counteracting denial of sleep attacks in wake up based
play

Counteracting Denial-of-Sleep Attacks in Wake-up-based Sensing - PowerPoint PPT Presentation

IEEE SECON 2016 Counteracting Denial-of-Sleep Attacks in Wake-up-based Sensing Systems Angelo T. Capossele, Valerio Cervo, Chiara Petrioli, Dora Spenza Motivation: Duty Cycling Tradeoff between energy saving and data latency Low duty cycle


  1. IEEE SECON 2016 Counteracting Denial-of-Sleep Attacks in Wake-up-based Sensing Systems Angelo T. Capossele, Valerio Cervo, Chiara Petrioli, Dora Spenza

  2. Motivation: Duty Cycling Tradeoff between energy saving and data latency Low duty cycle Latency: 10s of s Lifetime: >1yr Without duty cycle Low latency Lifetime: <5 days

  3. Nodes with wake-up receivers ● ULP receiver continuously monitoring the channel ● Nodes sleep until communication is needed ● Selective awakenings (WUR address) ● Energy-efficient on-demand communication

  4. The problem: Denial of Sleep attack 1. Bruteforce 2. Replay attack WAKE UP!!

  5. Effect of DoS attacks on lifetime Single attacker: replay attack every 10s Lifetime (years) 4 8 12 16 20 Normal operation Network under attack

  6. Our solution: AntiDoS Secure wake ups only from authorized nodes Prevent replay attack WUR addresses updated in a pseudo- random fashion after every use MAC(common secret key, ...) Bootstrap phase Key Management Protocol ● Lightweight ● Mutual authentication

  7. AntiDoS protocol (unicast) A B Compute B Wake-up radio address Main radio MAC(secret, IDs, SN) Awakening Send WUR WUR address request matching Communication Send Data Receive Data Prevent replay Update WUR attacks address MAC(secret, IDs, SN)

  8. Bruteforce Attacker must use datarate of the WUR

  9. Simulation setup ● Simulation framework: GreenCastalia ● WUR model: actual prototype, experimental data ● Monitoring application, converge casting (CTP) ● Single attacker randomly placed in the field ● Overhear legitimate WUR addresses ● Re-broadcast them every 10s to prevent nodes from sleeping

  10. Simulations results: Energy

  11. Experimental validation ● MagoNode++ ○ WUR ○ Energy harvesting ● TinyOS implementation Energy consumption of AntiDos operations ● Scalar addition/multiplication 14 uJ ● SHA-160 0.04 mJ ● HMAC 0.28 mJ ...

  12. Conclusion Denial of Sleep attacks are a significant threat for WUR-based sensing systems AntiDos ● Secure wake ups (authorized nodes) ● “Disposable” WUR addresses thwarts replay attacks

  13. Thank you!

Recommend


More recommend