used for prevention Ineffective as they would only decrease

probability of inadvertent collisions Time division multiplexing Solve the indefinite postponement problem MAC admission control rate limiting Limiting the extraneous responses required

21

Unfairness

It is a weaker form of DoS It mostly degrades service than denies it It exploits MAC-Layer priority schemes It can be prevented by use of small frames This may increase framing overheads Adversary can cheat while vying for

access

22

Network and Routing Layer

Messages may traverse many hops before reaching the destination

The cost of relaying a packet and the probability of its loss increases in an aggregate network

Every node can act as a router Hence the routing protocols should be simple

and robust

23

Neglect and Greed

A neglectful node arbitrarily neglects to route some messages

Its undue priority to messages originating from it makes it greedy

Multiple routes or sending redundant messages can reduce its effect.

It is difficult to detect

24

Homing

Important nodes and their identities are exposed to mount further attacks

A passive adversary observes traffic to learn the presence and location of critical resources

Shared cryptographic keys are an effective mechanism to conceal the identity of such nodes

This makes the assumption that none of the nodes have been subverted

25

Misdirection

Messages are forwarded in wrong paths This attack targets the sender Adversary can forge replies to route

discovery requests and include the spoofed route

Sensor networks can use an approach similar to egress filtering

26

Black Holes

Nodes advertise zero cost routes to every other node

Network traffic is routed towards these nodes This disrupts message delivery and causes

intense resource contention These are easily detected but more disruptive

27

Authorization

This is a defense mechanism against misdirection and black-hole

Only authorized node can share information Public-key encryption can be used for routing

updates The problems are with computational and

communication overheads and key management

28

Monitoring

Nodes can keep monitoring their neighbors

Nodes become watchdogs for transmitted packets

Each of them has a quality-rating mechanism

29

Probing

A network probe tests network connectivity This mechanism can be used to easily

detect Black holes A distributed probing scheme can detect

malicious nodes

30

Redundancy

Lessens the probability of encountering a malicious node

Duplicate messages can also be sent using same path to deal with intermittent failure

31

Transport Layer

Manages end-to-end connections Sensor Networks utilize protocols with

minimum overhead The potential threats are

Flooding Desynchronization

32

Flooding

Adversary send many connection establishment request to victim

Each request causes allocation of resources It can be prevented by limiting the number of

connections Connectionless protocols are not susceptible to

this attack Another solution is client puzzles

33

Desynchronization

The attacker forges messages to one or both ends with sequence numbers

This causes the end points to request retransmissions of missed frames

This may lead to lack of availability and resource exhaustion

Authentication can prevent such an attack

34

Adaptive rate control

Describe a series of improvements to standard MAC protocols

Key mechanisms include Random delay for transmissions Back-off that shifts an applications periodicity phase Minimization of overhead in contention control mechanisms Passive adaptation of originating and route-through

admission control rates Anticipatory delay for avoiding multihop hidden node

problems

35

Conclusion

Attempts at adding security focus on cryptographic-authentication mechanisms

Use of higher security mechanisms poses serious complications in Sensor Networks

It is essential to incorporate security considerations during design-time

Without adequate protection against DoS and other attacks sensor networks may not be deployable at all

36

References

C.L.Schuba et al., “Analysis of a Denial of Service Attack on TCP”, Proc. IEEE Symp. Security and Privacy, IEEE Press, Piscataway, N.J., 1997, pp. 208-223

A Perrig et al., “SPIN: Security Protocols for Sensor Networks,” Proc. 7th Ann. Intl. Conf. Mobile Computing and Networking (MobiCom 2001), ACM Press, New York, 2001, pp. 189-199

CERT Coordination Center, “Smurf IP Denial-of-Service Attacks”, CERT Advisory CA-98:01,Jan. 1998.

A. Woo and D.E. Culler, “A Transmission Control Scheme for Media Access in Sensor Networks,” Proc. 7th Ann Int’l Conf. Mobile Computing and Networking (MobiCom 2001), ACM Press, New York, 2001, pp. 221-235