Defending against wormhole attacks in mobile ad hoc networks

In ad hoc networks, malicious nodes can deploy wormhole attacks to fabricate a false scenario on the proximity relationship among mobile nodes. A classification of the attacks according to the format of the wormholes is proposed. This forms a basis to identify the detection capability of various approaches. An analysis shows that earlier approaches focus on the prevention of wormholes among neighbors that trust each other. As a more generic approach, we present an end‐to‐end scheme that can detect wormholes on a multi‐hop route. Only the trust between the source and the destination is assumed. The mechanism uses geographic information to detect anomalies in neighbor relations and node movements. To reduce the computation and storage overhead, we present a scheme called cell‐based open tunnel avoidance (COTA) to manage the information. COTA requires a constant space for every node on the path and the computation overhead increases linearly to the number of detection packets. We prove that the savings do not deteriorate the detection capability. Various schemes to control communication overhead are studied. The simulation and experiments on real devices show that the proposed mechanism can be combined with existent routing protocols to defend against wormhole attacks. Copyright © 2006 John Wiley & Sons, Ltd.     

On the Detection of Clones in Sensor Networks Using Random Key Predistribution

Random key predistribution security schemes are well suited for use in sensor networks due to their low overhead. However, the security of a network using predistributed keys can be compromised by cloning attacks. In this attack, an adversary breaks into a sensor node, reprograms it, and inserts several copies of the node back into the sensor network. Cloning gives the adversary an easy way to build an army of malicious nodes that can cripple the sensor network. In this paper, we propose an algorithm that a sensor network can use to detect the presence of clones. Keys that are present on the cloned nodes are detected by looking at how often they are used to authenticate nodes in the network. Simulations verify that the proposed method accurately detects the presence of clones in the system and supports their removal. We quantify the extent of false positives and false negatives in the clone detection process.     

基于加权信任优化的传感器网络安全实现

In this paper, an optimized malicious nodes detection algorithm, based on Weighted Confidence Filter (WCF), is proposed to protect sensor networks from attacks. In this algorithm, each cluster head in a cluster-based hierarchical network figures out an average confidence degree by means of messages from its child nodes. The cluster head only accepts a message from the child node whose confidence degree is higher than the average. Meanwhile, it updates the confidence degrees for each of its child nodes by comparing the aggregation value and the received messages, and regards them as the weight of exactness of messages from nodes. A sensor node is judged to be malicious if its weight value is lower than the predefined threshold. Comparative simulation results verify that the proposed WCF algorithm is better than the Weighted Trust Evaluation (WTE) in terms of the detection ratio and the false alarm ratio. More specifically, with the WCF, the detection ratio is significantly improved and the false alarm ratio is observably reduced, especially when the malicious node ratio is 0.25 or greater. When 40% of 100 sensors are malicious, the detection accuracy is above 90% and the false alarm ratio is nearly only 1.8% .     

Fast Response PKC-Based Broadcast Authentication in Wireless Sensor Networks

Public Key-based (PKC) approaches have gained popularity in Wireless Sensor Network (WSN) broadcast authentication due to their simpler protocol operations, e.g., no synchronization and higher tolerance to node capture attack compared to symmetric key-based approaches. With PKC??s security strength, a sensor node that authenticates messages before forwarding them can detect a bogus message within the first hop. While this prevents forged traffic from wasting the sensor nodes?? energy, performing PKC operations in the limited computing-power sensor nodes can result in undesirably long message propagation time. At the other extreme, the sensor node can forward messages to other nodes prior to authenticating them. This approach diminishes propagation time with the trade-off of allowing forged messages to propagate through the network. To achieve swift and energy efficient broadcast operation, sensor nodes need to decide wisely when to forward first and when to authenticate first. In this paper, we present two new broadcast authentication schemes, called the key pool scheme and the key chain scheme, to solve this dilemma without any synchronization or periodic key redistribution. Both schemes utilize a Bloom filter and the distribution of secret keys among sensor nodes to create fast and capture-resistant PKC-based broadcast authentication protocols. Our NS-2 simulation results for a 3,000-node WSN confirm that broadcast delays of our protocol are only 46.7% and 39.4% slower than the forwarding-first scheme for the key pool and the key chain scheme respectively. At the same time, both protocols are an order of magnitude faster than the authentication-first scheme. The key pool scheme is able to keep forged message propagation to the minimal even when the majority of the nodes have been captured by the attacker. The key chain scheme has smaller transmission overhead than the key pool scheme at the expense of less resistance to node capturing. Two generic improvements to these schemes are also described. One reduces the marking limit on the Bloom filter vector (BFV), which makes it more difficult for an attacker to forge a BFV for a bogus message. The other limits broadcast forwarding to a spanning tree, which reduces the number of nodes forwarding bogus messages by one to two orders of magnitude depending on the percentage of compromised nodes. The first improvement can be applied to any BFV scheme, while the second is even more generally applicable.     

Quarantine region scheme to mitigate spam attacks in wireless-sensor networks

The quarantine region scheme (QRS) is introduced to defend against spam attacks in wireless sensor networks where malicious antinodes frequently generate dummy spam messages to be relayed toward the sink. The aim of the attacker is the exhaustion of the sensor node batteries and the extra delay caused by processing the spam messages. Network-wide message authentication may solve this problem with a cost of cryptographic operations to be performed over all messages. QRS is designed to reduce this cost by applying authentication only whenever and wherever necessary. In QRS, the nodes that detect a nearby spam attack assume themselves to be in a quarantine region. This detection is performed by intermittent authentication checks. Once quarantined, a node continuously applies authentication measures until the spam attack ceases. In the QRS scheme, there is a trade-off between the resilience against spam attacks and the number of authentications. Our experiments show that, in the worst-case scenario that we considered, a not quarantined node catches 80 percent of the spam messages by authenticating only 50 percent of all messages that it processes.     

An efficient weighted trust‐based malicious node detection scheme for wireless sensor networks

The aim of wireless sensor networks (WSNs) is to gather sensor data from a monitored environment. However, the collected or reported information might be falsified by faults or malicious nodes. Hence, identifying malicious nodes in an effective and timely manner is essential for the network to function properly and reliably. Maliciously behaving nodes are usually detected and isolated by reputation and trust‐based schemes before they can damage the network. In this paper, we propose an efficient weighted trust‐based malicious node detection (WT‐MND) scheme that can detect malicious nodes in a clustered WSN. The node behaviors are realistically treated by accounting for false‐positive and false‐negative instances. The simulation results confirm the timely identification and isolation of maliciously behaving nodes by the WT‐MND scheme. The effectiveness of the proposed scheme is afforded by the adaptive trust‐update process, which implicitly performs trust recovery of temporarily malfunctioning nodes and computes a different trust‐update factor for each node depending on its behavior. The proposed scheme is more effective and scalable than the related schemes in the literature, as evidenced by its higher detection ratio (DR) and lower misdetection ratio (MDR), which only slightly vary with the network's size. Moreover, the scheme sustains its efficient characteristics without significant power consumption overheads.     

An EDRI-based approach for detecting and eliminating cooperative black hole nodes in MANET

Mobile Ad hoc Network (MANET) is a self-configurable, self-maintenance network with wireless, mobile nodes. Special features of MANET like dynamic topology, hop-by-hop communications and open network boundary, made security highly challengeable in this network. From security aspect, routing protocols are highly vulnerable against a wide range of attacks like black hole. In black hole attack malicious node injects fault routing information to the network and leads all data packets toward it-self. In this paper, we proposed an approach to detect and eliminate cooperative malicious nodes in MANET with AODV routing protocol. A data control packet is used in order to check the nodes in selected path; also, by using an Extended Data Routing Information table, all malicious nodes in selected path are detected, then, eliminated from network. For evaluation, our approach and a previous work have been implemented using Opnet 14 in different scenarios. Referring to simulation results, the proposed approach decreases packet overhead and delay of security mechanism with no false positive detection. In addition, network throughput is improved by using the proposed approach.     

抵抗Sybil攻击的无线传感网中网络分布式密钥管理方案

Wireless sensor network nodes (WSN nodes) have limited computing power, storage capacity, communication capabilities and energy and WSN nodes are easy to be paralyzed by Sybil attack. In order to prevent Sybil attacks, a new key distribution scheme for wireless sensor networks is presented. In this scheme, the key information and node ID are associated, and then the attacker is difficult to forge identity ID and the key information corresponding to ID can not be forged. This scheme can use low-power to resist the Sybil attack and give full play to the resource advantages of the cluster head. The computing, storage and communication is mainly undertaken by the cluster head overhead to achieve the lowest energy consumption and resist against nodes capture attack. Theoretical analysis and experimental results show that compared with the traditional scheme presented in Ref. [14], the capture rate of general nodes of cluster reduces 40% , and the capture rate of cluster heads reduces 50% . So the scheme presented in this paper can improve resilience against nodes capture attack and reduce node power consumption.     

SeRWA: A secure routing protocol against wormhole attacks in sensor networks

A wormhole attack is particularly harmful against routing in sensor networks where an attacker receives packets at one location in the network, tunnels and then replays them at another remote location in the network. A wormhole attack can be easily launched by an attacker without compromising any sensor nodes. Since most of the routing protocols do not have mechanisms to defend the network against wormhole attacks, the route request can be tunneled to the target area by the attacker through wormholes. Thus, the sensor nodes in the target area build the route through the attacker. Later, the attacker can tamper the data, messages, or selectively forward data messages to disrupt the functions of the sensor network. Researchers have used some special hardware such as the directional antenna and the precise synchronized clock to defend the sensor network against wormhole attacks during the neighbor discovery process. In this paper, we propose a Secure Routing protocol against wormhole attacks in sensor networks (SeRWA). SeRWA protocol avoids using any special hardware such as the directional antenna and the precise synchronized clock to detect a wormhole. Moreover, it provides a real secure route against the wormhole attack. Simulation results show that SeRWA protocol only has very small false positives for wormhole detection during the neighbor discovery process (less than 10%). The average energy usage at each node for SeRWA protocol during the neighbor discovery and route discovery is below 25 mJ, which is much lower than the available energy (15 kJ) at each node. The cost analysis shows that SeRWA protocol only needs small memory usage at each node (below 14 kB if each node has 20 neighbors), which is suitable for the sensor network.     

Distributed detection of replica node attacks with group deployment knowledge in wireless sensor networks

Several protocols have been proposed to mitigate the threat against wireless sensor networks due to an attacker finding vulnerable nodes, compromising them, and using these nodes to eavesdrop or undermine the operation of the network. A more dangerous threat that has received less attention, however, is that of replica node attacks, in which the attacker compromises a node, extracts its keying materials, and produces a large number of replicas to be spread throughout the network. Such attack enables the attacker to leverage the compromise of a single node to create widespread effects on the network. To defend against these attacks, we propose distributed detection schemes to identify and revoke replicas. Our schemes are based on the assumption that nodes are deployed in groups, which is realistic for many deployment scenarios. By taking advantage of group deployment knowledge, the proposed schemes perform replica detection in a distributed, efficient, and secure manner. Through analysis and simulation experiments, we show that our schemes achieve effective and robust replica detection capability with substantially lower communication, computational, and storage overheads than prior work in the literature.     

E2EACK: an end-to-end acknowledgment-based scheme against collusion black hole and slander attacks in MANETs

Mobile ad hoc networks (MANETs) rely on the benevolence of nodes within the network to forward packets from a source node to a destination node. This network construction allows for the forwarding nodes, whether they are selfish or malicious, to drop packets hindering end-to-end communication. In this paper, a new scheme is proposed against collusion black hole and slander attacks in MANETs, named E2EACK. A novel method is used to detect collusion attacks due to collusive malicious nodes which cooperate in the route discovery, but refuse to forward data packets and do not disclose the misbehavior of each other. Contrary to existing methods that detect only collusion black hole attacks, the E2EACK also detects slander attacks and framing attacks. Moreover, the E2EACK uses ACKnowledgment packet to detect malicious nodes on the path and Message Authentication Code (MAC) to authenticate the sender of each data packet. Analytical and simulation results show that the proposed scheme considerably decreases the routing overhead and increases the packet delivery ratio compared to the existing methods.     

Honeypot Based Black-Hole Attack Confirmation in a MANET

Many solutions are proposed to identify or prevent the attacks in a Mobile Ad hoc Network. However, sometimes these systems detect false attacks. This could lead to loss of resources in a mobile ad hoc network and cause a downgrade in quality of service. Hence mobile ad hoc networks need a system to confirm the attack before taking further actions. In our work presented in this paper, we propose an attack confirm system for a malicious attacker, called the Black-hole attacker. We present our Black-hole attack Confirmation System, which identifies and confirms the black-hole attack in a mobile ad hoc network using honeypot. The honeypot intelligently identifies all the possible types of black-hole attack using the Black-hole Attack tree, and confirms the attack using the Attack History Database. Together, the Black-hole Attack tree, and Attack History Database aid the honeypot in reducing the false alarms in the mobile ad hoc network. We have simulated the proposed system in several mobile ad hoc network environments of varying sizes of nodes and applications. On several occasions the results have demonstrated that the proposed system is efficient in confirming the black-hole attack and saving the resources and minimizing the path re-establishment.     

Design and Analysis of Low Noise Optimization Amplifier Using Reconfigurable Slotted Patch Antenna

Now a days, the communication between different nodes in a Mobile Ad hoc Network (MANET) is not guarded. Various encryption mechanisms are used to protect the communication between nodes. Link failures and packet dropping due to unfaithful nodes are becoming one of the main opposition for the trusted detection of malicious nodes. A failure can occur either due to channel errors or harmful nodes in network. These attacks may have the intention of modifying the routing protocol so that the data transmission through a specific node controlled by the attacker disturbs the network topology. Thus it deteriorates the performance of network. Mutual association of dropped packets is capitalized for synthesizing the suspicious nodes in MANET. The algorithm proposed is using an efficient cryptosystem with cipher text list validator scheme and a communal auditing scheme for the validation of certificate received from individual nodes. For constructing the framework, the proposed algorithm with five phases has a network setup phase, data routing phase, communal auditing phase, error node detection phase and a data receiver phase. This framework makes the MANET node build a safe routing topology by effectively judging the harmful nodes as well as the unfaithful information accepted from supplementary nodes.     

Access control in wireless sensor networks

Nodes in a sensor network may be lost due to power exhaustion or malicious attacks. To extend the lifetime of the sensor network, new node deployment is necessary. In military scenarios, adversaries may directly deploy malicious nodes or manipulate existing nodes to introduce malicious “new” nodes through many kinds of attacks. To prevent malicious nodes from joining the sensor network, access control is required in the design of sensor network protocols. In this paper, we propose an access control protocol based on Elliptic Curve Cryptography (ECC) for sensor networks. Our access control protocol accomplishes node authentication and key establishment for new nodes. Different from conventional authentication methods based on the node identity, our access control protocol includes both the node identity and the node bootstrapping time into the authentication procedure. Hence our access control protocol cannot only identify the identity of each node but also differentiate between old nodes and new nodes. In addition, each new node can establish shared keys with its neighbors during the node authentication procedure. Compared with conventional sensor network security solutions, our access control protocol can defend against most well-recognized attacks in sensor networks, and achieve better computation and communication performance due to the more efficient algorithms based on ECC than those based on RSA.     

A novel approach for mitigating route request flooding attack in MANET

Mobile ad-hoc network (MANET) is a temporary network in which the main requirement for establishing the communication path among nodes is that the nodes should be cooperative. However, in the presence of malicious node, the MANET’s routing protocol such as AODV is vulnerable to different types of flooding attacks. The flooding attack can be continuous or selective. In the available literature, although many researchers have analyzed the network under continuous flooding attack but they have not focussed on selective flooding attack in which an attacker can sometimes behave as a normal and sometimes behave as a malicious. Most of the existing schemes use constant threshold value which lead to a false positive problem in the network. In order to address this issue, a new mechanism called as Mitigating Flooding Attack Mechanism is proposed which is based on a dynamic threshold value and consists of three phases. It makes use of several special nodes called as Flooding-Intrusion Detection System (F-IDS) that are deployed in MANETs in order to detect and prevent flooding attack. The F-IDS nodes are set in promiscuous in order to monitor the behaviour of the node. The simulation results show that the proposed mechanism improves network performance metrics in terms of PDR, throughput and reduces the routing overhead as well as normalized routing load.     

基于FSM检测的移动自组网攻击分类研究

在移动自组网环境下,由于移动节点可能被攻击截获,导致攻击从内部产生,传统的网络安全措施难以应用,只有通过入侵检测才能发现攻击者。通过分析移动自组网的攻击类型,并构造从恶意节点发起的攻击树,采用有限状态机的思想,设计一个基于FSM的入侵检测算法。采用该算法的入侵检测系统可通过邻居节点的监视,实时地检测到节点的各种攻击行为。     

SAKE: Software attestation for key establishment in sensor networks

This paper presents a protocol called Software Attestation for Key Establishment (SAKE), for establishing a shared key between any two neighboring nodes of a sensor network. SAKE guarantees the secrecy and authenticity of the key that is established, without requiring any prior authentic or secret cryptographic information in either node. In other words, the attacker can read and modify the entire memory contents of both nodes before SAKE executes. Further, to the best of our knowledge, SAKE is the only protocol that can perform key re-establishment after sensor nodes are compromised, because the presence of the attacker’s code in the memory of either protocol participant does not compromise the security of SAKE. Also, the attacker can perform any active or passive attack using an arbitrary number of malicious, colluding nodes. SAKE does not require any hardware modification to the sensor nodes, human mediation, or secure side channels. However, we do assume the setting of a computationally-limited attacker that does not introduce its own computationally-powerful nodes into the sensor network.SAKE is based on Indisputable Code Execution (ICE), a primitive we introduce in previous work to dynamically establish a trusted execution environment on a remote, untrusted sensor node.     

ZBFR: zone based failure recovery in WSNs by utilizing mobility and coverage overlapping

Wireless sensor networks are more prone to failures as compared to other traditional networks. The frequent faults and failures sometime create large holes causing loss of sensing and connectivity coverage in the network. In present work, a zone based failure detection and recovery scheme is presented to reliably handle such node failures. We first propose a consensus and agreement based approach to elect a suitable monitor node called as zone monitor (ZM). ZM is responsible for coordinating failure recovery activities and maintaining desired coverage within a zone. In order to overcome failure overhead due to false failure detection, a consensus is carried out amongst neighboring nodes of a suspicious node to confirm the correct status with high accuracy. On confirmation of a node failure, the impact of resulting hole on coverage is analyzed and if impact exceeds beyond a particular threshold, a recovery process is initiated. The recovery process utilizes backup nodes having overlapping sensing coverage with failed node and may also relocate some nodes. Firstly a backup node is probed and activated if available. If no backup node is found, the solution strives to recover coverage jointly by recursively relocating some mobile nodes and probing backup nodes. The proposed scheme is analyzed and validated through NS-2 based simulation experiments.     

Compromise-resilient anti-jamming communication in wireless sensor networks

Jamming is a kind of Denial-of-Service attack in which an adversary purposefully emits radio frequency signals to corrupt the wireless transmissions among normal nodes. Although some research has been conducted on countering jamming attacks, few works consider jamming attacks launched by insiders, where an attacker first compromises some legitimate sensor nodes to acquire the common cryptographic information of the sensor network and then jams the network through those compromised nodes. In this paper, we address the insider jamming problem in wireless sensor networks. In our proposed solutions, the physical communication channel of a sensor network is determined by the group key shared by all the sensor nodes. When insider jamming happens, the network will generate a new group key to be shared only by the non-compromised nodes. After that, the insider jammers are revoked and will not be able to predict the future communication channels used by the non-compromised nodes. Specifically, we propose two compromise-resilient anti-jamming schemes: the split-pairing scheme which deals with a single insider jammer, and the key-tree-based scheme which copes with multiple colluding insider jammers. We implement and evaluate the proposed solutions using Mica2 Motes. Experimental results show that our solutions have low recovery latency and low communication overhead, and hence they are suitable for resource constrained sensor networks.     

Node cooperation in hybrid ad hoc networks

A hybrid ad hoc network is a structure-based network that is extended using multihop communications. Indeed, in this kind of network, the existence of a communication link between the mobile station and the base station is not required: A mobile station that has no direct connection with a base station can use other mobile stations as relays. Compared with conventional (single-hop) structure-based networks, this new generation can lead to a better use of the available spectrum and to a reduction of infrastructure costs. However, these benefits would vanish if the mobile nodes did not properly cooperate and forward packets for other nodes. In this paper, we propose a charging and rewarding scheme to encourage the most fundamental operation, namely packet forwarding. We use "MAC layering" to reduce the space overhead in the packets and a stream cipher encryption mechanism to provide "implicit. authentication" of the nodes involved in the communication. We analyze the robustness of our protocols against rational and malicious attacks. We show that-using our solution-collaboration is rational for selfish nodes. We also show that our protocols thwart rational attacks and detect malicious attacks.