2 .7 - Physical- & Link-Layer Wireless Sensor Networks

Question 1

Wireless Sensor Networks
Overview
Applications

Answer 1

Wireless Sensor Networks (WSN)
Wireless Sensor and Actuator Networks (WSAN)

Nodes process information and communicate it wirelessly

Applications:

• Disaster relief operations
• Biodiversity mapping
• Intelligent buildings (or bridges)
• Facility management
• Machine surveillance and preventive maintenance
• Precision agriculture
• Medicine and health care

Question 2

Roles In WSNs

Answer 2

Sources: Measure data, report them “somewhere”
Sinks: Interested in receiving data from WSN
Actuators: Control device based on data, usually also a sink

Question 3

General Limitations In WSNs

Answer 3

Limited computational power and memory
- (cryptography is computationally expensive!)

Limited Battery

Multi-Hop Network
- Failure of one/few nodes can cause total net breakdown

Nodes are exposed to an omnipresent attacker with a lot more computational power and infinite battery

Question 4

Key Management In WSNs

Answer 4

needs cryptographic algorithms depend on secret (key)

Three ways to install keys

• Key exchange
• Key generation
• Pre-shared key

Key exchange often not possible due to limited resources
- Asymmetric cryptography computationally expensive

Key generation additionally includes transmitting and
receiving many messages
- Even higher energy consumption

Applying pre-shared keys is simple
- But nodes can be captured and keys extracted

Question 5

Attacks On WSNs

Answer 5

• Tampering
• Exhaustion & Interrogation
• Tampered Forwarding
• Wormholes
• Sybil Attack
• HELLO Flooding

Question 6

Attacks On WSNs #1: Tampering

Answer 6

Nodes of a WSN might be exposed to physical access of an adversary who could tamper with them

Extract sensitive material such as cryptographic keys from memory (Cold boot attack)

Countermeasures:

• prevent nodes from being found
• Tampering detection (tampering sensors (physical, temperature) react on detection)
• keys in CPU registers or CPU cache(shorter retention time)
• Encrypt sensitive information also in RAM

Question 7

Attacks On WSNs #2: Exhaustion & Interrogation

Answer 7

Make nodes performing superfluous and expensive operations

Battery exhaustion

• force nodes to retransmit messages
• repeatedly initiate energy-draining processes

Countermeasures

• Authenticated requests (expensive Crypto, key management)
• Rate-limited responses: Queue or ignore excessive reqs
• Notify upper layers: Intelligent rate-limiting based on recent history of request traffic
• Client puzzles

Question 8

Exhaustion & Interrogation countermeasure: Client Puzzles

Answer 8

Concept: Proof-of-Work

Client must solve a task before receiving service

Flooding would exhaust malicious clients’ resources

Asymmetric demand for resources when solving the puzzle

• Server: Creating puzzles must be easy
• Client: Solving the puzzles is of moderate complexity, but feasible
• Solving many puzzles should be very expensive
• Adjust the puzzle’s computational complexity as needed

Question 9

Attacks On WSNs #3: Tampered Forwarding

Answer 9

WSNs usually require every node to forward packets from its neighbors

Suppose an attacker can modify the behavior of certain devices or the routing tables

• Selective Forwarding: Random drop policy for packets can trigger costly end-to-end recovery mechanisms
• Sinkhole:
• Attacker advertises low-cost routes so that all packets are routed to him
• Used to ease selective forwarding or eavesdropping
• Attacker could drop all packets (blackhole)
• Neighbors suffer from increased traffic and run out of power
• Misdirection:
• Forward messages along wrong path to DoS victim
• Forge source address of messages to confuse or flood the alleged sender

Question 10

Tampered Forwarding

Countermeasures

Answer 10

Usage of multiple disjoint routing paths
- Mitigates selective forwarding and blackhole attack

Monitoring neighbors

• Nodes monitor their neighbors to gain assurance that messages are being correctly forwarded
• Nodes listen to wireless channel after they send a message to hear their neighbors’ subsequent transmission of the same message

Authenticated routing updates

• Prevents poisoning of the routing tables
• Freshness mechanism can additionally prevent from replay attacks

Periodic end-to-end probing
- Helps to detect congested or attacked network paths

Geographic forwarding
- Geo-location used for routing instead of network addresses

Diversity Coding

• Transmit data over multiple independent paths with redundancy
• Message m is split into N ≥ 2 chunks m0, m1,…,mN of equal length
• Compute parity message c to recover loss

Question 11

Attacks On WSNs #4: Wormholes

Answer 11

Multiple adversaries create a side-channel that provides an advantage over regular links

This channel can be used to forward information faster than the network

Can for instance be used to delude distance bounding

Countermeasures

• Geographic forwarding
• Authenticated routing messages

Question 12

Attacks On WSNs #5: Sybil Attack

Answer 12

Most protocols assume that a node has a single identity

Sybil attacker claims to have multiple identities and to be at an arbitrary location

Thus, attacker appears at multiple places at the same time

Countermeasures

• Authenticate nodes and identities
• Location verification, e.g. with distance bounding

Question 13

Attacks On WSNs #6: HELLO Flooding

Answer 13

Flooding in general aims at overwhelming the victim‘s (or network‘s) limited resources (memory, battery, bandwidth,…)

Many protocols exchange HELLO messages to become aware of the network‘s topology or a node‘s neighbors

Countermeasures:

• Bi-directional verification of local links
• Authenticate nodes

Question 14

Attacks On WSNs: Summary

Answer 14

WSNs face many attacks which leverage the fact that resources are scarce in WSNs

Most of them aim at a denial of service or eavesdropping

For secure communication and to increase availability, WSNs need

• Tamper-resistance
• An authentication scheme for nodes
  
  • Problem: Key management
• Authenticated messages
  
  • Including protection against replay-attacks
• Multi-path routing
  
  • For e.g. diversity coding

But most countermeasures are in conflict with the limited resources of WSNs and are therefore impractical