Hiroshima City University An Impersonation Attack Detection Method Using Bloom Filters and Dispersed Data Transmission for Wireless Sensor Networks Noriaki Tanabe, Eitaro Kohno, Yoshiaki Kakuda Graduate School of Information Sciences, Hiroshima City University Hiroshima City University Agenda Background Impersonation attacks Overview of our proposed method Bloom Filters Secret Sharing Scheme-based dispersed data transmission Proposed method Experiments and Discussions Conclusions Hiroshima City University 3SL 2012 Hiroshima City University Background Usage of Wireless Sensor Networks Requires for (WSNs) Climate observation Crime prevention, Disaster response Healthcare confidentiality when transferring data Dispersed Data Transmission Secret Sharing Scheme-based dispersion Weak against impersonation attacks Countermeasure Hiroshima City University to impersonation attacks Hiroshima City University Dispersed Data Transmission Path C (ID Pc = x3) Share #3 node3 Original data node2 Original data node6 Share #2 Path B (ID PB = x2) Share #1 source node4 node7 node1 Secret Sharing Scheme-based Dispersion Path A (ID PA = x1) Hiroshima City University node5 Sink Background (cont.) With Wireless Sensor Networks, sensor nodes and sink nodes communicate using multihop communication function. Multihop communication Intermediate node can steal relaying data Possibility to be in danger of being attacked • Falsification and eavesdropping of data packets • Impersonation (attacks) Hiroshima City University 3SL 2012 Hiroshima City University Hiroshima City University Impersonation attacks 【Actions of a malicious mode】 1. Steal/Falsify the source node’s ID 2. Sends crafted packets to destination node Node S’s ID DATA :Data packet Steal/Falsify DATA S Spoofed packet a Source Hiroshima City University b Malicious 3SL 2012 c D Destination Overview of our proposed method Hiroshima City University 【Feature 1.Authentic Identity】 •Bloom Filters to stores adjacent node ID’s of source node 【Feature 2.Packet Transmission】 • Secret Sharing Scheme-based dispersed data transmission Hiroshima City University 3SL 2012 Hiroshima City University Bloom Filters (BFs) • Data structures that are bit sequences • Capable of registering multiple data • Procedures to register data x1 , x 2 : Data to be registered 1.Acquire hash values to resist data 2.Set “1” of each hash values x1 and x2 are registered. h1(), h2(): Hash functions : 0 10 0 00 10 0 10 0 00 0 BF 0 1 2 3 4 5 6 7 8 9 BFs can be captured, but the function cannot be reversed. Hiroshima City University 3SL 2012 Hiroshima City University Secret Sharing Schemes Decryption (by collection greater or equal k [threshold]) The Original data (The secret Information) Share A Share B Share C Dispersal multiples Cannot decrypt less than k shares Decrypted data Share D Conceptual diagram of Secret Sharing Scheme This diagram called as a (k,n) threshold schemes. Hiroshima City University 9 9 Secret Sharing Scheme Hiroshima City University Method to create multiple shares from the original data for storing safely. Protect authentic information against malicious node’s attacks 【Characteristics】 The original data can be decrypted by collecting shares ・# of shares ≧ threshold: possible to decrypt ・# of shares < threshold : impossible to decrypt Hiroshima City University 3SL 2012 Procedures of our proposed method Hiroshima City University 1.Transmission of authentic identity 2. Using authentic identity to detect falsification 3.Detection of impersonation attacks Hiroshima City University 3SL 2012 Hiroshima City University 1.Transmission of authentic identity Hash value by hash() H B H share1 share1 share1share2 share2 S c share3 b share1 share2 share2 Dshare3 share3 d Decrypt share1 a Create Create shares shares share2 B B :Authentic identity H :Hash value e share33SL 2012 share3 Hiroshima City University f share3 Hiroshima City University Procedures on source node a b IDa IDc Register S c IDb Bloom Filter Hash (AIBF) AIBF AD Secret Sharing Scheme Share #1 Share #n Hash value Hiroshima City University AIBF-hash 2. Using authentic identity to detect falsification Hiroshima City University compare Hash value which created on destination node H B H Decrypted hash value on destination node Hash function is the Same on the source node identical: no falsified different: falsified (falsified during transmission) Hiroshima City University 3SL 2012 2. Using authentic identity to detect falsification Hiroshima City University (cont.) Store 比較 Authentic Identity Hash value which created Decrypted hash value on destination node on destination node identical: no falsified Verify Authentic Identity Hiroshima City University 3SL 2012 Hiroshima City University 3. Detection of impersonation attacks B :Auth. Info. H :Hash value D :Original data share B Hash value B H :share which includes data b share1 S share2 share1 share3 Dshare2 share2 d Hiroshima City University decrypt c share3 share2 share3 share1 a share2 share1 D share1 D Create Create shares shares H e 3SL 2012 share3 share3 f share3 Hiroshima City University 3. Detection of impersonation attacks (cont.) compare B Authentic Identity decrypted from shares Authentic Identity on destination node identical: The source node is S. different: Impersonation attacks exist (The source node is not S.) Hiroshima City University 3SL 2012 Hiroshima City University Simulation parameters Simulator Routing protocol Number of nodes Field size (m x m ) Source and destination pairs Interval of data packets (sec) Radio area (m) Hash function Length of Bloom Filter (bit) Number of simulation run MAC layer protocol Node distribution Hiroshima City University QualNet ver.5.0 SRIDR 50,100,150,200,250,300 1100 x 1100 10 0.4 250 Salted SHA-1 128 50 IEEE802.11b (PHY-ABSTRACT) RANDOM 3SL 2012 Hiroshima City University Scenarios of experiments 1. Performs proposed method 2. Malicious nodes creates spoofed packets and transmits them. 3. Destination nodes try to detect impersonation Spoofed packets a Spoofed packets b g f S Spoofed packets D c e i d Hiroshima City University h 3SL 2012 Spoofed packets Success rate on detection [%] Results of the success rate on detection of impersonation attacks 95.1% 97.4% 98.2% 87.6% Number of nodes Hiroshima City University 3SL 2012 98.7% Hiroshima City University 99.0% Number of nodes capable of stealing original data Number of nodes capable of stealing original data Hiroshima City University 5.97 4.72 Hiroshima City University 3.91 3.51 3.19 Number of nodes 3SL 2012 3.04 Hiroshima City University Conclusion • We have proposed a new detection method for impersonation attacks on WSNs. – Bloom Filter + – Secret Sharing Scheme-based secure dispersed data transmission • Our proposed method can detect impersonation attacks. • In addition, our proposed method has been effective as the number of nodes in the networks grows. Hiroshima City University 3SL 2012