Distributed Detection of Node Replication Attack in Wireless. Sensor Network.
Sagar Jagtap1, Geetika Narang2. 1PG student, 2Professor, Pune University,
Pune.
International Journal of Emerging Technology and Advanced Engineering Website: www.ijetae.com (ISSN 2250-2459, ISO 9001:2008 Certified Journal, Volume 3, Issue 6, June 2013)
Distributed Detection of Node Replication Attack in Wireless Sensor Network Sagar Jagtap 1, Geetika Narang2 1
PG student, 2Professor, Pune University, Pune In fact honest nodes cannot be aware of the fact that they have a clone among their neighbors present into network. To have a large amount of compromised nodes, the attacker does not need to compromise a high number of nodes. Cloning one or two node from node can achieve adversary’s intention. Indeed, once a single node has been captured and compromised, the main cost of the attack has been sustained. Making further clones of the same node can be considered cheap. We propose effective detection method called Randomized, Authentic, Efficient, Distributed protocol to detect node replication attack in wireless sensor network. Recent work talks about static wireless sensor network by identifying clone based on its location after attack was happened. The proposed method finds the clone before it introduced into network by adversary and allows continuous communication between nodes by avoiding blocking. The rest of this paper is organized as review of related work, experimental setup of threat model assumed and it’s SRS, followed by mathematical model, Dynamic Programming, Data independence and Data Flow architecture, result and conclusion.
Abstract— WSNs can be deployed in harsh environments to fulfill many applications such as military, environmental, health care, remote monitoring and other applications where an attacker can physically capture some of the nodes from network. Adversary first captures all the details of node and can replicate in large number of clones taking network in control. Many distributed solutions have been proposed to detect the cloned attack. But these are not taken into consideration as these solutions are memory and energy demanding and also not satisfactory in authentic context. Thus properties of mechanism of clone attack are analyzed. Solutions already proposed are not fulfilling requirement of clone attack detection. So, Authentic, Randomized, Efficient, Distributed (ARED) protocol is proposed. Keywords— Authentic RED protocol Method, Clone Node Detection, Efficiency, Wireless Sensor Network.
I. INTRODUCTION A Wireless Sensor Network is a combination of sensors with less number of resources that collaborate to achieve a common set of goal. WSNs can be deployed in distributed environments to fulfill both military and civil applications. Due to their operating nature, they are often unattended, hence prone to different kinds of attacks. For instance, an attacker could eavesdrop all network communications, further, an adversary could capture nodes acquiring all the information stored therein sensors are commonly assumed to be not tamper-proof. Therefore, an adversary may replicate i.e. clones captured sensors and deploy them in the network to launch a variety of malicious activities in network. This attack is considered to be the clone attack. Since a clone has legitimate information (code and cryptographic material), it may participate in the network operations in the same way as a non compromised node; hence, cloned nodes can launch a various attacks. For instance, a clone could create a black hole, initiate a wormhole attack with a combining adversary, or inject false data or aggregate data in such a way to bias the final result. Clones can leak or drop data. The threat of a clone attack can be characterized by two main points: A clone is considered totally honest and original node by its neighbors.
II. RELATED WORK One of the first solutions for the detection of clone attacks relies on a centralized Base Station (BS) [1]. In this solution, each node sends a list of its neighbors and their locations (that is, the geographical coordinates of each node) to a BS. The same node ID in two lists with inconsistent locations will result in clone detection. Then, the BS revokes the clones. This solution has several drawbacks, such as the presence of a single point of failure i.e. the BS and high communication cost due to the large number of messages flowing through central node. Going further, nodes close to the BS will be required to route much more messages than other nodes, hence shortening their operational life. To avoid relying on a central base station, we could instead rely on a node’s neighbors to perform replication detection.
477
International Journal of Emerging Technology and Advanced Engineering Website: www.ijetae.com (ISSN 2250-2459, ISO 9001:2008 Certified Journal, Volume 3, Issue 6, June 2013) Using a voting mechanism, the neighbors can reach a consensus on the legitimacy of a given node. Unfortunately, while achieving detection in a distributed fashion, this method fails to detect distributed node replication in disjoint neighborhoods within the network. As long as the replicated nodes are at least two hops away from each other, a purely local approach cannot succeed. A voting mechanism is used within a neighborhood to agree on the legitimacy of a given node. However, this kind of a method applied to the problem of replica detection fails to detect clones that are not within the same neighborhood. As described in [2], a distributed solution for the detection of the node replication attack is Node-ToNetwork Broadcasting. In this proposed solution, each node floods the network with a message containing its location information and compares the received location information with that of its neighbors. If a neighbor Nw of node Sa receives a location claim that the same node Na is in a position not coherent with the originally detected position of Na, which will result in a clone detection. However, this method is very energy consuming since it requires n flooding per iteration, where n is the number of nodes in the WSN. The proposed attack is sybil attack [3], a node claims multiple existing identities i.e. cloned node’s stolen from corrupted nodes. Both the sybil and the clone attacks are based on identity theft, however the two attacks are independent. The Sybil attack can be efficiently addressed with mechanism based with authentication based on the knowledge of a fixed key set.
In Fig. 1, node a announces its location and one of its neighbors, node b, forwards the claim to node f. A location claim, when travelling from source to destination, has to pass through several intermediate nodes that form the socalled claim message path. Moreover, every node that routes this claim message has to check the signature locally, to store the message, and to check the coherence with the other location claims received within the same run of the detection protocol. Node replication is detected by the node (if present) on the intersection of two paths generated by two different node claims carrying the same ID and coming from two different nodes.
Figure 1. Line Selected Multicast [10]
Node a0 is a clone of node a (it has the same ID of node a). The claim of a0 is forwarded by node c to node e. In the example, node w will then result in the intersection of two paths carrying the claim of ID a coming from different locations. Node w, the witness node, detects the attack and triggers a revocation procedure. The only approach that achieves real-time detection of clone sensor attacks in WSN was proposed by [4]. In their approach, each computes a fingerprint by incorporating the neighborhood information through a superimposed s disjunct code. Each node stores the fingerprint of all neighbors. Whenever a node sends a message, the fingerprint should be included in the message and thus neighbors can verify the fingerprint. The messages sent by clone nodes deployed in other locations will be detected and dropped since the fingerprint does not belong to the same community. The drawback of this approach is to overflow of memory used for storing fingerprints at each node. Also the time required to check the fingerprint at each node is more so as to create delay in forwarding message.
Randomized Multicast (RM): Assuming that there is a replicated node, if every neighbor randomly selects ( n ) destinations, with a not negligible probability, at least one node will receive a pair of not coherent location claims. The neighbor node can be called for witness, the node that detects the existence of a node in two different locations within the same protocol run. The RM protocol implies a high communication cost:
( n )
Each neighbor has to send messages. To solve this problem, LSM protocol has been proposed. Line-Selected Multicast (LSM): The LSM protocol is similar to RM, but it introduces a remarkable improvement in terms of detection probability. In LSM, when a node announces its location, every neighbor first locally checks the signature of the claim, and then, with probability p. 478
International Journal of Emerging Technology and Advanced Engineering Website: www.ijetae.com (ISSN 2250-2459, ISO 9001:2008 Certified Journal, Volume 3, Issue 6, June 2013) A clone detection approach in sensor networks called SET [5]. In SET the network is randomly divided into exclusive subsets of network. Each of subsets has a subset leader, and members are one-hop away from their subset leader. Next, multiple roots are randomly decided to construct multiple sub-trees and each subset is a node of the sub-tree. Each subset leader collects member information and forwards to the root node of the sub-tree. The intersection operation is performed on each root of the sub-tree to detect replicated nodes. If the intersection of all subsets of a sub-tree is empty, there are no clone nodes in this sub-tree. In the final stage, each root forwards its report to the BS. The BS detects the clone nodes by computing the intersection of any two received sub-trees. In summary, SET detects clone nodes by sending node’s information to the BS from subset leader to the root node of a randomly constructed sub-tree and then to the BS. A new protocol for securing WSN against nodes replication attacks by limiting the order of deployment [6]. Their scheme requires sensors to be deployed progressively in successive generations. Each node belongs to a unique generation. In their scheme, only newly deployed nodes are able to establish pair-wise keys with their neighbors, and all nodes in the network know the number of highest deployed generation. Therefore, the clone nodes will fail to establish pair-wise keys with their neighbors since the clone nodes belong to an old deployed generation. Around 20 nodes are deployed in wireless sensor network. Meanwhile Adversary captures one of the nodes from established network and captures the credentials of compromised node and creates the cloned node of the same. So as to detect the cloned node, randomized, authentic, efficient, distributed protocol runs for selection of witness distribution. This protocol is neither ID oblivious nor area oblivious.
Red protocol has randomly witness distribution. It may be possible for clone attack involved. Therefore the red protocol with the distributed node information table has been proposed. A distributed node information table is a distributed system that provides a key-based mapping service which is similar to a hash table: (key, value) pairs are stored in the Distributed node information table, and any participating node can efficiently store and retrieve records associated with specific keys. By design, node information table distributes responsibility of maintaining the mapping from keys to records among nodes in an efficient and balanced way, which allows node information table to scale to large networks and suitable to serve as a facility of distributed node clone detection. NIT techniques have been utilized to provide data central storage and indexing services for distributed sensor networks, such as object tracking, and to design NIT-driven sensor network routing protocols. Thus approach to such algorithm resulting into randomized, authentic, secure, efficient, distributed detection of node replication attack. IV. MATHEMATICAL MODEL Step 1. Consider WSN with node’s with witness node set and n neighbor. Where, n = Number of nodes in the network p = probability a neighbor replicates location information g = Number of witness nodes Step 2. Probability of selecting witness node -
1 g Step 3. The clone attack is detected is equal to the probability that at least one neighbor of each clone sends the claim to the same witnesses.
III. PROPOSED METHODOLOGY
1 1 g ^ n^2
There are some benefits in the proposed system and it can categorized for Randomized Multicast as well as for Line Selected Multicast .The primary notion of IDobliviousness and area obliviousness that convey a measure of the quality of the node replicas detection protocol has been introduced that is, its resilience to smart adversary. Moreover, it has been indicated that the overhead of such a protocol should be not only small, but also evenly distributed among the nodes, both in computation and memory.
Step 4. The evaluation of protocol is done based on energy consumption, memory overhead, detection probability by using below equation –
p.g.n
479
International Journal of Emerging Technology and Advanced Engineering Website: www.ijetae.com (ISSN 2250-2459, ISO 9001:2008 Certified Journal, Volume 3, Issue 6, June 2013) V. PROGRAMERS DESIGN
Wireless sensor network contains static or movable nodes. These nodes communicate with each other or with base station for performing certain operation. Base station or access point is considered to be used for storing distributed node information table and used for broadcasting random value to other node. This distributed node information table holds the node information in terms of key value pair. Key is ID of the node and value is location of node. Adversary attacks this network and captures credentials and details of compromised node resulting cloned node. When any new or cloned node enters into network, iteration of algorithm runs which checks the newly entered node’s id against node information table. If the ID is already present into table with incoherent location then revocation procedure is getting invoked for that node ID else algorithm updates node information table with newly entered node. VI. RESULTS AND DISCUSSION In the presence of compromised nodes, we can analytically show that RED is more resilient in its detection capabilities than LSM. Proposed work is resulting into randomized, authentic, secure, efficient distributed detection of node replication attack in wireless sensor network is more effective as compared to RED and LSM proposed in this paper.
Figure 2: Level 0
Consider a wireless sensor network consisting of set of nodes. These nodes may or may not be static. These nodes communicate with each other by sending claim message. Adversary captures the credential of compromised node and injects cloned node into network. This clone node can take part in communicating with other node as this node is going to be considered as original node as clone node is holding required credential. At least one clone node in network can fulfills adversary intention.
VII. CONCLUSION Newly designed protocol for Detection of node replication attack creates far difference in terms of energy utilization, memory overhead, detection probability, witness distribution and authentic, secure detection as compared to RED protocol. As proposed scheme extending to RED is more efficient and effective, accurate in detecting cloned node in WSN. This method improves the security aspect of wireless sensor networks mainly in unattended environment and improves the real time data acquisition systems in future. REFERENCES [1]
[2]
[3] Figure 3: Level 1
480
L. Eschenauer and V.D. Gligor, ”A Key-Management Scheme for Distributed Sensor Networks,” Proc. Conf. Computer and Comm. Security (CCS ’02), pp. 41-47, 2002. B. Parno, A. Perrig, and V.D. Gligor, ”Distributed Detection of Node Replication Attacks in Sensor Networks,” Proc. IEEE Symp. Security and Privacy (SandP ’05), pp. 49-63, 2005. J. Newsome, E. Shi, D. Song, and A. Perrig, ”The Sybil Attack in Sensor Networks: Analysis and Defenses,” Proc. Int’l Symp. Information Processing in Sensor Networks (IPSN ’04), pp. 259268, 2004.
International Journal of Emerging Technology and Advanced Engineering Website: www.ijetae.com (ISSN 2250-2459, ISO 9001:2008 Certified Journal, Volume 3, Issue 6, June 2013) [4]
[5] [6]
[7]
[8]
Xing, K. F. Liu, X. Cheng and D.H.C. Du, 2008. Realtime detection of clone attacks in wireless sensor networks. Proceeding of the IEEE International lst Conference Distributed Computing Systems, 17- 202008, Beijing, pp: 3-10. DOI: 10.1109/ICDCS.2008.55 Heesook Choi, Sencun Zhu, and T. F. La Porta. ”SET: Detecting node clones in Sensor” ”Node Clone detection in wireless sensor Networks”, In Proceedings of the 3rd International Conference on Security and Privacy in Communication Networks (SecureComm), 2007. Bekara, C., Laurent-Maknavicius, M.: ’A new protocol for securing wireless sensor networks against nodes replication attacks’. Proc. Third IEEE WiMOB, 2007, pp. 59-65 R. Brooks, P. Govindaraju, M. Pirretti, N.Vijaykrishnan, and M.T. Kandemir, ”On the Detection of Clones in Sensor Networks Using Random Key Predistribution,” IEEE Trans. Systems, Man and Cybernetics, Part C: Applications and Rev., vol. 37, no. 6, pp. 12461258, Nov. 2007
[9]
M. Conti, R. Di Pietro, L.V. Mancini, and A. Mei,”Mobility and Cooperation to Thwart Node Capture Attacks in Manets,” J. Wireless Comm. and Networking. Feb. 2009. [10] M. Conti, R. Di Pietro, L.V. Mancini, and A. Mei,”Mobility and Cooperation to Thwart Node Capture Attacks in Manets,” J. Wireless Comm. and Networking. Feb. 2009. [11] Li, Z., Gong, G.: ’Randomly directed exploration: an efficient node clone detection protocol in wireless sensor networks’. Proc. IEEE Sixth Int. Conf. on Mobile Adhoc and Sensor Systems (MASS’09), Macau SAR, People’s Republic of China, 12-15 Octobe 2009,pp. 1030-1035
481
