Scribd Logo
Unggah

Selamat datang di Scribd!

  • Network Layer Security Protocols in Wireless Sensor Networks

    Diunggah oleh

    Havi Kosuru
    17 tayangan20 halaman
    Project report

    Judul Asli

    Final Phase

    Hak Cipta

    © © All Rights Reserved

    Format Tersedia

    PPTX, PDF, TXT atau baca online dari Scribd

    Apakah menurut Anda dokumen ini bermanfaat?

    Apakah konten ini tidak pantas?

    Laporkan Dokumen Ini
    Project report

    Hak Cipta:

    © All Rights Reserved
    Unduh sebagai PPTX, PDF, TXT atau baca online dari Scribd
    Tandai sebagai konten tidak pantas
    17 tayangan20 halaman

    Network Layer Security Protocols in Wireless Sensor Networks

    Diunggah oleh

    Havi Kosuru
    Project report

    Hak Cipta:

    © All Rights Reserved
    Unduh sebagai PPTX, PDF, TXT atau baca online dari Scribd
    Tandai sebagai konten tidak pantas
    dari 20

    NETWORK LAYER SECURITY

    PROTOCOLS IN WIRELESS
    SENSOR NETWORKS

    BY:
    KOSURU HAVIESH
    ID:1003519
    INTRODUCTION

    Wireless sensor network has an enormous attention due to its low cost and
    tiny size where it can be embedded everywhere. It consists of hundreds or
    thousands of sensor nodes distributed in a specific geographical area. These
    nodes communicate together through wireless transceivers
    Wireless sensor networks are widely used in different applications, such as
    traffic management, battlefield, environment monitoring
    ATTACKS IN NETWORK LAYER

    Spoofed routing information & selective forwarding


    Sinkhole
    Sybil
    Hello Flood
    Ack. flooding
    SPOOFED ROUTING INFORMATION

    Definition: Attack against the routing information exchanged between nodes.


    Actions: spoofing, altering, replaying routing information.
    Consequences:
    1. create routing loop, attract or repel traffic,
    2. extend or shorten source routes,
    3. generate false error messages,
    4. partition the network
    SELECTIVE FORWARDING
    Def: Malicious nodes try to stop the propagation of certain messages.
    Condition 1:Adversaries are on the path of a flow.
    Actions:
    a. Black hole, drop every packet.
    b. refuse forwarding certain messages
    c. drop certain messages
    d. suppressing or modifying packets from a selected few other good nodes.
    Features: Adversaries attempt to follow the path of least resistance and to
    include itself on the actual data path flow
    Condition 2:Adversaries overhear a flow.
    Actions:
    Jam or cause collision on each forwarded packet.
    Consequences:
    Suppress certain messages.
    More tricky.
    COUNTERMEASURES
    Node has great chance to be on the flow, and close to source or base station
    is most likely to launch
    Multipath routing can be used to counter these types of selective forwarding
    attacks.
    Messages routed over n paths whose nodes are completely disjoint are
    completely protected against selective forwarding.
    Allowing nodes dynamically choose a packets next hop from a set of
    possible candidates.
    BLACKHOLE/SINKHOLE ATTACK
    In this attack, a malicious node acts as a black hole to attract all the traffic in the
    sensor network. Especially in a flooding based protocol,
    the attacker listens to requests for routes then replies to the target nodes that it
    contains the high quality or shortest path to the base station
    Once the malicious device has been able to insert itself between the communicating
    nodes (for example, sink and sensor node), it is able to do anything with the packets
    passing between them.
    In fact, this attack can affect even the nodes those are considerably far from the
    base stations. Figure 2 shows the conceptual view of a blackhole/sinkhole attack
    COUNTERMEASURES

    These are very difficult to defend especially when used in combination.


    Protocols that construct a topology initiated by a base station are the most
    vulnerable
    Geographic routing protocol can be one solution to defend these attacks
    because topology in geographic protocol is constructed using localized
    interaction.
    SYBIL

    Def: A single node forges multiple identities.


    Geographic routing is very susceptible exchange of locality information. A set of
    nodes instead of one.
    Actions:
    Having a set of faulty entities.
    Overall Effects:
    Reduces the efficiency of fault-tolerant schemes, such as distributed storage,
    dispersity and multipath routing, topology maintenance, and etc.
    COUNTERMEASURES
    Every node shares a unique symmetric key with the base station
    A pair of neighbor nodes use the resulting key to implement an authenticated,
    encrypted link between them. (Pairwise Key)
    Base station limit the number of neighbors a node is allowed to have prevent
    an insider attacker establishing shared keys with every node in the network.
    Not perfect
    Malicious nodes can still communicating with its verified neighbors
    wormhole attack by create an artificial link between two nodes to convince
    them they are neighbors
    HELLO FLOOD

    Def: An attacker sends or replays a routing protocols HELLO packets with more
    energy. Attacks on protocols that use HELLO packets to announce to neighbors.
    These protocols assume that the sender of a received packet is within normal radio
    range. Can be launched by insiders and outsiders.
    Effects:
    Attract a lot of nodes to use the forged high-quality routes.
    Leave these nodes sufficiently far away form the attacker sending packets into
    oblivion.
    The network is at a state of confusion.
    COUNTERMEASURES

    Verify the bi directionality of the link between two nodes


    Less effective if the adversary have highly sensitive receivers as well as
    powerful transmitter.
    Every node authenticate each of its neighbors with an identity verification
    protocol using base station
    The compromised node has to authenticate itself to a lot of nodes
    Base station can detect the HELLO flood
    ACK. FLOODING
    Def: Spoofed link layer acknowledgement to trick other nodes to believe that
    a link or node is either dead (actually alive) or alive (actually dead). Attacks
    on protocols that relay on link layer acknowledgement.
    Actions:
    It Spoofs link layer ACK packets of neighbor nodes.
    By the method of Selective forwarding by encouraging sender to send via
    weak links.
    Effects:
    1.Convince the sender that a weak link is strong.
    2.Convince the sender that a dead or disabled node is alive.
    COUNTERMEASURES
    Selecting a Base station which is trustworthy.
    Adversaries must not be able to spoof broadcast or flooded messages from any base station.
    HELLO message from neighbor nodes should be authenticated and impossible to spoof.
    Attention:
    public key cryptography and digital signatures can be used but it is beyond the capabilities
    of sensor.
    Replay is prevented because messages authenticated with previously disclosed keys are
    ignored
    SUMMARY
    Attack Tiny OS Direct Geographic Min cost Cluster Rumor Energy
    diffusion routing Forwarding based routing conserving
    Spoofed routing Yes Yes Yes Yes No Yes Yes

    Selective forwarding Yes Yes Yes Yes Yes Yes No

    sinkhole Yes Yes No Yes No Yes No

    Sybil Yes Yes Yes No No Yes Yes

    Warm hole Yes Yes No Yes No Yes No

    Hello floods Yes Yes No Yes Yes No Yes


    CONCLUSION

    Secure routing is vital to the acceptance and use of sensor networks for many
    application. Link layer encryption and authentication mechanism may be
    reasonable first approximation for defense.
    THANK YOU

    Anda mungkin juga menyukai