1

Somya Kapoor

Jorge Chang

Amarnath Kolla

2

Agenda

Introduction and Architecture of WSN –Somya Kapoor

Security threats on WSN – Jorge Chang & Amarnath Kolla

3

What is WSN?

“A wireless sensor network (WSN) is a network made of numerous small independent sensor nodes. The sensor nodes, typically the size of a 35 mm, are self-contained units consisting of a battery, radio, sensors, and a minimal amount of on-board computing power. The nodes self-organize their networks, rather than having a pre-programmed network topology. Because of the limited electrical power available, nodes are built with power conservation in mind, and generally spend large amounts.”

4

Uses or Benefits

• Buildings automation for controlling lights, fire alarms or access control, refrigeration control • Industrial automation

• Habitat monitoring

• Medical field

• Military

5

Layout of WSN

6

Layout of a mote

7

Picture

8

Doesn’t it sound amazing?

9

Requirements of WSN

• Small in size and low power consumption

• Concurrency–intensive operation

• Diversity in design and usage

• Low cost Low cost

• Security!

10

Security ThreatsSecurity Threats

Denial of Service.Denial of Service. Spoofed, altered, or replayed routing info.Spoofed, altered, or replayed routing info. Selective forwarding.Selective forwarding. Sinkhole attacks.Sinkhole attacks. Sybil attacks.Sybil attacks. Wormhole attacks.Wormhole attacks. Hello flood attacks.Hello flood attacks. Acknowledgement spoofing.Acknowledgement spoofing.

11

Denial of ServiceDenial of Service

Network LayerNetwork Layer DoS AttackDoS Attack DefensesDefenses

PhysicalPhysical JammingJamming Spread-spectrum, priority Spread-spectrum, priority messages, lower duty cycle, messages, lower duty cycle, region mapping, mode region mapping, mode changechange

TamperingTampering Tamper-proofing, hidingTamper-proofing, hiding

13

Denial of ServiceDenial of Service

Network LayerNetwork Layer DoS AttackDoS Attack DefensesDefenses

PhysicalPhysical JammingJamming Spread-spectrum, priority Spread-spectrum, priority messages, lower duty cycle, messages, lower duty cycle, region mapping, mode region mapping, mode changechange

TamperingTampering Tamper-proofing, hidingTamper-proofing, hiding

LinkLink CollisionCollision Error correcting codeError correcting code

ExhaustionExhaustion Rate limitationRate limitation

UnfairnessUnfairness Small framesSmall frames

14

Denial of Service (cont.)Denial of Service (cont.)

Network and Network and routingrouting

Neglect and Neglect and GreedGreed

Redundancy, probingRedundancy, probing

HomingHoming EncryptionEncryption

MisdirectionMisdirection Egress filtering, Egress filtering, authorization, monitoringauthorization, monitoring

Black holesBlack holes Authorization, monitoring, Authorization, monitoring, redundancyredundancy

15

Denial of Service (cont.)Denial of Service (cont.)

Network and Network and routingrouting

Neglect and Neglect and GreedGreed

Redundancy, probingRedundancy, probing

HomingHoming EncryptionEncryption

MisdirectionMisdirection Egress filtering, Egress filtering, authorization, monitoringauthorization, monitoring

Black holesBlack holes Authorization, monitoring, Authorization, monitoring, redundancyredundancy

TransportTransport FloodingFlooding Client puzzlesClient puzzles

DesynchronizatioDesynchronizationn

AuthenticationAuthentication

16

Spoofed, Altered, or Replayed Routing Spoofed, Altered, or Replayed Routing InfoInfo

Issues:Issues:

Routing info altered/falsified to attract/repel Routing info altered/falsified to attract/repel traffic from nodes.traffic from nodes.

Malicious nodes can create traffic loops.Malicious nodes can create traffic loops.

Counter Measures: Authentication.Counter Measures: Authentication.

17

Selective ForwardingSelective Forwarding

Issues:Issues:

Relies on routing methodology.Relies on routing methodology. Subvert a node on a major traffic path.Subvert a node on a major traffic path. Selectively forward only some data.Selectively forward only some data.

Counter Measures:Counter Measures: Redundant routes.Redundant routes. Redundant messages.Redundant messages.

18

Sinkhole AttackSinkhole Attack

Issues:Issues: Subverted nodes close Subverted nodes close

to base advertise to base advertise attractive routing attractive routing information.information.

Base Station

Sinkhole

19

Sinkhole AttackSinkhole Attack

Issues:Issues: Subverted nodes close Subverted nodes close

to base advertise to base advertise attractive routing attractive routing information.information.

Force nodes in the Force nodes in the region to route data region to route data towards it.towards it.

Creates a ‘sphere of Creates a ‘sphere of influence’.influence’.

Counter Measures:Counter Measures: Hierarchical routing.Hierarchical routing. Geographic routing.Geographic routing.

Base Station

Sinkhole

20

Sybil AttackSybil Attack

An adversary node assumes identity of multiple An adversary node assumes identity of multiple nodes.nodes.

This causes ineffectiveness in a network. This causes ineffectiveness in a network. Specially target for networks with:Specially target for networks with: Fault ToleranceFault Tolerance Geographic routing protocolGeographic routing protocol

21

Sybil Attack (cont.)Sybil Attack (cont.)

Geographic routing network where each intermediate Geographic routing network where each intermediate node is allowed up to five connected nodes.node is allowed up to five connected nodes.

Here, an adversary node assumes the identity of two Here, an adversary node assumes the identity of two nodes, leaving one node starved.nodes, leaving one node starved.

A B

Base Station

A B

Base Station

22

Sybil Attack (cont.)Sybil Attack (cont.)

In a network with fault tolerance, each node sends In a network with fault tolerance, each node sends data to multiple intermediate node.data to multiple intermediate node.

Adversary intermediate node assumes multiple Adversary intermediate node assumes multiple identity, removing the fault tolerance requirement.identity, removing the fault tolerance requirement.

A B

Base Station

A B

Base Station

23

Sybil AttackSybil Attack

Counter measureCounter measure

Each node is assigned one or more “verified Each node is assigned one or more “verified neighbors”neighbors”

Traffic can go through verified or non-Traffic can go through verified or non-verified nodes.verified nodes.

Base station keeps track of how many Base station keeps track of how many neighbors each node has, and if the number neighbors each node has, and if the number is higher than normal, this indicates Sybil is higher than normal, this indicates Sybil attack.attack.

At this point, traffic can only be routed At this point, traffic can only be routed through verified nodes.through verified nodes.

Neighbor verification can be done through Neighbor verification can be done through certificates or public key cryptosystem.certificates or public key cryptosystem.

24

Wormhole AttackWormhole Attack

Two powerful adversary nodes placed in two Two powerful adversary nodes placed in two strategic locationstrategic location

Advertise a low cost path to the sinkAdvertise a low cost path to the sink All nodes in the network are attracted to them All nodes in the network are attracted to them

looking for an optimal routelooking for an optimal route This is attack is usually applied in conjunction This is attack is usually applied in conjunction

with selective forwarding or eavesdropping with selective forwarding or eavesdropping attack.attack.

25

Wormhole Attack (cont.)Wormhole Attack (cont.)

The two adversary The two adversary nodes advertise a nodes advertise a route that’s two route that’s two hops away.hops away.

Normal route is Normal route is longer, so it’s not longer, so it’s not used.used.

The adversaries The adversaries are now in control are now in control of all the traffic in of all the traffic in the network.the network.

A

Base Station

A

26

Wormhole Attack (cont.)Wormhole Attack (cont.)

Hard to detect because communication Hard to detect because communication medium between the two bad nodes medium between the two bad nodes are unknown.are unknown. Control and verify hop count. This limits the Control and verify hop count. This limits the

self-organizing criteria of an ad-hoc self-organizing criteria of an ad-hoc network.network.

Use protocol that is not based on hop Use protocol that is not based on hop count. In geographic routing, a route is count. In geographic routing, a route is based on coordinates of intermediate based on coordinates of intermediate nodes. But if adversary nodes can mimic its nodes. But if adversary nodes can mimic its location, this doesn’t work.location, this doesn’t work.

27

HELLO flood attackHELLO flood attack

New sensor node broadcasts “Hello” to find its New sensor node broadcasts “Hello” to find its neighbors.neighbors.

Also broadcast its route to the base station. Also broadcast its route to the base station. Other nodes may choose to route data through Other nodes may choose to route data through this new node if the path is shorter.this new node if the path is shorter.

Adversary node broadcast a short path to the Adversary node broadcast a short path to the base station using a high power transmission.base station using a high power transmission.

Target nodes attempt to reply, but the Target nodes attempt to reply, but the adversary node is out of range.adversary node is out of range.

This attack puts the network in a state of This attack puts the network in a state of confusion.confusion.

28

HELLO flood attackHELLO flood attack

Counter this attack by using Counter this attack by using a three-way handshake.a three-way handshake.

New node sends HELLO.New node sends HELLO. Any receiving nodes reply Any receiving nodes reply

with randomly generated with randomly generated message.message.

The new node must resend The new node must resend the message back to the the message back to the receiving nodes. receiving nodes.

This guarantees the bi-This guarantees the bi-directionality of the link.directionality of the link.

Base Station

A

29

Acknowledgement SpoofingAcknowledgement Spoofing

Adversary can easily intercept messages Adversary can easily intercept messages between two partiesbetween two parties

Spoofs an acknowledge of a message to the Spoofs an acknowledge of a message to the sender.sender.

Goal is to convince the sender that a weak link Goal is to convince the sender that a weak link is strong, or a dead link is still active.is strong, or a dead link is still active.

Counter the attack by appending a random Counter the attack by appending a random number to the message and encrypt the whole number to the message and encrypt the whole thing. Acknowledge by sending the decrypted thing. Acknowledge by sending the decrypted random number.random number.

30

Wireless sensor network is a growing field and Wireless sensor network is a growing field and has many different applications.has many different applications.

Most security threats to wireless ad-hoc network Most security threats to wireless ad-hoc network are applicable to wireless sensor network.are applicable to wireless sensor network.

These threats are further complicated by the These threats are further complicated by the physical limitations of sensor nodes.physical limitations of sensor nodes.

Some of these threats can be countered by Some of these threats can be countered by encryption, data integrity and authentication.encryption, data integrity and authentication.

Security of wireless sensor network remains an Security of wireless sensor network remains an intensive studied field.intensive studied field.

ConclusionConclusion

31

Questions and Comments?