Secure Routing in Wireless Sensor Networks Attacks and Countermeasures Chris Karlof David Wagner University of Califonia at Berkeley Paper review and Present by Run dong Outline Overview Background Statement of routing security problem Attacks on sensor network routing Attacks on specific sensor network protocols Countermeasures Routing protocols Layer 3 protocols determine the routing path and transmit the packets reliably Traditional routing protocols RIP routing information protocol OSPF open shortest path first Link state BGP Mobile Ad hoc Network protocols Distance vector On demand vs table driven WSN Routing Protocols Current Routing Protocols Goals Low Energy Minimize communication Rely on localized algorithms no centralized control Low Latency Adapt to unpredictable environment without intervention Scalable Low Node Duty Cycle Shut down nodes when possible Robust Radio cost more than instructions executed Aggregate data in network Must meet application latency and accuracy requirements Small Footprint Must run on hardware with severe memory and computational power constraints Overview Wireless sensor network cannot depend on many of the resources available to traditional networks for security Current sensor routing protocols are not designed for security and be insecure mostly optimized for the limited capabilities of the nodes Analysis current protocols to find attacks and suggest countermeasures and design consideration The effective solution for secure routing is to design such sensor routing protocols with security in mind Problem statement Assumption about underlying network Different Threat Models Security goal in this setting Problem statement Assumption about underlying network radio link are insecure easily eavesdropping sensor nodes are not tamper resistant The physical and MAC layers are susceptible to direct attack Base station is trustworthy Aggregation points may be trusted in certain protocols Different Threat Models Security goal in this setting Problem statement Assumption about underlying network Different Threat Models Mote class vs Laptop class Outsider vs insider Security goal in this setting Problem statement Assumption about underlying network Threat Models Security goal in this setting The goal of conventional network is reliable delivery of messengers Sensor network need in network processing aggregation compression duplicate elimination Confidentiality Protection against Replay of data packets should better handled by higher level Attacks model Spoofed altered or replayed routing information Selective forwarding Sinkhole attacks Sybil attacks Wormholes attacks HELLO flood attacks Acknowledgement spoofing Attacks model Spoofed altered or replayed routing information Create Loops Attract or repel network traffic Extend or shorten source routes Generate false error messages Partition network Selective forwarding Blackhole refuse to forward certain messengers and simply drop them Either in path or beneath path by deliberately jamming unique pair key to init FH or spread spectrum will prevent this Follow the path of least resistance and attempt to include itself on the actual data path flow Attacks model Sinkhole attacks Lure nearly all traffic from a particular area through a compromised node Makes selective forwarding trivial Specialized communication pattern cause this problem base station mode Sybil attack forging of multiple identities having a set of faulty entities represented through a larger set of identities Sybil Attack undermines assumed mapping between identity to entity and hence number of faulty entities Attack model Wormholes tunneling of messages over alternative low latency links e g confuse the routing protocol create sinkholes etc Exploit routing race condition Hello flood attack an attacker sends or replays a routing protocol s hello packets with more energy Acknowledgement spoofing Spoof link layer acknowledgement to trick other nodes to believe that a link or node is either dead or alive Attacks on specific protocols General typical sensor routing protocol type Flooding Gradient Clustering and Cellular Geographic Energy Aware TinyOS beaconing Directed diffusion Geographic routing Minimal cost forwarding Cluster head LEACH Rumor routing Energy conserving topology maintenance TinyOS beaconing Base station broadcast Route update beacon periodly Nodes received the update and mark the base station as parent and broadcast it Relevent Attack mode Bogus routing information Selective forwarding Sinkholes Sybil Wormholes Hello floods TinyOS beacon Spoof information Bogus and replayed routing information such like I am base station send by an adversary can easily pollute the entire network TinyOS beacon Wormhole sinkhole Combination Tunnel packets received in one place of the network and replay them in another place The attacker can have no key material All it requires is two transceivers and one high quality out of band channel Adapted from Chris Karlof and David Wagner s WSNPA slides TinyOS beacon Wormhole sinkhole Combination Most packets will be routed to the wormhole The wormhole can drop packets directly sinkhole or more subtly selectively forward packets to avoid detection Adapted from Chris Karlof and David Wagner s WSNPA slides TinyOS beacon Hello flood attack A Laptop class adversary that can retransmit a routing update with enough power to be received by the entire network Adapted from Chris Karlof and David Wagner s WSNPA slides Directed diffusion Data and Application Specific Content based naming Interest distribution Interests are injected into the network from base station Interval specifies an event data rate Interest entry also maintains gradients Data flows from the source to the sink along the gradient Data propagation and reinforcement Reinforcement to single path delivery Multipath delivery with probabilistic forwarding Multipath delivery with selective quality along different paths Directed diffusion Relevant attack Suppression by spoof negative reinforcement Cloning by replay information with malicious listed as a base station send both Path influence by spoof positive or negative reinforcements and bogus data events Selective forwarding and data tampering by above attack method to put the malicious node in the data flow Wormholes attack Hello floods Sybil attack Geographic routing GEAR GPSR Greedy geographic query routing technique Cost function based on destination location and neighbor node energies used to