10-10-2014, 12:26 PM
Vampire Attacks: Draining Life from
Wireless Ad Hoc Sensor Networks
Vampire Attacks.pdf (Size: 1.34 MB / Downloads: 15)
Abstract
—Ad hoc low-power wireless networks are an exciting research direction in sensing and pervasive computing. Prior security
work in this area has focused primarily on denial of communication at the routing or medium access control levels. This paper explores
resource depletion attacks at the routing protocol layer, which permanently disable networks by quickly draining nodes’ battery power.
These “Vampire” attacks are not specific to any specific protocol, but rather rely on the properties of many popular classes of routing
protocols. We find that all examined protocols are susceptible to Vampire attacks, which are devastating, difficult to detect, and are
easy to carry out using as few as one malicious insider sending only protocol-compliant messages. In the worst case, a single Vampire
can increase network-wide energy usage by a factor of OðNÞ, where N in the number of network nodes. We discuss methods to
mitigate these types of attacks, including a new proof-of-concept protocol that provably bounds the damage caused by Vampires
during the packet forwarding phase
Protocols and Assumptions
In this paper, we consider the effect of Vampire attacks on
link-state, distance-vector, source routing, and geographic
and beacon routing protocols, as well as a logical ID-based
sensor network routing protocol proposed by Parno et al.
[53]. While this is by no means an exhaustive list of routing
protocols which are vulnerable to Vampire attacks, we view
the covered protocols as an important subset of the routing
solution space, and stress that our attacks are likely to apply
to other protocol
RELATED WORK
We do not imply that power draining itself is novel, but
rather that these attacks have not been rigorously defined,
evaluated, or mitigated at the routing layer. A very early
mention of power exhaustion can be found in [68], as “sleep
deprivation torture.” As per the name, the proposed attack
prevents nodes from entering a low-power sleep cycle, and
thus deplete their batteries faster. Newer research on
“denial-of-sleep” only considers attacks at the MAC layer
[59]. Additional work mentions resource exhaustion at the
MAC and transport layers [60], [75] but only offers rate
limiting and elimination of insider adversaries as potential
solutions. Malicious cycles (routing loops) have been briefly
mentioned [10], [53], but no effective defenses are discussed
other than increasing efficiency of the underlying MAC and
routing protocols or switching away from source routing.
ATTACKS ON STATELESS PROTOCOLS
Here, we present simple but previously neglected attacks on
source routing protocols, such as DSR [35]. In these
systems, the source node specifies the entire route to a
destination within the packet header, so intermediaries do
not make independent forwarding decisions, relying rather
on a route specified by the source. To forward a message,
the intermediate node finds itself in the route (specified in
the packet header) and transmits the message to the next
hop. The burden is on the source to ensure that the route is
valid at the time of sending, and that every node in the
route is a physical neighbor of the previous route hop. This
approach has the advantage of requiring very little
forwarding logic at intermediate nodes, and allows for
entire routes to be sender authenticated using digital
signatures, as in Ariadne [29].
CONCLUSION
In this paper, we defined Vampire attacks, a new class of
resource consumption attacks that use routing protocols to
permanently disable ad hoc wireless sensor networks by
depleting nodes’ battery power. These attacks do not
depend on particular protocols or implementations, but
rather expose vulnerabilities in a number of popular
protocol classes. We showed a number of proof-of-concept
attacks against representative examples of existing routing
protocols using a small number of weak adversaries, and
measured their attack success on a randomly generated
topology of 30 nodes. Simulation results show that
depending on the location of the adversary, network energy
expenditure during the forwarding phase increases from
between 50 to 1,000 percent. Theoretical worst case energy
usage can increase by as much as a factor of OðNÞ per
adversary per packet, where N is the network size. We
proposed defenses against some of the forwarding-phase
attacks and described PLGPa, the first sensor network
routing protocol that provably bounds damage from
Vampire attacks by verifying that packets consistently
make progress toward their destinations. We have not
offered a fully satisfactory solution for Vampire attacks
during the topology discovery phase, but suggested some
intuition about damage limitations possible with further
modifications to PLGPa. Derivation of damage bounds and
defenses for topology discovery, as well as handling mobile
networks, is left for future work