Post on 05-Jan-2016
description
Detecting Malicious Beacon Nodes for Secure Location Discovery in Wireless Sensor Networks
Donggang Liu (NCSU)Peng Ning (NCSU)
Wenliang Du (Syracuse University)ICDCS 2005
Presented by Liang Zhang Oct 31, 2005
Outline Problem Definition A Detector for Malicious Beacon
Nodes Revoking Malicious Beacon Nodes Simulation Evaluation Discussion
Location Discovery Location Discovery in Wireless Sensor
Networks Applications: environment monitoring and
target tracking Fundamental techniques: routing protocol
Naive Methods GPS Manual Configuration
Beacon Nodes Special nodes which are assumed to know
their own locations
Location Discovery Protocols based on Beacon Nodes1. Non-beacon node <- (beacon packet) <-
beacon node.2. The non-beacon nodes estimate certain
measurements (e.g., distance) based on features of the beacon signals. Received Signal Strength Indicator (RSSI) Time of Arrival (ToA) Time Difference of Arrival (TDoA) Angle of Arrival (AoA).
3. A sensor node determines its own location after getting enough number of location references from different beacon nodes.
Masquerade beacon node
Compromised beacon node
Replay attack
Problems to be Solved in Paper Detecting Malicious Beacon Nodes Revoking Malicious Beacon Nodes
Problem Definition A Detector for Malicious Beacon
Nodes Revoking Malicious Beacon Nodes Simulation Evaluation Discussion
Detecting Malicious Beacon Signals
Malicious Beacon Signals v.s. Malicious Beacon Nodes Question
Malicious signal -> Malicious beacon node?
Replay Attack Wormhole attack Locally replayed beacon signal
Replayed Beacon Signals from Wormholes Assume a wormhole detector is
installed on every node. The detecting node finds a
malicious beacon signal Wormhole attack Calculated dist > radio comm range
of target node
Locally Replayed Beacon Singals Goal: to detect locally replayed
beacon signals Observation: local replay
introduces extra delay Approach: to find the
characteristics of RTT between 2 neighbor sensor nodes?
Round Trip Time
RTT = (t2 – t1) + (t4 – t3)
= (t4 - t1) – (t3 - t2)
= d1 + d2 + d3 + d4 + 2D/c
RTT d1, d2, d3 and d4 are mainly
determined by hardware 2D/c can be negligible RTT should be within a narrow
range
Measured Range of RTT
RTTmin = 1951 RTTmax = 7506
Detector for locally replayed beacon signals Node u communicate with a
beacon node v Node u compute RTT If RTT <= RTTmax, no locally replay
Malicious signal -> malicious node If RTT > RTTmax, local replay
occurs, signal is ignored.
Problem Definition A Detector for Malicious Beacon
Nodes Revoking Malicious Beacon Nodes Simulation Evaluation Discussion
Revoking Malicious Beacon Nodes All alerts from detecting nodes are
sent to the base station. An alert includes IDdetecting and Idtarget
Each beacon nodes is associated with 2 counters: alert & report
Q: why is report counter necessary?
Algorithm When base station receive an alert(IDdetecting ,
IDtarget ) If (report_counter[IDdetecting]<=τ’) && (node
IDtarget is not revoked) report_counter [IDdetecting]++; alert_counter[IDtarget]++;
If alert_counter[IDtarget]> τ Revoke node IDtarget
Note: an alert from a revoked detecting node will still be considered by the base station.
Simulation Evaluation 1,000 sensor nodes (N=1000) Randomly deployed in 1000*1000 square
feet 100 beacon nodes in which 10 are
compromised Each detecting node has m=8 detecting IDs Detection rate of the wormhole detector is
pd=0.9 A wormhole is between (100,200) and
(800,700)
Detection Rate v.s. P
P – prob of a requesting non-beacon node receives a non-replayed malicious beacon signal from a malicious beacon node
Average number of infected node per malicious beacon node
Detection Rate v.s. False Positive rate
P is chosen to maximize N’ Achieve different false positive rate by using
different value of τ . Na - # of malicious beacon nodes
Discussion Multiple detecting ID
Detecting node need multiple set of keys How many IDs can be used to communicate
with a target node? How to revoke a malicious beacon node?
(Base station broadcasts revocation list? Every node keeps a list?)
Centralized revocation scheme (base station) v.s. distributed revocation scheme
Does each node have to know every revoked beacon node?
Thank you!