A Taxonomy for Denial-of-Service Attacks in Wireless Sensor Networks

Wireless sensor networks (WSNs) are transitioning to real-world applications, where they face attacks already experienced by the Internet and wireless ad hoc networks. One such attack is that of denial-of-service ( DOS), which we believe will only become more prevalent as sensor networks become more pervasive and accessible. With the inherent resource limitations of WSN devices, they are particularly susceptible to the consumption and destruction of these scarce resources. We present a DOS attack taxonomy to identify the attacker, his capabilities, the target of the attack, vulnerabilities used, and the end result. We survey vulnerabilities in WSNs and give possible defenses. Protecting WSNs against DOS attacks—while remaining low-cost and flexible—is a primary research challenge that bears further exploration.

[1]  Pekka Nikander,et al.  DOS-resistant authentication with client puzzles. Discussion , 2001 .

[2]  John D. Howard,et al.  An analysis of security incidents on the Internet 1989-1995 , 1998 .

[3]  Pekka Nikander,et al.  DOS-Resistant Authentication with Client Puzzles , 2000, Security Protocols Workshop.

[4]  Jonathan K. Millen,et al.  A resource allocation model for denial of service , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[5]  Sang Hyuk Son,et al.  JAM: a jammed-area mapping service for sensor networks , 2003, RTSS 2003. 24th IEEE Real-Time Systems Symposium, 2003.

[6]  Ross J. Anderson Why cryptosystems fail , 1993, CCS '93.

[7]  Karl N. Levitt,et al.  Protecting routing infrastructures from denial of service using cooperative intrusion detection , 1998, NSPW '97.

[8]  Ari Juels,et al.  Client puzzles: A cryptographic defense against connection depletion , 1999 .

[9]  Craig Partridge,et al.  Single-packet IP traceback , 2002, TNET.

[10]  Sasikanth Avancha,et al.  Security for Sensor Networks , 2004 .

[11]  Mary Baker,et al.  Mitigating routing misbehavior in mobile ad hoc networks , 2000, MobiCom '00.

[12]  C. Karlof,et al.  Secure routing in wireless sensor networks: attacks and countermeasures , 2003, Proceedings of the First IEEE International Workshop on Sensor Network Protocols and Applications, 2003..

[13]  Mika Ståhlberg Radio Jamming Attacks Against Two Popular Mobile Networks , 2000 .

[14]  Virgil D. Gligor A Note on Denial-of-Service in Operating Systems , 1984, IEEE Transactions on Software Engineering.

[15]  Michael Weber,et al.  Protecting web servers from distributed denial of service attacks , 2001, WWW '01.

[16]  Markus G. Kuhn,et al.  Tamper resistance: a cautionary note , 1996 .

[17]  Randy H. Katz,et al.  Emerging challenges: Mobile networking for “Smart Dust” , 2000, Journal of Communications and Networks.

[18]  Andrew B. Whinston,et al.  Defending Wireless Infrastructure Against the Challenge of DDoS Attacks , 2002, Mob. Networks Appl..

[19]  Ramesh Govindan,et al.  Localized Edge Detection in Wireless Sensor Networks , 2003 .

[20]  Craig A. Grimes,et al.  Design of a Wireless Sensor Network for Long-term, In-Situ Monitoring of an Aqueous Environment , 2002 .

[21]  Deborah Estrin,et al.  Highly-resilient, energy-efficient multipath routing in wireless sensor networks , 2001, MOCO.

[22]  David A. Wagner,et al.  Secure verification of location claims , 2003, WiSe '03.

[23]  D. L. Lough,et al.  A taxonomy of computer attacks with applications to wireless networks , 2001 .

[24]  Stefan Savage,et al.  Inferring Internet denial-of-service activity , 2001, TOCS.

[25]  Jerry R. Hobbs,et al.  An algebraic approach to IP traceback , 2002, TSEC.

[26]  Matt Blaze,et al.  Denial of Service - Panel Discussion , 2000, Security Protocols Workshop.

[27]  Yih-Chun Hu,et al.  Packet leashes: a defense against wormhole attacks in wireless networks , 2003, IEEE INFOCOM 2003. Twenty-second Annual Joint Conference of the IEEE Computer and Communications Societies (IEEE Cat. No.03CH37428).

[28]  Ross J. Anderson Security engineering - a guide to building dependable distributed systems (2. ed.) , 2001 .

[29]  Roger M. Needham,et al.  Denial of service , 1993, CCS '93.

[30]  John R. Douceur,et al.  The Sybil Attack , 2002, IPTPS.

[31]  Virgil D. Gligor,et al.  A Specification and Verification Method for Preventing Denial of Service , 1990, IEEE Trans. Software Eng..

[32]  Peter Reiher,et al.  A taxonomy of DDoS attack and DDoS defense mechanisms , 2004, CCRV.

[33]  Dan S. Wallach,et al.  Denial of Service via Algorithmic Complexity Attacks , 2003, USENIX Security Symposium.

[34]  Catherine A. Meadows,et al.  A formal framework and evaluation method for network denial of service , 1999, Proceedings of the 12th IEEE Computer Security Foundations Workshop.

[35]  Zygmunt J. Haas,et al.  Securing ad hoc networks , 1999, IEEE Netw..

[36]  Ian F. Akyildiz,et al.  Wireless sensor networks: a survey , 2002, Comput. Networks.

[37]  L. B. Milstein,et al.  Theory of Spread-Spectrum Communications - A Tutorial , 1982, IEEE Transactions on Communications.

[38]  Gregory G. Finn,et al.  Routing and Addressing Problems in Large Metropolitan-Scale Internetworks. ISI Research Report. , 1987 .

[39]  Virgil D. Gllgor On denial-of-service in computer networks , 1986, 1986 IEEE Second International Conference on Data Engineering.

[40]  Richard D. Gitlin,et al.  Diversity coding for transparent self-healing and fault-tolerant communication networks , 1993, IEEE Trans. Commun..

[41]  Pekka Nikander,et al.  Towards Network Denial of Service Resistant Protocols , 2000, SEC.

[42]  David E. Culler,et al.  System architecture directions for networked sensors , 2000, SIGP.

[43]  J.A. Stankovic,et al.  Denial of Service in Sensor Networks , 2002, Computer.

[44]  Markus G. Kuhn,et al.  Analysis of a denial of service attack on TCP , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[45]  James A. Davis,et al.  A Genealogical Approach to Analyzing Post-Mortem Denial of Service Attacks , 2002 .

[46]  Clay Shields,et al.  What do we mean by Network Denial of Service , 2002 .

[47]  Roger M. Needham,et al.  Denial of service: an example , 1994, CACM.

[48]  Virgil D. Gligor,et al.  A Note on the Denial-of-Service Problem , 1983, 1983 IEEE Symposium on Security and Privacy.

[49]  Anna R. Karlin,et al.  Practical network support for IP traceback , 2000, SIGCOMM.

[50]  Jessica Staddon,et al.  Efficient tracing of failed nodes in sensor networks , 2002, WSNA '02.

[51]  Pekka Nikander,et al.  Stateless connections , 1997, ICICS.

[52]  Virgil D. Gligor On Denial-of-Service in Computer Networks , 1986, ICDE.