This action might not be possible to undo. Are you sure you want to continue?
-FOR WIRELESS SENSOR NETWORKS
Submitted by Anvesh T
memory and bandwidth. an adversary overwhelms sensor nodes a long distance away by flooding an end-to-end communication path with either replayed packets or injected inauthentic packets. subject to open wireless communication and prone to the physical risks of in situ implementation. Though the applications of WSNs are wide-ranging. low power. These networks will consist of hundreds or thousands of self-organizing. which exploits the tree-structured routing of WSNs to cause broad DoS for modest effort. In a PDoS attack. Such an attack is termed as a Path-based DoS (PDoS) attack.Limiting DoS attacks in SPINS 1 ABSTRACT: Denial of service (DoS) attacks commonly occur in wireless sensor networks (WSNs) due to resource constrained environments. In the DoS attacks. These attacks prevent legitimate users from accessing the network and are a vexing problem in all networks. called PDoS (Path-based Denial of Service) and Jamming.. low cost wireless nodes. Another much simpler yet highly effective class of DoS attacks against WSNs can be launched by a single adversary flooding packets along a multihop data delivery path. 4 Path based DoS(PDoS) attack: . WSNs are vulnerable to such attacks due to their limited energy. In contrast to resource-rich networks such as the internet. more resource limited. These factors increase the susceptibility of WSNs to DoS attacks. 2 Introduction: Wireless Sensor Networks (WSNs) are new type of networked systems characterized by severely constrained computational and energy resources.e limited energy. Constant jamming prevents nodes from exchanging data or even reporting the attack to remote monitoring stations.quickly exhaust the limited energy. due to their inherent limitations. WSNs are especially sensitive to Denial of Service (DoS) attacks. memory and CPU of resource-limited sensor nodes. While an adversary may resort to a localized signal Jamming attack . a WSN is less stable. including environmental monitoring. communication bandwidth. This paper proposes a solution for PDoS by one-way hash chains to protect end -to-end communications in WSNs against PDoS attacks.Jamming interferes with the radio frequencies which a network’s nodes are using. but they are particularly threatening in the wireless context.the malicious node keeps sending the request to negotiate a session key. memory and bandwidth.a form of a DoS attack which overwhelms nodes by flooding packets. 3 Denial of Service (DoS) attack: Wireless Sensor Networks (WSNs) offer the promise of exciting new technological developments. i. This paper deals with important DoS attack. rather than as a collection of broken links and congested nodes. For Jamming we describe a mapping protocol for nodes that surround a jammer which allows network applications to reason about the region as an entity.
due to the tree-structured topology of a WSN. One way to detect inauthentic packets is to have the source node establish a separate shared key with other sensor nodes in the communication path. However. because the attacker will then have the path key and be able to flood legitimate packets along the path in a PDoS attack. A much wider region is disabled than simply a single path in a WSN due to a PDoS attack which was a problem important enough to be addressed. a sender could use a single ‘path’ key that is shared with each node along the path. Message Authentication code (MAC) for each node in the path which imposes a burden on the sender.2 Possible ways of defense against a PDoS attack: 4. INSENS does not address how to limit an adversary from flooding replayed or inauthentic data along any routing path. 4.4]. • • • • Entire sensor network is flooded. the highly restricted packet size in WSNs makes it difficult to include such a large amount of verification information in a sender’s packet. The sender node then uses each key to separately generate authentication/integrity information for each packet to satisfy each node along the path. Alternatively. All nodes on the branch containing the attacked path will be unable to communicate with the base station. which will overload all nodes along the path towards a base station. an intermediate node must be able to detect replayed packets and then reject them.2. Nodes along the path will quickly become exhausted. Fig(a) A PDoS attack in end to end communication in WSNs INSENS proposed One way Hash Chains (OHCs) to limit the ability of an attacker to flood to the entire sensor network. During set up of the routing tables. which are the damaging form of DoS attacks and exploit the tree-structured routing of WSNs to cause broad DoS for modest effort.1 Detection of replayed packets: To defend against a PDoS attack. thus requiring only one MAC for each packet which is vulnerable to compromise any of the sensor nodes along a path. However.1 Problems with PDoS attack: . after the data begins flowing. Such an attack is termed as a Path-based DoS (PDoS) attack[3. 4.A simpler and highly effective class of DoS attacks against WSNs can be easily launched by a single adversary flooding packets along a multihop data delivery path. OHCs limit broadcast flooding of control packets.
.4 Advantages of using OHC: . nm are the intermediate nodes. 4. 4. 4. the rate control setting for some nodes need to be updated. 4. DoS attacks would be easy to defend against if we knew where the adversary launched an attack. As the WSNs are of asymmetric nature. . The underlying secure routing scheme is assumed to be able to adjust to topology changes caused by node failure and/or duty cycle sleeping. If the adversary compromises an intermediate node nk. S and B share a secret key that they use to protect the confidentiality.3 Basic scheme using one-way hash chains (OHCS): We assume a standard WSN system model in which sensor nodes forward data via a tree-structure routing topology to a base station. → nm → B. modify or block any packets transmitted along the path from S to B. nodes at different locations have different rate control. .2. An intermediate node forwards a packet only if the included OHC number is verified to be new. An adversary can eavesdrop upon. and inform intermediate nodes not to forward any more packets for S. She can also inject any number of inauthentic packets along this path. and control every packet passed through nk. . when a routing path changes. Some mechanisms configure a one-way hash chain (OHC) in each node along a path. efficiency and scalability issues suggest that a rate control solution is non-trivial.2. This is an infeasible solution as it faces both memory and computation limitations. replay PDoS attacks can be initiated from anywhere along a path.One way to detect replay of duplicate packets is to store history of all packets in each intermediate node which is forwarded by them. In general. where n1 . she can determine all keys stored in nk. enabling each intermediate node to detect a PDoS attack and prevent the propagation of inauthentic or replayed packets. Data packets are forwarded along an end to end data communication path between a sensor node S and a base station B. compromise an intermediate node or compromise a source node S. The sensor nodes and base station are stationary after distribution of work. In addition. The paths may change over time for a variety of reasons. which protects the control packets used to set up routing.2 Limit the number of packets: Limiting the number of packets an intermediate node can forward per second (rate control) can be another way of defense.3 One Way Hash chains: DoS attacks in WSNs are a critical security issue and some countermeasures to defend against them are proposed. When an adversary launches a DoS attack from a fixed sender S. a base station can use its shared key with S or the OHC to identify misbehavior from a malicious S. is to prevent PDoS attacks of flooded data packets along these established paths. Our goal above and beyond the secure routing. However. To launch a PDoS attack. namely S → n1 → n2→ . Nodes near a base station will have more rate control than the nodes far from the base station. Security. integrity and authenticity of the data exchanged. an adversary can inject bogus packets.
4.4. Fig (b) A node can easily distinguish jamming from the failure of its neighbors by determining that constant energy.Also this scheme tolerates packet losses. the nodes can wake up and check whether .1 Defence against Jamming : The standard defense against jamming involves various forms of spread-spectrum communication. since constant jamming prevents nodes from exchanging data or even reporting the attack to remote monitoring stations. Periodically.1 Resilience: This OHC-based solution is more resilient to compromise than the approach of sharing a single path key since an adversary who obtains the current and earlier OHCs cannot generate a legitimate next OHC number and therefore cannot flood the path with bogus packets or replayed packets.To attack frequency hoppers. 4.4. Both effects have similar results. Constant jamming prevents nodes from exchanging data or even reporting the attack to remote monitoring stations. impedes communication. Sporadic jamming can be enough to cause disruption because the data the network is communicating may be valid for only a short time. such as switching to a lower duty cycle and conserving as much power as possible. jamming interferes with the radio frequencies which a network’s nodes are using. lack of response. jammers must be able either to follow the precise hopping sequence or to jam a wide section of the band. however. 4. A source node can send its message at any time without needing to be tightly synchronized with any intermediate node.4.5 Light weight memory costs: The memory and computational costs of OHC execution are quite lightweight. 4. Nodes should have a strategy for combating jamming attacks. 5. while replayed old OHC numbers will be dropped immediately. 4.3 Reliable data delivery: Our approach has the advantage that the solution applies to any multihop data communication path used for unicast or reliable end-to-end data delivery.6 Loose time synchronization: This approach does not require tight time synchronization. 4. since an adversary cannot generate the next valid OHC number.2 Minimal storage: This OHC-based solution also requires minimal storage. 5 Jamming: A well-known attack on WSNs communication.4.4.4 Constrains PDoS attacks: It constrains PDoS attacks from an adversary.4.
These nodes can detect the higher-than-normal background noise and report it to unaffected nodes outside the region.2. By spending energy frugally.2 Eager eavesdropping: We eagerly eavesdrop on all received build messages.the jamming has ended. the original sender ID and sequence number are used. In a sufficiently dense network. some nodes will be located close to the jamming signal’s edge. In a large-scale deployment.3 Supremacy of local information: Local information is considered more up-to-date than that received by relayed messages. and allows the length to be tuned for variable collision probability. Amore appropriate response would be to call on the nodes surrounding the affected region to cooperatively map and report the DoS attack boundary to a base station. an adversary is less likely to succeed at jamming the entire network. 5. each updates their local copy of the membership. Probabilistic uniqueness avoids the overhead of synchronizing multiple concurrent group creations. messaging. This provides maximum forward information 5.2. hoping to relay them when a gap in the jamming occurs. Each node maintains a . and they may be unable to determine that this behavior results from a DoS attack. Another and more costly strategy responds to jamming by using any available alternate modes of communication. To the surrounding nodes. When relaying the message. as Figure (b) shows.2. When jamming is intermittent. adding any new jammed nodes listed in the message. with no synchronization or input blocking. Nodes should cooperate to maximize the probability of successfully delivering such messages.2 Basic scheme during mapping service: The following are the design principles to be followed to during mapping service in WSN… 5. but the membership list included is the newly merged list on the local node. especially if only subverted sensors perform the jamming. high-priority messages back to a base station to report the attack. the region appears to suffer complete or intermittent failure. The protocol is driven entirely by message reception and timeout events. even if reception errors prevent the reporting nodes from receiving reliable acknowledgements. nodes may be able to send a few high-power. 5. and membership. who must continue to jam at greater expense. This further eliminates any negotiation or confusion about which group will be subsumed by the other. which could mean switching to a prioritized transmission scheme that minimizes collisions. As build messages are relayed from member to member. such as infrared or optical. Nodes can also buffer highpriority messages indefinitely. however. if the attacker has not jammed them as well.1 Loose group semantics: We use loose group semantics in addressing. Duplicate messages are detected using a per-sender sequence number and are discarded. the nodes may be able to outlive an adversary. When creating a group in response to a Jammed message. we randomly generate group IDs.
in this case the lost message contents will not be repeated. and probe messages. Whatever local information is available is used to influence routing. . such that ∀i : 0 ≤ i < n . and broken routes. Build message to be sent. higher-layer planning. A one-way hash chain(OHC) is a sequence of numbers generated by a one-way function F that has the property. µTESLA uses symmetric authentication but introduces asymmetry through a delayed disclosure of the symmetric keys. However. like individual sensor nodes. Kn−1.. Others.5 Early use of results: Nodes do not wait until a complete picture of the jammed region is available to perform avoidance strategies. are reset periodically.. • Reports to a base-station for further jamming localization.2. which results in an efficient broadcast authentication scheme. the same or updated information will be included in the next build message sent or relayed. 5.separate list of neighboring jammed and mapping members in each group (these are the only mapping members stored). and use it to verify information received in a relayed message. and so update the mapping member information.We implicitly assume that the previous-hop sender of the message is a member. like build messages. This protocol uses an OHC number as the key to generate a MAC of a broadcast message. military assets. Ki = F(Ki+1). 5. 5.2. making detection and mitigation a cheaper strategy than it’s prevention. given F and y. jammed member information is updated. The sensor nodes .if they are lost. . power management. 6 Our approach against DoS attacks in SPINS: Perrig et al proposed the μTESLA protocol to securely broadcast messages in a WSN. etc. like jammed.When a jammed or unjammed message is received. and • Aid to power management strategies for nodes inside and around jammed regions. A one-way hash chain is employed as an efficient and simple solution on resource-constrained sensor nodes for mitigating DOS attacks along paths. These mapping service for WSNs provide the following benefits… • Feedback to routing and directory services • An effective abstraction at a higherlevel than local congestion. unjammed.3 Advantages of mapping protocol: The jamming detection and mapping protocol use mostly existing data and facilities in the typical sensor communication stack. The list is updated only by “directly" perceived information. We also consider local information to be more trustworthy.4 Robustness to packet loss and failure: Individual packets. such that x =F‾1(y). • Support for avoiding the region by network controlled vehicles.K0. are not critical. it is computationally infeasible to determine x. since only members relay build or teardown messages. The TESLA protocol provides efficient authenticated broadcast. An OHC is a sequence of numbers Kn. that for a given x it is easy to compute y = F(x). emergency personnel. Messages which indicate significant state information. failed neighbors.
integrity and authenticity of the data exchanged. When an intermediate node nk receives this packet. and so on. modify or block any packets transmitted along the path from S to B. . namely S → n1 → n2→ . . To validate an OHC number. . Here each node will . nk simply drops the packet. it includes HSi with the packet. If the packet is not validated after the verification process has been performed w times. To defend against a PDoS attack. it verifies if VS = F (HSi). When S sends a packet to the base station through multiple hops. and control every packet passed through nk. .and base station are stationary after distribution of work. .. by performing the verification process w times. In general. HS2 in the second packet. HSn−1. Data packets are forwarded along an end to end data communication path between a sensor node S and a base station B. generation and storage of OHCs in a highly resource constrained sensor node when many packets are lost must be addressed. . To launch a PDoS attack. compromise an intermediate node or compromise a source node S. each intermediate node n1. If so. . we first select a random number Km as the seed and successively apply function F on Km to generate other numbers in the sequence. Unique problems to unicast messages like maintenance. forwards it to the next intermediate node and sets VS to HSi . VS is set to HS0. nm are the intermediate nodes. An adversary can eavesdrop upon. → nm → B. where n1 . If the adversary compromises an intermediate node nk. A different OHC number is allocated for each time slot and this number is used to generate MACs for the packets sent in that time slot. 6. .1 Generation of OHC: To generate an OHC. up to a sequence of w packet losses can be tolerated. To tolerate packet losses. she can determine all keys stored in nk. μTESLA has been extended by introducing multi-level OHCs. where the value of w depends on the average packet loss rate of the network. . it includes an OHC sequence number from HS in the packet: it attaches HS1 in the first packet. ..(F (HSi))).It employs OHCs to defend against DoS attacks on unicast messages that follow a path. HS0 >. each source node S (mostly S is an aggregator node) maintains a unique one-way hash chain HS : < HSn. . . The reason for performing the verification process more than once is to tolerate packet losses. S and B share a secret key that they use to protect the confidentiality. Initially. nm maintains a verifier VS for node S. an adversary can inject bogus packets. nk can choose to apply the verification test iteratively up to a fixed number w times. In particular. checking at each step whether VS = F(F. HS1. nk validates the packet. She can also inject any number of inauthentic packets along this path. When S sends its ith packet.
This refresh mechanism is resilient to a variety of attacks. an adversary can block the communication between a source node S and a base station B by only launching jamming attacks for a short time. In this way.1 Refreshing a broken OHC:An intermediate node performs the verification process up to w times. if a sequence of more than w packets is lost.2 One-way hash chain maintenance: 6.2.forward packets based on a First In. we periodically bootstrap a new OHC number (the OHC number most recently sent by the source node)in the intermediate nodes. also evaluation of a protocol that uses loose group semantics integrated with eager eavesdropping to quickly build a map of a jammed region. This allows the node to tolerate a sequence of up to w packet losses. One approach to deal with a path change is to employ the bootstrap protocol every time the path changes. .2. However. We call this problem a broken OHC problem.2 Resilience to path changes:Due to irregularity of radio coverage and frequent changes in the data transmission range.μTESLA provides protection against saving the wrong initial OHC number. but cannot defend against an adversary’s jamming attack. new nodes joining the path will need to securely receive the OHC number and initialize their verifier VS. the end-to-end routing paths in WSNs can change during an end-to-end communication. a carrier-sense defeating mechanism. PDoS(pathbased DoS)attacks and Jamming. 7 Conclusion: One of the security problems that Wireless Sensor Networks face today is Denial of Service attacks. Simply increasing the value of w can help intermediate nodes tolerate more packet losses. that is it would not be able to validate any later packets and will simply drop them. To address the broken OHC problem. First Out (FIFO) policy. an intermediate node will be unable to recover. We propose a protocol SPINS and implemented one-way hash chains to defend against PDoS attacks by detecting replayed and inauthentic packets. We describe two such types of attacks. 6. Thus our protocol SPINS can defend effectively against path based DoS attacks(PDoS) and jamming thus defending a wireless sensor network from DoS attacks.When routing path changes. An adversary can exploit this limitation by jamming the communication medium around an intermediate node for a sufficient time period that will result in more than w packet losses. 6.
1996. NDSS ’01.R. A concrete security treatment of symmetric encryption: Analysis of the DES modes of operation.  F.REFERENCES:  A. 8(5):521534.  M.Insens-Intrusion-tolerant routing for wireless sensor networks.Wireless networks journal(WINET). The security of the cipher block chaining message authentication code.R.Deng.Wen. Rogaway. Ran Canetti.  Adrian Perrig.In 2004 IEEE Symposium on Security and Privacy. Tygar. 2002.In IEEE 2nd International Workshop on Information Processing in Sensor Networks (IPSN’03).October 2002.Mishra. E.Setia.  J. In IEEE Symposium on Security and Privacy.Elsevier Journal on Computer Communications.Stankovic. February 2001.Zhang. Madden. and P. and P.Mishra.  Mihir Bellare.The performance evaluation of intrusiontolerant routing in wireless sensor networks.Ning. Second Edition. Michael J. Palo Alto. and S.Spins: Security protocols for sensor networks. and Wei Hong.V.S. 10 .Tygar.September 2002.  Samuel R.Jajodia.Onkland. Robert Szewczyk. John Wiley & Sons.R. In Proceedings of 38th Annual Symposium on Foundations of Computer Science (FOCS 97). In The Fifth Symposium on Operating Systems Design and Implementation (OSDI 2002). Supporting aggregate queries over ad-hoc wireless sensor networks.Denial of service in sensor networks.In IEEE INFOCOMM 2004.Wood and J.S.IEEE computer.Szewczyk.Luo. Madden. Journal of Computer and System Sciences.S. and J. In Workshop on Mobile Computing and Systems Applications. and Phillip Rogaway. Efficient authentication and signing of multicast streams over lossy channels. Applied Cryptography.Han.2005.  Bruce Schneier. Michael J. A. Joe Kilian. 61(3):362-399.  Samuel R. A.An interleaved hop-by-hop authentication scheme for filtering of injected false data in sensor networks.Ye.Deng. 2002. and David Culler. and L. Efficient and secure source authentication for multicast. Tygar. In Network and Distributed System Security Symposium.USA. TAG: A tiny aggregation service for ad-hoc sensor networks. Franklin.CA. Desai. Jokipii. and Dawn Song. May 2000. December 2000. Dawn Song. Franklin.May 2004.Statistical en-route detection and filtering of injected false data in sensor networks.  Adrian Perrig. Bellare. S.D. D.CA.Han and S. Ran Canetti.  J.Lu. 1997.Cul ler.35(10):54-62. and J. Hellerstein.to appear.Zhu. J.Perrig.April 2003.Special Issue on Dependable Wireless Sensor Networks.USA. Joseph M.D.
This action might not be possible to undo. Are you sure you want to continue?
We've moved you to where you read on your other device.
Get the full title to continue listening from where you left off, or restart the preview.