P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\titulka.jpg PA197 Secure Network Design Wireless Sensor Networks – attacker models, secure routing, IDS •Lukáš Němec lukas.nemec@mail.muni.cz, Petr Švenda •Faculty of Informatics, Masaryk University P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg Overview •Intro to wireless sensor networks •Security considerations –Why are WSNs special? •Attacker models •Routing attacks, secure routing •Intrusion detection, reaction • 2 | PA197 Wireless sensor networks P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg DaftDustSEMSys_150 | PA197 Wireless sensor networks Route to nodes technology • _TINYMCU images deepblue Apple iPhone 16GB Mobile Phone wireless-sensor-node ENIAC 3 P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg | PA197 Wireless sensor networks ISSCC Mote TMoteSky Wireless Sensor Node •Basic technology –8 bit CPU, ~1 kB RAM, ~102 kB flash –short range radio, battery powered –condition sensor (temperature, pressure, …) –xBow MicaZ, TelosB, BT LE, Weightless… –https://en.wikipedia.org/wiki/List_of_wireless_sensor_nodes •Putting pieces together… –battery-powered small MCU –+ efficient radio module –+ environmental sensor –=> Wireless Sensor Network (WSN) DaftDustSEMSys_150 4 P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg | PA197 Wireless sensor networks • humanbody soldier_sm Combat field control wildfire_mit_module Remote fire detection Medical information bridgecar Traffic control 5 Do we have useful application for WSN? P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg | PA197 Wireless sensor networks Ideal in 2000: WSN is highly distributed network with high number of low-cost sensor nodes powered by battery connected via multi-hop communication with base station 6 pridat obrazek smart dust P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg | PA197 Wireless sensor networks sensorNet Large scale Wireless Sensor Networks •Network of nodes and few powerful base stations –102 – 106 sensor nodes –particular nodes deployed randomly, e.g., from plane •Network characteristics –covering large areas - distributed –ad-hoc position/neighbours – not known in advance –multi-hop communication • l The price (still) is a current problem ● currently ~50$ or more (complete node) ● (but 3.35 $ for CC1110F32) 7 P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg | PA197 Wireless sensor networks 8 But situation is getting better J pridat obrazek sensoru s velkou baterii P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg Navigating WSN (research) landscape •The basic idea is sound and exciting •BUT: extremely large body of research –Scholar + ‘Wireless Sensor Networks’: 1,480,000 results –Scholar + ‘Cryptography’: 811,000 results •Large number of papers exploring artificial scenarios, lack of grounding to technology, not cited at all… •If involved, always ask for realistic usage scenarios –Number of nodes, patterns of communication, network lifetime, energy consumption of sensors… – – 9 | PA197 Wireless sensor networks P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg Current low(er)-cost technology •IEEE 802.15.4 standard for low-rate PANs –Basis for ZigBee tec. •Bluetooth LE/Smart enabled devices –~$10 for BT module •Weightless-N/P/W (IoT), http://www.weightless.org/ –5 km range, 10 years lifetime, $2 price (planned J) –Thanks to large range, fewer hops to reach sink node •Libelium Waspmote (multi-RF node) •Simple processing can be run directly on network controller chip (if accessible) –Espressif ESP8266 ($1.6) WiFi module • – 10 | PA197 Wireless sensor networks P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg Operating systems for WSNs 1.Should work on very limited device (102-103B RAM) 2.Should provide concurrency (perceived, real) 3.Should be flexible enough to support different usage scenarios 4.Should conserve as much energy as possible •Examples: TinyOS, Contiky, RIOT… 11 | PA197 Wireless sensor networks P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg TinyOS architecture (Berkley) •Used to be the most popular operating system for sensor nodes –first version released in 2002 (TinyOS 1.2), current 2.1.2 (released in 2012) –Open-source work https://github.com/tinyos/tinyos-main (active) –network protocols, sensor drivers and data acquisition tools •Basic design principles –Event-driven (routines serving particular event) –Telescoping abstractions •abstractions with spectrum of levels, portability and optimization –Partial virtualization •top layers of telescopic abstractions are shared or virtualized –Static binding and allocation •no dynamic allocation, all required resources allocated statically •Applications written in Network Embedded System C (nesC) –optimized for low memory, real-time applications | PA197 Wireless sensor networks tinyos_3 12 P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg Contiki architecture •Initial release 2003, current version 3.0 (2015) –http://contiki-os.org/ •Basic design principles –Dynamic loading and unloading of code at runtime –Event-driven kernel –Proto-threads (small routines executed after event) •OS requires about 10 kilobytes of RAM (minimum) –More complex than TinyOS (400B RAM only) –TCP/IP stack… Optional addition of GUI etc. – 13 | PA197 Wireless sensor networks P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg • 14 | PA197 Wireless sensor networks We (will) have exciting technology. Why/What security measures should be used? P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg Where do we need security in WSNs? •Sensitive data are often sensed/processed –military application –medical information, location data (privacy) •Commercially viable information –information for sale – cost for owner of the network –know-how - agriculture monitoring •Protection against vandalism –distant non-existing fires blocks fireman • 15 | PA197 Wireless sensor networks Early stage of WSN allows to build security in rather than as late patch P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg Why not “Just use TLS”? •What are differences from standard networks and why classical solutions mail fail? –Why we cannot use standard “TLS” for protection of data? –Party authentication, confidentiality, integrity, freshness… •Sometimes we can! (don’t be dogmatic) •But: certificates, asymmetric crypto, revocation control, high data/computational overhead, session management, authentication of data, local aggregation… –TLS is great for IoT (is WSN != IoT?) • 16 | PA197 Wireless sensor networks D:\Documents\Obrázky\question.png P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg Some differences from standard networks •Running on battery (limited resource) –days for personal network –years for large scale monitoring network –especially communication is energy-expensive •Relatively limited computation power –powerful CPU possible, but energy demanding •Links can be temporal, network often disconnected –by design, by necessity | PA197 Wireless sensor networks 17 P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg | PA197 Wireless sensor networks Some differences from standard networks •Nodes can be captured by an attacker –all secrets can be extracted from unprotected nodes –and returned back as malicious node •How to detect malicious node? •How to react on detected malicious node? • Mote devil When detection/reaction is hard, focus on prevention 120px-Light_Bulb_Icon 18 P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg Main topics in WSNs (network security) •Establishing network –Deployment, redeployment –Neighbor discovery, clustering •Using and maintaining network –Sensing, data collection, data aggregation –Routing and reliable communication –Energy efficiency of all tasks (running on battery) •Supporting security functions –Key management (pre-distribution, establishment, use) –Secure communication, authentication –Partially compromised network 19 | PA197 Wireless sensor networks P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg Network lifetime • 20 | PA197 Wireless sensor networks key pre-distribution time key update message routing … physical deployment neighbors discovery link key setup nodes authentication message routing … nodes re-deployment new to old nodes authentication link key setup Network operation Initial deployment P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg ATTACKER MODELS •Wireless Networks – Attacker Models | PA197 Wireless sensor networks 21 P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg D:\mv\antenna_icon2.jpg devil D:\mv\telosb.jpg Attacker models - capabilities •Passive attacker –Does not inject/modify messages and does not jam •Active attacker –May inject/modify messages or perform jamming •External attacker –Not a legitimate member of a network –Not compromised any node or used key (yet) •Internal attacker –Legitimate member of a network –compromised a single/few static/mobile sensor node(s) and/or possesses a single/few key(s) • 22 | PA197 Wireless sensor networks P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg Attacker models – capabilities (cont.) •Local attacker –Can overhear only a local area: single or few hop(s) –Depending on antenna, transmission signal strength… •Global attacker –Can overhear most/all node-to-node and node-to-base station communication simultaneously for all the time • 23 | PA197 Wireless sensor networks D:\mv\antenna_icon2.jpg devil D:\mv\telosb.jpg P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg Attacker models - levels •Level 1 attacker –A low cost attacker with minimum equipment requirements –Typical capabilities: Passive, External, Local •Level 2 attacker –A medium cost attacker with distributed eavesdropping and transmitting device(s), but no compromised node –Typically a group of people with radio devices –Typical capabilities: Active, External, Global 24 | PA197 Wireless sensor networks D:\mv\antenna_icon2.jpg devil D:\mv\telosb.jpg P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg Attacker models – levels (cont.) •Level 3 attacker –A medium cost attacker with common or special equipment and knowledge –The most common one as far as intentional serious attacks on a network are concerned –Typical capabilities: Active, Internal, Local •Level 4 attacker –A high cost attacker with special equipment and knowledge (well-funded organization with high motivation) –Typical capabilities: Active, Internal, Global • • 25 | PA197 Wireless sensor networks D:\mv\antenna_icon2.jpg devil D:\mv\telosb.jpg P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg ROUTING •Wireless Networks – Routing | PA197 Wireless sensor networks 26 P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg Target network topology 27 | PA197 Wireless sensor networks BS Sensor node BS Base station Term SA coined by Ross Anderson and Adrian Perrig 2004. Keys exchanged in plaintext, assumption of incomplete eavesdropping, then simple protocol to turn some intercepted keys back Their SA protocol was very simple – one intermediate, transmit key, combine Second one step transmission – because existing key is used to encrypt transmission, order of protocol runs matters Multistep – not only single intermediate P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg Routing influenced by data reporting model •Time-driven –Periodic, continuous –E.g., “send current temperature every 10 seconds” •Event-driven –when event happens –E.g., “report if temperature is more than 80°C” •Query-driven –When someone (base station) asks –E.g., “send me the current temperature on node 42” •Hybrid (combination) 28 | PA197 Wireless sensor networks D:\Documents\Obrázky\question.png How models compares? -Routing requirements -Attacker perspective P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg D:\Documents\Obrazky\ctp_routing_standf.png Example: static fixed routing tree •Every node is preloaded with ID of parent node closer to BS –Received message is forwarded to parent node •Advantages –Simple, low-memory consumption –Reduced attack surface (no route discovery) •Disadvantages –Disconnect on node’s failure –Non-uniform battery consumption –Not adapting to network changes 29 | PA197 Wireless sensor networks P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg Example: Collection Tree Protocol (CTP) •Collection Tree Protocol (CTP), default in TinyOS –Many-to-one collection data collection protocol (nodes to BS) –Address-free routing (only route towards BS) •Routing metric is number of steps to BS (sink node) –Number of expected transmissions (ETX) to reach sink node –Each node keeps only smallest ETX to nearest sink node –Routes with lower metric are preferred –Message is send only from higher ETX to lower ETX •Routing loops prevention –In case of message with lower ETX then own => update path •Possibility to periodically refresh routing metric –Continuous adaptation to network changes • • – – 30 | PA197 Wireless sensor networks http://www.btnode.ethz.ch/static_docs/tinyos-2.x/pdf/tep123.pdf P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg CTP – resulting routing tree • 31 | PA197 Wireless sensor networks D:\Documents\Obrazky\ctp_routing_standf.png Source: http://sing.stanford.edu/gnawali/ctp/ P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg General attacks against routing •Spoofed, altered, or replayed routing information •Selective forwarding •Sinkhole attacks •Sybil attacks •Wormholes •HELLO flood attacks •Acknowledgement spoofing • 32 | PA197 Wireless sensor networks Adapted from http://webs.cs.berkeley.edu/papers/sensor-route-security.pdf P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg Basic topology with single sink node • 33 | PA197 Wireless sensor networks D:\Documents\Obrazky\ra_topology.png Source: http://webs.cs.berkeley.edu/papers/sensor-route-security.pdf P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg Wormhole attack 34 | PA197 Wireless sensor networks Source: http://webs.cs.berkeley.edu/papers/sensor-route-security.pdf D:\Documents\Obrazky\ra_wormhole.png •Artificially short path(s) •Perception of locality •Influences routing metrics • P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg Sinkhole attack • 35 | PA197 Wireless sensor networks Source: http://webs.cs.berkeley.edu/papers/sensor-route-security.pdf •Forge routing information, becomes malicious sink •Messages not delivered to legitimate sink •Messages selectively forwarded to legitimate sink P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg HELLO flood attack • 36 | PA197 Wireless sensor networks Source: http://webs.cs.berkeley.edu/papers/sensor-route-security.pdf D:\Documents\Obrazky\ra_flood.png •Strong transmission of neigh. discovery or route establishment packet •Nodes will try to contact malicious sender • P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg Sybil attack 37 | PA197 Wireless sensor networks D:\Documents\Obrazky\ra_topology.png Source: http://webs.cs.berkeley.edu/papers/sensor-route-security.pdf •Attacker pretends to have additional nodes connected behind him •Creates perception of multiple nodes sensing same forged event, influences majority voting… P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg D:\Documents\Obrazky\ctp_routing_standf.png Collection Tree Protocol - security? •How would you attack CTP-enabled network? •Bogus routing information –Manipulate propagated ETX values •Selective forwarding –No control of delivery •Sinkhole –Advertise itself as base station (sink hole) •Wormhole attack –Shortcut path between two nodes via different medium (=> preferred path) •HELLO flood attack –Flood network with CTP beacons, corrupt paths and drain energy •… 38 | PA197 Wireless sensor networks http://webs.cs.berkeley.edu/papers/sensor-route-security.pdf P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg Example: Directed diffusion •Base station floods network for named data (interest) –“Which node has temperate higher than 80°C?” •Gradients with distance from base station –If data found, returned back via reverse path •Properties: –Data-centric routing –Robust due to flooding •No cryptographic protection –Basic version, many extensions •Attacks: –Suppress flow, cloning flow (eavesdropping) –Selective forwarding… 39 | PA197 Wireless sensor networks C. Intanagonwiw at, R. Go vindan, and D. Estrin, “Directed dif fusion: A scalable and rob ust communication paradigm for sensor netw orks, ” in Pr oceedings of the Sixth Annual International Confer ence on Mobile Computing and Networks (MobiCOM ’00) , August 2000 P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg SECURE ROUTING •Wireless Networks – Secure Routing | PA197 Wireless sensor networks 40 P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg Why we need special routing for WSN? •MANY existing routing schemes for ad-hoc networks •Should have low packet overhead and node state –Energy efficiency –But: CPU/radio efficiency improves •Should not be based on public key cryptography –Increases cost of hardware / transmission –But: ECC or pairing-based crypto? •Should omit unnecessary complexity “any two nodes” –Data-centric routing –Energy-aware routing –But: depends on usage scenario 41 | PA197 Wireless sensor networks P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg Security and efficiency tradeoff •There is tradeoff between security and efficiency •Q: Should I require packet/message confirmations? –Or just hope to be delivered to save energy? •Q: Should I require cryptographically signed ACKs? –Or just detect discrepancies on base station? •Q: Should I use multiple paths to deliver? –Or just one to save energy? Aggregate data? • •Always confront to your expected attacker model and usage scenario 42 | PA197 Wireless sensor networks P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg Multipath routing algorithms •Targets improved reliability, security and load balance –Reliability – probabilistically bypassing unrealiable path –Security – limits localized sinkhole (by bypassing it) –Load balance – spread of communication load (energy) •Nature of algorithms –Infrastructure-based (more stable paths, infrastructure help) –Non-infrastructure-based (paths discovered adhoc) –Coding based (message split into parts via different routes) 43 | PA197 Wireless sensor networks P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg INTRUSION DETECTION •Wireless Networks – Intrusion Detection System | PA197 Wireless sensor networks 44 P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg Distributed intrusion detection •Attacks considered: Jammer, Dropper, Selective dropper, Sybil, Sinkhole… 1.Promiscuity eavesdropping on IDS node 2.Gather runtime characteristics about neighbours 3.Compute monitored node “reputation” 4.If significant deviation is detected => reaction –Report to BS or neighbours, change routing path, block offender (time-limited suicide)… • 45 | PA197 Wireless sensor networks P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg IDS monitored network characteristics •Signal Strength (of received packet from node) •Carrier Sensing time (time to be clear to send) •Packet Delivery Ratio (packets successfully forwarded by monitored node) •Packet Send Ratio (how many packets send by monitored node were forwarded further?) •… • 46 | PA197 Wireless sensor networks P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg Generic problems with IDS •How long to store characteristics? –limited memory •How to reliable measure all wanted characteristics? –usually impossible, missed/unheard transmissions •How to detect deviances in noisy environment? –Natural packet loss rate, attacker just below threshold •How monitoring node should survive on batteries? •How NOT to be tricked by an attacker to blame legitimate node? • 47 | PA197 Wireless sensor networks P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg Summary •WSNs specifics: Limited communication, local knowledge, partial compromise •Many factors influence resulting network settings –Usage scenario –Available hardware parameters => network topology –Sensitivity and nature of data processed => attacker model •Area is currently flooded with different protocols –Have good understanding of basic principles –Be critical in judging various proposal –Have clear definition of usage scenario & attacker model • 48 | PA197 Wireless sensor networks P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg Mandatory reading •Ch. Karlof, D. Wagner, Secure routing in wireless sensor networks: attacks and countermeasures (2003) • • 49 | PA197 Wireless sensor networks