Defenses against Wormhole Attack Presented by: Kadhim Hayawi, ID: 20364216 COURSE PRESENTATION FOR ECE750 - INTELLIGENT SENSORS AND SENSOR NETWORKS Prof. Otman A. Basir
Outline Introduction Packet Leashes Approaches TIK Protocol Performance and Security Analysis Conclusion
Introduction Problem Statement Wormhole Attack: An attacker tunnels packets received at one point in the network to another colluding node which will replay them Bypassing normal routes Performed even if the network provides confidentiality and authenticity No necessity to have any crypto keys To establish the tunnel, High power antenna, wired link or other methods can be used Attack Impact: the attacker is in a very powerful position Disrupt Routing protocols: manipulate route priorities Denial of Service (DoS): No other route can be discovered (e.g. routes more than 2 hops) Packet modification and analysis Very severe
Attack Demo Normal route Wormhole route Src Src Dst Dst
Wormhole Attack Modes Two Modes Hidden mode: the attackers do not use their identities so they remain hidden from the legitimate nodes Participation mode: attackers possess valid cryptographic keys that can be used to launch a more powerful attack.
Attack Countermeasures Two Types: Proactive: prevent wormhole formation, typically through restricting max traveled distance, accurate time synchronization or time measurement, neighbor overhearing, local monitoring, or transmission maximum power in a particular direction. Reactive: consider the wormhole as a valid link and avoid it only if it exhibits some malicious behavior like modifying or dropping packets do not prevent the wormhole formation do not work against passive attacks using some basic mechanisms such as packet authentication and destination acknowledgment.
Attack Countermeasure: Packet Leashes (Proactive) Add information to the packet to restrict its maximum allowed distance Approaches Geographical Upper bound on packet s traveled distance Temporal Upper bound on packet s lifetime
Geographical Leash Child Safety Leash Upper bound on packet s traveled distance Loose time syn nodes are mobile Where s: sender, r: receiver dsr: distance between sender and receiver p: location, δ: location error t: time, Δ: time syn error v: node velocity upper bound
Temporal Leash Upper bound on packet s life time Restrict traveled distance Tight time syn; i.e. Δ is in microsecond The packet s expiration time: The Receiver accept the packet if : te: packet expiration time ts: packet sent time c: propagation speed of wireless signal L: maximum allowed travel distance; L > Lmin = Δ*c Δ: maximum clock difference between 2 nodes
Any problem? An attacker could change the expiration time (te) Solution: authenticate the expiration time (te) using: Message Authentication Codes (HMAC) Digital Signature TIK TESLA with Instant Key disclosure
Message Authentication Codes (HMAC) The sender and receiver share a key K, to send a message M, For n node keys Expensive!
Digital Signature Uses Asymmetric Key Crypto sender node signs the message with its private key Receiver node verifies the authenticated message using sender s public key n keys Problem: asymm crypto is expensive computationally
TIK protocol Main observation Authenticate the keys Use one-time-key Three phases Sender setup Receiver bootstrap Sending and verifying authenticated packet
TIK Protocol- Sender setup Requires tight time syn Includes the key in the packet Sender generates a series of keys, K 0, K 1,, K w-1, using a pseudo Random Function (F) and a secret master key X: K i = F x (i) Sender selects a key expiration interval I and determines the expiration time (T i ) for its keys: T i = T 0 + i*i, where T 0 is the expiration time for K 0 Sender constructs a Merkle hash tree to commit to keys: K 0, K 1,, K w-1
Merkle hash tree-i
Merkle hash tree-ii K 0 = H(K 0 ), H is hash function m 01 = H(K 0 K 1 ), m 03 = H(m 01 m 23 ); The root value (m 07 ) sent to the receivers To authenticate K 2, for example: Sender includes in the packet the tree hash values (T) which is only 3 values: K 3 M 01 m 47 Receiver authenticate K 2 by verifying m 07 m 07 = H[ H[ m 01 H[ H[K 2 ] K 3 ]] m 47 ]
TIK Protocol Receiver Bootstrapping Assumptions: Tight time syn within a max of Δ Receiver knows: The key expiration interval (I) the tree root m 07 Expiration of first key T 0
TIK Protocol Sending and Verifying Packets- Sending Sender HMAC M T K i Receiver HMAC M T K i Time at Sender t s T i Time at Receiver T: the hash tree values t r (t s + L/C - Δ) t s : send time, t r : receive time, T i : sender discloses the key K i after it expires, Attacker can not replay (one-time-key)!!
TIK Protocol Sending and Verifying Packets- Verification Receiver verifies: The key K i is authentic using Tree root m07 Hash tree values T The message HMAC using K i
TIK: a win-win game TIK already protect against Wormhole An attacker will most likely not be able to transmit the packet before it expires and the sender discloses it (one-timekey) WE can also add Expiration time (t e ) to the packet and authenticate using TIK
Performance Analysis Cons No protection against False sender time stamp (t s ) Receiver refusal to verify TIK still need to be optimized for very resource scarce sensors Pros For n node Requires n keys Less storage requirement for the hash tree Less computation overhead Efficient instant authentication Prevent wormhole attack
Conclusion Wormhole attack is a powerful and disruptive against many routing protocols With tight time syn, temporal leash can detect and prevent Wormhole Efficient implementation of Geographical leash and optimization of TIK are still research issues
References Yih-Chun Hu, Adrian Perrig, and David B. Johnson, Wormhole Attacks in Wireless Networks, IEEE Journal on Selected Areas in Communications, 24(2):370-380, IEEE, 2006. M. Khabbazian, H. Mercier, and V. K. Bhargava, Severity analysis and countermeasure for the wormhole attack in wireless ad hoc networks, IEEE Transactions on Wireless Communications, 8(2):736-745, 2009.
Discussion