Adversary Detection in Wireless Sensor Networks Under Byzantine Attacks
Adversary Detection in Wireless Sensor Networks Under Byzantine Attacks
Adversary Detection in Wireless Sensor Networks Under Byzantine Attacks
43 www.erpublication.org
Adversary Detection in Wireless Sensor Networks Under Byzantine Attacks
placement problem asks how to decide the minimum number Multicast Message Transmission
of sensors required and their locations in I to ensure that I is Find Adversarial Node
k-covered and that the network is connected. Note that Tree Maintenance.
coverage is affected by sensors sensing distance, while
connectivity is determined by their communication distance. A. Topology Construction
Considering that sensors are mobile and the area I may In this module, construct a topology structure. Here
change over time, the objective of the dispatch problem is to we use mesh topology because of its unstructured nature.
schedule sensors to move to the designated locations Topology is constructed by getting the names of the nodes and
(according to the result computed by the placement strategy) the connections among the nodes as input from the user.
such that the total energy consumption of sensors due to While getting each of the nodes, their associated port and ip
movement can be minimized. For coverage, consider both the address is also obtained. For successive nodes, the node to
binary and probabilistic sensing models of sensors. Under the which it should be connected is also accepted from the user.
binary sensing model, a location can be monitored by a sensor
if it is within the sensors sensing region. While adding nodes, comparison will be done so
that there would be no node duplication. Then identify the
(1)
source and the destinations.
where is a parameter indicating the physical characteristics
of the sensor and d(u, ) is the distance between u and . In Create new node Update
this way, a location in A is considered as k-covered if the Db
probability that there are at least k sensors which can detect No
this location is no smaller than a predefined threshold , Node
WhetherYES
where 0 < < 1. With the above definitions, an area in A is Node availa
node Yes -ble
considered as k- covered if every location inside that area is available
k-covered.
B. Cut Detection
A wireless sensor network can get separated into multiple Db
connected components due to the failure of some of its nodes,
which is called a cut. Failure of a set of nodes will reduce
the number of multihop paths in the network. Such failures Fig. 1. Topology Construction.
can cause a subset of nodes that have not failed to become B. Multicast Message Transmission
disconnected from the rest, resulting in a cut. Two nodes are
The requester signs and unicast on the selected route
said to be disconnected if there is no path between them.
a multicast activation (MACT) message that includes its
assume that there is a specially designated node in the
identifier, the group identifier, and the sequence number used
network, which we call the source node. The source node may
in the RREQ phase. The MACT message also includes a
be a base station that serves as an interface between the
one-way function applied on the tree token extracted from
network and its users. Since a cut may or may not separate a
RREP, frequenter; tree token, which will be checked by the
node from the source node, which distinguish between two
tree node that sent the RREP message to verify that the node
distinct outcomes of a cut for a particular node. When a node
that activated the route, is the same as the initial requester. An
u is disconnected from the source, say that a Disconnected
intermediate node on the route checks if the signature on
from Source (DOS) event has occurred for u. When a cut
MACT is valid and if MACT contains the same sequence
occurs in the network that does not separate a node u from the
number as the one in the original RREQ. The node then adds
source node, say that Connected, but a Cut Occurred
to its list of tree neighbors the previous node and the next
Somewhere (CCOS) event has occurred for u. Without the
node on the route as downstream and upstream neighbors,
knowledge of the networks disconnected state, it may simply
respectively, and sends MACT along the forward route.
forward the data to the next node in the routing tree, which
During the propagation of the MACT message, tree neighbors
will do the same to its next node, and so on. However, this
use their public keys to establish pair wise shared keys, which
message passing merely wastes precious energy of the nodes;
will be used to securely exchange messages between tree
the cut prevents the data from reaching the destination.
neighbors.
Therefore propose a distributed algorithm to detect cuts,
The source periodically signs and sends in the tree an
named the Distributed Cut Detection (DCD) algorithm. The
MRATE message that contains its data transmission rate _0.
algorithm allows each node to detect DOS events and a subset
As this message propagates in the multicast tree, nodes may
of nodes to detect CCOS events. The DOS detection part of
add their perceived transmission rate to it. Each tree node
the algorithm is applicable to arbitrary networks; a node only
keeps a copy of the last heard MRATE packet. The
needs to communicate a scalar variable to its neighbors. The
information in the MRATE message allows nodes to detect if
CCOS detection part of the algorithm is limited to networks
tree ancestors perform selective data forwarding attacks.
that are deployed in 2D euclidean spaces, and nodes need to
Depending on whether their perceived rate is within
know their own positions.
acceptable limits of the rate in the MRATE message, nodes
Alternate between two states. The initial state of a node is
II. MODULES DESIGN
disconnected; after it joins the multicast group and becomes
The project contains four main modules. aware of its expected receiving data rate, the node switches to
Topology Construction
44 www.erpublication.org
International Journal of Engineering and Technical Research (IJETR)
ISSN: 2321-0869, Volume-1, Issue-10, December 2013
the connected state. Upon detecting selective data forwarding complex procedures to be detected as compared to those
attack, the node switches back to the disconnected state. conducting static attacks. The adaptive fusion procedure has
shown to provide significant improvement in the system
C. Find Adversarial Node
performance under both static and dynamic attacks. As to
Wireless-specific attacks such as flood rushing and future work, adaptive detection can be conducted under
wormhole were recently identified and studied. RAP prevents Byzantine attacks and soft decisions can be made based on the
the rushing attack by waiting for several flood requests and sensing reports.
then randomly selecting one to forward, rather than always
forwarding only the first one. Techniques to defend against REFERENCES
wormhole attacks include Packet Leashes, which restricts the
[1] Y.-C. Wang and Y.-C. Tseng, Distributed deployment schemes for
maximum transmission distance by using time or location mobile wireless sensor networks to ensure multilevel
information, Truelink, which uses MAC-level coverage, IEEE Transactions on Parallel and Distributed
acknowledgments to infer if a link exists or not between two Systems, vol. 19, no. 9, pp. 1280 1294, Sept. 2008.
nodes, and the work in , which relies on directional antennas. [2] P. Barooah, H. Chenji, R. Stoleru, and T. Kalmar-Nagy, Cut
detection in wireless sensor networks, IEEE Transactions on
Watchdog relies on a node monitoring its neighbors if they Parallel and Distributed Systems, vol. 23, no. 3, pp. 483
forward packets to other destinations. SDT and Ariadne use 490, Mar. 2012.
multipath routing to prevent a malicious if the sender node [3] C. Chong and S. Kumar, Sensor networks: evolution, opportunities,
forward packet to other destinations. If a node does not and challenges, Proceedings of the IEEE, vol. 91, no. 8, pp.
1247 2056, Aug. 2003.
overhear a neighbor forwarding more than a threshold number [4] R. Niu and P. Varshney, Performance analysis of distributed
of packets, it concludes that the neighbor is adversarial. Use detection in a random sensor field, IEEE Transactions on
multipath routing to prevent a malicious node from selectively Signal Processing, vol. 56, no. 1, pp. 339 349, Jan. 2008.
dropping data. [5] S. Marano, V. Matta, and L. Tong, Distributed detection in the
presence of byzantine attack , IEEE Transactions on Signal
D. Tree Maintenance Processing, vol. 57, no. 1, pp. 16 29, Jan. 2009.
[6] A. Rawat, P. Anand, H. Chen, and P. Varshney, Collaborative
We assume a tree-based on-demand multicast protocol, spectrum sensing in the presence of byzantine attacks in
which maintains bidirectional multicast trees connecting cognitive radio networks, Signal Processing, IEEE Transactions
multicast sources and receivers. Each tree defines a multicast on, vol. 59, no. 2, pp. 774 786, Feb. 2011.
[7] C. Karlof, N. Sastry, and D. Wagner, Tinysec: a link layer
group. The multicast source is a special node, the group security architecture for wireless sensor networks, Proceedings
leader, whose role is to eliminate stale routes and coordinate of the 2nd international conference on Embedded networked
group merges. Route freshness is indicated by a group sensor systems, pp. 162175, 2004.
sequence number updated by the group leader and broadcast [8] H. Kumar, D. Sarma, and A. Kar, Security threats in wireless
sensor networks, IEEE Aerospace and Electronic Systems
periodically as a message in the entire network. For
Magazine, vol. 23, no. 6, pp. 39 45, Jun. 2008.
convenience, we call this message a Group Hello message. [9] W. Zhang, N. Subramanian, and G. Wang, Lightweight and
Higher group sequence numbers denote fresher routes. compromise-resilient message authentication in sensor networks,
Three main operations ensure the tree maintenance: tree IEEE 27th Conference on Computer Communications,
pruning, broken-link repair, and tree merging. Tree pruning INFOCOM 2008, pp. 1418 1426, Apr. 2008.
[10] W. Wang, H. Li, Y. Sun, and Z. Han, Catchit: Detect malicious
occurs when a group member that is a leaf in the multicast tree nodes in collaborative spectrum sensing, IEEE Global
decides to leave the group. To prune itself from the tree, the Telecommunications Conference, GLOBECOM 2009, pp. 1 6,
node sends a message to indicate this to its parent. The 2009.
pruning message travels up the tree causing leaf nodes that are [11] M. R. Fellows, F. V. Fomin, D. Lokshtanov, F. Rosamond, S.
Saurabh, and Y. Villanger, Local search: Is brute-force
not members of the multicast group to prune themselves from avoidable? Journal of Computer and System Sciences, vol.
the tree, until it reaches either a non-leaf node or a group 78, no. 3, pp. 707 719, 2012.
member. A non-leaf group member must continue to act as a [12] H. Chan, A. Perrig, and D. Song, Secure hierarchical in-network
router and cannot prune itself from the multicast tree. aggregation in sensor networks, Proceedings of the 13th ACM
conference on Computer and communications security, ACM
CCS 2006, pp. 278 287, 2006.
III. CONCLUSIONS
In this work, the reliable data fusion is provided for P. Sathya Priya received the B.E. degree in
wireless sensor networks under Byzantine attacks where Computer Science and Engineering from Anna
fusion center randomly polls m out of n users and relies on University in 2012 and currently pursuing M.E.
q-out-of-m rule for final decision. The proposed work degree in Computer Science and Engineering at
Anna University. The current research focuses on
simplifies construction of initial topology and multicast
secure communications in sensor networks.
message transmission among group of nodes. An important
observation is that, even if the percentage of adversary
sensors remains fixed, the false alarm rate diminishes
exponentially with the network size. This implies that for a S. Lokesh received the B.E. and M.E. degrees in Computer Science and
Engineering from Anna University in 2003 and 2005, respectively.
fixed percentage of adversary nodes, network performance Currently working as Asst. professor in department of Computer Science and
can be significantly improved by increasing the density of the Engineering at Hindusthan Institute of Technology. His major research
nodes. Furthermore, obtain an upper bound on the percentage interests are in network security, wireless networks, and future Internet
of adversary nodes that can be tolerated using the q-out-of-m architectures.
rule. It is found that the upper bound is determined by the
sensors detection probability and the attack strategies of the
malicious and adversary nodes. It is observed that nodes
launching dynamic attacks take longer time and more
45 www.erpublication.org