Ijcea Y12 TJ Sa C106

936
http://technicaljournals.org
Vol 03, Issue 01; February 2012 International Journal of Communication Engineering Applications-IJCEA ICICES-2012-SAEC, Chennai, Tamilnadu ISSN: 2230-8504; e-ISSN-2230-8512
MOBILE REPLICA ATTACK DETECTION USING SEQUENTIAL HYPOTHESIS TESTING IN WIRELESS SENSOR NETWORKS
C.Balakrishnan
Dept. of PG Studies in Engineering, S.A.Engineering College,Chennai-77 kknbalki_saec@yahoo.com Abstract- This paper attempts to detect the mobile replica node attacks by sequential hypothesis testing in wireless sensor network. There are number of small sensor nodes in wireless sensor networks, this sensor nodes are organized into clusters and send some report to base station. An opponent can capture and compromise the unattended sensor nodes, make duplications of these sensor nodes, and then inject a variety of attacks with these replicas. These replica node attacks are hazardous because they allow the attacker to influence the compromise of a few nodes to exert control over much of the network. Several detection schemes have been proposed for static sensor networks (fixed sensor locations) and it does not work in mobile sensor networks. Here we propose an effective mobile replica node detection scheme using Sequential Probability Ratio Test (SPRT).We show analytically and through simulation experiments that our scheme detects mobile replicas in an efficient and robust manner at the cost of reasonable overheads. Index Terms - Replica detection, sequential analysis, mobile sensor networks, security. 1. INTRODUCTION A Wireless Sensor Network (WSN) is a collection of sensors with limited resources that collaborate in order to achieve a common goal. Due to their operating nature, WSNs are often unattended, hence prone to several kinds of novel attacks. For instance, an adversary could snoop on all network communications and could capture nodes thereby acquiring all the information stored within. An adversary may replicate captured sensors and deploy them in the network to launch a variety of insider attacks. This attack process is referred to as clone attack. Mobile nodes, essentially small robots with sensing and wireless communications are useful for tasks such as static sensor deployment, adaptive sampling, network repair, and event detection. These advanced sensor network architectures could be used for a variety of applications including intruder detection, border monitoring, and military patrols. In potentially hostile environments, the security of unattended mobile nodes is extremely critical. The attacker may be able to capture and compromise mobile nodes, and then use them to inject fake data, disrupt network operations, and eavesdrop on network communications. In this scenario, a particularly dangerous attack is the replica node attack, in which the adversary takes the secret keying materials from a compromised node, generates a large number of attacker-controlled replicas that share the compromised nodes keying materials and ID, and then spreads these replicas throughout the network. One of the rst solutions for the detection of node replication attacks relies on a centralized basestation. In this solution, each node sends a list of its neighbors and their claimed locations (i.e., the geographic coordinates of each node) to a Base Station (BS). A voting mechanism is used within a neighborhood to agree on the legitimacy of a given node. However, applying this kind of method to the problem of replica detection, fails to detect clones that are not within the same neighborhood. In order for a location claim to travel from source to destination node, it must pass through several intermediate nodes: thus dening a claim message path. Moreover, every node that routes this claim message will check the signature, store the message, and check for coherence with the other location claims received within the same iteration of the detection protocol. Node replication is eventually detected by the node (called witness) on the intersection of two paths that originate from networks. The adversary can then leverage this insider position in many ways. For example, he can simply monitor a significant fraction of the network traffic that would pass through these nodes. Alternately, he could jam legitimate signals from benign nodes or inject falsified data to corrupt the sensors monitoring operation. A more aggressive
2011 - TECHNICALJOURNALS, Peer Reviewed International Journals-IJCEA, IJESR, RJCSE, PAPER, ERL, IRJMWC, IRJSP, IJEEAR, IJCEAR, IJMEAR, ICEAR, IJVES, IJGET, IJBEST TJ-PBPC, India; Indexing in Process - EMBASE, EmCARE, Electronics & Communication Abstracts, SCIRUS, SPARC, GOOGLE Database, EBSCO, NewJour, Worldcat, DOAJ, and other major databases etc.,
937
attacker could undermine common network protocols, including cluster formation, localization, and data aggregation, thereby causing continual disruption to network operations. Through these methods, an adversary with a large number of replica nodes can easily defeat the mission of the deployed network. A straightforward solution to stop replica node attacks is to prevent the adversary from extracting secret key materials from mobile nodes by equipping them with tamper-resistant hardware. To expect such measures to be implemented in mobile nodes with security-critical missions. However, although tamper-resistant hardware can make it significantly harder and more time-consuming to extract keying materials from captured nodes, it may still be possible to bypass tamper resistance for a small number of nodes given enough time and attacker expertise. Since the adversary can generate many replicas from a single captured node, this means that replica attacks are even more dangerous when compared with the possibility of compromising many nodes. Thus to believe that it is very important to develop software-based countermeasures to defend mobile sensor networks against replica node attacks. In this paper, I propose a novel mobile replica detection scheme based on the Sequential Probability Ratio Test (SPRT). Using the fact that an uncompromised mobile node should never move at speeds in excess of the systemconfigured maximum speed. As a result, a benign mobile sensor nodes measured speed will nearly always be less than the system-configured maximum speed as long as we employ a speed measurement system with a low error Rate. On the other hand, replica nodes are in two or more places at the same time. This makes it appear as if the replicated node is moving much faster than any of the benign nodes, and thus the replica nodes measured speeds will often be over the system-configured maximum speed. Accordingly, if we observe that a mobile nodes measured speed is over the system-configured maximum speed, it is then highly likely that at least two nodes with the same identity are present in the network. Also evaluate the performance of our scheme via simulation study using ns-2 simulator. In particular, I consider two types of replicas for performance evaluation: mobile and static. In case of mobile replicas, to investigate how replica mobility affects the detection capability of our scheme. In case of static (immobile) replicas, the attacker keeps his replica nodes close together and immobile to lessen the chance of speed-based detection. 2. RELATED WORKS In this section, first stating the threat model and the network assumptions for our proposed scheme and then describe the attacker models used to evaluate our approach. 2.1 THREAT MODEL To dene a simple yet powerful attacker: Before a round of the replica detection protocol is run the adversary can compromise a certain xed number of nodes and can replicate one or more into multiple copies. In general, in order to cope with this threat we could assume that nodes are tamper-proof. However, consistently with a great deal of the literature, will assume that nodes do not have tamper proof components and that they can be captured. The adversarys goal is to prevent the nodes under its control that have been replicated from being detected. Hence, assume that in order to reach its goal, the attacker will try to subvert the nodes that could possibly act as witnesses. 2.2 DEPLOYMENT Controlled mobility can be used to place sensors at the optimal places for monitoring. It is conceivable in networks that are fully mobile or consist of a mixture of static and mobile sensors that the mobile nodes align themselves such that the deployment is optimal to monitor events under consideration. An algorithm for deploying a fully mobile sensor network has been proposed [Howard et al. 2002]. I could conceive of a family of algorithms for deployments that have varying ratios of static to mobile sensor nodes that optimize various metrics like maximum coverage, required connectivity [Poduri and Sukhatme 2004] etc.
938
3. PROPOSED SYSTEM: The robotics made it possible to develop a variety of new architectures for autonomous wireless networks of sensors. Enabling the nodes to encrypt, decrypt, and authenticate all of their communications as if they were the original captured node. We propose a novel mobile replica detection scheme based on the Sequential hypothesis Test (SHT).Sensor network architectures could be used for a variety of applications including intruder detection, border monitoring, and military patrols. In potentially hostile environments, the security of unattended mobile nodes is extremely critical. It will first describe the detection accuracy of our proposed scheme and then present attack scenarios to break this scheme and a defense strategy 4. MODULE DESCRIPTION 4.1 Neighbor node detection This module considers a two-dimensional mobile sensor network where sensor nodes freely roam throughout the network. It assumes that every mobile sensor nodes movement is physically limited by the systemconfigured maximum speed, Vmax. This communication model is common in the current generation of sensor networks. Every mobile sensor node is capable of obtaining its distance information. And it also assumes that the nodes in the mobile sensor network communicate with a base station. Ever sensor node to detect the neighbor node based on distance and range of network. 4.2 Data communication Each time a mobile sensor node moves to a new location, it first discovers its set of neighboring nodes, time and location can consider both randomly generated It also assumes that all direct communication links between sensor nodes are bidirectional. Normal data communication to communicate at particular node the data was to send one node to another node it will send encryption and decrypted format using ECC (Elliptic curve cryptography) algorithm. Normal data communication to send one time to the destination but the Attack data communication is send multiple time in same data in different location and different speed. 4.3 Attacker Models This section presents the details using SHT (Sequential Hypothesis Testing), this technique to detect replica node attacks in mobile sensor networks. Speed denote a Bernoulli random variable defined as,S = { 0; if oi _ Vmax; 1; if oi > Vmax: } The problem of deciding whether it had been replicated or not can be formulated as a hypothesis testing problem with Null and Alternate hypotheses respectively. Null hypothesis mean Vmax speed controlled by system configuration, Alternative hypothesis mean Vmax speed Increased over the system configuration. If the base station receive alternative hypothesis that node was identified attack Node then the base station. 5. PROBLEM STATEMENT We define a mobile replica node u0 as a node having the same ID and secret keying materials as a mobile node u. An adversary creates replica node u0 as follows: He first compromises node u and extracts all secret keying materials from it. Then, he prepares a new node u0, sets the ID of u0 to the same as u, and loads us secret keying materials into u0. There may be multiple replicas of u, e.g., u0 1; u0 2; . . . , and there may be multiple compromised and replicated nodes. Our goal is to detect the fact that both u and u0 (or u01; u02; . .)Operate as separate entities with the same identity and keys.
939
Fig. System Architecture 6. MOBILE REPLICA DETECTION USING SEQUENTIAL PROBABILITY RATIO TESTS This section presents the details of our technique to detect replica node attacks in mobile sensor networks. Dening random trip", a generic mobility model for independent mobiles that contains as special cases: the random waypoint on convex or non convex domains, random walk with reection or wrapping, city section, space graph and other models. In static sensor networks, a sensor node is regarded as being replicated if it is placed in more than one location. Propose a mobile replica detection scheme by leveraging this intuition. The scheme is based on the Sequential Probability Ratio Test which is a statistical decision process. The SPRT can be thought of as one dimensional random walk with the lower and upper limits. A random walk starts from a point between two limits and moves toward the lower or upper limit in accordance with each observation. If the walk reaches (or exceeds) the lower or upper limit, it terminates and the null or alternate hypothesis is selected, respectively. The lower and upper limits can be configured to be associated with speeds less than and in excess of Vmax, respectively. To apply the SPRT to the mobile replica detection problem as follows: Each time a mobile sensor node moves to a new location, each of its neighbors asks for a signed claim containing its location and time information and decides probabilistically whether to forward the received claim to the base station. The base station computes the speed from every two consecutive claims of a mobile node and performs the SPRT by considering speed as an observed sample.
Fig. Detection of attacker nodes I also assume that the base station is a trusted entity. This is a reasonable assumption in mobile sensor networks, because the network operator collects all sensor data and can typically control the nodes operation through the base station. Thus, the basic mission of the sensor network is already completely undermined if the base station is compromised. Each time mobile nodes speed exceeds (respectively, remains below) V max, it will expedite the random walk to hit or cross the upper (respectively, lower) limit and thus lead to the base station accepting the alternate (respectively, null) hypothesis that the mobile node has been (respectively, not been) replicated. Once the base station decides that a mobile node has been replicated, it revokes the replica nodes from the network.
940
6.1 SECURITY In this section, we will first describe the detection accuracy of our proposed scheme and then present attack scenarios to break this scheme and a defense strategy we propose to limit these attacks. Finally, we will show that the attackers gain is substantially limited by the defense strategy. 6.2 PERFORMANCE Now analyze the performance of our scheme in terms of communication, computation, and storage overheads. 6.2.1 COMMUNICATION OVERHEAD I first describe how many observations on an average are required for the base station to make a decision as to whether a node has been replicated or not. Then, we will present the communication overhead of our scheme. 6.2.2 COMPUTATION AND STORAGE OVERHEAD To define computation and claim storage overhead as the average number of public key signing and verification operations per node and the average number of claims that needs to be stored by a node, respectively.Each time a mobile node receives b claim requests on an average at a location, it needs to perform b signature generation operations. Similarly, each time a mobile node sends b claim requests on an average at a location, it needs to verify up to b signatures. The base station stores location claims in order to perform the SPRT, whereas the sensor nodes do not need to keep its own or other nodes claims. Thus, we only need to compute the number of claims that are stored by the base station. In the SPRT, a sample is obtained from two consecutive location claims of node u. During an overow, the node could stop the protocol, or drop packets to free memory. It is very important to understand what kind of impact this scenario might have on the detection capability of the protocol itself. To summarize the above considerations with the general requirement that the overhead generated by the protocol should be small, that it should be sustainable by the WSN as a whole, and (almost) evenly shared among the nodes. every node that forwards a position claim should also perform signature verication and store the forwarded messages. As analyzed,in every line-segment includes O(n) nodes and every node stores O(n) location claims. It must be pointed out that this memory requirement could be impractical in real networks with thousands of nodes. 7. PROTOCOL DESCRIPTION Before deployment, every sensor node gets secret keying materials for generating digital signatures. We will use an identity-based public key scheme. It has been demonstrated that public key operations can be efficiently implemented in static sensor devices Moreover, most replica detection schemes in static sensor networks employ identity-based public key signatures. Mobile sensor devices are generally more powerful than static ones in terms of battery power, due to the fact that the mobile sensor node consumes a lot of energy to move. Additionally, the energy consumption due to movement is known to be substantially larger than that for public key operations. For example, the power consumption for the movement of a mobile sensor device has been measured at 720 mW .The energy consumption for computing and verifying a public key . Suppose that r replicas of a compromised node u are fixed to some locations. We model the arrival of claim requests to each replica as a homogeneous poisson process. We use a poisson process due to the following reasons: First, we assume that mobile nodes movements in disjoint intervals are independent from each other and thus the number of times that mobile nodes meet to replicas in disjoint intervals are accordingly independent from each other. Let T denote the duration of a time slot. Suppose that claim requests arrive at r replicas from the beginning to the end of a time slot. Let oi be the speed measured according to the ith and the (i+1)th claim requests during T time.
941
CONCLUSION In this paper, I have proposed a replica detection scheme for mobile sensor networks based on the SPRT. Analytical demonstration about the limitations of attacker strategies to evade the detection technique is done. In particular, the limitations of a group attack strategy in which the attacker controls the movements of a group of replicas is discussed and presented quantitative analysis of the limit on the amount of time for which a group of replicas can avoid detection and quarantine. In this work, I propose a fast and effective mobile replica node detection scheme using the Sequential Probability Ratio Test. REFERENCES [1] J.-Y.L. Boudec and M. Vojnovi_c, Perfect Simulation and Stationary of a Class of Mobility Models, Proc. IEEE INFOCOM, pp. 2743-2754, Mar. 2005. [2] S. _Capkun and J.P. Hubaux, Secure Positioning in Wireless Networks, IEEE J. Selected Areas in Comm., vol. 24, no. 2, pp. 221- 232, Feb. 2006. [3] M. Conti, R.D. Pietro, L.V. Mancini, and A. Mei, A Randomized,Efficient, and Distributed Protocol for the Detection of NodeReplication Attacks in Wireless Sensor Networks, Proc. ACM MobiHoc, pp. 80-89, Sept. 2007. [4] K. Dantu, M. Rahimi, H. Shah, S. Babel, A.Dhariwal, and G.S.Sukhatme, Robomote: nabling Mobility in Sensor Networks,Proc. Fourth IEEE Intl Symp. Information Processing in Sensor Networks (IPSN), pp. 404-409, Apr. 2005. [5] J. Ho, M. Wright, and S.K. Das, Fast Detection of Replica Node Attacks in Mobile Sensor Networks Using Sequential Analysis, Proc. IEEE INFOCOM, pp. 1773-1781, Apr. 2009. [6] J. Ho, D. Liu, M. Wright, and S.K. Das, Distributed Detection of Replicas with Deployment Knowledge in Wireless Sensor Networks, Ad Hoc Networks, vol. 7, no. 8, pp. 1476-1488, Nov. 2009. [7] L. Hu and D. Evans, Localization for Mobile Sensor Networks, Proc. ACM MobiCom, pp. 45-57, Sept. 2004. [8] J. Jung, V. Paxon, A.W. Berger, and H. Balakrishnan, Fast Portscan Detection Using Sequential Hypothesis Testing, Proc. IEEE Symp. Security and Privacy, pp. 211-225, May 2004. [9] A. Liu and P. Ning, TinyECC: A Configurable Library for Elliptic Curve Cryptography in Wireless Sensor Networks, Proc. Seventh IEEE Intl Symp. Information Processing in Sensor Networks (IPSN), pp. 245-256, Apr. 2008. [10] S. PalChaudhuri, J.-Y.L. Boudec, and M. Vojnovi_c, Perfect Simulations for Random Trip Mobility Models, Proc. 38th Ann.Simulation Symp., Apr. 2005. [11] B. Parno, A. Perrig, and V.D. Gligor,Distributed Detection of Node Replication Attacks in Sensor Networks, Proc. IEEE Symp. Security and Privacy, pp. 49-63, May 2005. [12] H. Song, S. Zhu, and G. Cao, Attack-Resilient Time Synchronization for Wireless Sensor etworks, Ad Hoc Networks, vol. 5, no. 1, pp. 112-125, Jan. 2007. [13] K. Sun, P. Ning, C. Wang, A. Liu, and Y. Zhou, TinySeRSync: Secure and Resilient Time Synchronization in Wireless Sensor Networks, Proc. 13th ACM Conf. Computer and Comm. Security

Ijcea Y12 TJ Sa C106

Transféré par

Informations du document

Description originale:

Titre original

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

Ijcea Y12 TJ Sa C106

Transféré par

Droits d'auteur :

Formats disponibles

936

Vous aimerez peut-être aussi