Top Banner
Vampire attacks: Draining life from wireless ad-hoc sensor networks
27
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: Vampire attacks

Vampire attacks: Draining life from wireless ad-hoc sensor networks

Page 2: Vampire attacks

IntroductionAd hoc Wireless Sensor Network : decentralized type of wireless network Ad hoc : It does not rely on pre existing infrastructure such as routers in wired networks and access points in managed wireless networks. Each node participates in routing by forwarding packets. all devices have equal status in the network

Applications:

Ubiquitous on demand computing power Continuous connectivity Instantly deployable communication for military and first responders Monitor environmental conditions , factory performance and troop deployment.

Page 3: Vampire attacks

Vampire attack:Definition: : Vampire attack means creating and sending messages

by malicious node which causes more energy consumption by the network leading to slow depletion of node’s battery life.

Features: Vampire attacks are not protocol specific They don’t disrupt immediate availability Vampires use protocol compliant messages Transmit little data with largest energy drain Vampires do not disrupt or alter discovered paths

Page 4: Vampire attacks

Areas of Seminar & Technology Area related to seminar: PROTECTION FROM VAMPIRE

ATTACK ON ROUTING PROTOCOL

Areas of seminar includes: Evaluates vulnerabilities of existing protocols to battery

depletion attacks Show Simulation results quantifying the performance of

several protocols in the presence of a single Vampire Modification of an existing sensor network routing protocol

to bound the damage from Vampire attacks

Page 5: Vampire attacks

Literature SurveyATTACK FEATURES

DISADVANTAGES

OF DEFENSES

REFERENCES

Sleep Deprivation Torture

Prevents nodes from entering sleep cycle and depletes batteries faster

It considers attacks only at the Medium Access Control(MAC)

David R Raymond and Randy C Marchany ,2009

Resource Exhaustion

Mentions resource exhaustion at MAC and transport layers

Only offers rate limiting and elimination of insider adversaries

Anthony D Wood and John A.Stankovic,2002

Flood Attack

Multiple request connections to server ,run out of resources

Punishes nodes that produce bursty traffic but may not send much data

Daniel J. Bernstein,1996

Page 6: Vampire attacks

ATTACKS FEATURES DISADVANTAGES REFERENCES

Reduction of Quality Attacks

Produce long term degradation in networks

Focus is only on transport layer and not on routing protocols.

Sharon Goldberg and David Xiao,2008

DoS Attacks Malefactor overwhelms honest nodes with large amounts of data

Applicable only to traditional DoS, Doesn’t work with intelligent adversaries i.e. protocol compliant

Jing Deng and Richard Han,2005

Wormhole attack & Directional Antenna attack

Allows connection b/w two non neighbouring malicious nodes : disrupt route discovery

Packet Leashes: Solution comes at high cost and is not always applicable

INFOCOM,2003

Page 7: Vampire attacks

TECHNOLOGY

FEATURES DISADVANTAGES

REFERENCES

Minimal Energy Routing

Increase the lifetime of power constrained networks using less energy to transmit and receive packets

Vampire attacks increase energy usage even in minimal energy routing

Jae-Hwan Chang and Leandros Tassiulas,2004

Page 8: Vampire attacks

Vampire attack Definition: Vampire attack [1] means creating and sending

messages by malicious node which causes more energy consumption by the network leading to slow depletion of node’s battery life.

Two types: Attack on Stateless Protocols Attack on Stateful Protocols

Stateless Protocols: Same as source routing protocol Source node specifies entire route to destination within packet

header. Intermediaries don’t make independent forwarding decisions.

Stateful Protocols: Nodes are aware of their topology, state, forwarding decisions. Nodes make local forwarding decisions on that stored state. Two important classes are : link state and distance –vector

Page 9: Vampire attacks

Attacks on Stateless ProtocolsTypes of attacks :

Carousel attack Stretch attack

Carousel Attack: Adversary sends packets with routes composed of a series of loops. Exploits limited verification of message headers at forwarding nodes Used to increase the route length beyond no of nodes in network Theoretical limit: energy usage increase by a factor of O(λ), where λ is the maximum route length.

Page 10: Vampire attacks

•Stretch Attack adversary constructs artificially long routes traversing every node in the network.

Causes packets to traverse larger than optimal no of nodes

Causes nodes that doesn’t lie on optimal path to process packets

Theoretical limit: energy usage increase of factor O(min(N, λ)), where N is the number of nodesin the network and λ is the maximum path length allowed.

Potentially less damaging per packet than the carousel attack, as the no of hops per packet is bounded by the number of network nodes.

Page 11: Vampire attacks

Attack on Stateful Protocols Types of attacks:

Directional antenna attack Malicious Discovery attack

Directional Antenna attack:Energy can be wasted by restarting packet in various parts of network

Using a directional antenna adversaries can deposit packets in arbitrary parts of the network.

Consumes energy of nodes that would not have had to process the original packet.

Half Wormhole attack – as a directional antenna constitutes a private communication channel.

Packet leashes cannot prevent this attack as they are not to protect against malicious message sources only intermediaries.

Page 12: Vampire attacks

Malicious Discovery Attack:Also known as Spurious route discovery.

Falsely claims that a link is down or claim a new link to non existent node

More serious when nodes claim a long distance route has changed.

Trivial in open networks

In closed networks : repeatedly announce and withdraw routes

Theoretical energy usage increase of a factor of O(N) per packet.

Packet leashes cannot prevent: originators are malicious

Page 13: Vampire attacks

Existing System & DisadvantagesClean Slate Sensor Network Routing Developed By Parno,Luk, Gaustad and Perrig (PLGP).

Original version is vulnerable to vampire attacks

Can be Modified to resist vampire attacks

Two phases: Topology Discovery PhasePacket Forwarding phase

Discovery organizes nodes to trees

Initially : each node knows only itself

At end of discovery each node should compute the same address tree as other nodes.

All leaf nodes are physical nodes in network and virtual addresses corresponds to their position in the network.

Page 14: Vampire attacks

Clean Slate Sensor Network Routing (Contd..)

Topology Discovery Phase:Every node broadcast certificate of identity including public key.Each node starts as its own group size one ,with virtual address zeroGroups merge with smallest neighbouring groupEach group chooses 0 or 1 when merge with another group.Each member prepends group address to their own addressGateway nodesBy end each node knows every nodes virtual address ,public key and certificate.Network converges to a single group

Page 15: Vampire attacks

Packet forwarding phase:

All decisions are made independently by each node

A node when receives a packet determines next hop by finding the most significant bit of its address that differs from the message originators address.

Every forwarding event shortens the logical distance to destination

Page 16: Vampire attacks

PLGP in presence of vampires: forwarding nodes don’t know the path of a packet and allowing adversaries to divert packet to any part of the network.

Honest node may be farther away from the destination than malicious nodes.

But honest node knows only its address and destination address.

Vampire moves packet away from the destination

Theoretical energy increase of O(d) where d is the network diameter and N the number of network nodes.

Worse if packet returns to vampire as it can reroute

Page 17: Vampire attacks

Provable Security against vampire attacks•No-backtracking property:Satisfied for a given packet if and only if it consistently makes progress toward its destination in the logical network address space. More formally:No-backtracking is satisfied if every packet p traverses the same number of hops whether or not an adversary is present in the network. Case 1: L is honestCase 2: L is Malicious

L

L

…(hops) …

…(hops) …DD

•Same no of Hops•Same network wide energy utilization•is independent of the actions of malicious nodes

No-backtracking implies Vampire resistance

Nodes keep track of route cost

Page 18: Vampire attacks

Provable Security against vampire attacks (contd..)

PLGP does not satisfy No-backtracking property:

In PLGP packets are forwarded along the shortest route through the tree that is allowed by the physical topology. Since the tree implicitly mirrors the topology and since every node holds an identical copy of the address tree, every node can verify the optimal next logical hop.

However, this is not sufficient for no-backtracking to hold, since nodes cannot becertain of the path previously traversed by a packet.

Adversaries can always lie about their local metric cost

PLGP is still vulnerable

Page 19: Vampire attacks

Proposed System:Propose PLGP with attestations (PLGPa): Add a verifiable path history to every PLGP packet PLGPa uses this packet history together with PLGP’s tree routing structure so every node can securely verify progress, preventing any significant adversarial influence on the path taken by any packet which traverses at least one honest node.These signatures form a chain attached to every packet, allowing any node receiving it to validate its path. Every forwarding node verifies the attestation chain to ensure that the packet has never traveled away from its destination in the logical address space.

packet forwarding for PLGPa

Page 20: Vampire attacks

PLGPa satisfies no-backtracking

•All messages are signed by their originator .

•adversary can only alter packet fields that are changed en route, so only the route attestation field can be altered, shortened, or removed entirely.

•To prevent truncation, use one-way signature chain construction

•The hop count of a packet is defined as follows:

Definition. The hop count of packet p, received or forwarded by an honest node, is no greater than the number of entries in p’s route attestation field, plus 1.

•When any node receives a message, it checks that every node in the path attestation 1) has a corresponding entry in the signature chain, and 2) is logically closer to the destination than the previous hop in the chain. This way, forwarding nodes can enforce the forward progress of a message, preserving no-backtracking.

Theorem 1. A PLGPa packet p satisfies no-backtracking in the presence of an adversary controlling m < N - 3 nodes if p passes through at least one honest node.

Page 21: Vampire attacks

Proof:

…Since each possible adversarial action which results in backtracking violates an assumption , The proof is complete

Page 22: Vampire attacks

Comparison of Existing Vs Proposed System

PLGP PLGPa

PLGP does not have attestation It is PLGP with attestation

Forwarding nodes doesn’t know the path of the packet

Each packet has a verifiable path history

Does not hold Backtracking Holds Backtracking

Vulnerable to Vampire attacks Resistant to vampire attacks

Page 23: Vampire attacks

Advantages of Proposed SystemPLGPa never floodsPacket forwarding overhead is favourableDemonstrates more equitable routing load

distribution and path diversityEven without dedicated hardware, the

cryptographic computation required for PLGPa is tractable even on 8-bit processors.

Page 24: Vampire attacks

Future ScopeAd hoc wireless sensor networks promise

exciting new applications in the near future.As WSN’s become more and more crucial to

everyday life availability faults become less tolerable

Thus high availability of these nodes is critical and must hold even under malicious conditions.

Page 25: Vampire attacks

References[1] Frank Stajano and Ross Anderson, The resurrecting duckling: securityissues for ad-hoc wireless networks, International workshop on securityprotocols, 1999.

[2] Haowen Chan and Adrian Perrig, Security and privacy in sensor networks,Computer 36 (2003)

[3] Denial of service attacks(Timothy J. McNevin, Jung-Min Park), 2004

[4] Path-quality monitoring in the presence of adversaries(] Sharon Goldberg, David Xiao),2008.

[5] Packet leashes: A defence against wormhole attacks in wirelessad hoc networks, INFOCOM, 2003.

[6] Securing ad hoc routing protocols,(Manel Guerrero Zapata and N. Asokan), 2002

Page 26: Vampire attacks

Thank you!!!

Page 27: Vampire attacks

QUESTIONS

?