documental sustentable
Descripción
Applying Intrusion Detection Systems to Wireless Sensor Networks Rodrigo Roman, Jianying Zhou, Javier Lopez
10 January 2006
Applying Intrusion Detection Systems to Wireless Sensor Networks
Summary • Wireless Sensor Networks • Intrusion Detection Systems • IDS Architecture for Wireless Sensor Networks • Conclusions
Applying Intrusion Detection Systems to Wireless Sensor Networks
Wireless Sensor Networks
Applying Intrusion Detection Systems to Wireless Sensor Networks
Wireless Sensor Networks (WSN) What? • Nodes: Constrained, Sensors, Wireless. • Dense Network (100 - more...) • ∑Nodes = WSN Applications • Healthcare • Environment • AmI (Smart Homes) • Military • ... Applying Intrusion Detection Systems to Wireless Sensor Networks
Infrastructure – Nodes Nodes Nodes Features:
Base Station
• 8 Mhz, 128Kb I’s • Battery: 1 year (“stand-by”) • Radio (19.2 – 250 Kbps) Roles: • Harvesters • Routers • Distributed Platform
Applying Intrusion Detection Systems to Wireless Sensor Networks
Infrastructure – Base Station Nodes B.S.: Less Constrained
Base Station
Roles: • Manager • Interface (Data Dissemination Network)
Applying Intrusion Detection Systems to Wireless Sensor Networks
Points of Attack
• Node Integrity Physical
• Channel Integrity • Environment Integrity • Energy Integrity
Every Node!
• Information Integrity Logical
• Protocol Integrity • Configuration Integrity
Applying Intrusion Detection Systems to Wireless Sensor Networks
Intrusion Detection Systems
Applying Intrusion Detection Systems to Wireless Sensor Networks
Intrusion Detection Systems • Intrusion? • Set of Actions Æ Unauthorized Access/Alteration • Detection: Intrusion Detection Systems (IDS)
- O.S. Logs - Applications
- Anomaly Detection - Network Packets
- Signature Detection
Applying Intrusion Detection Systems to Wireless Sensor Networks
IDS – Wireless Networks • Applying IDS to Wireless Networks… A real problem / • Wireless Communication, Multiple nodes… = Multiple points of attack • (Usually) IDS Agents inside every node: Constrained resources • Specific problems in Wireless Sensor Networks • Nodes are even more constrained • Highly specialized protocols • User/Administrator away from the problems (BS)
Applying Intrusion Detection Systems to Wireless Sensor Networks
IDS and WSN – State of the Art • Partial Solutions • Analysing fluctuations in sensor readings • Anomaly detection, HMM • Attesting the integrity of the code • Check I’s memory… but time is what matters! • Others: Send (protected) attesting algorithm • Watching over the information interchange (Watchdog) • Expensive for resource constrained nodes • No general infrastructure • Rules, rules, rules…
Applying Intrusion Detection Systems to Wireless Sensor Networks
IDS Architecture for Wireless Sensor Networks
Applying Intrusion Detection Systems to Wireless Sensor Networks
Architecture: “Template” • How it SHOULD be? • Separate detection tasks • Local Agents: Internal Info, Active 100% of the time • Global Agents: External Info, Aim for 100% coverage • What they should analyse? From what sources? • Share information between agents • Cryptography, voting mechanism (Ad Hoc), trust • Notify users – Base Station • Secure Broadcast algorithms (µTesla) • Optimised Alert database (small disk space) • Should have {timestamp, classification, source} Applying Intrusion Detection Systems to Wireless Sensor Networks
Local Agents - Node Status
- Physical/Logical Integrity
- Sent/Received Packets
- Measurement Integrity
- Measurements
- Protocol Integrity
- Neighbour Information
- Neighbourhood
Source Data
Analisys
Applying Intrusion Detection Systems to Wireless Sensor Networks
Local Agents • Physical Integrity • Nodes are easily accessible: Destroy! • Communication channel (Radio) is easily accessible: Jamming! • Alert: HW failures, anomaly in communication channels • Logical Integrity • Nodes can be reprogrammed • Alert: Programming event (Xnp) • Measurements • Physical attacks (e.g. defective sensors, others [fire – temperature sensor, movement – accelerometer]) • Alert: Anomaly detection systems Applying Intrusion Detection Systems to Wireless Sensor Networks
Local Agents • Protocol Integrity • Many protocols (Why? Specialized network) = Many attacks (malformed packets, packet injection,…) • Develop lightweight detection techniques • Neighbourhood • Static networks: Few variations in the network infrastructure • Alerts: New nodes, “disappearing” nodes … • Too much energy usage? • Analysis (protocols, measurements) – open issue
Applying Intrusion Detection Systems to Wireless Sensor Networks
Global Agents • Problem: Energy! Assure:
Source
- Balance tasks
Data
Information (Broadcast)
Analysis
- Network coverage
- Protocol Analysis (“Watchdogs”)
Applying Intrusion Detection Systems to Wireless Sensor Networks
Global Agents Stronger...
Hierarchical Networks • “Cluster Head” (CH) controls its section of the network • Global Agent, part of C.H.
Flat Networks • No hierarchy, same nodes • Global Agent? • Spontaneous Watchdog (SW) Applying Intrusion Detection Systems to Wireless Sensor Networks
Spontaneous Watchdogs • Premise: • “For every packet circulating in the network, there are a set of nodes that are able to receive both that packet and the relayed packet by the next-hop” • Only for dense networks • One of the nodes will activate its Global Agent: • Network coverage (∀ packet covered by [at least] 1 node) • Energy savings (detections tasks are distributed over the nodes)
Node C
Node A
Node B
Node D
Applying Intrusion Detection Systems to Wireless Sensor Networks
Spontaneous Watchdogs – Process • Algorithm • Every node receives all packets sent inside its neighbourhood (Waste of energy? No: Am I the destination of this packet?) • The destination of the packet is in my neighbourhood? Yes: I can be a Spontaneous Watchdog • How many nodes are in my situation? (n) • Need the list of neighbours of all my neighbours • Process: Intersect neighbours of sender and receiver = n Ej: A {B,C,D}, B {A,C,D} Æ {C,D} • Probability of being Spontaneous Watchdog: 1/n • There is no negotiation – process is totally independent
Applying Intrusion Detection Systems to Wireless Sensor Networks
Spontaneous Watchdogs – Problems • Situations with no active watchdog! • 0 SW : (33%) 0.29 – 0.36 • 1 SW : (40%) 0.44 – 0.36
% spontaneous watchdogs
50
• 2 SW : (20%) 0.19 – 0.22
• Drawback: More than one SW for one packet • Balance: Security / Energy
10 neighbors
35
5 neighbors
30
3 neighbors
25 20 15 10
0 1
2
3
4
5
6
7
8
9
10
11
Number of Nodes
50
Scenario probability (%)
• 0 SW : (7%) 0.04 – 0.12
25 neighbors
40
5
• Solution: Change (Increase) probabilities • E.g. : Double probability
45
45
25 neighbors
40
10 neighbors
35
5 neighbors 3 neighbors
30 25 20 15 10 5 0 0
1
2
3
4
5
6
7
8
9
10
Number of spontaneous w atchdogs (Nodes)
Applying Intrusion Detection Systems to Wireless Sensor Networks
Conclusions
Applying Intrusion Detection Systems to Wireless Sensor Networks
Conclusions • This is the path we have to walk… let’s walk it! • Apply existent algorithms to a complete IDS system • Analize protocols, deduce detection systems • Simulations • Other details • Network lifetime: Structure evolution (Ej: neighbour list) • IDS for mobile environments (mobile nodes)
Applying Intrusion Detection Systems to Wireless Sensor Networks
Applying Intrusion Detection Systems to Wireless Sensor Networks Rodrigo Roman, Jianying Zhou, Javier Lopez
10 January 2006
Applying Intrusion Detection Systems to Wireless Sensor Networks
Lihat lebih banyak...
Comentarios
