• No results found

Resiliency of Wireless Sensor Networks: Definitions and Analyses

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Resiliency of Wireless Sensor Networks: Definitions and Analyses"

Copied!
27
0
0

Loading.... (view fulltext now)

Download now ( 27 Page )

Full text

(1)

Resiliency of Wireless Sensor

Networks: Definitions and

Analyses

Orange Labs & CITI Labs INSA-Lyon

O.Erdene-Ochir, M. Minier, F. Valois, A. Kountouris February 10, 2010, presentation to CITI seminar

(2)

Thesis context

Research area: Sensor Networking (routing in particular)

Focus: Security beyond cryptography (protocol resiliency)

Our goal: Analyze and create inherently resilient protocols

against internal (insider) attacks

CRE between

Orange Labs (TECH/MATIS/CITY) and

CITI Laboratory of INSA-Lyon (ANR VERSO ARESA2)

Advisors (academic): M. Minier, F. Valois

Advisor (Orange Labs): A. Kountouris

(3)

Contents

Context

Motivation

Related works

Simulation and analysis

Conclusion and future

directions

Worldsens, a small sensor node developed in the CITI lab

(4)

Context: Wireless Sensor Networks

Characteristics – Radio communication – No infrastructure – Decentralized architecture – Open network architecture – Multi-hop routing

Why sensor networks ? –Rapid deployment

–Cheap

–Self organized

–Fault-tolerant

Wireless Sensor Networks • Applications of WSNs: – scientific data collection – military applications – environmental monitoring (temperature, pollution, pressure…) – home, building, industrial automation (electricity, water metering…) • Challenges – Scalability – Adaptability

(5)

Motivations (1/2)

Why not use traditional cryptography-based security ?

limited resources (memory, energy, computation power …)

an open and hostile environment (physical attacks)

not always a solution against multiple internal attacks

stemming from node compromise

Our goal: Analyze and create inherently resilient protocols against

internal (insider) attacks

Our definition:

Resiliency

is the ability of a network to continue to

operate in presence of

k

compromised nodes, i.e. the capacity of a

network to endure and overcome internal (insider) attacks.

(6)

Motivations (2/2)

Definition of

Survivability

[ELLM1999]

:

Survivability in information systems is defined as the ability of the

network computing system to provide essential services in the

presence of attacks and/or failures, and recover full service in a

timely manner.

Definition of

Robustness

[SKHJ2002]

:

Robustness is defined as the requirement to accommodate

hardware and software failures, asymmetric and unidirectional

links, or limited range of wireless communication.

(7)

[KW2003], [WS2002]

Hardware

attacks (node compromise) [BBD2006]

Physical

layer attacks

Jamming [WSS2003]

Link

layer attacks

Collision

Exhaustion

Link layer jamming [LPHDHH2009]

Routing

layer attacks

Sybil [NSSP2004]

Node replication [PPG2005]

Selective forwarding

Blackhole

Sinkhole

Wormhole [HE2004], [HPJ2003]

(8)

Related works: Attacks and Defenses (2/3)

Routing

layer attacks

Sybil [NSSP2004]

Node replication [PPG2005]

(9)

Related works: Attacks and Defenses (3/3)

Routing

layer attacks

Blackhole

Sinkhole

(10)

Related works: Routing layer security (1/5)

Goal

:

find a route between source

and destination

Routing layer responsibility:

Naming and addressing

Neighborhood discovery

Multi-hop routing

Specific secure protocols:

SRP [PH2002]

ARIADNE [HPJ2005]

ARAN [SDLSB2002]

SPINS (SNEP+μTESLA)

[PSW2001] …

Use cryptography

(11)

Related works: WSN routing protocols (2/5)

Multi-hop routing

different ways to find the route

message traverse many hops

intermediate nodes can be compromised

Study of existing routing protocols

enumerate the various routing mechanisms

classification is required for efficient choice

analysis of some routing protocols under multiple attacks

(12)
(13)

Related works: Choice of routing protocols

(4/5)

Dynamic source routing [JM1996]

Flooding based

Route discovery

Gradient based routing [MS2001]

Flooding based

Gradient setup

Greedy forwarding [KK2000]

Geographical

Location information

required

Random walk routing [SB2002]

Probabilistic routing

(14)

DATA packet oriented attacks

Selective forwarding

Sinkhole

CONTROL packet oriented

attacks

Blackhole

HELLO packet oriented attacks

Sybil

(15)

Simulator:

WSNet

[HCG2008]

http://wsnet.gforge.inria.fr

Assumptions:

Sensors can be

compromised

A unique sink at the

center of the network

Sensor nodes are

static

Ideal MAC/PHY: no

interferences, no

collisions, (consider

only impact of

Simulations and analysis (1/8)

Parameter

Value

Number of nodes

300

Area size

100X100m

Transmission

range

20m

Topology tested

Uniformly and

randomly

distributed

Traffic generation Poisson

distribution

with λ = 1 packet

per sec, per node

(16)

Simulations and analysis (2/8)

We tested three different evaluation metrics:

Average delivery ratio:

success of routing function (reliability )

percentage of successfully received packets

Average degree of nodes:

detect neighborhood abnormalities

average number of neighbors

Average path length:

(17)

Simulations and analysis (3/8)

Case 1:

10% compromised nodes of

300 are

uniformly

and

randomly distributed across

the

whole network

Case 2:

10% compromised nodes of

300 are

uniformly

and

randomly distributed

around

the sink

(18)

Simulations and analysis (4/8)

Scenario 1:

• Uniformly distributed across the whole network (case 1)

Selective forwarding (drop all DATA packets)

Scenario 2:

• Uniformly distributed around the sink

(case 2)

Sinkhole attack (drop all DATA packets)

• Impact of attacks is more important than scenario 1

• Average delivery ration decreases when percentage of compromised

(19)

Simulations and analysis (5/8)

Scenario 1:

• Uniformly distributed across the whole network (case 1)

Selective forwarding (drop all DATA packets)

• When path length is high, the number of intermediate

Scenario 2:

• Uniformly distributed around the sink

(case 2)

Sinkhole attack (drop all DATA packets)

(20)

Simulations and analysis (6/8)

Scenario 1:

• Uniformly distributed across the whole network (case 1) • Selective forwarding (drop all DATA packets)

Double sent of each DATA packet

(21)

Simulations and analysis (7/8)

Scenario 3 :

• Uniformly distributed across the whole network (case 1) • Sybil attack (false HELLO packets, multiple identities)

(22)

Simulations and analysis (8/8)

Scenario 4 :

• Uniformly distributed across the whole network (case 1) • Blackhole attack (false CONTROL packets, attract the DATA

traffic)

• Impact of attacks is much more important than in previous attacks

(23)

Conclusion and future directions

Preliminary study for WSNs security of the routing layer.

The more the protocol is statefull, the more it will be vulnerable

to attacks targeting this information.

Requirements for Resiliency :

Graph representing WSNs should be connected (reliability)

Degree of the nodes must be high (increases the number of

candidates for next hop)

Route must be diversified in order to exploit the structural

redundancy (randomness on their behavior)

Redundant sent of packets

In the future,

Extending our simulations; taking into account energy

consumption (tradeoff energy consuming-resiliency)

Quantify a measure of resiliency: which metric?

(24)
(25)

References

[KW2003] C. Karlof and D. Wagner, “Secure routing in wireless sensor networks:

attacks and countermeasures,” Ad Hoc Networks, vol. 1, no. 2-3, pp. 293– 315, August 2003.

[WS2002] Anthony D. Wood and John A. Stankovic. Denial of service in sensor

networks. Computer, 35(10):54_62, 2002.

[BBD2006] Alexander Becher, Zinaida Benenson, and Maximillian Dornseif. Tampering

with motes: Real-world attacks on wireless sensor networks. In Sicherheit, pages 26_29, 2006.

[WSS2003] Anthony D. Wood, John A. Stankovic, and Sang H. Son. Jam: A jammed-area

mapping service for sensor networks. In 24th IEEE Real-Time Systems Symposium, pages 286_297, 2003.

[HE2004] L. Hu and D. Evans, “Using directional antennas to prevent wormhole

attacks,” in Network and Distributed System Security Symposium. San Diego, USA: The Internet Society, February 2004, pp. 1–11.

[HPJ2003] Y.-C. Hu, A. Perrig, and D. B. Johnson, “Packet leashes: A defense against wormhole attacks in wireless networks,” in 22nd Annual Joint Conference of the IEEE Computer and Communications Societies, San Fransisco, USA, April 2003, pp. 1976–1986.

[LPHDHH2009] Yee Wei Law, Marimuthu Palaniswami, Lodewijk Van Hoesel, Jeroen Doumen,

Pieter Hartel, and Paul Havinga. Energy-efficient link-layer jamming attacks against wireless sensor network mac protocols. ACM Trans. Sen. Netw., 5(1):1_38, 2009.

(26)

References

[PPG2005] B. Parno, A. Perrig, and V. Gligor, “Distributed detection of node replication attacks in sensor networks,” in IEEE Symposium on Security and Privacy. Oakland, USA: IEEE Computer Society, May 2005, pp. 49–63.

[JM1996] D. B. Johnson and D. A. Maltz, “Dynamic source routing in ad hoc wireless

networks,” in Mobile Computing, S. US, Ed., vol. 353, 1996, pp. 153–181. [MS2001] C. S. Mani and M. B. Srivastava, “Energy efficient routing in wireless sensor

networks,” in Military Communications Conference roceedings on

Communications for Network-Centric Operations: Creating the Information Force, vol. 1, McLean, USA, October 2001, pp. 357–361.

[KK2000] B. Karp and H. T. Kung, “Gpsr: greedy perimeter stateless routing for

wireless networks,” in Proceedings of the 6th annual international

conference on Mobile computing and networking, Boston, USA, August 2000, pp. 243–254.

[SB2002] S. D. Servetto and G. Barrenechea, “Constrained random walks on random

graphs: routing algorithms for large scale wireless sensor networks,” in Proceedings of the 1st ACM international workshop on Wireless sensor networks and applications, Atlanta, USA, September 2002, pp. 12–21.

[HCG2008] E. Hamida, G. Chelius, and J.-M. Gorce, “Scalable versus accurate physical layer modeling in wireless network simulations,” in 22nd Workshop on

(27)

References

[PH2002] P. Papadimitratos and Z. Haas, “Secure rotuing for mobile ad hoc networks,”

in Communication Networks and Distributed Systems Modeling and Simulation Conference, San Antonio, Texas, 2002, pp. 27–31.

[HPJ2005] Y. C. Hu, A. Perrig, and D. B. Johnson, “Ariadne: a secure on-demand routing protocol for ad hoc networks,” Wireless Networks, vol. 11, no. 1-2, pp. 21– 38, January 2005.

[SDLSB2002] K. Sanzgiri, B.Dahill, B. N. Levine, C. Shields, and E. M. Belding-Royer, “A secure routing protocol for ad hoc networks,” in IEEE International

Conference on Network Protocols. Paris, France: IEEE Computer Society, November 2002, pp. 78–89.

[PSW2001] A. Perrig, R. Szewczyk, V. Wen, D. E. Culler, and J. D. Tygar, “Spins: security protocols for sensor netowrks,” in Seventh Annual International Conference on Mobile Computing and Networks, Rome, Italy, July 2001, pp. 189–199. [ELLM1999] R. J. Ellison, R. C. Linger, T. Longstaff, and N. R. Mead, “Survivable network

system analysis: A case study,” IEEE Software, vol. 16, no. 4, pp. 70–77, July 1999.

[SKHJ2002] J. P. G. Sterbenz, R. Krishnan, R. Hain, A. Jackson, D. Levin, R. Ramanathan, and J. Zao, “Survivable mobile wireless networks: issues, challenges, and

http://worldsens.citi.insa-lyon.fr/ http://wsnet.gforge.inria.fr

References

Download now ( PDF - 27 Page - 718.88 KB )

Related documents

Storage Device Information

MSI suggests to ask our local service center for a storage device’s approval list before your upgrade in order to avoid any compatibility issues.. For having the maximum performance

The Revenue Demands of Public Employee Pension Promises* September Abstract

The annual cost of a worker’s new service accrual is the difference in the present value of expected future benefit payments calculated using the worker’s current age, wages

Matlab Simulink Implementation of Event Triggered based LFC for Multi Area Power System

The error in frequency ought to maintain at zero and the steady state errors within the frequency of the power system is that the outcome in error in tie-line power as a result

Adaptive Estimation and Detection Techniques with Applications

multiple model hybrid estimation and apply proposed techniques to target tracking, fault.. detection

Identifying the factors affecting the school dropout of female first grade elementary students

The research method is fundamental in terms of purpose and in terms of data collection it is descriptive- casual comparative and it is in terms of method of study is

Health profile of centenarians in Portugal: a census-based approach

It considers information about people aged 100 years or more at the moment of census data collection: gender (male or female), marital status (married, single, widowed, or

Myosins 1 and 6, myosin light chain kinase, actin and microtubules cooperate during antibody-mediated internalisation and trafficking of membrane-expressed viral antigens in feline infectious peritonitis virus infected monocytes

Confocal images of the internalisation process at different times post antibody addition, in which the antigen-antibody complexes was visualised with FITC (green signal), myosin 1

Holistic Security Requirements Engineering for Socio-Technical Systems

nism is a software security mechanism, the impact analysis was performed in the software layer of the three-layer requirements model, which contains 23 goals, 7 softgoals, 67 tasks,