Professional Documents
Culture Documents
Key Contributions
Secure routing issues in WSNs
Assumptions
Insecure radio links
Malicious nodes can collude to attack the
WSN
Sensors are not tamper-resistant
Adversary can access all key material, data &
code
Aggregation points may not be trustworthy
Base station is trustworthy
Threat Models
Device capability
Attacker type
Security Goals
Secure routing
Potential Attacks
Attacks on general WSN routing
Attacks on specific WSN protocols
Selective forwarding
Sinkhole attack
Specific to WSNs
Sybil attack
A single node presents multiple IDs to other
nodes
Affect geographic routing, distributed
storage, multi-path routing, topology
maintenance
Wormhole attack
Two colluding nodes
A node at one end of the wormhole
advertises high quality link to the base station
Another node at the other end receives the
attracted packets
Acknowledge spoofing
Adversary spoofs ACKs to convince the
sender a weak/dead link support good link
quality
Directed diffusion
Replay interest
Selective forwarding & data tampering
Inject false data
Geographic routing
Adversary can provide false, possibly
multiple, location info.
Countermeasures
Shared key & link layer encryption
Sybil attack
Every node shares a unique secret key with the base station
Create pairwise shared key for msg authentication
Limit the number of neighbors for a node
Countermeasures
Wormhole, sinkhole attack
Geographic routing
Location verification
Use fixed topology, e.g., grid structure
Selective forwarding
Multi-path routing
Route messages over disjoint or Braided paths
Dynamically pick next hop from a set of candidates
Measure the trustworthiness of neighbors
Countermeasures
Authenticated broadcast
uTESLA
Should be authenticated
Adversaries must not be able to spoof
Outline
Background: Geographic Forwarding
Security Threats and Threat Model
Geographic Forwarding
Keep track of neighbors
locations
Forwarding set is set of
neighbors closer to
destination than self
Pick next hop as a
member of the
forwarding set
Greedy forwarding
pick closest to
destination
Threat Model/Assumptions
Two types of nodes:
Anchors:
Know their location (e.g., using GPS)
Act as reference points for localization
Sufficient density to enable localization
First assume they are trusted; later relax the assumption
Sensor Nodes:
Can be compromised
Key pre-distribution to provide cryptographic keys
Location Verification
First contribution of this paper
Each node is responsible for reporting its location
information
d1
d2
d3
Protocol
1.
2.
3.
d2
d3
In TDOA
Send ultrasonic pulse before RF pulse to appear closer;
Send RF pulse before ultrasonic to appear further
Defense
d1+dx
d1-dx
d1
d2+dx
d2-dx
d2
d3
d3-dx
d3+dx
Two versions:
Defense
Sequential version can be defended by having
anchors be loosely synchronized
Compromising Anchors
So far, assumed anchors are trusted
If they are compromised
Possible Attacks
Mobility attack:
Defense:
Forwarding Misbehavior
Misbehaving nodes can mis-route or
selectively forward packets
Proposed Solution
Multi-path routing:
Trust consensus
Summary
Sybil, blackhole and wormhole attacks require
location falsification in GF
Conclusions
Presented a verified localization algorithm for use in GF
in WSNs
Future/Ongoing Work
Extend to range-free localization
Extended to the case with compromised anchors
Extend to void avoidance/face routing
Virtual Coordinate routing
Conclusion
WSN security is challenging, relatively new
area of research
#Problems >> #Solutions
Any ideas to address challenges?