Information Technology Reference
In-Depth Information
As discussed, the sensor network itself plays the role of artificial tissue and therefore
the development of a separate artificial tissue as suggested in [3] and [15] is
unnecessary.
4 Poisoning Sensor Networks
The analogy between sensor networks and tissue can also incorporate ideas of harm
and damage. There are various types of vulnerabilities identified in sensor network
environments that are often not found in conventional wired networks. This work
focuses on vulnerabilities in sensor network routing protocols
that rely on presence of
limited capacity caches to keep a track of state of the network, for example the next
hop for a packet
.
Directed Diffusion is one such protocol. Such protocols are typically
optimised for nodes with limited resources and for specific applications, with little
consideration for security.
In their seminal work Karlof and Wagner [10] analysed diverse attacks against
sensor network routing protocols and introduced some countermeasures. Notable
attacks discussed include: Selective forwarding, Sinkhole attacks, Sybil attacks,
Wormhole attacks, HELLO flood attacks and Acknowledge spoofing. In this paper,
we introduce a new attack called the '
Interest Cache Poisoning Attack',
which can
easily disrupt multiple data paths in a network. The attacks discussed in [10] exploit
the vulnerabilities of sensor networks that are also found from mobile ad-hoc
networks. In contrast, the interest cache poisoning attack reflects the vulnerability of
data-centric approaches which are often adopted for routing in sensor networks.
Under the Directed Diffusion protocol, each node maintains an interest cache that
records the history of received interest packets. Each entry contains an interest and
gradient(s) towards neighbouring node(s) that have sent the interest packets, such that
when a data packet arrives, a node looks up its interest cache in order to find the next
hop for the data. If there is a matching interest, the node forwards the data packet to
the neighbour node(s) indicated by the gradient(s). Otherwise the data packet is
dropped. The basic idea of the interest cache poisoning attack is to inject fabricated
interest packets to replace benign entries in the interest caches of other nodes. The
attack is ideally aimed at nodes on established data paths that shall be referred to as
the targets of the attack.
For example, in our study of Tiny Diffusion - an implementation of the Directed
Diffusion protocol for real sensor nodes running the TinyOS
1
, we found that: (i) An
interest cache always has a fixed size and (ii) whenever a new interest packet arrives
and the cache is full, the oldest entry is replaced. Therefore to realise a successful
attack, the attacker can take advantage of the normal behaviour of the target by
forcing it to drop the content of its cache. The attack works in two phases: First by
flooding the target with bogus interests, thereby forcing it to drop those interests in its
cache already. This leads to the second phase of the attack, when the requested data
that was intended for distribution arrives, since the target no longer has gradients to
those interested in it and will be forced to drop it.
1
TinyOS is an open-source operating system designed for wireless embedded sensor networks.
(
http://www.tinyos.net/
)
