Enter the maze

How vampires can turn your data

by Daniel Fawcett, Undergraduate at Queen Mary University of London

Female Vampire: copyright istock.com 10510877

Wireless sensors can be seriously smart. While your computer will connect to your Wi-Fi router at home if you tell it to, some wireless sensors can configure themselves to connect to each other to share any connection that any of them have, no matter where they are. But the way in which they are able to do this has opened the door to a new security threat, the vampire attack. So, what are vampire attacks and why are wireless sensor networks vulnerable to them while our home networks aren't?

Vampire attacks kill wireless sensors by sucking the life out of their batteries until they are dead. That's a real pain not only for the sensor but also for the person at the other end waiting for the data. This can be done by using nothing but the very data that the sensors are designed to send back. So how do you go about draining a battery with data alone?

Every time a sensor uses its computer to do something, it's using its battery. That includes when it is sending data across the network. The more data that it sends the quicker it uses the battery. Modern security software is clever enough to detect sensors sending strange amounts of data so vampire attacks work by sending the same amount of data as usual but changing how it is sent.

Sending data across a network is a little like Pass-the-Parcel but people can sit anywhere they like, not just in a circle. There's no music but instead the parcel has a name on it and everyone who passes the parcel is working together, trying to get it as quickly as possible to that person by passing it on.

In traditional networks, like using Wi-Fi at home, there are two types of people. There are those who can pass parcels (called routers) and those who can start or finish a game by sending or receiving a parcel (like a computer or sensor). A sender writes the name of the receiver on the parcel and gives it to someone who can pass parcels. After that, the sender has no control over where the parcel goes. Each person passing the parcel makes their own decision as to whom they pass it to next. Those who pass parcels know who to send it to because they talk to each other about the best routes across the network.

In wireless sensor networks this doesn't work for two reasons: there aren't any parcel-passing people around, just a lot of people who want to send and receive parcels, and secondly because all the people in the game are up and about, moving around rather than sitting that means too much talking to find the best routes.

To work around the first problem, each person takes on the role of passing the parcel as well as sending and receiving. Now everyone can send, pass and receive parcels.

To work around the second problem, instead of using all their time and energy talking a lot more, every sender works out the best route for their parcel just before they send it. It's as if the sender first sends a piece of paper to the receiver in the usual way. But now, every time someone receives the piece of paper they add their name to the bottom and pass a copy to everyone that they can reach. With pieces of paper going all through the network, eventually, the receiver gets one with their name on it and a list of people who can pass messages between them and the sender. The receiver sends a message back with the same list of people so that the sender knows the best route too.

Now the sender can send the parcel, with the list of names of those who the parcel gets passed to and in what order they should get it. This way the person who sends the parcel is in complete control over which route the parcel takes to the receiver. People who receive parcels can no longer make their own decisions about who to pass the parcel to. Because of this, if a sensor is taken over by an attacker it can change the list to make the parcel go in loops, meaning that some sensors have to pass the same parcel more than once, using their battery each time they pass it on. This is a type of Vampire Attack called a carousel attack (carousel because its the American name for a merry-go-round). Another type of attack is called the stretch attack where the attacker changes the list so that it is longer than it needs to be.

So, a vampire attack drains the sensor batteries of life and it is the way in which sensor networks pass data across the network that both makes them vulnerable and regular wireless networks at home invulnerable. Research is being done to find a way of preventing this attack right now, but it seems unlikely that garlic or stakes are going to be of any use this time.

More on ...

Computer Security
 
Bibliography Boukerche, A., ed. 2009. Algorithms and Protocols for Wireless and Mobile Ad Hoc Networks [online]. Hoboken, New Jersey: John Wiley & Sons Inc. Hopper, N. and Vasserman, E.Y. 2013. Vampire Attacks: Draining Life from Wireless Ad Hoc Sensor Networks [online], IEEE Transactions On Mobile Computing, 12 (2) February 2013, 318-332 Johnson, D., et al. 2007. RFC 4728: The Dynamic Source Routing Protocol (DSR) for Mobile Ad Hoc Networks for IPv4 [online]. The IETF Trust. Available from: http://tools.ietf.org/html/rfc4728#section-8.1.1 [Accessed 25 November 2013]