Resiliency of Wireless Sensor
Networks: Definitions and
Analyses
Orange Labs & CITI Labs INSA-Lyon
O.Erdene-Ochir, M. Minier, F. Valois, A. Kountouris February 10, 2010, presentation to CITI seminar
Thesis context
•
Research area: Sensor Networking (routing in particular)
•Focus: Security beyond cryptography (protocol resiliency)
–
Our goal: Analyze and create inherently resilient protocols
against internal (insider) attacks
•
CRE between
–
Orange Labs (TECH/MATIS/CITY) and
–
CITI Laboratory of INSA-Lyon (ANR VERSO ARESA2)
•
Advisors (academic): M. Minier, F. Valois
•Advisor (Orange Labs): A. Kountouris
Contents
Context
Motivation
Related works
Simulation and analysis
Conclusion and future
directions
Worldsens, a small sensor node developed in the CITI lab
Context: Wireless Sensor Networks
• Characteristics – Radio communication – No infrastructure – Decentralized architecture – Open network architecture – Multi-hop routing• Why sensor networks ? –Rapid deployment
–Cheap
–Self organized
–Fault-tolerant
Wireless Sensor Networks • Applications of WSNs: – scientific data collection – military applications – environmental monitoring (temperature, pollution, pressure…) – home, building, industrial automation (electricity, water metering…) • Challenges – Scalability – Adaptability
Motivations (1/2)
•
Why not use traditional cryptography-based security ?
–
limited resources (memory, energy, computation power …)
–
an open and hostile environment (physical attacks)
–
not always a solution against multiple internal attacks
stemming from node compromise
Our goal: Analyze and create inherently resilient protocols against
internal (insider) attacks
Our definition:
Resiliency
is the ability of a network to continue to
operate in presence of
k
compromised nodes, i.e. the capacity of a
network to endure and overcome internal (insider) attacks.
Motivations (2/2)
Definition of
Survivability
[ELLM1999]
:
Survivability in information systems is defined as the ability of the
network computing system to provide essential services in the
presence of attacks and/or failures, and recover full service in a
timely manner.
Definition of
Robustness
[SKHJ2002]
:
Robustness is defined as the requirement to accommodate
hardware and software failures, asymmetric and unidirectional
links, or limited range of wireless communication.
[KW2003], [WS2002]
•
Hardware
attacks (node compromise) [BBD2006]
•
Physical
layer attacks
–
Jamming [WSS2003]
•
Link
layer attacks
–
Collision
–
Exhaustion
–
Link layer jamming [LPHDHH2009]
•
Routing
layer attacks
–
Sybil [NSSP2004]
–
Node replication [PPG2005]
–
Selective forwarding
–
Blackhole
–
Sinkhole
–
Wormhole [HE2004], [HPJ2003]
Related works: Attacks and Defenses (2/3)
•
Routing
layer attacks
–
Sybil [NSSP2004]
–
Node replication [PPG2005]
Related works: Attacks and Defenses (3/3)
•
Routing
layer attacks
–
Blackhole
–
Sinkhole
Related works: Routing layer security (1/5)
•
Goal
:
find a route between source
and destination
•
Routing layer responsibility:
–
Naming and addressing
–
Neighborhood discovery
–
Multi-hop routing
•
Specific secure protocols:
–
SRP [PH2002]
–
ARIADNE [HPJ2005]
–
ARAN [SDLSB2002]
–
SPINS (SNEP+μTESLA)
[PSW2001] …
Use cryptography
Related works: WSN routing protocols (2/5)
Multi-hop routing
–
different ways to find the route
–
message traverse many hops
–
intermediate nodes can be compromised
Study of existing routing protocols
–
enumerate the various routing mechanisms
–
classification is required for efficient choice
–
analysis of some routing protocols under multiple attacks
Related works: Choice of routing protocols
(4/5)
•
Dynamic source routing [JM1996]
–
Flooding based
–Route discovery
•
Gradient based routing [MS2001]
–
Flooding based
–Gradient setup
•Greedy forwarding [KK2000]
–Geographical
–Location information
required
•
Random walk routing [SB2002]
–
Probabilistic routing
•
DATA packet oriented attacks
–
Selective forwarding
–
Sinkhole
•
CONTROL packet oriented
attacks
–
Blackhole
•
HELLO packet oriented attacks
–
Sybil
Simulator:
WSNet
[HCG2008]
http://wsnet.gforge.inria.fr
Assumptions:
–
Sensors can be
compromised
–
A unique sink at the
center of the network
–
Sensor nodes are
static
–
Ideal MAC/PHY: no
interferences, no
collisions, (consider
only impact of
Simulations and analysis (1/8)
Parameter
Value
Number of nodes
300
Area size
100X100m
Transmission
range
20m
Topology tested
Uniformly and
randomly
distributed
Traffic generation Poisson
distribution
with λ = 1 packet
per sec, per node
Simulations and analysis (2/8)
•
We tested three different evaluation metrics:
–
Average delivery ratio:
•
success of routing function (reliability )
•
percentage of successfully received packets
–
Average degree of nodes:
•
detect neighborhood abnormalities
•
average number of neighbors
–
Average path length:
Simulations and analysis (3/8)
Case 1:
•
10% compromised nodes of
300 are
uniformly
and
randomly distributed across
the
whole network
Case 2:
•
10% compromised nodes of
300 are
uniformly
and
randomly distributed
around
the sink
Simulations and analysis (4/8)
Scenario 1:
• Uniformly distributed across the whole network (case 1)
• Selective forwarding (drop all DATA packets)
Scenario 2:
• Uniformly distributed around the sink
(case 2)
• Sinkhole attack (drop all DATA packets)
• Impact of attacks is more important than scenario 1
• Average delivery ration decreases when percentage of compromised
Simulations and analysis (5/8)
Scenario 1:
• Uniformly distributed across the whole network (case 1)
• Selective forwarding (drop all DATA packets)
• When path length is high, the number of intermediate
Scenario 2:
• Uniformly distributed around the sink
(case 2)
• Sinkhole attack (drop all DATA packets)
Simulations and analysis (6/8)
Scenario 1:
• Uniformly distributed across the whole network (case 1) • Selective forwarding (drop all DATA packets)
• Double sent of each DATA packet
Simulations and analysis (7/8)
Scenario 3 :
• Uniformly distributed across the whole network (case 1) • Sybil attack (false HELLO packets, multiple identities)
Simulations and analysis (8/8)
Scenario 4 :
• Uniformly distributed across the whole network (case 1) • Blackhole attack (false CONTROL packets, attract the DATA
traffic)
• Impact of attacks is much more important than in previous attacks
Conclusion and future directions
•
Preliminary study for WSNs security of the routing layer.
•
The more the protocol is statefull, the more it will be vulnerable
to attacks targeting this information.
•
Requirements for Resiliency :
–
Graph representing WSNs should be connected (reliability)
–
Degree of the nodes must be high (increases the number of
candidates for next hop)
–
Route must be diversified in order to exploit the structural
redundancy (randomness on their behavior)
–
Redundant sent of packets
•
In the future,
–
Extending our simulations; taking into account energy
consumption (tradeoff energy consuming-resiliency)
–
Quantify a measure of resiliency: which metric?
References
[KW2003] C. Karlof and D. Wagner, “Secure routing in wireless sensor networks:
attacks and countermeasures,” Ad Hoc Networks, vol. 1, no. 2-3, pp. 293– 315, August 2003.
[WS2002] Anthony D. Wood and John A. Stankovic. Denial of service in sensor
networks. Computer, 35(10):54_62, 2002.
[BBD2006] Alexander Becher, Zinaida Benenson, and Maximillian Dornseif. Tampering
with motes: Real-world attacks on wireless sensor networks. In Sicherheit, pages 26_29, 2006.
[WSS2003] Anthony D. Wood, John A. Stankovic, and Sang H. Son. Jam: A jammed-area
mapping service for sensor networks. In 24th IEEE Real-Time Systems Symposium, pages 286_297, 2003.
[HE2004] L. Hu and D. Evans, “Using directional antennas to prevent wormhole
attacks,” in Network and Distributed System Security Symposium. San Diego, USA: The Internet Society, February 2004, pp. 1–11.
[HPJ2003] Y.-C. Hu, A. Perrig, and D. B. Johnson, “Packet leashes: A defense against wormhole attacks in wireless networks,” in 22nd Annual Joint Conference of the IEEE Computer and Communications Societies, San Fransisco, USA, April 2003, pp. 1976–1986.
[LPHDHH2009] Yee Wei Law, Marimuthu Palaniswami, Lodewijk Van Hoesel, Jeroen Doumen,
Pieter Hartel, and Paul Havinga. Energy-efficient link-layer jamming attacks against wireless sensor network mac protocols. ACM Trans. Sen. Netw., 5(1):1_38, 2009.
References
[PPG2005] B. Parno, A. Perrig, and V. Gligor, “Distributed detection of node replication attacks in sensor networks,” in IEEE Symposium on Security and Privacy. Oakland, USA: IEEE Computer Society, May 2005, pp. 49–63.
[JM1996] D. B. Johnson and D. A. Maltz, “Dynamic source routing in ad hoc wireless
networks,” in Mobile Computing, S. US, Ed., vol. 353, 1996, pp. 153–181. [MS2001] C. S. Mani and M. B. Srivastava, “Energy efficient routing in wireless sensor
networks,” in Military Communications Conference roceedings on
Communications for Network-Centric Operations: Creating the Information Force, vol. 1, McLean, USA, October 2001, pp. 357–361.
[KK2000] B. Karp and H. T. Kung, “Gpsr: greedy perimeter stateless routing for
wireless networks,” in Proceedings of the 6th annual international
conference on Mobile computing and networking, Boston, USA, August 2000, pp. 243–254.
[SB2002] S. D. Servetto and G. Barrenechea, “Constrained random walks on random
graphs: routing algorithms for large scale wireless sensor networks,” in Proceedings of the 1st ACM international workshop on Wireless sensor networks and applications, Atlanta, USA, September 2002, pp. 12–21.
[HCG2008] E. Hamida, G. Chelius, and J.-M. Gorce, “Scalable versus accurate physical layer modeling in wireless network simulations,” in 22nd Workshop on
References
[PH2002] P. Papadimitratos and Z. Haas, “Secure rotuing for mobile ad hoc networks,”
in Communication Networks and Distributed Systems Modeling and Simulation Conference, San Antonio, Texas, 2002, pp. 27–31.
[HPJ2005] Y. C. Hu, A. Perrig, and D. B. Johnson, “Ariadne: a secure on-demand routing protocol for ad hoc networks,” Wireless Networks, vol. 11, no. 1-2, pp. 21– 38, January 2005.
[SDLSB2002] K. Sanzgiri, B.Dahill, B. N. Levine, C. Shields, and E. M. Belding-Royer, “A secure routing protocol for ad hoc networks,” in IEEE International
Conference on Network Protocols. Paris, France: IEEE Computer Society, November 2002, pp. 78–89.
[PSW2001] A. Perrig, R. Szewczyk, V. Wen, D. E. Culler, and J. D. Tygar, “Spins: security protocols for sensor netowrks,” in Seventh Annual International Conference on Mobile Computing and Networks, Rome, Italy, July 2001, pp. 189–199. [ELLM1999] R. J. Ellison, R. C. Linger, T. Longstaff, and N. R. Mead, “Survivable network
system analysis: A case study,” IEEE Software, vol. 16, no. 4, pp. 70–77, July 1999.
[SKHJ2002] J. P. G. Sterbenz, R. Krishnan, R. Hain, A. Jackson, D. Levin, R. Ramanathan, and J. Zao, “Survivable mobile wireless networks: issues, challenges, and