Research On Detection Of Node Replication Attacks In Mobile Wireless Sensor Networks

Wireless sensor networks consist of hundreds and thousands of sensor nodes that cooperate with each other by wireless communication in order to accomplish a common goal. Wireless sensor networks can be used for military and civil applications. Usually, in military applications, wireless sensor networks are deployed in harsh environments where enemies may be present. Sensor nodes are very cheap, but they suffer from many constraints, including low computation capability, small memory, and limited energy resources. Because of these constraints, sensors can not protected by the type of physical shielding that could preclude access to a sensor's memory, processing, sensing and communication componets. Due to they are unattended and not equipped with the tamper-resistance hardware, the adversary could capture some sensors, and then acquire all the information stored within. Once a sensor is compromised, an adversary can easily replicate it and deploy these replicas back into the strategic positions in the network for further malicious activities. This process is so-called node replication attack.Since the replicas have legitimate information (such as codes, key materials, and credentials) replicated from the compromised nodes, protocols for secure sensor notwork communication would considere these replicas as legitimate members and allow them to create pairwise shared keys with other nodes and the base station, thus enabling these replicas to encrypt, decrypt, and authenticate all their communications as the non-compromised nodes. Therefore, the adversary can easily launch inside attacks by these replicas, such as monitoring the significant fraction of the network traffic that pass through these replicas, injecting falsified data to corrupt the sensors'monitoring operation, falsifying sensor data to undermine common data aggregation protocol. These node replication attacks are very dangerous to the operation of sensor networks, since the adversay with a large nmber of replicas can easily control or defeat the mission of sensor networks.A number of protocols have been proposed so far to tackle node replication attacks. However, to the best of our knowledge, all of these schemes are based on the assumption of sensors in the network do not have mobility. Once a node moved to a new place, it would be detected as a replica. Thus none of them are suitable for mobile wireless sensor networks. In this paper, we focus on designing protocols for the detection of node replication attacks in mobile wireless sensor networks. The main achievements of our researches are outlined as follows:(1) Mobility-assisted routing protocols are very suitable for delay tolerant network. In these protocols, when a node needs deliver a message, it does not find a end-to-end path to the destination, but carry this message around the network until encountering the receiver or the other relay. These message delivering manner can dramaticlly minimize the communication overhead. Since message transmission occours only when nodes encounter each other, the probability of such encounters is of high importance. In this paper, we derived accurate closed form expressions of the expected encounter probability between different nodes, under three commonly used mobility models (Random Direction mobility model, Random Waypoint mobility model and Community-Based mobility model). This work helps in better understanding the performance of various approaches in different settings, and can facilitate the design of new improved protocols. This work also helps us to analysis the detection probability of our mobility-assisted protocols for detecting node replication attacks in mobile wireless sensor networks.(2) The location-based protocols, which have high probability in detecting node replication attacks and low detection overhead, are the most popular detection protocols in traditional wireless sensor networks. However, these protocols require more routing signaling messages in mobile wireless sensor networks than in static wireless sensor networks, since routings are always changing in mobile networks. This cost is so significant that many wireless sensor networks cannot afford, in view of the fact that it considerably reduces their lifetime. To overcome this issue, we proposed two novel mobility-assisted distributed solutions to node replication detection in mobile wireless sensor networks. The first protocol is Unary-Time-Location Storage & Exchange (UTLSE); the other is Multi-Time-Location Storage & Diffusion (MTLSD). The fundamental idea of our protocols is to make use of the mobility property: Only if two nodes encounter each other, they exchange their time-location claims. That is, if a tracer receives a time-location claim from its tracked neighbor node, it does not immediately transmit this time-location claim to the witness if the witness is not currently within its communication range, but stores that location claim until encountering the witness. Due to the mobility-assisted property, our protocols do not rely on any specific routing protocol, which makes them suitable for various mobile settings. Our theoretical analysis and simulation results show that our protocols are efficient in terms of detection performance, communication overhead and storage overhead.(3) In location-based protocols, for detecting node replication attacks, each node need deliver its location information to the witness node. In such a hostile environment applications, the location information is required to be kept secret. Delivering location information as such protocols is likely to cause more sensor nodes be captured. To solve this problem, we proposed a key-statistics-based protocol to detect the replicas in mobile wireless sensor networks. The fundamental idea of this protocol is: When numbers of replicas are inserted into the network, the number of keys established by using the compromised node's identity is much greater than normal. By collecting key establishment statistics, we can determine which node is a replica. Polynomial based pair-wise key pre-distribution scheme is used in our protocol to guarantee that the replicas can never lie about their real identifiers. And Bloom Filters and Counting Filters are used to collect the number of pair-wise keys been established by each sensor node. Nodes whose number of pair-wise keys exceeds the threshold value are regarded as replicas and kicked out. Analyses and simulations verify that the protocol accurately detects the replicas in the mobile wireless sensor networks and supports their removal.(4) When we design our key-statistics-based protocol, we also give a method to derive the expression for the expected number of pair-wise keys been established by each node. This work not only helps us in deriving the detection threshold of our key-statistics-based protocol, but also can be transformed into a very useful way to analyze the calculation overhead of key establishment in ad hoc network and improve the network performance.