Simulation Based on An Effective Defence Against Duplicate Node Attacks in Wireless Networks.

International Journal of Emerging Technology and Advanced Engineering

278

Simulation Based on An Effective Defence Against

Duplicate Node Attacks in Wireless Networks.

Mr. Selvam E

, Mr. A. Siles Balasingh

1,2

Lecturer, Department of Computer Science and Engineering & St. Joseph College of Engineering and Technology, Tanzania

1_{[email protected]}

2_{[email protected]}

Abstract—To achieve an efficient and effective approach to find out the duplicate node attacks in the wireless sensor networks still must be a challenge. Attacker, he/she can capture the node form the network and compromise over the network. Attacker he captured any node from the network by using the tamper resistant hardware’s. Adversary can injects fake data into the network with the help of that captured node. And also from the captured node he identifies its ID and key first of all. Then he/she can easily generate the duplicate copies of the captured node. Several detection schemes are available only for fixed sensor networks. But here we proposed a detection scheme called as Speed time Probability ratio test. And we also proposed the isolative method to remove the detected duplicate node from the network. We show analytically and simulation experiments that our schemes will achieve effective and efficient detection and isolation of duplicate node attacks in the wireless sensor networks. In this paper we mainly focused on the mobile sensor networks for sake of convenience.

Keywords— Adversary, Random way point mobility, Random- trip mobility, Communication overhead, Network disruptions, Simulation, Location claims.

I. INTRODUCTION

Mobile nodes, essentially small robots with sensing, wireless communications, & movement capabilities, are useful for tasks such as static sensor deployment, adaptive sampling, network repair, and event detection [4]. These advanced sensor network architectures could be used for a variety of applications including intruder detection, border monitoring, and military patrols. In potentially hostile environments, the security of un-attended mobile nodes is extremely critical. The attacker may be able to capture and compromise mobile nodes, and then use them to inject fake data, disrupt network operations,& eavesdrop on network communications. In which the adversary can capture node generate the duplicate copy of original one & attacks can be made.

Thus this types of attacks must be a dangerous and compromise over the network. This leads to the network disruptions over the network. Using that captured node the adversary takes the secret keying materials from a compromised node, gen- erates a large number of attacker-controlled replicas that share the compromised node’s keying materials and ID, and then spreads these replicas throughout the network. With a single captured node, an adversary can create as many replica nodes as he/she has the hardware to generate.

The replica nodes are controlled by the adversary, but have keying materials that allow them to seem like authorized participants in the network. Protocols for secure sensor network communication would allow replica nodes to create pairwise shared keys with other nodes and the base station, thereby enabling the nodes to encrypt, decrypt, and authenticate all of their communications as if they were the original captured node. A more aggressive attacker could undermine common network protocols, including cluster formation, localization, and data aggregation, thereby causing continual disruption to network operations. Through these methods, an adversary with a large number of replica nodes can easily defeat the mission of the deployed network.

International Journal of Emerging Technology and Advanced Engineering

279 The adversary can generate many replicas from a single captured node, this means that replica attacks are even more dangerous when compared with the possibility of compromising many nodes. We thus believe that it is very important to develop software-based countermeasures to defend mobile sensor networks against replica node attacks.

Several software-based replica node detection schemes have been proposed for static sensor networks [3], [11], [17]. The primary method used by these schemes is to have nodes report location claims that identify their positions and for other nodes to attempt to detect conflicting reports that signal one node in multiple locations. However, since this approach requires fixed node locations, it cannot be used when nodes are expected to move. Thus, our challenge is to design an effective, fast, and robust replica detection scheme specifically for mobile sensor networks.

In this paper, we proposed a novel mobile replica detection scheme based on the Speed Time Probability Ratio Test (STPRT) [15] and Isolation method. In this isolation method is mainly used for remove the detected replica nodes from the network and it can attained by using symmetric encryption key algorithm techniques. We use the fact that an uncompromised mobile node should never move at speeds in excess of the system-configured maximum speed. As a result, a benign mobile sensor node’s measured speed will nearly always be less than the system-configured maximum speed as long as we employ a speed measurement system with a low error rate. On the other hand, replica nodes are in two or more places at the same time. This makes it appear as if the replicated node is moving much faster than any of the benign nodes, and thus the replica nodes’ measured speeds will often be over the system-configured maximum speed. Accordingly, if we observe that a mobile node’s measured speed is over the system-configured maximum speed, it is then highly likely that at least two nodes with the same identity are present in the network.

However, if the system decides that a node has been replicated based on a single observation of a node moving faster than it should, we might get many false positives because of errors in speed measurement. Raising the speed threshold or other simple ways of compensating can lead to high false negative rates.To minimize these false positives& false negatives, we apply the STPRT, a hypothesis testing method that can make decisions quickly & accurately.

We perform the STPRT on every mobile node using a null hypothesis that the mobile node has not been replicated and an alternate hypothesis that it has been replicated. In using the STPRT, the occurrence of a speed that is less than or exceeds the system-configured maximum speed will lead to acceptance of the null or alternate hypotheses, respectively. Once the alternate hypothesis is accepted, the replica nodes will be revoked from the network.

We validate the effectiveness, efficiency, and robustness of our scheme through analysis and simulation experiments. Specifically, we find that the main attack against the STPRT- based scheme is when replica nodes fail to provide signed location and time information for speed measurement. To overcome this attack, we employ a quarantine defense technique to block the noncompliant nodes. We then study this techniques in two ways. First, we show through quarantine analysis that the amount of time, during a given time slot, that the replicas can impact the network is very limited. Second, we provide a detailed game-theoretic and analysis that shows the limits of any attacker strategy over any number of time slots. Specifically, we formulate a two- player game to model the interaction between the attacker and the defender, derive the optimal attack and defense strategies, and show that the attacker’s gain is greatly limited when the attacker and the defender follow their respective optimal strategies. We provide analyses of the number of speed measurements needed to make replica detection decisions, which we show is quite low, and the amount of overhead incurred by running the protocol.

International Journal of Emerging Technology and Advanced Engineering

280 II. PRELIMINARIES

In this section, we first state the problem and the network assumptions for our proposed scheme and then describe the attacker models we use to evaluate our approach.

1) Problem Statement: In this work, we tackle the problem of mobile replica node attacks. We define a mobile replica node u’ as a node having the same ID and secret keying materials as a mobile node u . An attacker can creates replica node u’ as follows: He/she first compromises node u and extracts all secret keying materials from it. Then he /she prepares a new node u’, sets the ID of u’ the same as u, and loads u’s secret keying materials into u’.

2) Network Models: We consider a two-dimensional mobile sensor network where sensor nodes freely roam throughout the network. We assume that every mobile sensor node’s movement is physically limited by the system-configured maximum speed, Vmax. We also assume that all direct communication links between sensor nodes are bidirectional. This communication model is common in the current generation of sensor networks. We assume that every mobile sensor node is capable of obtaining its location information and also verifying the locations of its neighboring nodes. This can be implemented by employing secure localization methods [2], [7]. We assume that the clocks of all nodes are loosely synchronized. This can be achieved with the help of secure time synchronization protocols [12], [13]. We also assume that the nodes in the mobile sensor network communicate with a base station. The base station may be static or mobile, although we focus on a static base station for our simulations, as long as the nodes have a way to communicate reliably to the base station on a regular basis.

3) Attacker Models: We assume that an adversary may compromise and fully control a subset of the sensor nodes, enabling him to mount various kinds of attacks. For instance, he can inject false data packets into the network and disrupt local control protocols such as localization, time synchronization, and route discovery process. Furthermore, he/she can launch denial-of-service attacks by jamming the signals from benign nodes. However, we place some limits on the ability of the adversary to compromise nodes. We note that if the adversary can compromise a major fraction nodes of the network, he/she will not need nor benefit much from the deployment of replicas.

To amplify his effectiveness, the adversary can also launch a replica node attack, which is the subject of our investigation. We assume that the adversary can produce many replica nodes and that they will be accepted as a legitimate part of the network. We also assume that the attacker attempts to employ as many replicas of one or more compromised sensor nodes in the network as will be effective for his attacks. The attacker can allow his replica nodes to randomly move or he could move his replica nodes in different patterns in an attempt to frustrate our proposed scheme.

4) Design Goals: In the above system and attacker models, we have three key design goals for replica detection. First, replica nodes should be detected with reasonable communication, computational, and storage overheads. Second, the detection schemes should be robust and highly resilient against attacker’s attempt to break the scheme. More specifically, the scheme should detect replicas unless the attacker compromises a substantial number of nodes. Finally, replica detection should be performed at the cost of minimal false positives and negatives.

III. MOBILE NODE REPLICA DETECTION AND

ISOLATION

This section gives the details of our techniques to detect replica attacks in mobile sensor attacks.

International Journal of Emerging Technology and Advanced Engineering

281 We propose a mobile replica detection scheme by leveraging this intuition. Our scheme is based on the Speed Time Probability Ratio Test [15] which is a statistical decision process. The STPRT can be thought of as one- dimensional random walk with the lower and upper limits [8]. Before the random walk starts, null and alternate hypotheses are defined in such a way that the null hypothesis is associated with the lower limit while the alternate one is associated with the upper limit. A random walk starts from a point between two limits and moves toward the lower or upper limit in accordance with each observation. If the walk reaches (or exceeds) the lower or upper limit, it terminates and the null or alternate hypothesis is selected, respectively. We believe that the STPRT is well suited for tackling the mobile replica detection problem since we can construct a random walk with two limits in such a way that each walk is determined by the observed speed of a mobile node. The lower and upper limits can be configured to be associated with speeds less than and in excess of Vmax, respectively.

We apply the STPRT to the mobile replica detection problem as follows: Each time a mobile sensor node moves to a new location, each of its neighbors asks for a signed claim containing its location and time information and decides probabilistically whether to forward the received claim to the base station. The base station computes the speed from every two consecutive claims of a mobile node and performs the STPRT by considering speed as an observed sample. Each time the mobile node’s speed exceeds (respectively, remains below) Vmax , it will expedite the random walk to hit or cross the upper (respectively, lower) limit and thus lead to the base station accepting the alternate (respectively, null) hypothesis that the mobile node has been (respectively, not been) replicated. Once the base station decides that a mobile node has been replicated, it revokes the replica nodes from the network.

Let us first describe the detection scheme and then analyze its security and performance.

Vmax System configured maximum speed

of mobile sensor nodes N Total number of sensor nodes

|| Concatenation symbol

TABLE 1

NOTATIONS USED FREQUENTLY IN THIS PAPER

A) Protocol Descriptions

We will use an identity-based public key scheme. It has been demonstrated that public key operations can be efficiently implemented in static sensor devices [9], [16]. Moreover, most replica detection schemes in static sensor networks [3], [11] employ identity-based public key signatures. Mobile sensor devices are generally more powerful than static ones in terms of battery power, due to the fact that the mobile sensor node consumes a lot of energy to move. Additionally, the energy consumption due to movement is known to be substantially larger than that for public key operations. For example, the power consumption for the movement of a mobile sensor device has been measured at 720 mW [4]. The energy consumption for computing and verifying a public key signature have been measured at between 2.9 and 48 mW and between 3.5 and 58.5 mW, respectively, in accordance with existing sensor hardware platforms [9]. Thus, we believe that a public key signature scheme can be practical for mobile sensor networks. Our proposed protocol proceeds in three phases.

1) Claim Generation and Forwarding: Every time a mobile sensor node u moves to a new location, it first discovers its location Lu and then discovers a set of neighboring nodes N(u). Every neighboring node asks for an authenticated location claim from node u by sending its current time T to node u .Here we estimated the time as well as the speed of each node. Using our proposed system we make the probability ratio test, in this test we focused on the speed vs time calculation of the node and location etc.

2) Detection and Revocation: After receiving a location claim, the base station verifies the authenticity of the claim with the public key of node u and discards the claim if it is not authentic. If two nodes are moving with same speed means we can say that, there is a duplicate node found. Also we can tell that, any node moving with exceeds the system configured speed means that node must be a duplicate node.

International Journal of Emerging Technology and Advanced Engineering

282 Algorithm 1 Speed Time Probability Ratio Test for

duplicate detection

INITIALIZATION: n = 0 , wn = 0

INPUT : location information L and Time information T

OUTPUT : accept the hypothesis H0 or H1

Cur_loc = L

Cur_ time = T

If n>0 then

Compute T0 (n) and T1(n)

Compute speed 0 from cur_loc and prev_loc, cur_time

And prev_time

If 0>Vmax then

wn = wn + 1

end if

if wn > =T1(n) then

accept the hypothesis H1 and terminate the test

end if

if wn<=T0(n) then

initialize n and wn to 0 and accept the hypothesis H0

return:

end if

end if

n = n+1

prev_loc = cur_ loc

prev_ time = cur_time

B) Security Analysis

In this section, we will first describe the detection accuracy of our proposed scheme and then the limitations of replica node attacks and its isolation. For detection accuracy we obtained 93% of detected nodes and its isolation also. We used the symmetric key encryption algorithm like AES algorithm for isolation of duplicate nodes. Here in the network each and every nodes are having a separate ID and Key. Each alternative times, the Base station node (Admin) checks location for each and every nodes in the network. Suppose for example A is an original node and A’ is a duplicate node in the network. A’ node is follows the movement of A node and running with same speed of it. Here the isolation of node indicates that, the Base station always asks location claims for each node in the network. So the base station ask the location number of A’ node. This duplicate node don’t know his exact location number and details. So the base station node can easily identify the duplicate node easily remove from the network. And also each nodes information must be encrypted by using a symmetric key algorithm like AES( Advanced Encryption Standard) algorithm. Here the same key must be used for both encryption and decryption. In this paper , this algorithm must be suite for the nodes in the network. Here the network nodes having separate ID. This ID must be encrypted and the base station node, attacker is controlling the all nodes in the network. So once the duplicate node enter into the network and try to hack the ID and information from any node means, it is not possible easily, because the network node must be controlled by base station and it’s ID must be encrypted. So the duplicate node cannot access the data from the node. Thus we can give the good security in the network nodes, enable the smoothing network communications.

We proved mathematically and conducted simulation experiments which gives the complete proposed scheme in the right way.

IV. SIMULATION RESULTS

We use the following metrics to evaluate the performance of our scheme:

 Number of Claims is the number of claims required for the base station to decide whether a node has been replicated or not.

International Journal of Emerging Technology and Advanced Engineering

283

 False Negative is the error probability that a replica node is misidentified as benign node.

In this section, we will describe the simulation environment and then discuss the simulation results. For each execution, we obtain each metric as the average of the results of STPRT’s that are repeated. Note that STPRT will be terminated if it decides that the claim generator has been replicated. The average of the results of 1000 executions is presented.

In the experiment, the average number of requests b was measured from 13 to 25 in accordance with Vmax .

Finally shows the probability distribution of the number of claims in the case of replica_true_negative. For this distribution, we consider two cases of low and high mobility rates V max . A total of 70% and 75.7% of the cases

fall in the range from 3 to 6 claims in the case of low and high mobility rates, respectively. This implies that in most cases, the number of claims is less than the average and thus STPRT detects duplicates in fewer than six claims in most cases.

0 1 2 3 4 5 6 7 8 9 10

10 20 30 40 50

replica_true_ negative

benign_true _positive

V

(m/s)

FIGURE

AVERAGE NUMBER OF CLAIMS VS VMAX , WHEN V MAX = 20 M/S

0 2 4 6 8 10

10 20 30 40 50

replica _true_negat ive

benign_true _positive

V

(m/s)

AVERAGE NUMBER OF CLAIMS VS VMAX , WHEN V MAX = 40 M/S

When we analyze the above figures we can easily identified the results. First, there were no false positive or false negatives at all mobility rates. This implies that the replica was always detected with probability 1 and benign node was never misidentified as a replica at any mobility rate. From this observation, we see that STPRT works well against our random attacker model.

Second, the results of the average number of claims are shown in Figure 2. We present the results of two cases. One is that the claim generator is a benign node and the STPRT by benign_true_positive in Figure 3. The other one is that the claim generators are compromised node and its replica node, and STPRT decides that these nodes are a compromised node and its replica. We denote this case by replica_true_negative.

0% 20% 40% 60% 80% 100%

10 20 30 40 50

replica_true _neagtive benign_true _positive

V

(m/s)

FIGURE 3

International Journal of Emerging Technology and Advanced Engineering

284 We simulated the proposed scheme by using ns-2 network simulator. In our simulation, 300 mobile sensor nodes are placed within a square area of 300 m * 300 m. We use the Random Waypoint Mobility (RWM) model to determine the movements of mobile sensor nodes. In the RWM model, each node moves to a randomly chosen location with a randomly selected speed between a predefined minimum and maximum speed. After reaching that location, it stays there for a predefined pause time. It randomly choose another location after that pause time and moves to that location. This Random movement process is repeated during a simulation time.

V. CONCLUSIONS

We have proposed a replica detection and isolation scheme for mobile sensor networks based on the STPRT. We have analytically demonstrated the limitations of attacker strategies to evade our detection technique. In particular, we first showed the limitations of a group attack strategy in which the attacker controls the movements of a group of replicas. We presented quantitative analysis of the limit on the amount of time for which a group of replicas can avoid detection and quarantine. We also modeled the interaction between the detector and the adversary as a repeated game and found a Nash equilibrium. This Nash equilibrium shows that even the attacker’s optimal gains are still greatly limited by the combination of detection and quarantine. We performed simulations of the scheme under a random movement attack strategy in which the attacker lets replicas randomly move in the network and under a static placement attack strategy in which he keeps his replicas from moving to best evade detection. The results of these simulations show that our scheme quickly detects mobile replicas with a small number of location claims against either strategy.

REFERENCES

1] J.-Y.L. Boudec and M. Vojnovi c,“Perfect Simulation and Stationary of a Class of Mobility Models,” Proc. IEEE INFOCOM, pp. 2743-2754, Mar. 2005.

[2] S. C apkun and J.P. Hubaux, “Secure Positioning in Wireless Networks,” IEEE J. Selected Areas in Comm., vol. 24, no. 2, pp. 221-232,Feb. 2006.

[3] M. Conti, R.D. Pietro, L.V. Mancini, and A. Mei, “A Randomized, Efficient, and Distributed Protocol for the Detection of Node Replication Attacks in Wireless Sensor Networks,” Proc. ACM MobiHoc, pp. 80-89, Sept. 2007.

[4] K. Dantu, M. Rahimi, H. Shah, S. Babel, A. Dhariwal, and G.S.Sukhatme, “Robomote: Enabling Mobility in Sensor Networks,”Proc. Fourth IEEE Int’l Symp. Information Processing in SensorNetworks (IPSN), pp. 404-409, Apr. 2005.

[5] J. Ho, M. Wright, and S.K. Das, “Fast Detection of Replica Node Attacks in Mobile Sensor Networks Using Sequential Analysis,” Proc. IEEE INFOCOM, pp. 1773-1781, Apr. 2009.

[6] J. Ho, D. Liu, M. Wright, and S.K. Das, “Distributed Detection ofReplicas with Deployment Knowledge in Wireless Sensor Net- works,” Ad Hoc Networks, vol. 7, no. 8, pp. 1476-1488, Nov. 2009.

[7] L. Hu and D. Evans, “Localization for Mobile Sensor Networks,”Proc. ACM MobiCom, pp. 45-57, Sept. 2004.

[8] J. Jung, V. Paxon, A.W. Berger, and H. Balakrishnan, “Fast Portscan Detection Using Sequential Hypothesis Testing,” Proc. IEEE Symp. Security and Privacy, pp. 211-225, May 2004.

[9] A. Liu and P. Ning, “TinyECC: A Configurable Library for EllipticCurve Cryptography in Wireless Sensor Networks,” Proc. Seventh IEEE Int’l Symp. Information Processing in Sensor Networks (IPSN), pp. 245-256, Apr. 2008.

[10] S. PalChaudhuri, J.-Y.L. Boudec, and M. Vojnovi c, “Perfect Simulations for Random Trip Mobility Models,” Proc. 38th Ann. Simulation Symp., Apr. 2005.

[11] B. Parno, A. Perrig, and V.D. Gligor, “Distributed Detection of Node Replication Attacks in Sensor Networks,” Proc. IEEE Symp. Security and Privacy, pp. 49-63, May 2005.

[12] H. Song, S. Zhu, and G. Cao, “Attack-Resilient Time Synchroniza- tion for Wireless Sensor Networks,” Ad Hoc Networks, vol. 5, no. 1, pp. 112-125, Jan. 2007.

[13] K. Sun, P. Ning, C. Wang, A. Liu, and Y. Zhou “TinySeRSync:Secure and Resilient Time Synchronization in Wireless Sensor Networks,” Proc. 13th ACM Conf. Computer and Comm. Security (CCS), pp. 264-271, Oct. 2006.

[14] G. Theodorakopoulos and J.S. Baras, “Game Theoretic Modeling of Malicious Users in Collaborative Networks,” IEEE J. Selected Areas in Comm., vol. 26, no. 7, pp. 1317-1326, Sept. 2008.

[15] A. Wald, Sequential Analysis. Dover, 2004.

International Journal of Emerging Technology and Advanced Engineering

285

[17] K. Xing, F. Liu, X. Cheng, and H.C. Du, “Real-Time Detection of Clone Attacks in Wireless Sensor Networks,” Proc. IEEE Int’l Conf. Distributed Computing Systems (ICDCS), pp. 3-10, June 2008.