Research On Replication Attacks Detection In Heterogeneous Wireless Sensor Networks

Heterogeneous wireless sensor networks(HWSN) consist of static sensing nodes and mobile sinks. The network was formed autonomously by sensor nodes working in ad-hoc mode, carrying out sensing tasks and sending data in a multi-hop manner. The mobile sinks collect sensing data and help to manage the network. Due to the unattended nature, HWSNs deployed in hostile environments are facing various outsider and insider attacks. The adversary can capture a few sensor nodes, crack and steal its confidential materials, such as the identity, keys, etc. Then, with the same identity and keys, replica nodes are cloned and inserted into the network surreptitiously. Thereafter, these replicas are manipulated to launch different imperceptible insider attacks. Because of the legitimate identity and authorized keys, compared to outsider attacks, replication attacks are hard to detect and eliminate. Moreover, with the reduced cost of sensor nodes, replication attacks will become the first choice by the attackers.Replication attacks have already attracted much attention and become a current hotspot in the literature. Current centralized detecting methods by the base station suffered from such problems as single-point failure and performance bottleneck. While the distributed detection schemes were blamed for large detection overheads resulting from the public key cryptosystem. Detection approaches by using mobile sinks, still relied on a basestation or depended upon complicated positioning algorithms and time-synchronizing algorithms, which further burdened the resource-constrained sensor nodes. Additionally, current data authentication or self-healing methods neglected the detection of mobile sink replicas, leading to more benign nodes captured and cloned by the adversary. Finally, almost all current detection methods assumed that benign nodes formed the majority in the network, so all would fail when this assumption was not satisfied in the scenarios where the adversary cloned more replica nodes, which predominated over benign node in some regions of the network.Concerning about the above problems and challenges in current researches, this dissertation studied the detection methods of replication attacks, in which static nodes cooperate with the mobile sink. The main work consists of the following five aspects:(1) Firstly, we surveyed related works about replicas detection in wireless sensor networks, analyzed and discussed the advantages and limitations of current methods from the prospective of detection by static nodes, detection by mobile sink and mobile sink replicas detection, then points out the challenges of replication detection in heterogeneous wireless sensor networks.(2) Then, in order to defend against and further detect the replication attacks in wireless sensor networks, we proposed a location-binding identity generating and session key establishing scheme. The former restricts the position of the replica sensor nodes, while the latter further limits the possible location of replicas to the one-hop neighborhood of the cloned node. Then, the proposed detection algorithm inspects the location claim messages broadcasted by each sensor node in its neighborhood. The analytical and simulation results show that our method can effectively detect the replica nodes in neighborhood with just little overheads, thus applies to large scale wireless sensor networks.(3) We proposed to detect replica nodes by using a mobile sink in heterogeneous wireless sensor networks, in order to reduce and balance detection overheads in the network. All static sensor nodes were visited itinerantly by the mobile sink, which collected the sensing data and censored the legitimacy of sensor nodes’identity. If the same identity was claimed by more than one sensor nodes, then all these nodes were identified as replicas. To cope with the cunning replica nodes escaping from being detected, the session key in all honest sensor nodes was updated after being visited by the mobile sink. The effectiveness of our method was confirmed theoretically and by simulations, which also revealed the high detection probability with just little overheads.(4) We proposed a mobile sink replicas detection scheme through secret sharing. Before being sent to the mobile sink, the sensed data were encrypted with a randomly selected symmetric key by each sensor node. Meanwhile, it generated the message digest of the encrypted data. Then, the secret, which consists of the digest, the symmetric key along with other parameters, was split into n shares, which were respectively sent to randomly chosen neighbors using the (t,n)-threshold secret sharing algorithm. Then the shares were transferred from these neighbors to the base station hop by hop. Finally, after the base station gathered enough secret shares, it was able to recover the original message digest, symmetric key, etc. Using this message digest, the base station could authenticate the submitted data by the mobile sink. If the authentication failed, it implies the compromised mobile sink or mobile sink replicas. Analysis indicated the effectiveness of our method in the detection with just little overheads, confirming its applicability for mobile sink replicas detection in heterogeneous wireless sensor networks.(5) If the replica nodes inserted by the attackers prevailed in some network regions, almost all current detection methods would fail. To deal with this problem, we proposed a replication attacks detection scheme by discovering network coverage holes. First, every sensor node obtained the communication subgraph in its one-hop neighborhood. Then, all crossing edges were eliminated, so the subgraph was reduced to the corresponding maximal simplicial complex subgraph, not only preserving the key information about network coverage, but also reducing the computing complex afterwards. Then, every node determined whether itself and its neighbors were located around a coverage hole by the adjacent edge verification algorithm and the distributed detection algorithm. The basestation collected the results, computed and obtained the polygons around the coverage holes. The effectiveness of our method was validated by simulation experiments, which also demonstrated that the false positives and false negatives are low, suggesting the applicability in the detection of replication attacks with locally dominant replicas.