Skip to main content

Secure Routing in Sensor Networks

Researcher: Adrian Perrig


Secure Routing in Sensor Networks

Today, wireless sensor networks are in use for a wide variety of applications: ocean and wildlife monitoring, earthquake monitoring, manufacturing, building safety monitoring, and many military applications. An even wider spectrum of future applications can be envisioned, such as real-time traffic monitoring, pollution tracking, home surveillance, fire and people sensors in buildings and other smart environments, wildfire tracking, water quality sensors, and continuous heart-rate monitoring. A major benefit of these systems is that they can perform in-network processing to reduce large streams of raw data into useful aggregated information. It is critical to protect this information. It is also exciting to realize that since wireless sensor networks are in their infancy we have the opportunity to design security into the systems from the beginning. This is not an easy problem and many challenges exist.

Sensor networks pose unique new challenges, resisting direct application of traditional security techniques. First, to make sensor networks economically viable, sensor devices are very limited in their energy, computation, and communication capabilities. Second, in contrast to traditional networks, sensor nodes are often deployed in physically accessible areas, presenting a risk of physical attacks. Third, sensor networks interact closely with their physical environment, posing new security problems.

Researchers have proposed different approaches to provide efficient routing for point-to-point communication. However, these previous works on sensor network routing assume a trusted environment, where all sensor nodes cooperate and no attacker is present. Securing the routing protocol is one of the most essential protocols to secure. A single compromised sensor node could otherwise completely paralyze communication in a sensor network using a standard routing protocol. So far, little work has been done in secure sensor network routing protocols.

Secure Routing Current routing protocols suffer from many security vulnerabilities. For example, an attacker can easily perform denial-of-service attacks on the routing protocol, often preventing communication. The simplest attacks consist in injecting malicious routing information into the network that results in routing inconsistencies. Simple authentication can guard against such injection attacks, but some routing protocols are even susceptible to replay of legitimate routing messages by the attacker.

We plan to investigate systematically how to secure different types of routing protocols in sensor networks. Different applications require different types of routing protocols, and different types of routing protocols have different attacks and weaknesses that require different security mechanisms. We will study how to efficiently secure spanning-tree-like node to- base-station routing protocols, directed diffusion protocols, geographic routing protocols, and cluster-based routing protocols. We will design routing protocols secure against the following attacks: 

  • Routing loop: an attacker injects malicious routing information that causes other nodes to form a routing loop. Packets injected into this loop then get sent in a circle, wasting precious communication and battery resources.
  • General DoS attacks: by injecting malicious information or altering routing setup messages, an attacker can prevent the routing protocol from functioning correctly. For example, an attacker can inject malicious route errors, causing live links to be shut down.
  • Sybil attack: a malicious node creates multiple fake identities to perform attacks. In case an intrusion-detection system is in place, the fake identities may get revoked, causing new identities to be created. In geographic routing protocols, the fake identities can claim to be at different locations. This is a serious attack against many wireless network security mechanisms.
  • Blackhole attack: a malicious node advertises a short distance to all destinations, attracting traffic destined to those destinations. The attacker can selectively forward messages (although it may be difficult for them to leave the blackhole).
  • Wormhole attack: two nodes use an out-of-band channel (e.g., a directional antenna) to forward traffic between each other, enabling them to mount several other attacks (e.g., blackhole between nodes near the end-points of the wormhole, or the rushing attack which cripples flooding-based protocols).
  • Rushing attack: Many flooding-based broadcast algorithms need to use duplicate suppression on incoming messages: a node only forwards a message once and drops the message if it hears it again. In the rushing attack, an adversary broadcasts a bogus message with the same message id as the broadcast message. Due to duplicate suppression, all nodes that receive the bogus message, will subsequently suppress the legitimate broadcast message. We have found that the rushing attack is a very powerful attack against flooding protocols, crippling all current flooding protocols used in conjunction with ad hoc network routing protocols.