Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures Chris Karlof David Wagner University of California at Berkeley ckarlof,daw @cs.berkeley.edu Abstract— We consider routing security in wireless sensor networks. Many sensor network routing protocols have been proposed, but none of them have been designed with security as a goal. We propose security goals for routing in sensor networks, show how attacks against ad-hoc and peer-to-peer networks can be adapted into powerful attacks against sensor networks, introduce two classes of novel attacks against sensor networks — sinkholes and HELLO ﬂoods, and analyze the security of all the major sensor network routing protocols. We describe crippling attacks against all of them and suggest countermeasures and design considerations. This is the ﬁrst such analysis of secure routing in sensor networks. ¡
be adapted into powerful attacks against sensor networks. We present the ﬁrst detailed security analysis of all the major routing protocols and energy conserving topology maintenance algorithms for sensor networks. We describe practical attacks against all of them that would defeat any reasonable security goals. We discuss countermeasures and design considerations for secure routing protocols in sensor networks. ¢ ¢
II. BACKGROUND We use the term sensor network to refer to a heterogeneous system combining tiny sensors and actuators with generalpurpose computing elements. Sensor networks may consist of hundreds or thousands of low-power, low-cost nodes, possibly mobile but more likely at ﬁxed locations, deployed en masse to monitor and affect the environment. For the remainder of this paper we assume that all nodes’ locations are ﬁxed for the duration of their lifetime. For concreteness, we target the Berkeley TinyOS sensor platform in our work. Because this environment is so radically different from any we had previously encountered, we feel it is instructive to give some background on the capabilities of the Berkeley TinyOS platform. A representative example is the Mica mote2 , a small (several cubic inch) sensor/actuator unit with a CPU, power source, radio, and several optional sensing elements. The processor is a 4 MHz 8-bit Atmel ATMEGA103 CPU with 128 KB of instruction memory, 4 KB of RAM for data, and 512 KB of ﬂash memory. The CPU consumes 5.5 mA (at 3 volts) when active, and two orders of magnitude less power when sleeping. The radio is a 916 MHz low-power radio from RFM, delivering up to 40 Kbps bandwidth on a single shared channel and with a range of up to a few dozen meters or so. The RFM radio consumes 4.8 mA (at 3 volts) in receive mode, up to 12 mA in transmit mode, and 5 A in sleep mode. An optional sensor board allows mounting of a temperature sensor, magnetometer, accelerometer, microphone, sounder, and other sensing elements. The whole device is powered by two AA batteries, which provide approximately 2850 mA hours at 3 volts. Sensor networks often have one or more points of centralized control called base stations. A base station is typically a gateway to another network, a powerful data processing or 2 We
I. I NTRODUCTION Our focus is on routing security in wireless sensor networks. Current proposals for routing protocols in sensor networks optimize for the limited capabilities of the nodes and the application speciﬁc nature of the networks, but do not consider security. Although these protocols have not been designed with security as a goal, we feel it is important to analyze their security properties. When the defender has the liabilities of insecure wireless communication, limited node capabilities, and possible insider threats, and the adversaries can use powerful laptops with high energy and long range communication to attack the network, designing a secure routing protocol is non-trivial. We present crippling attacks against all the major routing protocols for sensor networks. Because these protocols have not been designed with...
Please join StudyMode to read the full document