detectability of man-in-the-middle attacker in mobile sensor networks
TRANSCRIPT
8/13/2019 Detectability of Man-in-the-Middle Attacker in Mobile Sensor Networks
http://slidepdf.com/reader/full/detectability-of-man-in-the-middle-attacker-in-mobile-sensor-networks 1/5
8/13/2019 Detectability of Man-in-the-Middle Attacker in Mobile Sensor Networks
http://slidepdf.com/reader/full/detectability-of-man-in-the-middle-attacker-in-mobile-sensor-networks 2/5
International Journal of Advanced Computer Science, Vol. 3, No. 2, Pp. 99-103, Feb., 2013.
International Journal Publishers Group (IJPG) ©
100
neighboring in the network if and only if a bidirectional
radio link can be established between them.
Mobility: We do not require the sensor to be immobile
however we do assume that any movement of sensors willoccur at a speed that appears stationary for the duration of
individual radio transmissions. Therefore, although they
are mobile, yet they will be considered stationary for each
individual instance of communication among pairs of nodes.
Identity: We assume certain cryptographic primitives
including: a unique identity for each node assigned a priori
by the authority who maintains the network and private key
pairs among each pair of nodes [8]. These strong
cryptographic key assignments can be used to authenticate
packets and confidentiality of the network.
Timing: We do not assume that our sensor nodes are
equipped with chip-scale atomic clocks (CSACs) [9].
CSACs deliver the accuracy and stability of an atomic clock
to portable applications by consuming relatively little space
and power. CSACs also provide time accuracy two orders of
magnitude better than the quartz-based solution. These tiny
clocks are accurate to within about less than half a
microsecond per day and can effectively remediate the
challenges presented by distributed time synchronization.
3. Attacker Model
We consider a pervasive and computationally bounded
man-in-the-middle adversary who can overwhelm a node’s
radio hardware by transmitting or receiving beyond the
node’s radio capabilities. We assume that the adversary can
control any communication channel he creates and is able to
eavesdrop, insert, and block arbitrary messages within it.
Fig. 1 shows the attacker node along with other two
legitimate nodes and a falsely perceived link (dotted line)
between the two legitimate nodes A and B.
Fig. 1: The attacker (M) relays messages between two
legitimate nodes (A and B), creating the illusion that A and
B are connected.
The attacker (M) receives messages from both A and B
and creates a fake communication link between A and B.
Both A and B assumes there they are communicatingdirectly without any intermediate node. This type of attack
made by M is called the man-in-the-middle attacker.
4. Discussion
In this section, we discuss the how the detectability of aman-in-the-middle attack as mentioned in [6] can vary. First,
we describe detectability in terms of the node’s radio
capacity. Then, we consider the geographical location of the
man-in-the-middle attacker. We demonstrate how
detectability depends on the turnaround time, location, and
radio capacity of the legitimate nodes and the attacker.
A. Radio Capability
The communication or radio capability of a sensor node
is either half-duplex or full-duplex on a given channel. A
half-duplex node can transmit or receive but cannot do bothsimultaneously. A full-duplex node is one which can
simultaneously transmit and receive. A double full-duplex
node has full-duplex capabilities on two independent
channels. Here, we summarized the different scenarios of
the [6] based on the radio model of the attacker and
legitimate nodes. The Table 1 shows the detectability of the
man-in-the-middle attacker based on the various channel
types.
TABLE 1
Detectability of the man-in-the-middle attacker
Legitimate Nodes Attackernode
Detectability
Half-Duplex or
Full-DuplexHalf-duplex Yes (Always)
Half-Duplex Full-DuplexDepends on attacker’s
location
Full-Duplex Full-DuplexDepends on turnaround
time
Half-Duplex or
Full-Duplex
Double
Full-DuplexImpossible
Since a half-duplex attacker cannot transmit and receive
simultaneously, it will introduce more delay than the direct
communication between two legitimate nodes. Therefore, it
is always detectable. On the other hand, a double
full-duplex attacker can inject a constant delay, and thus,
cannot be detected with timing information alone [6]. If the
attacker is equipped with better radio capacity compared to
the legitimate nodes, detectability depends on the
turn-around time of the attacker and therefore is a function
of the distance between each of the nodes and the attacker.
8/13/2019 Detectability of Man-in-the-Middle Attacker in Mobile Sensor Networks
http://slidepdf.com/reader/full/detectability-of-man-in-the-middle-attacker-in-mobile-sensor-networks 3/5
Mohammad Abdus Salam: Detecability of Man-in-the-Middle Attacker in Mobile Sensor Networks.
International Journal Publishers Group (IJPG) ©
101
B. Attacker’s Location
As stated in [6], there is proportionality between the
turn-around time of a full-duplex attacker and the minimum
distance required to detect the temporal distortion caused by
that attacker. If the distance between the attacker and eachnode is greater than half the product of each respective
node’s turnaround time and the speed of light, a WSN node
can detect the attacker through careful timing analysis of the
messages exchanged between the nodes. The minimum
distances between nodes A, B and attacker M are expressed
symmetrically:
A MA c 2
1
B MB c 2
1
Here,
MA is the distance between node A and
attacker M. Similarly, MB
is the distance between node
B and attacker M, c is the speed of light, and A
and
B
are the turnaround time of node A and B, respectively. If
an attacker is positioned anywhere outside of ranges MA
and MB
, then we can detect M. On the other hand, if the
attacker M is standing within range of both MA
and
MB
then detection becomes impossible. This distance
relationship is illustrated in Fig. 2.
Fig. 2: Location of attacker M with respect to other legitimate nodes A and
B.
Alternatively, variations of the man-in-the-middle attack
can be framed in terms of the location. For illustrative
purposes we assume that legitimate nodes A, B, and attacker
M are using omnidirectional antennas and their transmission
ranges are r A, r B, and r M, respectively.
If the distance between node A and node B is greater
than minimum of r A and r B, then a link cannot be established
because bi-directional communication is not possible. If the
distance between node A and node B is less than r
(assuming r A=r B), then the nodes can communicate each
other and a link can be established. Fig. 3 illustrated the
communication range of each node. Next, we discuss some
cases where detectability is possible and other cases where
detectability is not possible.
Fig. 3: Nodes transmission range
Case I: A and B are within direct communication range
If the distance between A and B is less than r then the
two legitimate sensor nodes A and B are within the direct
communication range and a link can be established. In this
case, it is very easy to detect the attacker M because at
least 1 out of n packages received by B will come directly
from A [6].
Fig. 4: (Case I) Distant between attacker and node is less than r
Fig. 4 (Case I) illustrates this case where A and B are
less than r distance apart and the attacker M does not have
the complete control of the channel. A and B can
communicate directly and any delayed packet due to the
attacker may be detected easily and discarded.
Case II: A and B are 2rM distant away from each other
The distance between A and B is between r and
2r M. In this case, direct communication between A and B is
impossible and a man-in-the-middle attack may be effective,
persistent and executed by a single well positioned attacker.
Detection is difficult near r but becomes easier as the
distance approaches 2r M through timing mechanisms
described in [6]. When A and B are positioned exactly 2r M
apart, the attacker is at his maximum effective range. Fig. 5
(Case II) confirms this case.
8/13/2019 Detectability of Man-in-the-Middle Attacker in Mobile Sensor Networks
http://slidepdf.com/reader/full/detectability-of-man-in-the-middle-attacker-in-mobile-sensor-networks 4/5
International Journal of Advanced Computer Science, Vol. 3, No. 2, Pp. 99-103, Feb., 2013.
International Journal Publishers Group (IJPG) ©
102
Fig. 5: (Case II) Distant between nodes A and B is 2r M
Case III: A and B are more than 2rM distance away from
each other
The distance between A and B is greater than
2r M. Man-in-the-middle attacks are executable only by
multiple attackers and are easy to detect for fixed
turn-around times. Fig. 6 (Case III) illustrates this case. In
this scenario, A and B cannot communicate directly and the
attackers have the complete control over the channel. As thedistance between A and B goes further, multiple attackers
may participate in establishing a link between A and B.
Fig. 6: (Case: III) Distant between nodes A and B is greater than 2r M
In case of multiple man-in-the-middle attackers such as,
M1 and M2, as shown in Fig. 7, they will incur more delay
in the network compared to a single attacker. Moreover, if
we consider multiple attackers combine effect as a single
effect, we will get dotted red rectangle. We can use the
turnaround time and location of the attacker to detect the
attacker M whether it is closer or further from any node.
Fig. 7: Multiple man-in-the-middle attackers cooperating to create the
illusion of one link between A and B
We can summarize the above various cases by Fig. 8 in
terms of their distances and detectability. When the
legitimate nodes are within their direct communication link,
it is easy to detect the attacker. When the legitimate nodes
depart beyond the direct communication range, the attacker
can take the advantages of their distances, and it will be
hard to detect the attacker through timing analysis only.Beyond the distance 2r M, if multiple man-in-the-middle
attackers participate to establish a link between two
legitimate nodes, it will be easy to detect the presence of
attackers because of the imposed longer turnaround time by
the attackers.
Fig. 8: Detectability with distances among the nodes
5. CONCLUSIONS
In this paper, we presented a timing and location-based
analysis of man-in-the-middle attack scenarios. When an
attacker uses same technology as the legitimate nodes, the
attack will always be detectable. Whereas, if the attacker is
using more sophisticated equipment such as double
full-duplex radio channel then it is impossible to detect the
attacker. Moreover, full-duplex attackers may or may not be
detectable depending on location of the attacker and the
turnaround times of the nodes. Further research may includethe utilization of chip-scale atomic clock in various sensor
nodes. Moreover, the utilization of geographical positioning
system to detect the location of sensor nodes is also an
important area to explore further.
Acknowledgment
The author would like to recognize and thank Kevin B.
Bush for his conceptual and editorial contributions to thiswork.
References
[1] M. Salam, O. Soysal, and H. Schneider, “Integration
of wireless sensor networks in geographical
information systems: a survey,” the 2010 international
conference on modeling, simulations & visualization
methods, July 12-15, 2010, Las Vegas, Nevada, USA.
[2] G. Tolle, J. Polastre, R. Szewczyk, N. Turner, K. Tu,
S. Burgess, D. Gay, P. Buonadonna, W. Hong, T.
Dawson, and D. Culler, “A microscope in redwoods,” in
SenSys ’05, November 2005.
[3] Y. Chen, S. Son, “A fault tolerant topology control in
wireless sensor networks,” in proceedings of the
8/13/2019 Detectability of Man-in-the-Middle Attacker in Mobile Sensor Networks
http://slidepdf.com/reader/full/detectability-of-man-in-the-middle-attacker-in-mobile-sensor-networks 5/5
Mohammad Abdus Salam: Detecability of Man-in-the-Middle Attacker in Mobile Sensor Networks.
International Journal Publishers Group (IJPG) ©
103
ACS/IEEE 2005 International Conference on Computer
Systems and Applications, 2005.
[4] L. Lamport, R. Shostak, and M. Pease, “The Byzantine
Generals Problem,” ACM Transactions on Programming
Languages and Systems, Vol. 4, No. 3, July 1982, Pages
382-401.[5] S.Guo, Z. Zhong, T. He, “FIND: Faulty node detection
for wireless sensor networks,” in the SenSys ’09,
November 4-6, Berkeley, CA, USA.
[6] J. Chiang, J. Haas, Y. Hu, P. Kumar, and J. Choi,
“Fundamental limits on secure clock synchronization
and man-in-the-middle detection in fixed wireless
networks,” in Proceedings of INFOCOM. IEEE , 2009.
[7] M. Healy, T. Newe, and E. Lewis, “Security for wireless
sensor networks: a review,” IEEE sensor applications
symposium, New Orleans, LA, USA, February 17-19,
2009.
[8]
A. Perrig, R. Szewczyk, V. Wen, D. Cullar, and J. Tygar,“SPINS: Security protocols for sensor networks,” in
proceedings of the 7th ACM International Conference on Mobile Computing and Networking (Mobicom’01).
[9] Chip-scale atomic clock, Available:
http://www.symmetricom.com/csac/.
Mohammad Abdus Salam is an
Associate Professor in the Department of
Computer Science at Southern
University, Baton Rouge, Louisiana. He
received his BS degree in Electrical and
Electronics Engineering fromBangladesh Institute of Technology,
Rajshahi in 1991 and MS and Ph.D. degrees from Fukui
University, Japan, respectively in 1998 and 2001. Prior to 2005, he
worked as an adjunct faculty member of Mathematics and
Computer Science at the City University of New York at York
College, and as a postdoctoral fellow in the Department of
Electrical and Computer Engineering at the University of South
Alabama, Mobile, Alabama. He is a senior member of IEEE. His
research interests include wireless communication, error-control
coding, and sensor networks.