Download How the Sybil Attack can be used in wireless sensor

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
page
34
page
35
page
36
page
37
page
38
page
39
page
40
page
41
page
42
page
43
page
44
page
45
page
46
page
47
page
48
page
49
Document related concepts

Airborne Networking wikipedia , lookup

Distributed operating system wikipedia , lookup

IEEE 802.1aq wikipedia , lookup

CAN bus wikipedia , lookup

List of wireless community networks by region wikipedia , lookup

Routing in delay-tolerant networking wikipedia , lookup

Kademlia wikipedia , lookup

Transcript 
The Sybil Attack in Sensor
Networks: Analysis & Defenses
James Newsome, Elaine Shi, Dawn
Song, Adrian Perrig
Presenter: Yi Xian
Outlines
Introduction
Three Dimensions of Sybil Attack Taxonomy
Attacks
– Known & New attacks
Defenses
– Radio Resource Testing
– Random Key Predistribution
– Other Defenses
Discussion
Conclusion
Outlines
Introduction
Three Dimensions of Sybil Attack Taxonomy
Attacks
– Known & New attacks
Defenses
– Radio Resource Testing
– Random Key Predistribution
– Other Defenses
Discussion
Conclusion
Introduction
Security in Sensor Network
– Wireless network natures
– Sensor nodes constraints
Sybil Attacks
– First described in peer-to-peer
networks.
– An attack against identity.
– A particularly harmful attack in
sensor networks.
Definition of Sybil Attack
In this paper
– A malicious device
illegitimately takes on
multiple identities.
– The additional identities are
called Sybil nodes.
Question:
– How does an attacker
create Sybil nodes and use
them?
Outlines
Introduction
Three Dimensions of Sybil Attack Taxonomy
Attacks
– Known & New attacks
Defenses
– Radio Resource Testing
– Random Key Predistribution
– Other Defenses
Discussion
Conclusion
Sybil Attack Taxonomy
Dimension I – Direct vs. Indirect
Communication
– Direct Communication
Legitimate nodes can communicate with Sybil
nodes directly.
– Indirect Communication
One or more of the malicious devices claims to be
able to reach the Sybil nodes.
Messages sent to a Sybil node are routed through
one of these malicious nodes.
Sybil Attack Taxonomy
Dimension II – Fabricated vs. Stolen
Identities
– Fabricated
Simply create arbitrary new Sybil identities.
– Stolen
Assign other legitimate identities to Sybil nodes.
May go undetected if attacker destroys or disable
them.
Identity Replication Attack
The same identity is used many times and exists in multiple places
in the network.
Is it a Sybil Attack???
Sybil Attack Taxonomy
Dimension III – Simultaneity
– Simultaneous
All Sybil identities participate in the network at
once.
– Non-Simultaneous
Only act as a smaller number of identities at any
given time by:
– Letting different identities join and leave
– Or only using each identity once.
– Having several physical devices swap identities.
Each device may present different identities at different times!
Outlines
Introduction
Three Dimensions of Sybil Attack Taxonomy
Attacks
– Known & New attacks
Defenses
– Radio Resource Testing
– Random Key Predistribution
– Other Defenses
Discussion
Conclusion
Attacks
How the Sybil Attack can be used in
wireless sensor networks?
Known Attacks
Distributed Storage
– Defeat replication and fragmentation
mechanisms
Routing
– Attack routing algorithm
– Geographic routing
– Evade misbehavior detection mechanisms
New Attacks
Data Aggregation
– With enough Sybil nodes, an attacker may be
able to completely alter the aggregate reading.
Voting
– Depending on the number of identities the
attacker owns, he may be able to determine
the outcome of any vote.
Either claim a legitimate node is misbehaving or
Sybil nodes can vouch for each other…
New Attacks
Fair Resource Allocation
– Using Sybil attack, a malicious node can obtain an
unfair share of any resource shard in per-node
manner.
– Consequently, cause DoS to legitimate node, and
also give the attacker more resources to perform
attacks.
Misbehavior Detection
– Sybil nodes could “spread the blame” .
– Even action is taken to revoke the offending nodes,
the attacker can continue using new Sybil identities to
misbehave.
Outlines
Introduction
Three Dimensions of Sybil Attack Taxonomy
Attacks
– Known & New attacks
Defenses
– Radio Resource Testing
– Random Key Predistribution
– Other Defenses
Discussion
Conclusion
Defenses
How can we defend against the
Sybil Attack??
Defenses
Two types of ways
to validate an
identity
– Direct validate
– Indirect validate
Defenses
Previous Defense
The attacker may use a
– Resource testing
physical device with much
higher computation and
By verifying that each identity
has
asability!
much of
storage
the tested resource as a physical device.
Computation, storage
and communication
Unsuitable for wireless sensor networks
– WHY?
The replies converging at the
verifier will result in that part
of network becoming
congested!!!
New Defenses in this paper
Radio Resource Testing
Random Key Predistribution
Registration
Position Verification
Code Attestation
New Defenses in this paper
Radio Resource Testing
Random Key Predistribution
Registration
Position Verification
Code Attestation
Radio Resource Testing
Direct validation
Assumptions
– Any physical device has only one radio
– A radio is incapable of simultaneously sending or
receiving on more than one channel.
The basic idea:
– A node assigns each of its n neighbors a different
channel.
– By challenging a neighbor node on the exclusively
assigned channel, a sensor node can detect Sybil
nodes with a certain probability.
Radio Resource Testing with
enough channels
Suppose:
– s Sybil nodes out of n neighbors.
– One channel for each neighbor.
Pr (choose a channel is not
being transmitted on)
=
Pr (not detecting a Sybil node)
=
Repeat test for r round
Pr (no Sybil nodes being
detected)
=
Radio Resource Testing with limited
channels
In case of limited channels, only subset of its
neighbors can be tested at one time.
Suppose :
– n neighbors, s Sybil nodes, m malicious nodes, and g good
nodes.
A malicious node not in the subset being tested
canatcover
Sybil node
– only c neighbors are tested
once,forofawhich
therethat
areisSbeing
Sybiltested
transmitting
on the channel that the Sybil
nodes, M malicious nodes,byand
G good nodes.
node is supposed to be transmitting on…
The probability of a Sybil node being detected is :
Radio Resource Testing with limited
channels
Repeating this test for r rounds
The probability of a Sybil node being
detected is
Effective defense against simultaneous
direct-communication
Variant of the Sybil attack.
New Defenses in this paper
Radio Resource Testing
Random Key Predistribution
Registration
Position Verification
Code Attestation
Random Key Predistribution
Random Key Predistribution
– Each node is assigned a random set of keys
or key-related information.
– In key set-up phase, each node can discover
or compute the common key it shares with its
neighbors…
– Node-to-node secrecy.
Random Key Predistribution
Key ideas:
– Associating the node identity with the keys assigned
to the node.
– Key validation, i.e., the network being able to verify
part or all of the keys that an identity claims to have.
Direct or Indirect Validation?
Different variants
– Key pool
– Single-space pairwise key distribution
– Multi-space pairwise key distribution
Key Pool
Key Pool Scheme
– Randomly assigns k keys to each node from a
pool of m keys.
– During the initialization phase, any two
neighbors sharing q common keys can
establish a secret link.
– Suppose
Each node’s identity is the indices in sorted
order of keys that it holds.
What’s the problem?
with multiple compromised keys,
the attacker can use any combination
of the compromised keys
to generate new identity!!!!
Key Pool
An Extension
– Let
assigned to ID,
be the set of keys
ID is the identity of the node, and
in the key pool,
is the index of its ith key
– The set of keys that node ID possesses are
determined by:
where H is a hash function, and PRF is a pseudo random
function.
– The index of a node’s ith key,
is determined by a
pseudo random function with H(ID) as the function’s
key, and i as its input.
Key Pool
An example
– Node ID = 30
– Key set = { K1, K8, K12, K78, …}
– Rule: pick the 3rd indices
Given 12, it is hard to find the
key, H(30), for PRF to yield
exactly 12.
– How to validate this node ID (= 30) ??
Test whether PRF H(30) (3) = 12 ??
– What properties does this scheme
have?
Even known the value of
H(30), it s still hard to find
that ID = 30.
Key Pool
What can the attacker do?
– Capture legitimate nodes and read off the keys,
– Build up a compromised key pool S,
– Fabricate usable Sybil identities ID’ to use in Sybil
attack, which means ID’ must be able to pass the
validation by other nodes.
Question:
– Given a set of compromised keys S
– How difficult for an attacker to generate a usable Sybil
identity?
– How to evaluate the difficulty?
Key Pool
How to evaluate the difficulty?
– The time complexity to generate a usable Sybil node
ID given a set of compromised nodes could be
expressed in terms of the probability p that a random
identity is a usable Sybil identity.
– So, the expected number of times an attacker has
to try to find a usable Sybil identity is 1/p.
Notation:
Key Pool
In Full validation case…
– Verify every key the identity claims to have.
– How does the randomly generated identity ID’
survive the full validation?
– ID’ has to satisfy :
– Therefore…
Key Pool
In case each identity is challenged by d
nodes.
Condition over t, where
Key Pool
Each identity is challenged by d nodes.
Key Pool
If tolerate threshold is 2-64 ,
•
•
Full validation: 150 nodes;
Partial validation with d = 30,
only 30 nodes.
However…
– No node-to-node
authentication
– An attacker may
compromise a sufficient
fraction of keys
Random Key Predistribution
In contrast, Pairwise key distribution
– Assigns a unique key to each pair of nodes…
– Single-space Pairwise Key Distribution
– Multi-space Pairwise Key Distribution
Single-space Pairwise Key Distribution
A sensor node i stores - unique public
information Ui and private information Vi,
In bootstrapping phase
– nodes exchange public information,
– node i compute its key with node j with f(Vi, Uj) ,
where f(Vi, Uj) = f(Vj, Ui)
-secure property (Given c compromised nodes)
if c <= , a simple direct validation is sufficient;
if c > , prone to the Sybil attack.
With Perfect resilience
• Sensor node’s memory constraint
Multi-space Pairwise Key Distribution
To further enhance the security of singlespace…
In this scheme, each sensor node will be
assigned k out of the m key spaces.
Key computation
– Use single-space scheme, if they have one or more
key spaces in common.
Properties
– Without validation
Prone to the indirect-communication Sybil attack.
– With validation
Indirect validation is necessary to ensure a globally
consistency..
Random Key Predistribution
– Multiple-space Pairwise Key Distribution
Probability of fabricating Sybil identities
with the multispace scheme.
Si – the event that space i be compromised
Then, given c compromised nodes,
So, we have:
Summary of Random Key
Predistribution
Key Pool
– One-way function
– Indirect validation
Single-space pairwise key distribution
–
-secure property
– Direct validation ensures globally consistent outcome.
Multi-space pairwise key distribution
– Has to compromise far more than
nodes to
compromise one space
– And compromise k spaces with a probability of
around 0.05.
– The best among these three approaches.
New Defenses in this paper
Radio Resource Testing
Random Key Predistribution
Registration
Position Verification
Code Attestation
Other Defenses
Identity Registration
– Based on a trusted central authority
– However,
Attacker may be able to control the good list.
Need maintain the deployment information
Position Verification
– Assume network is immobile.
– Verify the physical position of each node.
– How to securely verify a node’s exact position is still
an open question.
– Mobile attacker’s identity needs to be verified
simultaneously.
Other Defenses
Code Attestation
– Code running on a malicious node must be
different form that on a legitimate node.
– The technique is not readily applicable to
wireless network.
High cost
Energy consumption
Outlines
Introduction
Three Dimensions of Sybil Attack Taxonomy
Attacks
– Known & New attacks
Defenses
– Radio Resource Testing
– Random Key Predistribution
– Other Defenses
Discussion
Conclusion
Comparison and Discussion
All these Sybil Defenses…
* Assume that nodes can only verify the position that they directly
communicate with;
** Key predistribution can not stop an attacker from using stolen identities…
but it does make it more difficult for the attacker to steal identities in the
first place.
Outlines
Introduction
Three Dimensions of Sybil Attack Taxonomy
Attacks
– Known & New attacks
Defenses
– Radio Resource Testing
– Random Key Predistribution
– Other Defenses
Discussion
Conclusion
Conclusions
The first paper that systematically
analyzes the Sybil attack and its
defenses in sensor networks.
It introduces a taxonomy of the
different forms of the Sybil attack.
Several new defenses are proposed.
Conclusions
In radio resource testing
– Based on the assumption that each node has only one channel
and can’t send and receive simultaneously on more than one
channel.
– How a sensor node assigns the radio channels to its neighbors?
– The testing process may consumes a lot of battery power
In random key predistribution
– If some keys are compromised, the attacker may be able to
falsely claim the identities of many non-compromised sensor
nodes.
– It’s not practical in a mobile wireless network environment.
Other defenses
– Have their own drawbacks and not very applicable in wireless
sensor networks…
Related documents
Computer Network
Computer Network
Website user experience
Website user experience
Survey: Distributed Operating Systems Introduction 1 Network
Survey: Distributed Operating Systems Introduction 1 Network
Energy Aware Networks
Energy Aware Networks
Linked data structures and algorithms
Linked data structures and algorithms
12 Questions
12 Questions
Producer-Consumer Problem
Producer-Consumer Problem
Course Lecture 6
Course Lecture 6
Networks
Networks
SIA: Secure Information Aggregation in Sensor Networks B
SIA: Secure Information Aggregation in Sensor Networks B
Denial of Service Attacks in Cognitive Radio Networks and Counter
Denial of Service Attacks in Cognitive Radio Networks and Counter