Sleep/Wake Aware Local Monitoring (SLAM)

Similar documents
SRPS: Secure Routing Protocol for Static Sensor Networks

Secure Embedded Wireless Networks

MOBIWORP: Mitigation of the Wormhole Attack in Mobile Multihop Wireless Networks

Presented by: Mariam Ahmed Moustafa Faculty of Engineering, Alexandria University, Egypt. 24 March 2016 RIPE NCC / MENOG 16

End-To-End Delay Optimization in Wireless Sensor Network (WSN)

LITEWORP: Detection and Isolation of the Wormhole Attack in Static Multihop Wireless Networks

Security in Mobile Ad-hoc Networks. Wormhole Attacks

Secure Routing and Transmission Protocols for Ad Hoc Networks

Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures

Multigrade Security Monitoring for Ad-Hoc Wireless Networks

DETECTING, DETERMINING AND LOCALIZING MULTIPLE ATTACKS IN WIRELESS SENSOR NETWORK - MALICIOUS NODE DETECTION AND FAULT NODE RECOVERY SYSTEM

MOBIWORP: Mitigation of the Wormhole Attack in Mobile Multihop Wireless Networks. Abstract

A REVIEW PAPER ON DETECTION AND PREVENTION OF WORMHOLE ATTACK IN WIRELESS SENSOR NETWORK

Design and Implementation of TARF: A Trust-Aware Routing Framework for WSNs

SENSOR-MAC CASE STUDY

International Journal of Advance Engineering and Research Development

Security of Mobile Ad Hoc and Wireless Sensor Networks

CMNTS:Catching Malicious Nodes with Trust Support in Wireless Sensor Networks

WIRELESS sensor networks have received a lot of attention

Analysis of Black-Hole Attack in MANET using AODV Routing Protocol

Design and Implementation of TARF: A Trust Aware Routing Framework WSN s

Secure Path-Key Revocation for Symmetric Key Pre-distribution Schemes in Sensor Networks

Detecting and Preventing Wormhole Attacks In Wireless Sensor Networks

CHAPTER 4 IMPACT OF ROUTING ATTACKS IN LOCATION BASED ROUTING PROTOCOL

CS551 Ad-hoc Routing

Analysis of Attacks and Defense Mechanisms for QoS Signaling Protocols in MANETs

Round Trip Time based Wormhole Attacks Detection

Power-efficient Communication Protocol for Social Networking Tags for Visually Impaired

Wireless Sensor Networks: Security Issues, Challenges and Solutions

Wireless Network Security Spring 2013

Intrusion Detection for Routing Attacks in Sensor Networks

Defenses against Wormhole Attack

CONCLUSIONS AND SCOPE FOR FUTURE WORK

Packet Estimation with CBDS Approach to secure MANET

Blackhole Attack Detection in Wireless Sensor Networks Using Support Vector Machine

Lecture 8 Wireless Sensor Networks: Overview

Part I. Wireless Communication

CERIAS Tech Report

Geographical Routing Algorithms In Asynchronous Wireless Sensor Network

Secure routing in ad hoc and sensor networks

Ferry Route Design with MAC Protocol in Delay Tolerant Networks

Outline. CS5984 Mobile Computing. Dr. Ayman Abdel-Hamid, CS5984. Wireless Sensor Networks 1/2. Wireless Sensor Networks 2/2

Mobile ad hoc networks Various problems and some solutions

ComparisonofPacketDeliveryforblackholeattackinadhocnetwork. Comparison of Packet Delivery for Black Hole Attack in ad hoc Network

Delay Analysis of ML-MAC Algorithm For Wireless Sensor Networks

Peer-to-peer Sender Authentication for . Vivek Pathak and Liviu Iftode Rutgers University

Outline. MAC (Medium Access Control) General MAC Requirements. Typical MAC protocols. Typical MAC protocols

Performance and Comparison of Energy Efficient MAC Protocol in Wireless Sensor Network

Security Issues In Mobile Ad hoc Network Routing Protocols

Detection and Prevention Mechanism against Attack for MANET Routing Protocol

SUMMERY, CONCLUSIONS AND FUTURE WORK

Detection of Sybil Attack in Wireless Sensor Network

Reservation Packet Medium Access Control for Wireless Sensor Networks

CHAPTER 2 WIRELESS SENSOR NETWORKS AND NEED OF TOPOLOGY CONTROL

Wireless Network Security Spring 2015

Link Estimation and Tree Routing

A Tale of Two Synchronizing Clocks

Enhancing the Security in WSN using Three Tier Security Architecture Chanchal G. Agrawal *

Wireless Sensor Networks --- Concepts and Challenges

Wireless Network Security Spring 2014

A Survey - Energy Efficient Routing Protocols in MANET

Analysis and Enhancement of RPL under Packet Drop Attacks

Introduction and Statement of the Problem

Data gathering using mobile agents for reducing traffic in dense mobile wireless sensor networks

On the Survivability of Routing Protocols in Ad Hoc Wireless Networks

ADB: An Efficient Multihop Broadcast Protocol Based on Asynchronous Duty-Cycling in Wireless Sensor Networks

Detection of Malicious Node in Wireless Sensor Network under Byzantine Attack

CSC 774 Advanced Network Security

Selective Forwarding Attacks Detection in WSNs

Wireless Sensor Networks --- Concepts and Challenges

A SURVEY OF VARIOUS ROUTING PROBLEMS TO VARIOUS ATTACKS IN MOBILE AD HOC NETWORKS IN THE TRANSACTIONS

Lecture 13: Routing in multihop wireless networks. Mythili Vutukuru CS 653 Spring 2014 March 3, Monday

Mitigating Malicious Activities by Providing New Acknowledgment Approach

A Novel Approach To Detect Trustworthy Nodes Using Audit Based Scheme For WSN

Secure Multi-Hop Infrastructure Access

Wireless Network Security Spring 2016

EXPERIMENTAL EVALUATION TO MITIGATE BYZANTINE ATTACK IN WIRELESS MESH NETWORKS

hash chains to provide efficient secure solutions for DSDV [7].

An Efficient Scheme for Detecting Malicious Nodes in Mobile ad Hoc Networks

INFRINGEMENT PRECLUSION SYSTEM VIA SADEC: STEALTHY ATTACK DETECTION AND COUNTERMEASURE

CSC 774 Advanced Network Security

[Nitnaware *, 5(11): November 2018] ISSN DOI /zenodo Impact Factor

Communication Layer, Attacks and Security Mechanisms of Wireless Sensor Network

TARF with MAC Addresses: A Trust-Aware Routing Framework for WSNs with MAC Addresses

Kun Sun, Peng Ning Cliff Wang An Liu, Yuzheng Zhou

Secure Adaptive Topology Control for Wireless Ad-Hoc Sensor Networks

Towards Resilient Geographic Routing in Wireless Sensor Networks

Chapter Topics Part 1. Network Definitions. Behind the Scenes: Networking and Security

Detection of Wormhole Attacks in Wireless Sensor Networks

Ad Hoc Networks. WA-MAC: A weather adaptive MAC protocol in survivability-heterogeneous wireless sensor networks

Rule based Forwarding (RBF): improving the Internet s flexibility and security. Lucian Popa, Ion Stoica, Sylvia Ratnasamy UC Berkeley Intel Labs

Research Article Detection and Prevention of Selective Forwarding-Based Denial-of-Service Attacks in WSNs

Detection and Removal of Black Hole Attack in Mobile Ad hoc Network

Key establishment in sensor networks

Algorand: Scaling Byzantine Agreements for Cryptocurrencies

Implementation of an Adaptive MAC Protocol in WSN using Network Simulator-2

Chapter 5 Ad Hoc Wireless Network. Jang Ping Sheu

On Demand secure routing protocol resilient to Byzantine failures

Saving Wireless Networks By Detecting, And Designing Efficient From Masquerade Attacks

Unicast Routing in Mobile Ad Hoc Networks. Dr. Ashikur Rahman CSE 6811: Wireless Ad hoc Networks

Transcription:

Sleep/Wake Aware Local Monitoring (SLAM) Issa Khalil, Saurabh Bagchi, Ness Shroff Dependable Computing Systems Lab (DCSL) & Center for Wireless Systems and Applications (CWSA) School of Electrical and Computer Engineering Purdue University Work supported by: NSF-CISE/CNS and Indiana 21 st Century Research & Technology Fund Slide 1/27 Outline Introduction Motivation Background: local monitoring Goal and challenge Solution approach Sleep/wake aware local monitoring (SLAM) Assumptions and Sleep-Wake Wake Mechanisms On-demand demand SLAM: Protocol Description Protocol analysis Simulation results Conclusion Slide 2/27

Motivation Overhearing in wireless media serves as a primitive building block for collecting information and evidence about network activities Target: Wireless Ad Hoc and Sensor (WAHAS) Networks Overhearing is used for many security applications in WAHAS networks Intrusion detection Building trust and reputation among nodes Building secure routing protocols Local monitoring (our work) Slide 3/27 Background: Local Monitoring X A M Y S B X N A D The transmission range of node Y A collaborative detection strategy in which a node monitors the traffic going in and out of its neighbors. Assumptions Each node knows its first-hop and second-hop neighbors Requires each node to include the ID of the prev-hop in the forwarded packet A guard of a node A over the link X A is any node that lies within the transmission range of both X and A Example: M, X, and N are the guards of node A for the link from X to A Slide 4/27

Background: Local Monitoring Local monitoring can be used to detect different kinds of attacks by different kinds of checks on the incoming and outgoing traffic Local monitoring provides the building block for detecting the following malicious actions Fabrication Modification Delay Drop Misrouting S B X M X N A A D Slide 5/27 Goal and Challenge Overhearing in local monitoring incurs listening energy cost Guards have to be awake all the time Listening energy is a dominant source of energy consumption and is therefore critical in energy constrained WAHAS networks Goal of this work: Minimize energy overhead of monitoring Challenge: Perform the sleep/wake of guards securely and efficiently Required guards to monitor a communication should be woken up Quality of detection should not be significantly affected Slide 6/27

Solution Approach We design a protocol called Sleep/wake Aware Local Monitoring (SLAM) Wake up guards only when needed Verify that a node is waking up guards as needed Contributions Conserve energy through sleep/wake aware local monitoring Provide on-demand sleep/wake algorithm Demonstrate the security coverage is not reduced due to the energy conserving mode of SLAM Evaluate SLAM through extensive simulations and analysis Slide 7/27 Outline Introduction Sleep/wake aware local monitoring (SLAM) Assumptions and Sleep-Wake Mechanisms On-demand SLAM Protocol Description Protocol analysis Simulation results Conclusion Slide 8/27

Assumptions & Attack Model System assumptions Static network Bi-directional links Existing key management protocol that can distributed pairwise symmetric keys to any two nodes Each node is equipped with passive or low-power antenna Attack Model The adversary may not follow the sleep/wake protocol The adversary may not provide the detection according to local monitoring Adversary nodes may collude The adversary can be more powerful than legitimate nodes Physical layer attacks (DoS against antenna, jamming) are out of scope Slide 9/27 Sleep/Wake Mechanisms Synchronized sleep/wake All the nodes wake up and go to sleep in a synchronized manner Examples: S-MAC and SPAN Require accurate time synchronization Wastage of energy in scenarios with rare events Adaptation: Guards naturally sleep and wake up when there may be traffic to monitor Application-specific sleep/wake Protocol for maintaining specific network properties such as k-connectivity or k-coverage Adaptation: Change parameters of sleep/wake algorithm, e.g., increase k On-demand sleep/wake Sleeping nodes are triggered to wake up when needed for communication Requires low-power or passive antenna Adaptation: On-Demand SLAM Forms the topic of the rest of this presentation Slide 10/27

Outline Introduction Sleep/wake aware local monitoring (SLAM) Assumptions and Sleep-Wake Wake Mechanisms On-demand SLAM Protocol Description Protocol analysis Simulation results Conclusion Slide 11/27 On-Demand SLAM Node wake up does not depend on assumption of a specific communication pattern Nodes can be woken up when there is communication Most energy efficient mode of communication Each node has two antennas Wakeup antenna Low-power or passive Low bandwidth Remains awake at all times Available commercially and in research labs Regular antenna Always asleep except when triggered for sending/receiving data Used for data communication and has higher power consumption Slide 12/27

On-Demand SLAM: Overview Z W α 1 α 2 S n 1 n 2 n h-1 D β 1 β 2 Node is asleep Node on path & is awake Node not on path & is awake Initially all the nodes are sleeping S wants to send a packet, S wakes up S sends a signal to its one-hop neighbors All the one-hop neighbors of S wake up Non-guards go back to sleep S sends the packet to n 1 n 1 wakes up its neighbors n 1 sends the packet to n 2 Guards go back to sleep The process continues until the packet reaches D Slide 13/27 Security of SLAM: Rules of the Guard In baseline local monitoring, the responsibility of a guard of n i over a given link is to verify that: n i forwards the packet within a time threshold (delay/drop) n i does not modify the packet it is forwarding (modification) n i forwards the data to the correct next hop (misrouting) n i only forwards if a packet is sent on the n i-1 n i link (fabric.) SLAM introduces a fifth responsibility n i should wake up the guards for the communication on the n i n i+1 link before forwarding the packet on that link Slide 14/27

SLAM Variant 1: All-neighbors SLAM (A-SLAM) Wakeup signal broadcast to all the first-hop neighbors + Simple communication of signal + Knowledge of node location is not required Extra energy wasted in waking up irrelevant nodes Z W α 1 S n 1 β 1 Slide 15/27 SLAM Variant 2: Guards-only SLAM (G-SLAM) Wakeup signal sent only to the relevant nodes (next-hop & guards) + More energy efficient Requires the knowledge of node locations within twice the transmission range Sophisticated signals and wake up hardware Z W α 1 S n 1 β 1 Slide 16/27

Reducing End-to-End Delay Wakeup antenna has warm-up time which may increase end-to-end delay Send the signal at the earliest possible time Pipeline the process of sending signal and data traffic Increase the listening energy Definitions T control : time to send the signal T warmup : time to warm-up (sleep to wake) T data : time to send a packet (the worst case time which includes time to send the packet and channel contention) T w : time a node continues to be awake after being woken up Slide 17/27 Reducing End-to-End Delay Two different cases Case 1: T control + T warmup < T data (common case) Ω ( h) =Ω ( h) Ω ( h) = T + T SLAM Add SLAM Base LM control warmup Delay is constant independent of number of hops Case 2: T control + T warmup > T data Ω ( h) =Ω ( h) Ω ( h) = h τ + T SLAM Add SLAM Base LM data Delay is the product of the number of hops and the difference in time between (T control + T warmup ) and T data Slide 18/27

Outline Introduction Sleep/wake aware local monitoring (SLAM) On-demand SLAM Protocol description Protocol analysis Simulation results Conclusion Slide 19/27 SLAM Coverage: Proof Sketch S n 1 n 2 n 3 n h-1 D Proposition: SLAM does not cause loss in detection coverage Lemma: For each n i in the path from S D The guards of n i (g i ) are awake and monitoring Base case: S is honest, thus g 1 is awake Inductive hypothesis: g 1 g i are woken up Prove: g i+1 is woken up If n i is honest it wakes up g i+1 Else, g i will wake up g i+1 Result: The required guards are always woken up either directly or indirectly Slide 20/27

Outline Introduction Sleep/wake aware local monitoring (SLAM) On-demand SLAM Protocol description Protocol analysis Simulation results Simulation setup Effect of fraction of data monitored (f dat ) on output metrics Effect of number of malicious nodes (M) on output metrics Effect of traffic load (1/μ) on output metrics Energy savings Conclusion Slide 21/27 Simulations: Simulation Setup Data communication model: any node to any node Node distribution: Randomly on a fixed-size field Attack model Attacker nodes are internal compromised nodes randomly selected from network Colluding nodes establish a wormhole, then perform selective forwarding Two scenarios Local monitoring with A-SLAM Local monitoring without A-SLAM (baseline) The network simulator ns-2 is used The output parameters are measured at the end of simulation time (1500 s) Slide 22/27

Effect of Fraction of Data Monitored (f dat ) % Delivery ratio = % (Packets received/packets sent) % True Isolation = % (# malicious nodes completely isolated/# malicious nodes) Inputs: M = 4; N = 100; 1/ μ = 0.1 packets/s; T warmup = 5ms, T w = 30ms % Delivery Ratio 120 100 80 60 40 20 0 With A-SLAM Without A-SLAM 0.2 0.4 0.6 0.8 1 Fraction Data Monitored % True Isolation 120 100 80 60 40 20 0 With A-SLAM Without A-SLAM 0.2 0.4 0.6 0.8 1 Fraction Data Monitored High delivery ratio & high detection coverage even with the existence of attack Changing f dat does not significantly change output metrics due to adaptive detection strategy Applying sleeping through SLAM does not significantly degrade the coverage or the delivery ratio Slide 23/27 Effect of # Malicious Nodes (M) % Delivery ratio = % (Packets received/packets sent) % True Isolation = % (# malicious nodes completely isolated/# malicious nodes) Inputs: f dat = 0.6; N = 100; 1/ μ = 0.1 packets/s; T warmup = 5ms, T w = 30ms 100 100 % Delivery Ratio 80 60 40 20 With A-SLAM Without A-SLAM % True Isolation 80 60 40 20 With A-SLAM Without A-SLAM 0 2 3 4 5 6 Number of Malicious Nodes 0 2 3 4 5 6 Number of Malicious Nodes As M increases, delivery ratio slightly decreases due to the increase in the traffic dropped by malicious nodes before being detected As M increases, coverage slightly decreases due to less number of good guards and increase in the probability that a malicious node is at the network s edge SLAM performs comparably to baseline local monitoring Slide 24/27

Effect of Traffic Load (1/ μ) % False isolation = % (# good nodes isolated/# nodes) End-to-end delay = time of receive time of transmit Inputs: M = 4; N = 100; f dat = 0.6 packets/s; T warmup = 5ms, T w = 30ms % False Isolation 9 6 3 0 With A-SLAM Without A-SLAM 0.05 0.067 0.01 0.2 1 Data Traffic Load (1/mu) As traffic load increases, false isolation increases due to increasing collisions As traffic load increases, end-to-end delay increases due to increasing channel contention SLAM has lower false isolation since some of the packets that may falsely identify a node as malicious may be dropped due to erroneous sleep End-to-end delay increases in SLAM with higher contention due to increase in the warm-up time End-toEnd Delay (s) 0.08 0.06 0.04 0.02 0 With A-SLAM Without A-SLAM 0.05 0.067 0.01 0.2 1 Data Traffic Load (1/mu) Slide 25/27 Listening Energy due to A-SLAM % Wakeup time = % (time a node spent wake up solely for monitoring/total simulation time) Inputs: f dat = 0.6; M = 4; N = 100; 1/ μ = 0.1 packets/s; T warmup = 5ms, T w = 30ms 2 4 % Wakeup Time 1.5 1 0.5 % Wakeup Time 3 2 1 0 2 3 4 5 6 Number of Malicious Nodes 0 0.05 0.067 0.01 0.2 1 Data Traffic Load (1/mu) The fraction is very small with SLAM As M increases, the time decrease due to the decrease in the number of packets that require monitoring As the traffic load increases, the time increases due to the increase in the number of packets that require monitoring Slide 26/27

Conclusion Present a modified version of local monitoring Sleep/wake aware local monitoring On-demand sleep/wake mechanism called SLAM proposed Provide security analysis of SLAM Does not weaken network security Provide end-to-end delay and energy analysis of SLAM Fixed increase in the end-to-end delay may be achieved Considerable energy savings compared to the vanilla version Provide extensive simulations to evaluate SLAM performance Comparable performance with the vanilla version Future work: Enabling local monitoring based detection and isolation to multi-channel wireless networks Slide 27/27 Thanks Questions? Slide 28/27

Backup Slides Slide 29/27 WAHAS Networks Wireless Ad-Hoc and Sensor networks Autonomous system of nodes with no static infrastructure All or subset of nodes may move Nodes communicate wirelessly in multi-hop fashion Often subject to rapid deployment in environments where natural or malicious errors are likely Especially attractive in scenarios where it is infeasible or expensive to deploy significant networking infrastructure Application examples include: battle field surveillance, medical monitoring, biological detection, home security, disaster recovery Slide 30/27

Challenges to Providing Dependability Open communication media Snooping is easy Hostile environment Attackers everywhere Limited resources Bandwidth and energy resources are constrained Can not tolerate high overhead measures Easy to launch attacks (cheap devices, no tamper-proof) Lack of infrastructure and difficult-to-reach deployments Difficult to manage and control Nodes are easy to access and capture by attackers Mobility Dynamic topology Frequent link failures Slide 31/27 Security Attacks Two classes of attacks 1. Attacks that can be defeated by crypto mechanisms Eavesdropping: Solved by encryption Message tampering: Solved by authentication 2. Attacks that subvert the functionality of the network Control attacks: Manipulating control traffic (e.g., routing traffic) to disrupt data traffic Examples: ID spoofing and Sybil, sinkhole, rushing, wormhole Data Attacks: Directly manipulate data traffic Examples: Blackhole, grayhole This class cannot be prevented by cryptographic mechanisms alone Throughout this work we have addressed both classes with more focus given to the second class Slide 32/27

Case 2: (T control + T warmup ) > T data Forwarding node S n 1 n 2 n 3 n h-1 D Let τ = (T control + T warmup ) T data Three different node role For a node in the route to the destination S n 1 n 2 n 3 S sends n 1 rcvs n 1 awake, S sends data, n 1 sends n 1 rcvs data n 2 awake, n 1 sends data, n n 2 sends 2 rcvs data n 3 awake, n 2 sends data, n 3 sends n 3 rcvs data, n 1 sleep T 1 T 2 T 3 T 4 T 5 T 6 T 7 T 8 T control T warmup T data τ T data τ T data Slide 33/27 Case 2: (T control + T warmup ) > T data Guard node S n 1 n 2 n 3 n h-1 D Three different node types For a guard node α 1 α 2 S n 1 n 2 n 3 β 1 β 2 S sends g 1 rcvs g 1 awake, S sends data, n 1 sends n 1 rcv data g 1 hear in data to n 1 g 1 overhear out data from n 1, g 2 awake, n 1 sends data, n 2 sends g 2 overhear in data to n 2, g 1 sleep T 1 T 2 T 3 T 4 T 5 T 6 T control T warmup T data τ T data Slide 34/27

Case 2: (T control + T warmup ) > T data Non-guard node S n 1 n 2 n 3 n h-1 D Three different node types For a neighbor to the route but is not a guard Z α 1 S sends v 1 rcvs v 1 awake, v1 sleep W S n 1 β 1 T 1 T 2 T 3 T control T warmup Case II: (T control + T warmup ) T data The timing schedule can be generated in a similar way Please refer to the report Slide 35/27 Energy Consumption SLAM is compared to an on-demand sleep/wake algorithm with no local monitoring support Three different nodes considered Forwarding node Guard node Non-guard node The worst case additional energy of SLAM for each node is respectively (single flow, per packet) Forwarding node: T w. A active Guard node: T warmup. A warmup + T data. A active + T w. A active Non-guard node: T warmup. A warmup or 0 for G-SLAM Slide 36/27

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback