The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.02 - Feb. (2013 vol.12)
pp: 318-332
E. Y. Vasserman , Dept. of Comput. & Inf. Sci., Kansas State Univ., Manhattan, KS, USA
N. Hopper , Dept. of Comput. Sci. & Eng., Univ. of Minnesota, Minneapolis, MN, USA
ABSTRACT
Ad hoc low-power wireless networks are an exciting research direction in sensing and pervasive computing. Prior security work in this area has focused primarily on denial of communication at the routing or medium access control levels. This paper explores resource depletion attacks at the routing protocol layer, which permanently disable networks by quickly draining nodes' battery power. These "Vampire” attacks are not specific to any specific protocol, but rather rely on the properties of many popular classes of routing protocols. We find that all examined protocols are susceptible to Vampire attacks, which are devastating, difficult to detect, and are easy to carry out using as few as one malicious insider sending only protocol-compliant messages. In the worst case, a single Vampire can increase network-wide energy usage by a factor of O(N), where N in the number of network nodes. We discuss methods to mitigate these types of attacks, including a new proof-of-concept protocol that provably bounds the damage caused by Vampires during the packet forwarding phase.
INDEX TERMS
wireless sensor networks, access protocols, ad hoc networks, routing protocols, telecommunication security, packet forwarding phase, Vampire attacks, wireless ad hoc sensor networks, pervasive computing, medium access control levels, routing protocol layer, battery power, draining nodes, protocol-compliant messages, Routing, Routing protocols, Ad hoc networks, Network topology, Topology, Energy consumption, wireless networks, Denial of service, security, routing, ad hoc networks, sensor networks
CITATION
E. Y. Vasserman, N. Hopper, "Vampire Attacks: Draining Life from Wireless Ad Hoc Sensor Networks", IEEE Transactions on Mobile Computing, vol.12, no. 2, pp. 318-332, Feb. 2013, doi:10.1109/TMC.2011.274
REFERENCES
[1] "The Network Simulator - ns-2," http://www.isi.edu/nsnamns, 2012.
[2] I. Aad, J.-P. Hubaux, and E.W. Knightly, "Denial of Service Resilience in Ad Hoc Networks," Proc. ACM MobiCom, 2004.
[3] G. Acs, L. Buttyan, and I. Vajda, "Provably Secure On-Demand Source Routing in Mobile Ad Hoc Networks," IEEE Trans. Mobile Computing, vol. 5, no. 11, pp. 1533-1546, Nov. 2006.
[4] T. Aura, "Dos-Resistant Authentication with Client Puzzles," Proc. Int'l Workshop Security Protocols, 2001.
[5] J. Bellardo and S. Savage, "802.11 Denial-of-Service Attacks: Real Vulnerabilities and Practical Solutions," Proc. 12th Conf. USENIX Security, 2003.
[6] D. Bernstein and P. Schwabe, "New AES Software Speed Records," Proc. Ninth Int'l Conf. Cryptology in India: Progress in Cryptology (INDOCRYPT), 2008.
[7] D.J. Bernstein, "Syn Cookies," http://cr.yp.tosyncookies.html, 1996.
[8] I.F. Blaked, G. Seroussi, and N.P. Smart, Elliptic Curves in Cryptography, vol. 265. Cambridge Univ. , 1999.
[9] J.W. Bos, D.A. Osvik, and D. Stefan, "Fast Implementations of AES on Various Platforms," Cryptology ePrint Archive, Report 2009/501, http:/eprint.iacr.org, 2009.
[10] H. Chan and A. Perrig, "Security and Privacy in Sensor Networks," Computer, vol. 36, no. 10, pp. 103-105, Oct. 2003.
[11] J.-H. Chang and L. Tassiulas, "Maximum Lifetime Routing in Wireless Sensor Networks," IEEE/ACM Trans. Networking, vol. 12, no. 4, pp. 609-619, Aug. 2004.
[12] T.H. Clausen and P. Jacquet, Optimized Link State Routing Protocol (OLSR), IETF RFC 3626, 2003.
[13] J. Deng, R. Han, and S. Mishra, "Defending against Path-Based DoS Attacks in Wireless Sensor Networks," Proc. ACM Workshop Security of Ad Hoc and Sensor Networks, 2005.
[14] J. Deng, R. Han, and S. Mishra, "INSENS: Intrusion-Tolerant Routing for Wireless Sensor Networks," Computer Comm., vol. 29, no. 2, pp. 216-230, 2006.
[15] S. Doshi, S. Bhandare, and T.X. Brown, "An On-Demand Minimum Energy Routing Protocol for a Wireless Ad Hoc Network," ACM SIGMOBILE Mobile Computing and Comm. Rev., vol. 6, no. 3, pp. 50-66, 2002.
[16] J.R. Douceur, "The Sybil Attack," Proc. Int'l Workshop Peer-to-Peer Systems, 2002.
[17] H. Eberle, A. Wander, N. Gura, C.-S. Sheueling, and V. Gupta, "Architectural Extensions for Elliptic Curve Cryptography over GF($2^{\rm m}$ ) on 8-bit Microprocessors," Proc. IEEE Int'l Conf' Application-Specific Systems, Architecture Processors (ASAP), 2005.
[18] T. English, M. Keller, K.L. Man, E. Popovici, M. Schellekens, and W. Marnane, "A Low-Power Pairing-Based Cryptographic Accelerator for Embedded Security Applications," Proc. IEEE Int'l SOC Conf. , 2009.
[19] L.M. Feeney, "An Energy Consumption Model for Performance Analysis of Routing Protocols for Mobile Ad Hoc Networks," Mobile Networks and Applications, vol. 6, no. 3, pp. 239-249, 2001.
[20] M. Feldhofer, S. Dominikus, and J. Wolkerstorfer, "Strong Authentication for RFID Systems Using the AES Algorithm," Proc. Int'l Workshop Cryptographic Hardware and Embedded Systems (CHES), 2004.
[21] R. Fonseca, S. Ratnasamy, J. Zhao, C.T. Ee, D. Culler, S. Shenker, and I. Stoica, "Beacon Vector Routing: Scalable Point-to-Point Routing in Wireless Sensornets," Proc. Second Conf. Symp. Networked Systems Design & Implementation (NSDI), 2005.
[22] S. Galbraith, K. Harrison, and D. Soldera, "Implementing the Tate Pairing," Proc. Int'l Symp. Algorithmic Number Theory, 2002.
[23] S. Goldberg, D. Xiao, E. Tromer, B. Barak, and J. Rexford, "Path-Quality Monitoring in the Presence of Adversaries," Proc. ACM SIGMETRICS Int'l Conf. Measurement and Modeling of Computer Systems, 2008.
[24] A.J. Goldsmith and S.B. Wicker, "Design Challenges for Energy-Constrained Ad Hoc Wireless Networks," IEEE Wireless Comm., vol. 9, no. 4, pp. 8-27, Aug. 2002.
[25] R. Govindan and A. Reddy, "An Analysis of Internet Inter-Domain Topology and Route Stability," Proc. IEEE INFOCOM, 1997.
[26] M. Guirguis, A. Bestavros, I. Matta, and Y. Zhang, "Reduction of Quality (RoQ) Attacks on Internet End-Systems," Proc. IEEE INFOCOM, 2005.
[27] J.L. Hill and D.E. Culler, "Mica: A Wireless Platform for Deeply Embedded Networks," IEEE Micro, vol. 22, no. 6, pp. 12-24, Nov./Dec. 2002.
[28] Y.-C. Hu, D.B. Johnson, and A. Perrig, "SEAD: Secure Efficient Distance Vector Routing for Mobile Wireless Ad Hoc Networks," Proc. IEEE Workshop Mobile Computing Systems and Applications, 2002.
[29] Y.-C. Hu, D.B. Johnson, and A. Perrig, "Ariadne: A Secure On-Demand Routing Protocol for Ad Hoc Networks," Proc. MobiCom, 2002.
[30] Y.-C. Hu, D.B. Johnson, and A. Perrig, "Packet Leashes: A Defense against Wormhole Attacks in Wireless Ad Hoc Networks," Proc. IEEE INFOCOM, 2003.
[31] Y.-C. Hu, D.B. Johnson, and A. Perrig, "Rushing Attacks and Defense in Wireless Ad Hoc Network Routing Protocols," Proc. Second ACM Workshop Wireless Security (WiSE), 2003.
[32] Y. Huang and S. Bhatti, "Fast-Converging Distance Vector Routing for Wireless Mesh Networks," Proc. 28th Int'l Conf. Distributed Computing Systems Workshops (ICDCSW), 2008.
[33] D. Hwang, B.-C. Lai, P. Schaumont, K. Sakiyama, Y. Fan, S. Yang, A. Hodjat, and I. Verbauwhede, "Design Flow for HW/SW Acceleration Transparency in the Thumbpod Secure Embedded System," Proc. Design Automation Conf., 2003.
[34] L. Iannone, R. Khalili, K. Salamatian, and S. Fdida, "Cross-Layer Routing in Wireless Mesh Networks," Proc. Int'l Symp. Wireless Comm. Systems, 2004.
[35] D.B. Johnson, D.A. Maltz, and J. Broch, "DSR: The Dynamic Source Routing Protocol for Multihop Wireless Ad Hoc Networks," Ad Hoc Networking, Addison-Wesley, 2001.
[36] C. Karlof and D. Wagner, "Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures," Proc. IEEE Int'l Workshop Sensor Network Protocols and Applications, 2003.
[37] B. Karp and H.T. Kung, "GPSR: Greedy Perimeter Stateless Routing for Wireless Networks," Proc. ACM MobiCom, 2000.
[38] Y. Kawahara, T. Takagi, and E. Okamoto, "Efficient Implementation of Tate Pairing on a Mobile Phone Using Java," Proc. Int'l Conf. Computational Intelligence and Security, 2006.
[39] M. Koschuch, J. Lechner, A. Weitzer, J. Groschdl, A. Szekely, S. Tillich, and J. Wolkerstorfer, "Hardware/Software Co-Design of Elliptic Curve Cryptography on an 8051 Microcontroller," Proc. Eighth Int'l Conf. Cryptographic Hardware and Embedded Systems (CHES), 2006.
[40] A. Kröller, S.P. Fekete, D. Pfisterer, and S. Fischer, "Deterministic Boundary Recognition and Topology Extraction for Large Sensor Networks," Proc. Ann. ACM-SIAM Symp. Discrete Algorithms, 2006.
[41] A. Kuzmanovic and E.W. Knightly, "Low-Rate TCP-Targeted Denial of Service Attacks: The Shrew vs. the Mice and Elephants," Proc. SIGCOMM, 2003.
[42] Y.-K. Kwok, R. Tripathi, Y. Chen, and K. Hwang, "HAWK: Halting Anomalies with Weighted Choking to Rescue Well-Behaved TCP Sessions from Shrew DDoS Attacks," Proc. Int'l Conf. Networking and Mobile Computing, 2005.
[43] L. Xiaojun, N.B. Shroff, and R. Srikant, "A Tutorial on Cross-Layer Optimization in Wireless Networks," IEEE J. Selected Areas in Comm., vol. 24, no. 8, pp. 1452-1463, Aug. 2006.
[44] X. Luo and R.K.C. Chang, "On a New Class of Pulsing Denial-of-Service Attacks and the Defense," Proc. Network and Distributed System Security Symp. (NDSS), 2005.
[45] M. Maleki, K. Dantu, and M. Pedram, "Power-Aware Source Routing Protocol for Mobile Ad Hoc Networks," Proc. Int'l Symp. Low Power Electronics and Design (ISLPED), 2002.
[46] Y. Matsuoka, P. Schaumont, K. Tiri, and I. Verbauwhede, "Java Cryptography on KVM and Its Performance and Security Optimization Using HW/SW Co-Design Techniques," Proc. Int'l Conf. Compilers, Architecture, and Synthesis for Embedded Systems (CASES), 2004.
[47] M. McLoone and M. Robshaw, "Public Key Cryptography and RFID Tags," Proc. RSA Conf. Cryptography (CT-RSA), 2006.
[48] T.J. McNevin, J.-M. Park, and R. Marchany, "pTCP: A Client Puzzle Protocol for Defending Against Resource Exhaustion Denial of Service Attacks," Technical Report TR-ECE-04-10, Dept. of Electrical and Computer Eng., Virginia Tech, 2004.
[49] V.P. Nambiar, M. Khalil-Hani, and M.M.A. Zabidi, "Accelerating the AES Encryption Function in OpenSSL for Embedded Systems," Proc. Int'l Conf Electrical Design (ICED), 2008.
[50] A. Nasipuri and S.R. Das, "On-Demand Multipath Routing for Mobile Ad Hoc Networks," Proc. Int'l Conf. Computer Comm. and Networks, 1999.
[51] L.B. Oliveira, D.F. Aranha, E. Morais, F. Daguano, J. Lopez, and R. Dahab, "TinyTate: Computing the Tate Pairing in Resource-Constrained Sensor Nodes," Proc. IEEE Sixth Int'l Symp. Network Computing and Applications (NCA), 2007.
[52] K. Park and H. Lee, "On the Effectiveness of Probabilistic Packet Marking for IP Traceback under Denial of Service Attack," Proc. IEEE INFOCOM, 2001.
[53] B. Parno, M. Luk, E. Gaustad, and A. Perrig, "Secure Sensor Network Routing: A Clean-Slate Approach," CoNEXT: Proc. ACM CoNEXT Conf., 2006.
[54] V. Paxson, "An Analysis of Using Reflectors for Distributed Denial-of-Service Attacks," SIGCOMM Computing Comm. Rev., vol. 31, no. 3, pp. 38-47, 2001.
[55] C.E. Perkins and P. Bhagwat, "Highly Dynamic Destination-Sequenced Distance-Vector Routing (DSDV) for Mobile Computers," Proc. Conf. Comm. Architectures, Protocols and Applications, 1994.
[56] R. Potlapally, S. Ravi, A. Raghunathan, R.B. Lee, and N.K. Jha, "Impact of Configurability and Extensibility on IPSec Protocol Execution on Embedded Processors," Proc. Int'l Conf. VLSI Design, 2006.
[57] M. Poturalski, P. Papadimitratos, and J.-P. Hubaux, "Secure Neighbor Discovery in Wireless Networks: Formal Investigation of Possibility," Proc. ACM Symp. Information, Computer and Comm. Security (ASIACCS), 2008.
[58] D. Raffo, C. Adjih, T. Clausen, and P. Mühlethaler, "An Advanced Signature System for OLSR," Proc. Second ACM Workshop Security of Ad Hoc and Sensor Networks (SASN), 2004.
[59] D.R. Raymond, R.C. Marchany, M.I. Brownfield, and S.F. Midkiff, "Effects of Denial-of-Sleep Attacks on Wireless Sensor Network MAC Protocols," IEEE Trans. Vehicular Technology, vol. 58, no. 1, pp. 367-380, Jan. 2009.
[60] D.R. Raymond and S.F. Midkiff, "Denial-of-Service in Wireless Sensor Networks: Attacks and Defenses," IEEE Pervasive Computing, vol. 7, no. 1, pp. 74-81, Jan.-Mar. 2008.
[61] J. Rexford, J. Wang, Z. Xiao, and Y. Zhang, "BGP Routing Stability of Popular Destinations," Proc. Second ACM SIGCOMM Workshop Internet Measurement (IMW), 2002.
[62] R.L. Rivest, A. Shamir, and L. Adleman, "A Method for Obtaining Digital Signatures and Public-Key Cryptosystems," Comm. ACM, vol. 21, no. 2, pp. 120-126, 1978.
[63] V. Rodoplu and T.H. Meng, "Minimum Energy Mobile Wireless Networks," IEEE J. Selected Areas in Comm., vol. 17, no. 8, pp. 1333-1344, Aug. 1999.
[64] A. Saxena and B. Soh, "One-Way Signature Chaining: A New Paradigm for Group Cryptosystems," Int'l J. Information and Computer Security, vol. 2, no. 3, pp. 268-296, 2008.
[65] M. Scott, N. Costigan, and W. Abdulwahab, "Implementing Cryptographic Pairings on Smartcards," Proc. Eighth Int'l Conf. Cryptographic Hardware and Embedded Systems (CHES), 2006.
[66] R.C. Shah and J.M. Rabaey, "Energy Aware Routing for Low Energy Ad Hoc Sensor Networks," Proc. IEEE Wireless Comm. and Network Conf. (WCNC), 2002.
[67] S. Singh, M. Woo, and C.S. Raghavendra, "Power-Aware Routing in Mobile Ad Hoc Networks," Proc. ACM MobiCom, 1998.
[68] F. Stajano and R. Anderson, "The Resurrecting Duckling: Security Issues for Ad-Hoc Wireless Networks," Proc. Int'l Workshop Security Protocols, 1999.
[69] I. Stojmenovic and X. Lin, "Power-Aware Localized Routing in Wireless Networks," IEEE Trans. Parallel and Distributed Systems, vol. 12, no. 11, pp. 1122-1133, Nov. 2001.
[70] L. Subramanian, R.H. Katz, V. Roth, S. Shenker, and I. Stoica, "Reliable Broadcast in Unknown Fixed-Identity Networks," Proc. Ann. ACM SIGACT-SIGOPS Symp. Principles of Distributed Computing, 2005.
[71] H. Sun, J.C.S. Lui, and D.K.Y. Yau, "Defending against Low-Rate TCP Attacks: Dynamic Detection and Protection," Proc. IEEE 12th Int'l Conf. Network Protocols (ICNP), 2004.
[72] C. Villamizar, R. Chandra, and R. Govindan, BGP Route Flap Damping, IETF RFC 2439, 1998.
[73] L. von Ahn, M. Blum, N.J. Hopper, and J. Langford, "CAPTCHA: Using Hard AI Problems for Security," Proc. 22nd Int'l Conf. Theory and Applications of Cryptographic Techniques (Eurocrypt), 2003.
[74] Y. Wang, J. Gao, and J.S.B. Mitchell, "Boundary Recognition in Sensor Networks by Topological Methods," Proc. ACM MobiCom, 2006.
[75] A.D. Wood and J.A. Stankovic, "Denial of Service in Sensor Networks," Computer, vol. 35, no. 10, pp. 54-62, Oct. 2002.
[76] G. Yang, M. Gerla, and M.Y. Sanadidi, "Defense Against Low-Rate TCP-Targeted Denial-of-Service Attacks," Proc. Ninth Int'l Symp. Computers and Comm. (ISCC), 2004.
[77] J. Yuan, Z. Li, W. Yu, and B. Li, "A Cross-Layer Optimization Framework for Multihop Multicast in Wireless Mesh Networks," IEEE J. Selected Areas in Comm., vol. 24, no. 11, pp. 2092-2103, Nov. 2006.
[78] M.G. Zapata and N. Asokan, "Securing Ad Hoc Routing Protocols," Proc. First ACM Workshop Wireless Security (WiSE), 2002.
37 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool