Defending against Replica Node attacks in Mobile Sensor Networks

Document Sample
Defending against Replica Node attacks in Mobile Sensor Networks Powered By Docstoc
					National Conference on Role of Cloud Computing Environment in Green Communication 2012                                                                                                    99

                 Defending against Replica Node attacks in Mobile Sensor Networks
                                                      I.Vallirathi, Post Graduate student, M.S. University
                                                                                          directional antenna),have a power source (e.g., batteries and solar cells), and
           Abstract —       A wireless sensor network is a wireless network consisting    accommodate various sensors and actuators. The nodes communicate wirelessly and
  of spatially distributed autonomous devices that use sensors to monitor physical or     often self-organize after being deployed in an ad hoc fashion. Systems of 1000s or
  environmental conditions such as temperature, sound, vibration, pressure, pollutions    even 10,000 nodes are anticipated. Such systems can revolutionize the way we live
  and to cooperatively pass their data through the network to a main location. Replica    and work.
  node attack is a dangerous attack, in which the adversary takes the secret keying                The new technology is exciting with unlimited potential for numerous
  materials from a compromised node, generates a large number of attacker-controlled      application areas including environmental, medical,             military,     transportation,
  replicas that share the compromised node’s keying materials and ID, and then spreads    entertainment, crisis management, homeland defense, and smart spaces. Since a
  these replicas throughout the network. In existing method, several replica node         wireless sensor network is a distributed real-time system a natural question is how
  detection schemes have been proposed to defend against the attacks in static sensor     many. Solutions from distributed and real-time systems can be used in these new
  networks. However, these schemes rely on fixed sensor locations and hence do not        systems? Unfortunately, very little prior work can be applied and new solutions are
  work in mobile sensor networks. This work analysis the role of a novel mobile replica   necessary in all areas of the system. The main reason is that the set of assumptions
  detection scheme for mobile sensor network based on the Sequential Probability Ratio    underlying previous work has changed dramatically.
  Test with secret key sharing method and quarantine defense technique.
                                                                                                   Most past distributed systems research has assumed that the systems are
         Index Terms—Replica detection, sequential analysis, quarantine defense,          wired, have unlimited power, are not real-time, have user interfaces such as screens
         mobile sensor networks, security
                                                                                          and mice, have a fixed set of resources, treat each node in the system as very important
                              1   INTRODUCTION                                            and are location independent. In contrast, for wireless sensor networks, the systems are
                                                                                          wireless, have scarce power, are real-time, utilize sensors and actuators as interfaces,
                                                                                          have dynamically changing sets of resources, aggregate behavior is important and
                                                                                          location is critical. Many wireless sensor networks also utilize minimal capacity
           A wireless sensor network is a collection of nodes organized into a
                                                                                          devices which places a further strain on the ability to use past solutions.
  cooperative network. Each node consists of processing capability (one or more
  microcontrollers, CPUs or DSP chips), may contain multiple types of memory
  (program, data and flash memories), have a RF transceiver (usually with a single omni

  Department of CSE, Sun College of Engineering and Technology
National Conference on Role of Cloud Computing Environment in Green Communication 2012                                                                                                   100

                                                                                              their position and for other nodes to attempt to detect conflict. But this approach used
                                                                                              in fixed location.
                                                                                                       The objective of this work is to implement mobile replica detection scheme
                                                                                                        based on sequential probability Ratio Test (SPRT). The Basic concept uses
                                                                                                        the fact that an uncompromised mobile node should never move at speeds in
                                                                                                        excess of the system configured maximum speed. The SPRT implemented with
                             Fig Mobile sensor wireless network                                         secret key sharing concept.
  1.2 OVERVIEW OF MOBILE REPLICA DETECTION PROCESS                                                     Identification of replica nodes:
                   Mobile nodes essentially small robots with sensing, wireless                                    A benign mobile sensor node measured speed will nearly always be
  communication, and movement capabilities. The mobile sensor nodes are used for                                    less than the system configuration maximum speed.
  tasks such as static sensor deployment, adaptive sampling, network repair, and event                             Replica nodes appear in two or more place at the same time. This
  detection. These sensor network used for a variety of application including intruder                              make the replicated node is moving much faster than any of the
                                                                                                                    benign node, and thus replica node measured speed will often be
                                                                                                                    over the system configured maximum speed.
  detection, border monitoring and military patrols. In this situation security is very                This simple speed measurement is not accurate, because raising the speed
  critical. The attacker can easily capture and compromise mobile nodes, and then use                   threshold at other simple way compensating can lead to high false negative
  them to inject fake data. Disrupt network operation, and eavesdrop on network                         rate.
  communication.                                                                                       Then apply SPRT. This Hypothesis testing method involves two hypothesis
                   In this scenario the most dangerous attack is replica node attack[1], in                        Null hypothesis
  which the adversary takes the secret keying materials from a compromised node,                                   Alternative hypothesis(replica node)
  generates large number of attacker-controlled replicas, that replicas share the             Finally, the performance of designed system is evaluated using NS-2 simulator, the
  compromised node’s keying materials and ID, then it is spreads throughout the               effectiveness, efficiency and robustness of SPRT is validated through simulation steps.
  network. These replica nodes are controlled by adversary, that allow them to seem like
  authorized node in networks. Then, the adversary can do any illegal process through
  replica node.
                  To stop this by several software-based replica node detection schemes
  have been proposed for static networks [3],[1],[7].the location claim method identify

  Department of CSE, Sun College of Engineering and Technology
National Conference on Role of Cloud Computing Environment in Green Communication 2012                                                                                                       101

                                                                                                          (i)          Adversary can inject false data packets in the network
                             Replication                                                                  (ii)         Disrupt local control protocols such as localization, time
                                                                                                                       synchronization and rout discovery process
     •   Adversary only need to capture one node                                                          (iii)        Also lunch ― Denial of Service‖ attacks by jamming the signal
     •   Offline attack to extract node’s secrets
                                                                                                                       from benign node
     •   Transfer secrets to generic nodes
     •   Deploy clones                                                                         Limitation to compromise node by adversary is if it have major faction of compromise
                                                                                               it not need benefit to attacker. He can also produce many replica nodes and accepted
                                                                                               by legitimate part of network.
                                                                                               2.3 AIM AND OBJECTIVES:
                                                                                                             The aim of this work is to detect replica node fatly using sequential
                                                                                                    probability testing algorithm and revoke it from mobile sensor network.
                                                                                                         The following specific objectives will be pursued in order to achieve the aim
                                                                                                                    To design mobile sensor network with benign node and replica
            Define a replica node u’ by compromised node u and extract all secret keying                             node.
  materials from it and have same ID. There may be multiple replicas u 1’ , u2’, u3’   _____
                                                                                                                    To illustrate claim generation and forwarding using specialized
  that may be multiple compromised and replicated nodes. This work to detect the fact                                formulas.
  that both u and u` operate as separate entities with same identity and keys.
                                                                                                                    To detect the replica node using sequential probability ratio testing
  2.1 Network assumption for our proposed scheme                                                                     method with secret key sharing and to revoke it from mobile sensor
            Consider two dimensional mobile sensor networks. Every mobile sensor
  nodes movement is physically limited by the system configured maximum speed V max.
                                                                                               2.4 Assumptions:
  Also assume that all direct communication links between sensor nodes are
                                                                                                        1.       The network topology has n number of node and creates a replica node
  bidirectional. Every mobile sensor node is capable of obtaining its location
                                                                                                                 that is copy of compromised node n+1 to n+4.
  information and also verifying the location of its neighboring node by employing
                                                                                                        2.       Then it is moved during particular time slot.
  secure localization nodes. All are have communication to base station.
                                                                                                        3.       The 0th node is assumed as base station.
  2.2 Attacker models
                                                                                               3.   MOBILE           REPLICA       NODE      DETECTION           USING   SEQUENTIAL
            The adversary may compromise and fully control a subset of the sensor
                                                                                               PROBABILITY RATIO TEST
  nodes by various kinds of attacks.

  Department of CSE, Sun College of Engineering and Technology
National Conference on Role of Cloud Computing Environment in Green Communication 2012                                                                                                       102

           In static sensor networks, a sensor node is regarded as being replicated if it is          end if
  placed in more than one location. If nodes are moving around in network, however,                   else
  this technique does not work, because a benign mobile node would be treated as a                    if o > Vmax then
  replica due to its continuous change in location. Hence, mobility is used as a clue to                ωn = ωn + 1
  detect replica nodes in mobile sensor networks.                                                     end if
           A benign mobile sensor node should never move faster than the system-                      if ωn >= τ1 (n) then
  configured maximum speed, Vmax. As a result, a benign mobile sensor node’s measured
                                                                                                        accept the hypothesis H1 and terminate the test
  speed will appear to be at most Vmax as long as we employ a speed measurement
                                                                                                      end if
  system with a low rate of error. On the other hand, replica nodes will appear to move
                                                                                                      if ωn <= τ0 (n) then
  much faster than benign nodes and thus their measured speeds will likely be over Vmax
                                                                                                        initialize n and ωn to 0 and accept the hypothesis H0
  because they need to be at two (or more) different places at once. Accordingly, if the
  mobile node’s measured speed exceeds Vmax, it is then highly likely that at least two
                                                                                                      end if end if
  nodes with the same identity are present in the network. The proposed scheme is based
  on the Sequential Probability Ratio Test (SPRT) which is a statistical decision process.        end else
                                                                                                   n =n +1
           Algorithm SPRT for replica detection                                                         prev loc = cur loc
                                                                                               3.2 CLAIM GENERATION AND FORWARDING:
      INITIALIZATION: n = 0, ωn = 0
                                                                                                          Each time a mobile sensor node u moves to a new location, it first discovers
      INPUT: location information L and time information T
                                                                                               its location Lu and then discovers a set of neighboring nodes N(u). Every neighboring
      OUTPUT: accept the hypothesis H0 or H1
                                                                                               node v        N(u) asks for an authenticated location claim from node u by sending its
      cur loc = L
      cur time = T                                                                             current time T to node u. Upon receiving T, node u checks whether T is valid or not. If
                                                                                               |T'−T| >δ+ε such that T' is the claim receipt time at u and δ is the estimated
      if n > 0 then
                                                                                               transmission delay of claim, then node u will ignore the request. Otherwise, u
        compute τ0 (n) and τ1 (n)
                                                                                               generates location claim Cu = {u||Lu||T||Sigu} and sends it to a neighboring node v,
        compute speed o from cur loc and prev loc, cur time
                                                                                               where Sigu is the signature generated by node u’s private key. If u denies the claim
        and prev time
                                                                                               request or if its claim fails to authenticate, then u will be removed from N(v). Also, if u
        if no d e do es n o t s end s ecret ke y o r i n val i d then
                                                                                               claims a location Lu such that the distance between Lv and Lu is larger than the
           accept the hypothesis H1 and terminate the test

  Department of CSE, Sun College of Engineering and Technology
National Conference on Role of Cloud Computing Environment in Green Communication 2012                                                                                                        103

  assumed signal range of v, then it will be removed from N(v). Once the above filtering                              Pr ( Si = 1 ) = 1 – Pr (Si =0) = λ            ---------- Eq 3
  process is passed, each neighbor v of node u forwards u’s claim to the base station                    If λ < λ` then u has not been replicated node.
  with probability p.                                                                                    Else λ > λ` then u was replicated node.
  3.3 SECRET KEY SHARING                                                                                 λ` denote preset threshold
              For each claim request the neighbor node also send secret key to the new         This is formulated by Hypothesis testing, that is null and alternative hypothesis.
  arrival node. When the claim replay send from new node, it also send secret key. If it                  If λ < λ` → Null hypothesis H0.
  is replica node, it can not send secret key to the neighbor node. If it is not send secret             Else λ > λ` → Alternative hypothesis H1.
  key, the alternative hypothesis value increased. So the probability of detecting replica     The log probability ratio on n samples are
  was increased.                                                                                              Pr(S1 ,..., S n| H 1 )    ---------- Eq 4
                                                                                                    Ln  ln
                                                                                                              Pr(S1 ,..., S n| H 0 )

  3.4 DETECTION AND REVOCATION:                                                                 Where, each speed measurement is independent, Si is independent and identically
           Upon receiving a location claim, the base station verifies the authenticity of      distributed.
  the claim with the public key of node u and discards the claim if it is not authentic. We    Then Ln is rewrite as,
                                                   1     2
  denote the authentic claims from node u by Cu ,Cu , . . . ,. The base station extracts                                    in1 Pr(S i | H 1 )   n
                                                                                                                                                        Pr(S i | H 1 )
                                                                                                                 Ln  ln                           ln                  ---------- Eq 5
  location information Li u and time information Ti from claim Cui .                                                        i 1 Pr(S i | H 0 ) i 1 Pr(S i | H 0 )

  Let   di denote the Euclidean distance from location Lu i−1 at time Ti−1 to Lui at Ti        Ln is also write as,
           oi denote the measured speed at time Ti, where i = 1, 2, .,.                                                       1                 1  1
                                                                                                              Ln   n ln         (n   n ) ln                            ---------- Eq 6
  Speed, oi is represented as:                                                                                                0                 1  0
                                                                                               Where, ωn denote number of times that Si=1 in the n samples.

                                                             ---------- Eq 1                                                0  Pr(S i  1 | H 0 ), 1  Pr(S i  1 | H1 )

                        0, if oi  Vmax,
                                                                                               The SPRT can be given as follows:
                   Si                                      ---------- Eq 2                            ωn ≤ τ0(n) : accept H0 and terminate the test.
                        1, if oi  Vmax,
                                                                                                       ωn ≥ τ1(n): accept H1 and terminate the test
  Where,                                                                                                τ0 (n) < ωn < τ1(n): continue the test process with another observation.
           Si denote Bernoulli random variable.                                                ωn denote the number of times that Si = 1 in the n samples.
  The success probability λ of Bernoulli random distribution is                                The steps followed in the detection scheme can be given as,

  Department of CSE, Sun College of Engineering and Technology
National Conference on Role of Cloud Computing Environment in Green Communication 2012                                                                                                    104

  Step 1:                                                                                       Step 6: The above three cases decide the increment of null and alternative hypothesis.
            Each time a mobile sensor node u moves to a new location, each of its               Finally it decides the replica node.
  neighbors asks for a signed claim containing its location and time information.
            Claim: Cu = {u||Lu||T|| Sigu }
                   Where,     u – mobile sensor node u’s ID
                                                                                                3.5 FLOW OF DETECTION SCHEME USING SPRT
                              Lu – location of node u
                              T – current time
                              Sigu - signature over (u,Lu,T)
  Step 2:
                        Each neighbor v of node u forwards u’s claim to the base station
  with probability p.
  Step 3:
                        The base station computes the speed from every two consecutive
  claims of a mobile node and performs the SPRT by considering speed as an observed

  Step 4:
                o       If the mobile node’s speed exceeds Vmax, alternate hypothesis is
                        decided (the mobile node has been replicated).
                                  V > Vmax – replica node (revoke nodes u and its replica
                                   from network)

                o       If node not sends any secret key or invalid alternative hypothesis is
                o       Else, null hypothesis is decided (the mobile node has not been                              The above flow chart explain the SPRT process. Initaly speed for
                        replicated).                                                            each node wase found from consecutive claim . then comapre the speed with Vmax
                             V < Vmax – not a replica node (proceed SPRT with                   value .If speed exceed the vmax set alternative hypothisis, theat is it may be replica.
                             another set of claims)
  Step 5: DCN (Denial of claim notification message) was send by neighbor node when             Otherwise set null hupothisis.this process carried on particular time slot. If the
  the new arrival node not response the request.                                                alternative hypothisis value exceed th threshold value it was revoke from network.

  Department of CSE, Sun College of Engineering and Technology
National Conference on Role of Cloud Computing Environment in Green Communication 2012                                                                                                 105

  4. ANALYSIS                                                                                        If DCN counter > threshold ρ, node u is put in quarantine time period q.
                    Attacker can trick the base station to accept null hypothesis by                 During quarantine time slot other nodes do not send or receive any data from
  responding only to claim requests that would make observed speed less than Vmax.                    node u.
  Replica responds only to claim requests that makes V <Vmax and other requests are           The proposed system implemented by following modules.
  rejected. Since the replicas do not provide valid claims that would make the observed              Short term analysis
  speed exceed Vmax, they can trick the base station into accepting H0, the hypothesis               Long term analysis
  that they are not replicas. To stop this attack, this work had the base station check       4.1 Short term analysis
  whether each node responds with correct claims to all incoming claim requests.                     In short term analysis, replica node must ignore a minimum number of claim
           Each time a malicious node u ignores a claim request from a benign neighbor                requests to avoid detection.
  node v or responds with false claims; v generates a denial of claim request notification           It is single time slot process. where the DCN counter, PH0 and PH1 value
  message, DCN.                                                                                       decide the replica.
                                         DCN = {v||u||MACKv[v||u]}                                   The following process carried on all new arrival node :
  Sends DCN to the base station, where MAC is a message authentication code                                    PH0=0 and PH1>0 - replica node
  calculated using Kv, the shared secret key between v and the base station. Upon                              DCN >0 , PH0 & PH1=0 - put into Quarantine
  receiving the DCN message from v, the base station first checks the authenticity of the                      PH0 >0 and PH1>0 take log ratio
  DCN and rejects it if it is invalid. Assume that the entire time domain is divided into                                  Log ratio > threshold value – put in to Quarantine
  time slots. The base station maintains a DCN counter for each node such that it                    Then find payoff (total number of node affected by r replicas of u) for single
  initializes each counter to 0 and then resets it to 0 at the beginning of each time slot.           time slot by the attacker gain formula.
  Each time the base station receives a DCN message on u from v, it increases the DCN
  counter for u. If the DCN counter for u exceeds a predefined threshold ρ during a time      4.2 Long term analysis
  slot, it is highly likely that u has discarded a substantial fraction of claim request             Find attacker payoff for long time period
  during the time slot and is likely to be a replica node attempting to evade detection.                   The above process repeatedly perform for n time slot
  The steps followed can be summarized as follows,                                                         In each time slot, payoff values are maintained. From this, calculate
          If a claim request is rejected by u, neighbor v generates a Denial of Claim                      long term payoff U(ρ,ψ)
           Notification (DCN) message and forwards it to the base station.                                 It is formulated as min-max repeated game.
          On receiving DCN message, the DCN Counter maintained at base station for                  In the game, attackers try to maximize long term payoff.
           node u is increased by 1.                                                                  Defenders try to minimize long term payoff

  Department of CSE, Sun College of Engineering and Technology
National Conference on Role of Cloud Computing Environment in Green Communication 2012                                                                                106

         From the repeated game quarantine node are decided as replica or not.        7. Reference
  4.3 Probability of replica detection between secret key and SPRT method
                                                                                           1.   M. Conti, R.D. Pietro, L.V. Mancini, and A. Mei, ―A Randomized,
                                                                                                Efficient, and Distributed Protocol for the Detection of Node
                                                                                                Replication Attacks in Wireless Sensor Networks,‖ Proc. ACM
                                                                                                MobiHoc, pp. 80-89, Sept. 2007

                                                                                           2.   J. Ho, M. Wright, and S.K. Das, ―Fast Detection of Replica Node
                                                                                                Attacks in Mobile Sensor Networks Using Sequential Analysis,‖ Proc.
                                                                                                IEEE INFOCOM, pp. 1773-1781, Apr. 2009

                                                                                           3.   J. Ho, D. Liu, M. Wright, and S.K. Das, ―Distributed Detection of
                                                                                                Replicas with Deployment Knowledge in Wireless Sensor Net- works,‖
                                                                                                Ad Hoc Networks, vol. 7, no. 8, pp. 1476-1488, Nov. 2009.

                                                                                           4.   L. Hu and D. Evans, ―Localization for Mobile Sensor Networks,‖Proc.
                                                                                                ACM MobiCom, pp. 45-57, Sept. 2004.
  5. Conclusion
                                                                                           5.   J. Jung, V. Paxon, A.W. Berger, and H. Balakrishnan, ―Fast
                                                                                                Portscan Detection Using Sequential Hypothesis Testing,‖ Proc.
         In this paper, proposed a replica detection scheme for mobile sensor                  IEEE Symp. Security and Privacy, pp. 211-225, May 2004.

          networks based on the SPRT with secret key
         The interaction between the detector and the adversary was modeled by a
          repeated game.
         The process of short term and long term, secret key and SPRT, various time
          slots are analyzed.
         Also the results of these simulations show that our scheme quickly detects
          mobile replicas with a small number of location claims against either
  6. Future Enhancement
      This work may be extended in distributed environment to improve the
      performance and also to reduce the single point of failure.

  Department of CSE, Sun College of Engineering and Technology

Shared By: