Download - Black hole attack
SECURITY AGAINST BLACK
HOLE ATTACK IN WIRELESS SENSOR NETWORK
Presented By:
Richa Kumari
Outlines:
1. Introduction about ad hoc network
2. Threat model of wireless sensor network
3. Security goal in wireless sensor network
4. Attacks in wireless sensor network
5. Detecting black hole in wireless sensor network
6. Black hole attacks prevention in WSNs
7. Comparison of attacks in WSN
8. Conclusion
9. References
1.Ad hoc network
• “Ad Hoc” is actually a Latin phrase that means “for this purpose”.
• In computer networking, an ad hoc network refers to a network
connection established for a single session and does not require a
router or a wireless base station.
• For example, if you need to transfer a file to your friend's laptop,
you might create an ad hoc network between your computer and
his laptop to transfer the file.
• If you need to share files with more than one computer, you could
set up a mutli-hop ad hoc network.
Cont..
Ad Hoc Network
Characteristics
• A network without any base stations “infrastructure-
less”
• Supports anytime and anywhere computing
• Self-organizing and adaptive
• Decreased dependence on infrastructure
• Each mobile host acts as a router
• Supports peer-to-peer communications
• Two topologies:
• Heterogeneous -Differences in capabilities
• Homogeneous or fully symmetric-all nodes have identical
capabilities and responsibilities.
Conti…
Heterogeneous Network Homogeneous Network
Mobile Ad hoc networks (MANETs)
• Mobile ad hoc networks are formed dynamically by an
autonomous system of mobile nodes that are connected via
wireless links.
• No existing fixed infrastructure or centralized administration
– No base station.
• Mobile nodes are free to move randomly.
• Each node work as router.
MANET Applications
• Military communication
• Emergency Services
• Search and rescue operations
• Disaster recovery – Earthquakes, hurricanes.
• Educational
• Virtual classrooms or conference rooms and meeting.
• Home and Entertainment
• Home/office wireless networking.
• Personal Area network
• Multiuser games
Wireless Sensor Networks(WSNs)
• A WSN is a heterogeneous system consists of hundreds or
thousands low-cost and low-power Tiny sensors to
monitoring and gathering information from deployment
environment in real-time.
• Common functions of WSNs are including broadcast and
multicast, routing, forwarding and route maintenance.
• The sensor's components are: sensor unit, processing unit,
storage/memory unit, power supply unit and wireless radio
transceiver; these units are communicating to each other.
Conti…
2. THREAT MODEL OF WSNs
a) Attacks Based on Access Level
Active attacker: attacker does operations, such as:
• Injecting faulty data into the WSN,
• Packet modification,
• Unauthorized access, monitor, eavesdrop and modify
resources and data stream,
• Creating hole in security protocols,
• Overloading the WSN.
Passive attacker: passive attacker may do following
functions:
• Attacker is gathers information from the WSN,
• Monitoring and eavesdropping from communication
channel.
Conti…b) Attacks Based on Attacking Devices
Mote-class attacker: mote-class attacker is every one that
using devices similar to common sensor nodes; this means,
• Using WSN's nodes (compromised sensor nodes) or access
to similar nodes/motes.
Laptop-class attacker: laptop-class attacker is every one that
using more powerful devices than common sensor nodes,
• Access to high bandwidth and low-latency communication
channel,
• Traffic injection,
• Passive eavesdrop on the entire WSN.
3. SECURITY GOALS IN WSNs
a) Primary Goals:
Data Confidentiality:
• Means information access to only the authorized users
and preventing access by the unauthorized users.
• If sensor nodes are not capable of keeping the data
confidential, then any neighbouring node can transmit
false information.(harmful to military application)
Data Authentication:
• Data authentication is the ability of a receiver to verify
that the data received by a correct sender.
• In WSN data can not only be tampered by the malicious
nodes but the entire packet stream can be changed by
false packets. So, a receiver must be able to identify if
the data originated from the correct source or not.
Conti..
Data Availability:
• The principal of this is that resource should be available
to authorized parties at all time.
Data Integrity:
• It ensures that the received data are exactly same as sent
by authorized entity, means no data modification,
insertion, deletion or replay of the message.
• It confirms that the data is reliable and has not been
altered or changed.
Conti..
b) Secondary Goals
Data Freshness:
• Data freshness determines that the data is recent and no
old packets have been replayed.
Self-Organization:
• these sensor nodes must have self-organising capability
so that they can dynamically organise according to the
environment and situation.
Secure Organization:
• Unfortunately, a malicious node can manipulate non
secured location information by reporting false signal
strengths, replaying signals.
4.ATTACKS IN WSNs
Passive attacks
• The passive attack (eavesdropping) listening and analyses
exchanged traffic.
• This type of attacks is easier to realize and it is difficult to
detect.
• The intention of the attacker can be extract the confidential
information or the knowledge of the significant nodes in the
network (cluster head node), by analysing routing
information.
Conti…
a) Eavesdropping
• A malicious node simply overhears the data stream to gain
knowledge about the communication content. When the
network traffic transmits control information about the
sensor network configuration that contains detailed
information about the network.
b) Traffic Analysis:
• Malicious nodes can analyse the network traffic to determine
which nodes have high activity.
Conti..
• Once the highly active sensor nodes are discovered, the
malicious nodes can cause harm to those sensor nodes.
c) Camouflage:
• Malicious nodes can hide in the sensor network by
masquerading as normal sensor nodes. So they deceive the
other sensor nodes and attract packets from them.
Active Attacks
• An active attack involves monitoring, listening and
modification of the data stream by the malicious nodes.
• Active attacks cause direct harm to the network because
they can manipulate the data stream.
a) Routing attacks
• The attacks which act on the network layer are called routing
attacks. These attacks occur while routing the messages.
• There are many types of routing attacks.
Conti..
Sybil Attack
• Attacker takes multiple Fake identities and use the identities
of the others nodes in order to take part in distributed
algorithms such as the election.
• These fake identities are known as Sybil nodes.
Hello Flood Attack
• Many routing protocols use "HELLO" packet to discover
neighboring nodes and thus to establish a topology of the
network.
Conti…
• Attacker sending a flood of such messages to flood the
network and to prevent other messages from being exchanged.
Black Hole Attack:
• A malicious node advertises the wrong paths as good paths to
the source node during the path finding process.
• When the source select the path including the attacker node,
the traffic starts passing through the adversary node and this
nodes starts dropping the packets selectively or in whole.
• Black hole region is the entry point to a large number of
harmful attacks.
Conti...
Conti…
Single Black Hole Attack:
• In this type of attack the malicious node individually attacks
as a black hole node which hysterics into the routes between
the source and the destination.
Cooperative Black Hole Attack:
• In this type of attack, the malicious nodes act in a group.
Unlike single black hole attack, here the multiple nodes
absorb the packets sent for the destination node.
Conti..
grey hole attack:
• There are two ways in which a node can drop packets:
• It can drop all UDP packets.
• It can drop 50% of the packets or can drop them with
probabilistic distribution.
• A grey hole attack affects one or two nodes in the network
whereas a black hole attack affects the whole network.
Conti..
Wormhole Attack
• Wormhole attack is an attack on the routing protocol in
which the packets or individual bits of the packets are
captured at one location, tunnelled to another location and
then replayed at another location.
Conti..
b) Denial of Service Attack
• This attack prevent the victim from being able to use all or part of
their network connection.
• DoS attack allows an adversary to disrupt, or destroy a network,
and also to diminish a network’s capability to provide a service.
• For example, a malicious node can send huge number of requests
to a server. Due to the huge number of requests, the server will be
busy in testing illegal requests and so, it will not be available for
the legal users.
5. DETECTING BLACK HOLE IN WSNs
a) USING MOBILE AGENT
Mobile Agent
• Mobile Agent is defined as a software component which is
either a thread or a code carrying its execution state to perform
the network function.
Black hole attack detection algorithm: To check the
probability of the presence of black hole nodes,
Conti..
Conti..
B) EXPONENTIAL TRUST BASED MECHANISM
A table in the memory which stores the trust factor (TF) of each node. Initially, trust factor is 100 for every node.
Conti..
Proposed algorithm
6. BLACK HOLE ATTACKS PREVENTION IN WSN
Design and Implementation
• Let, N is the set of randomly deployed Sensor Nodes (SNs), N=
{1,..., n}.
N= Σ ni=1 Ni
• Let, B is the set of Base Stations available in the network, which
are more powerful than SNs, B= {B1,…, Bm}
B = Σ m i=1 Bi
• The Sensor network represented as a graph ,V = N∪B
where N represent the Sensor Node and B represents the Base
Stations.
Conti..
• two points in Euclidean n-space, then the distance from i to j or
from j to i is given by,
• Si denote the set of SNs identified by Bi as a black hole nodes.
• Initially all SNs in the network are added to the set Si,
N={1,.......,n}.All the BSs in B get together and create the global
black hole set as,
s=∩Si
Conti..
• Remove the SNs from whom none of the BSs got any data
packet. This procedure performs in the network by regular
time interval.
• Black hole node does not forward any packet to the BSs. As
a result no black hole node is going to be a part of the path
from any non-black hole SN to a BS.
• Consequently, these nodes will not be removed from the set
Si.
Where {i | Bi ∈ B}
7.COMPARISON OF ATTACKS IN WSN
• This comparison gives us an analysis of which attack can
cause maximum harm to the system and decrease the
reliability and security of the system.
8.CONCLUSION
• Wireless sensor networks are increasingly being used in
military, environmental, health and commercial applications.
Sensor networks are inherently different from traditional wired
networks as well as wireless ad-hoc networks. Security is an
important feature for the deployment of Wireless Sensor
Networks.
• This presentation summarizes the attacks and their
classifications in wireless sensor networks.
• We have also discussed black hole detection and prevention
techniques.
9. REFERENCES
i. William Stallings, Cryptography and Network Security Principles and
Practices, Fourth Edition, Prentice Hall, 2005.
ii. Satyajayant Misra, Kabi Bhattarai and Guoliang Xue, "BAMBi:
Blackhole Attacks Mitigation with Multiple Base Stations in Wireless
Sensor Networks", publication in the IEEE ICC 2011 proceedings.
iii. A. Perrig, J. Stankovic and D. Wagner; Security in Wireless Sensor
Networks; In Communications of the ACM Vol. 47, No. 6, 2004.
iv. J. Yick, B. Mukherjee and D. Ghosal; Wireless Sensor Network
Survey; Elsevier's Computer Networks Journal 52 (2292-2330);
Department of Computer Science, University of California; 2008.