final report fast detection of replica node attacks

“Fast Detection of Replica Node Attacks in Mobile Sensor Network”

1

Chapter 1

Introduction

1.1 Overview

Advances in robotics have made it possible to develop a variety of new architectures for

autonomous wireless networks of sensors. Mobile nodes, essentially small robots with sensing,

wireless communications, and movement capabilities, are useful for tasks such as static sensor

deployment, adaptive sampling, network repair, and event detection . These advanced sensor

network architectures could be used for a variety of applications including intruder detection,

border monitoring, and military patrols. In these kinds of hostile or potentially hostile

environments, the security of unattended mobile nodes is critical. The attacker may be able to

capture and compromise mobile nodes, and then he can use them to inject fake data, disrupt

network operations, and eavesdrop on network communications.

In this scenario, a particularly dangerous attack is the replica attack, in which the

adversary takes the secret keying materials from a compromised node, generates a large number

of attacker-controlled replicas that share the nodes keying materials and ID, and then spreads

these replicas throughout the network. With a single captured node, the adversary can create as

many replica nodes as he has the hardware to generate. Note that replica nodes need not be

identical robots; a group of static nodes can mimic the movement of a robot and other mobile

nodes or even humans with handheld devices could be used. The only requirement is that they

have the software and keying material to communicate in the network, all of which can be

obtained from the captured node. The time and e ort needed to inject these replica nodes into the

network should be much less than the e ort to capture and compromise the equivalent number of

original nodes.

The replica nodes are controlled by the adversary, but have keying materials that allow them to

seem like authorized participants in the network. Protocols for secure sensor network

communication would allow replica nodes to create pair wise shared keys with other nodes and

the base station, enabling the nodes to encrypt, decrypt, and authenticate all of their

communications as if they were the original captured node.


2

1.2 Objective

The system and attacker models, we have three key design goals for replica detection.

1. First, replica nodes should be detected with reasonable communication, computational, and

storage overheads.

2. Second, the detection schemes should be robust and highly resilient against an attackers

attempt to break the scheme. More specifically, the scheme should detect replicas unless the

attacker compromises a substantial number of nodes.

3. Finally, replica detection should be performed at the cost of minimal false positives and

negatives. This is important to prevent turning the replica detection scheme into a tool for denial

of service attacks

Wireless sensor networks are usually deployed in hostile environments for their

unattended nature which makes nodes in the network dangerous to be captured by an adversary.

The adversary can compromise the captured nodes and obtain all the secrets of the nodes,

replicate the compromised nodes to get many replicas with the same node identity. Then

adversary can launch an insidious attack with these legitimateǁ nodes. Dangerous attack is the

replica node attack, in which the adversary takes the secret keying materials from a compromised

node, generates a large number of attacker controlled replicas that share the compromised node’s

keying materials and ID, and then spreads these replicas throughout the network. With a single

Captured node, the adversary can create as many replica nodes as he has the hardware to

generate. Note that replica nodes need not be identical robots; a group of static nodes can mimic

the movement of a robot and other mobile nodes or even humans with handheld devices could be

used.

The only requirement is that they have the software and keying material to communicate

in the network, all of which can be obtained from the captured node. The time and effort needed

to inject these replica nodes into the network should be much less than the effort to capture and

compromise the equivalent number of original nodes. The replica nodes are controlled by the

adversary, but have keying materials that allow them to seem like authorized participants in the


3

network. Protocols for secure sensor network communication would allow replica nodes to

create pair wise shared keys with other nodes and the base station, thereby enabling the nodes to

Encrypt, decrypt, and authenticate all of their communications as if they were the original

captured node. The adversary can then leverage this insider position in many ways.

1.3 Scope of Study

The system and attacker models, we have three key design goals for replica detection.

First, replica nodes should be detected with reasonable communication, computational, and

storage overheads. Second, the detection schemes should be robust and highly resilient against

an attackers attempt to break the scheme. More specifically, the scheme should detect replicas

unless the attacker compromises a substantial number of nodes. Finally, replica detection should

be performed at the cost of minimal false positives and negatives. This is important to prevent

turning the replica detection scheme.

1. Secure the Sensor network.

2. Detect the Replica node attacks in Mobile Sensor network.

3. Avoid the Replica Node Attacks in Mobile Sensor Network.

4. Fast detection of Replica node attack.


4

Chapter 2

Literature Survey

2.1 Existing System (Static Sensor Network)

Security of unattended mobile nodes is critical Attacker may be able to capture and

compromise mobile nodes, and then he can use them to inject fake data, disrupt network

operations, and eavesdrop on network communications.

2.1.1 Static Sensor Network

"Static sensor network is a set of sensors which are stable at on place and sense the conditions

activities."

In static sensor network all sensor nodes are at fix position a having fix difference between them.

They can pass message to the controller by communicate with each other.

2.1.2 Attacks in static Sensor network:

• For Intruder it’s easy to find the location of Sensor.

• Create replica node (duplicate node) sends fake messages.

• Intruder uses more bandwidth.

• Due to this attack on sensor network easy to attack and disturb the sensor network. It

leads to breaking the security of the sensor network. For this problem solution is Mobile

sensor network.

• Unsecure Communication: Receiver node checks the location of sender and

communicates with other neighbour nodes.

• More chances of fake messages as true due to fix distance.

• Controller gets busy in reading fake messages.


5

2.1.3 Mobile Sensor Network

"Mobile Sensor Network is network which has sensor nodes with dynamic location".

In mobile Sensor network sensor nodes are having dynamic location. Node difference

between two nodes is not fixed. Each node is having system assigned speed for its dynamic

movement. Due to this dynamic location it’s not easy to intruder to attack on sensor network.

2.1.4 Attack in Mobile sensor Network

It’s not easy to intruder to attack on Mobile sensor network due to the dynamic location

of the sensor node, because intruder not able to catch the location speed of the moving sensor

node. So there are rare chances of attack on Mobile sensor Network. Secure Communication In

mobile sensor network if Intruder try to attack on network then it will be detected in Location

Verification process. Also if he sends the fake messages they also detected by using different

technique.

If intruder tries to send fake messages then it will be detected in Location Verification

Process. If fake message get detected then it is dropped.

2.2 Proposed System (Dynamic Sensor Network):

2.2.1. Replica Attack in Mobile Sensor Network

• Due to dynamic location of nodes it’s not easy to find the location of sensor node to

intruder.

2.2.2 Secure Communication

• If intruder tries to send fake messages then it will be detected in Location Verification

process.

• If fake message get detected then it is dropped.

We propose a fast and effective mobile replica node detection scheme using the

sequential Probability Ratio Test we first measure the absence time period of a sensor node and

then compare it to a pre-defined threshold. If it is more than threshold value, we decide the

sensor node as captured nodes. This simple approach achieves efficient node capture detection


6

capability as long as a threshold value is properly configured. However, it is not easy to

configure a proper a threshold value to detect captured nodes. If we set threshold to a high value,

it is likely that captured nodes bypass the detection. On the contrary, if we set threshold to a low

value, it is likely that benign nodes can be detected as captured nodes. To minimize these false

positives and negatives, we need to set up threshold in such a way that it is dynamically changed

in accordance with the measured absence time duration for a node For each time slot, every

sensor node measures the number of messages sent by its neighbors. Each time the number of

messages sent by a neighbor is above zero, it will expedite the test process to accept the null

hypothesis that the neighbor is present in the network.

2.3 Comparison between Existing System & Proposed System

Existing System:

• For Intruder it’s easy to find the location of Sensor.

• Create replica node (duplicate node) & sends fake messages.

• Intruder uses more bandwidth.

• Unsecure Communication

• Receiver node checks the location of sender and communicates with other neighbor

nodes.

• More chances of fake messages as true due to fix distance.

• Controller gets busy in reading fake messages.

Proposed System:

• Replica Attack in Mobile Sensor Network

Due to dynamic location of nodes it’s not easy to find the location of sensor node to

intruder.

• Secure Communication

If intruder tries to send fake messages then it will be detected in Location Verification

process. If fake message get detected then it is dropped.


7

Chapter 3

Methodology

3.1 Replica Node Attack

In which the adversary takes the secret keying materials from a compromised node,

generates a large number of attacker-controlled replicas that share the compromised node’s

keying materials And ID, and then spreads these replicas throughout the network. With a single

captured node, the adversary can create as many replica nodes as he has the hardware to

generate. Note that replica nodes need not be identical robots; a group of static nodes can mimic

the movement of a robot and other mobile nodes or even humans with handheld devices could be

used. The only requirement is that they have the software and keying material to communicate in

the network, all of which can be obtained from the captured node. The time and effort needed to

inject these replica nodes into the network should be much less than the effort to capture and

compromise the equivalent number of original nodes.

The replica nodes are controlled by the adversary, but have keying materials that allow

them to seem like authorized participants in the network. Protocols for secure sensor network

communication would allow replica nodes to create pair wise shared keys with other nodes and

the base station, thereby enabling the nodes to encrypt, decrypt, and authenticate all of their

communications as if they were the original captured node. ‘

The adversary can then leverage this insider position in many ways. For example, he can

simply monitor a significant fraction of the network traffic that would pass through these nodes.

Alternately, he could jam legitimate signals from benign nodes or inject falsified data to corrupt

the sensors’ monitoring operation. A more aggressive attacker could undermine common

network protocols, including cluster formation, localization, and data aggregation, thereby

causing continual disruption to network operations. Through these methods, an adversary with a

large number of replica nodes can easily defeat the mission of the deployed network.


8

3.2 Mobile Replica Detection

We define a mobile replica node u0 as a node having the same ID and secret keying

materials as a mobile node u. An adversary creates replica node u0 as follows: He first

compromises node u and extracts all secret keying materials from it. Then, he prepares a new

node u0, sets the ID of u0 to the same as u, and loads u’s secret keying materials into u0. There

may be multiple replicas of u, e.g., u0 1; u0 2; . . . , and there may be multiple compromised and

replicated nodes. Our goal is to detect the fact that both u and u0 (or u01; u02; . .)Operate as

separate entities with the same identity and keys.

Fig.[1] System Architecture

In static sensor networks, a sensor node is regarded as being replicated if it is placed in

more than one location. If nodes are moving around in network, however, this technique does not

work, because a benign mobile node would be treated as a replica due to its continuous change in

location. Hence, we must use some other technique to detect replica nodes in mobile sensor


9

networks. Fortunately, mobility provides us with a clue to help resolve the mobile replica

detection problem. Specifically, a benign mobile sensor node should never move faster than the

system configured maximum speed, V max. As a result, a benign mobile sensor node’s measured

speed will appear to be at most V max as long as we employ a speed measurement system with a

low rate of error. On the other hand, replica nodes will appear to move much faster than benign

nodes and thus their measured speeds will likely be over V max because they need to be at two

(or more) different places at once. Accordingly, if the mobile node’s measured speed exceeds V

max, it is then highly likely that at least two nodes with the same identity are present in the

network.

We apply the neighbor identity to the mobile replica detection problem as follows: Each

time a mobile sensor node moves to a new location, each of its neighbors asks for a signed claim

containing its location and time information and decides probabilistically whether to forward the

received claim to the base station. The base station computes the speed from every two

consecutive claims of a mobile node and performs the neighbor identity by considering speed as

an observed sample. Each time the mobile node’s speed exceeds (respectively, remains below) V

max, it will expedite the random walk to hit or cross the upper (respectively, lower) limit and

thus lead to the base station accepting the alternate (respectively, null) hypothesis that the mobile

node has been (respectively, not been) replicated. Once the base station decides that a mobile

node has been replicated, it revokes the replica nodes from the network.


10

Fig. [2] FLOW CHART

This Flow chart that shows the sequence that how the actual system can work.


11

3.3 Mobile Replica Detection Using Sequential Probability Ratio Tests

This section presents the details of our technique to detect replica node attacks in mobile

sensor networks. Defining “random trip", a generic mobility model for independent mobiles that

contains as special cases: the random waypoint on convex or non convex domains, random walk

with reflection or wrapping, city section, space graph and other models. In static sensor

networks, a sensor node is regarded as being replicated if it is placed in more than one location.

Propose a mobile replica detection scheme by leveraging this intuition. The scheme is

based on the Sequential Probability Ratio Test which is a statistical decision process. The SPRT

can be thought of as one dimensional random walk with the lower and upper limits. A random

walk starts from a point between two limits and moves toward the lower or upper limit in

accordance with each observation. If the walk reaches (or exceeds) the lower or upper limit, it

terminates and the null or alternate hypothesis is selected, respectively. The lower and upper

limits can be configured to be associated with speeds less than and in excess of Vmax,

respectively. To apply the SPRT to the mobile replica detection problem as follows: Each time a

mobile sensor node moves to a new location, each of its neighbors asks for a signed claim

containing its location and time information and decides probabilistically whether to forward the

received claim to the base station. The base station computes the speed from every two

consecutive claims of a mobile node and performs the SPRT by considering speed as an

observed sample.


12

Fig. [3] Detection of attacker nodes

I also assume that the base station is a trusted entity. This is a reasonable assumption in

mobile sensor networks, because the network operator collects all sensor data and can typically

control the nodes’ operation through the base station. Thus, the basic mission of the sensor

network is already completely undermined if the base station is compromised. Each time mobile

node’s speed exceeds (respectively, remains below) V max, it will expedite the random walk to

hit or cross the upper (respectively, lower) limit and thus lead to the base station accepting the

alternate (respectively, null) hypothesis that the mobile node has been (respectively, not been)

replicated. Once the base station decides that a mobile node has been replicated, it revokes the

replica nodes from the network.

3.4. Efficient and Distributed Detection of Node Replication Attack

EDD is based on the assumption that for the network with only benign nodes, the number

of times n1 that the node n meets a node m should be restricted to a threshold value within a

given interval. When a network has replicas then this number will be greater than the threshold

value. With this observation the replica node is detected. Before deployment the length of the

interval and the threshold values are selected. During the movement for each move of a sensor

node the number of nodes encountered is compared with the predefined value. If it is greater,

then a replica is detected.


13

A slight variation to EDD is SEDD. In EDD monitoring of all the nodes is done for

calculating the number. But in SEDD, only a subset is monitored. That set is called as monitor

set. When number of elements in the set is $, the number of nodes to be monitored by each node

is randomly chosen $ unique nodes from 1 to n, where n is the number of nodes in the network.

3.5. Fast Detection of Node Replication Attack Using Sequential Analysis

It is based on the fact that a benign node should not move with speed which is greater

than the system configured speed Vs. When a node’s speed is greater than Vs then we can

consider that at least 2 nodes are there with same identity. For this Sequential Probability Ratio

Test (SPRT) is performed. This can be considered as a one dimensional random walk with lower

and upper bounds. The null and alternate hypotheses are defined. The random walk starts at a

random point that lies in between the two bounds. When it reaches the bounds any one of the

hypothesis is selected based on the bound crossed. Each node sends the location and time

information as a claim to its neighbors when it moves to a new location. Then they make

decision on whether to forward the claim or not. The BS applies statistical analysis to check for

the speed that is measured from the last claim and the current claim. If it is greater than the

system configured speed, then replica is detected.

3.6 Centralized Schemes for Detection of Replica Nodes

3.6.1. Simple Approach

In a simple Centralized approach, the Base Station (BS) acts as centralized entity, each

node sends a list of its neighbor nodes and their claimed locations to a base station. If the base

station finds that there are two far distant locations for one node ID, then the node clone must

have occurred. The BS simply broadcasts through the whole network to expel the cloned nodes.

Then, the BS will revoke the replicated nodes. This solution has several drawbacks, for instance:

Single point of failure (BS) or any compromise to BS, and high communication cost due to the

relevant number of exchanged messages.


14

3.6.2. Set: Detecting Node Clones

A simple way of finding the replica is that each node sends its authenticated report and its

neighbor’s to the base station. But this scheme has high communication overhead due the

repeated information send to the base station. Witness based schemes are based on public key

cryptography and that is not suitable in case of wireless sensor networks. a sensor network is

spited into several non overlapping regions. All nodes are having distinct identifiers. Since each

node has a different identifier the intersection of those regions will give an empty set. When the

node has a replica the intersection will not be empty and the replica node can be detected.

3.6.3. RED

A Randomized, Efficient and Distributed Protocol for the Detection of Node Replication

Attacks. Each and every node in the network known its location and the nodes are static nodes

and they use public key crypto systems. In this a random value r is shared between the nodes

with centralized broadcasting. Each node signs its claim and sends it to neighbours.

Set of witness nodes is formed using pseudo rand function. This takes the arguments ID,

current r value, and the number of locations that have to be generated. The ambiguity is verified

for the witnesses for the claim. Each claim is signed with the private key of that node. For each

claim received by the witness node it verifies the signature first. To check for the validity of the

message the coherence between the time inserted in the message and the current time is verified.

3.6.4. Real Time Detection of Replica Node Attacks

Detection of replica node is done with computation of finger print for each sensor node

based on the characteristics of the neighbour hood. Then verification of this finger print is done

at base station and the neighboring sensors. Before deployment a superimposed disjunctive code

C is pre computed .A binary matrix C defines an s-disjunctive code if and only if the Boolean

sum of any s-subset of columns of C does not cover any other column of C that are not in the s-

subset. After deployment each sensor sends a code word to the neighborhood. Then it calculates

the fingerprint for each node that sends their codeword and monitoring the messages sent in the

neighborhood. After getting the data the sensor calculates the fingerprint of the neighbour from

the code word collected. After calculation the sensor verifies that with the already stored one. If

there is a mismatch then it sends an indication to base station. BS sends a query to the


15

neighborhood’s to get the details of their fingerprint. Then BS decides which sensor should be

revoked. Alternatively BS itself finds the replica without any help from the sensors. BS has

details of fingerprint with sensor ID’s. It collects the message from the sensor and verifies its

signature. If it does not match, then replica is detected.

.

3.6.5. Detection of Clones Using Random Key Distribution

Keys that are present on the cloned nodes are detected by looking at how often they are

used to authenticate nodes in the network. Detection is by analyzing node authentication

statistics. Each node randomly selects k keys from pool. Key usage refers to the number of times

a key is used to set up connections between neighboring nodes. When clones are inserted into the

network, the key usage distribution is skewed. Cloned keys are present on a greater number of

nodes than normal and are therefore used more frequently than keys that have not been cloned.

By collecting key usage statistics, we can determine which keys have been cloned.

3.7 Distributed Schemes for Replica Node Detection

3.7.1. Node-To Network Broadcasting

This detection approach utilizes a simple broadcast protocol. Basically, each and every

node in the network uses an authenticated broadcast message to flood the network with its

location information. Each node stores the location information for its neighbours and if it

receives a conflicting claim, revokes the offending node. A big problem of Node-to network

Broadcasting is high energy consuming.

3.7.2. Random Multicast

In the Random Multicast (RM), when a node broadcasts its location, each of its

neighbours sends (with probability p) a digitally signed copy of the location claim to a set of

randomly selected nodes. Assuming there is a replicated node, if every neighbor randomly

selects destinations, then exploiting the birthday paradox, there is a non negligible probability at

least one node will receive a pair of non coherent location claims. The node that detects the

existence of another node in two different locations within the same time-frame will be called


16

witness. The RM protocol implies high communication costs: Each neighbor has to send

messages.

3.7.3. Line Selected Multicast

In the Line Selected Multicast (LSM) protocol, uses the routing topology of the network

to detect replication, each node which forwards claims also saves the claim. That is, the

forwarding nodes are also witness nodes of a node which has the node ID in a claim. Therefore,

LSM gives a higher detection rate than that of RM.

3.7.4. Resilient Against Node Replication Attack

Extremely efficient detection protocol XED is based on the strategy remembers and

challenge. There is no need for a sensor node to know their location. When a sensor node meets

another node it sends a random number to that node. Each and every node will have a number

associated with the other node they met. When a node p meets the other node q it ask for the

number. If the node does not replies or sending a wrong number indicates a replica.

When p and q are in the same range, they produce the random numbers rp � q and rq � p

of n bits where they belong to 0 to 2n-1 and then transfer them to each other. They have entries

for ID of the node, the original random number and the received one. When p and q does not met

before they exchange random numbers. If not p asks for the random number and q sends it. Now

p checks for whether it is correct or not. Replica is detected if it is not matched with the stored

one or q does not respond.

3.7.5. Active Detection of Node Replication Attacks

Each node is actively test if m other random nodes are replicated or not. They are called

as scrutinized nodes. In order to test whether the scrutinized node A is replicated or not. n nodes

in the network are randomly chosen and asked to forward a request for a signed location claim to

A. If two replicas exist, each will probably receive that and if both answers for that request, then

two conflicting claims will be obtained. So that replica can be detected.


17

3.8 Performance Analysis of These Schemes

Wireless sensor networks are designed with very limited battery power, limited memory

size and limited processing capabilities. So any of protocol that is used in WSN should have

restrictions in the usage of battery power and memory. A variety of attacks can be mounted in

the network using replica nodes. The protocols suggested for these types of attacks should also

have minimum energy and storage consumption.

The communication cost due to the transfer of messages is O (N). In this each root node

is having N/T identifiers each of which is only 12bits. They occupy only limited space according

to the number of trees formed. For RED only a very few nodes are storing more than 10

messages. So the storage overhead is reduced. In terms of energy consumption, it needs only the

witness nodes perform the verification of the signature, which in turn reduces the energy

consumption. It also has better detection probability. In XED the location of each not is not

recorded and only a constant communication cost O(1) is needed for exchanging the random

numbers, since each node is capable of finding the replica per each move.

Real time detection of replica attack is based on generation of finger print and

forwarding. It has O (N) message transmission for fingerprint generation. If the total number of

regular data messages is Num then the total messages message transmission cost is num.√N.

EDD provides distributed detection, individual detection and network wide revocation

avoidance. The additional communication overhead incurred by EDD and SEDD method is only

b that is the beacon resulting in O(1). It has the reasonable storage overhead as O(N) and SEDD

has improved storage overhead as O($) where $ is the number of elements in the monitor set. In

fast detection of replica using SPRT, communication overhead in the worst case will be

O (N.√N). BS needs to store only one claim per node. So at most N claims are to be stored in the

base station.


18

Chapter 4

Advantages & Applications

Advantages:

1. Location Verification detects and avoids about 80%-90% attacks in mobile sensor network.

2. Remaining 10%-20% detection done by Encryption-Decryption

i.e. System with Location verification & Encryption-Decryption makes total secured system.

3. Detects attacks in mobile sensor network fastly.

Applications:

1. Intrusion detection.

2. Border monitoring.

3. Military patrols.

4. Green House Effect.

5. Agriculture.

6. Chemical Industry.


19

Chapter 5

Conclusion & Future scope

Future Scope:

For future work, we would like to thoroughly explore how localization and time

synchronization errors affect the detection accuracy of our scheme. We will examine analytically

and in simulation how time synchronization and localization errors influence the false positive

and negatives of the scheme. Furthermore, we would like to evaluate our scheme against various

types of attacker models. In particular, we are interested in exploring how a variety of attacker

models impact on the security of the scheme. We believe that a game theoretic model is suited

for investigating the interactions between the detector and the adversary. In this model, we will

first study a variety of strategies that may be taken by detector and adversary. Then, we will try

to find the Nash Equilibrium for those strategies.

Conclusion:

We have proposed a replica detection scheme for mobile sensor networks based on the

Sequential Analysis .We detect mobile replicas by using the basic idea that a mobile node should

never move at speeds in excess of the system-configured maximum speed. Our scheme quickly

detects mobile replicas with very small number of location claims.


20

References [1] D. Boneh and M.K. Franklin. Identity-Based Encryption from the Weil Pairing. In Advances in Cryptology CRYPTO, 2010. [2] J-Y. L. Boudec and M. Vojnovi´c. Perfect Simulation and Stationary of a Class of Moblity Models. In IEEE INFOCOM, 2009. [3] J.B. Broch, D.A. Maltz, D.B. Johnson, Y-C. Hu, and J.G. Jetcheva. A Performance Comparison of Multi-Hop Wireless Ad Hoc Network Routing Protocols. In ACM MobiCom , October 2008. [4] T. Camp, J. Boleng, and V. Davies. A survey of mobility models for ad hoc network research. Wireless Communication and Mobile Computing (WCMC): Special issue on Mobile Ad Hoc Networking:Research, Trends, and Applications, 2(5):483-502, 2008. [5] S. ˇCapkun and J.P. Hubaux. Secure Positioning in Wireless Networks. IEEE Journal on Selected Areas in Communications, 24(2):221–232, February 2006. [6] H. Choi, S. Zhu, and T.F La Porta. SET: Detecting node clones in Sensor Networks. In IEEE/CreateNet Conference on Security and Privacy for Emerging Areas in Communication Networks (SecureComm), 2007. [7] C. Cocks. An Identity Based Encryption Scheme Based on Quadratic Residues. In the 8th IMA International Conference on Cryptography and Coding, 2009.

final report fast detection of replica node attacks

Documents