The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.05 - September/October (2011 vol.8)
pp: 685-698
Mauro Conti , Sapienza - University of Rome, Rome
Roberto Di Pietro , Universita di Roma Tre, Rome
Luigi Vincenzo Mancini , Sapienza - University of Rome, Rome
Alessandro Mei , Sapienza - University of Rome, Rome
ABSTRACT
Wireless Sensor Networks (WSNs) are often deployed in hostile environments where an adversary can physically capture some of the nodes, first can reprogram, and then, can replicate them in a large number of clones, easily taking control over the network. A few distributed solutions to address this fundamental problem have been recently proposed. However, these solutions are not satisfactory. First, they are energy and memory demanding: A serious drawback for any protocol to be used in the WSN-resource-constrained environment. Further, they are vulnerable to the specific adversary models introduced in this paper. The contributions of this work are threefold. First, we analyze the desirable properties of a distributed mechanism for the detection of node replication attacks. Second, we show that the known solutions for this problem do not completely meet our requirements. Third, we propose a new self-healing, Randomized, Efficient, and Distributed (RED) protocol for the detection of node replication attacks, and we show that it satisfies the introduced requirements. Finally, extensive simulations show that our protocol is highly efficient in communication, memory, and computation; is much more effective than competing solutions in the literature; and is resistant to the new kind of attacks introduced in this paper, while other solutions are not.
INDEX TERMS
Wireless sensor networks security, node replication attack detection, distributed protocol, resilience, efficiency.
CITATION
Mauro Conti, Roberto Di Pietro, Luigi Vincenzo Mancini, Alessandro Mei, "Distributed Detection of Clone Attacks in Wireless Sensor Networks", IEEE Transactions on Dependable and Secure Computing, vol.8, no. 5, pp. 685-698, September/October 2011, doi:10.1109/TDSC.2010.25
REFERENCES
[1] I.F. Akyildiz, W. Su, Y. Sankarasubramaniam, and E. Cayirci, "Wireless Sensor Networks: A Survey," Int'l J. Computer and Telecomm. Networking, vol. 38, no. 4, pp. 393-422, 2002.
[2] R. Anderson and M.G. Kuhn, "Tamper Resistance—A Cautionary Note," Proc. USENIX '96 Workshop, pp. 1-11, 1996.
[3] A. Becher, Z. Benenson, and M. Dornseif, "Tampering with Motes: Real-World Physical Attacks on Wireless Sensor Networks," Proc. Int'l Conf. Security in Pervasive Computing (SPC '06), pp. 104-118, 2006.
[4] C. Bettstetter, "On the Minimum Node Degree and Connectivity of a Wireless Multihop Network," Proc. MobiHoc '02, pp. 80-91, 2002.
[5] C. Bettstetter and C. Hartmann, "Connectivity of Wireless Multihop Networks in a Shadow Fading Environment," Proc. Int'l Workshop Modeling Analysis and Simulation of Wireless and Mobile Systems (MSWiM '03), pp. 28-32, 2003.
[6] R. Brooks, P. Govindaraju, M. Pirretti, N. Vijaykrishnan, and M.T. Kandemir, "On the Detection of Clones in Sensor Networks Using Random Key Predistribution," IEEE Trans. Systems, Man and Cybernetics, Part C: Applications and Rev., vol. 37, no. 6, pp. 1246-1258, Nov. 2007.
[7] S. Capkun and J.-P. Hubaux, "Secure Positioning of Wireless Devices with Application to Sensor Networks," Proc. IEEE INFOCOM '05, pp. 1917-1928, 2005.
[8] A. Caruso, A. Urpi, S. Chessa, and S. De, "Gps-Free Coordinate Assignment and Routing in Wireless Sensor Networks," Proc. IEEE INFOCOM '05, pp. 150-160, 2005.
[9] H. Chan, A. Perrig, and D. Song, "Random Key Predistribution Schemes for Sensor Networks," Proc. Symp. Security and Privacy (S&P '03), pp. 197-213, 2003.
[10] G. Chen, J.W. Branch, and B.K. Szymanski, "Local Leader Election, Signal Strength Aware Flooding, and Routeless Routing," Proc. IEEE Int'l Parallel and Distributed Processing Symp. (IPDPS '05), p. 244.1, 2005.
[11] H. Choi, S. Zhu, and T.F. La Porta, "SET: Detecting Node Clones in Sensor Networks," Proc. Int'l Conf. Security and Privacy in Comm. Networks and the Workshops (SecureComm '07), pp. 341-350, 2007.
[12] C. Cocks, "An Identity Based Encryption Scheme Based on Quadratic Residues," Proc. IMA Int'l Conf. '01, pp. 360-363, 2001.
[13] M. Conti, R. Di Pietro, A. Gabrielli, L.V. Mancini, and A. Mei, "The Quest for Mobility Models to Analyse Security in Mobile Ad Hoc Networks," Proc. Seventh Int'l Conf. Wired/Wireless Internet Comm. (WWIC '09), pp. 85-96, 2009.
[14] M. Conti, R. Di Pietro, and L.V. Mancini, "Secure Cooperative Channel Establishment in Wireless Sensor Networks," Proc. IEEE Pervasive Computing and Comm. (PERCOM '06) Workshop, pp. 327-331, 2006.
[15] M. Conti, R. Di Pietro, and L.V. Mancini, "ECCE: Enhanced Cooperative Channel Establishment for Secure Pair-Wise Communication in Wireless Sensor Networks," Ad Hoc Networks, vol. 5, no. 1, pp. 49-62, 2007.
[16] M. Conti, R. Di Pietro, L.V. Mancini, and A. Mei, "Mobility and Cooperation to Thwart Node Capture Attacks in Manets," J. Wireless Comm. and Networking. Feb. 2009.
[17] M. Conti, R. Di Pietro, L.V. Mancini, and A. Mei, "Requirements and Open Issues in Distributed Detection of Node Identity Replicas in WSN," Proc. IEEE Int'l Conf. Systems, Man and Cybernetics (SMC '06), pp. 1468-1473, 2006.
[18] M. Conti, R. Di Pietro, L.V. Mancini, and A. Mei, "A Randomized, Efficient, and Distributed Protocol for the Detection of Node Replication Attacks in Wireless Sensor Networks," Proc. MobiHoc '07, pp. 80-89, 2007.
[19] M. Conti, R. Di Pietro, L.V. Mancini, and A. Mei, "Emergent Properties: Detection of the Node-Capture Attack in Mobile Wireless Sensor Networks," Proc. ACM Conf. Wireless Netwok Security (WiSec '08), pp. 214-219, 2008.
[20] B. Deb, S. Bhatnagar, and B. Nath, "ReInForM: Reliable Information Forwarding Using Multiple Paths in Sensor Networks," Proc. IEEE Int'l Conf. Local Computer Networks (LCN '03), pp. 406-415, 2003.
[21] M. Demirbas and Y. Song, "An RSSI-Based Scheme for Sybil Attack Detection in Wireless Sensor Networks," Proc. Int'l Symp. World of Wireless, Mobile and Multimedia Networks (WOWMOM '06), pp. 564-570, 2006.
[22] A. Derhab and N. Badache, "A Self-Stabilizing Leader Election Algorithm in Highly Dynamic Ad Hoc Mobile Networks," IEEE Trans. Parallel and Distributed Systems, vol. 19, no. 7, pp. 926-939, July 2008.
[23] R. Di Pietro, D. Ma, C. Soriente, and G. Tsudik, "Posh: Proactive Co-Operative Self-Healing in Unattended Wireless Sensor Networks," Proc. IEEE Symp. Reliable Distributed Systems (SRDS), pp. 185-194, 2008.
[24] R. Di Pietro and L.V. Mancini, "Intrusion Detection Systems," Advances in Information Security, vol. 38, Springer, 2008.
[25] R. Di Pietro, L.V. Mancini, and A. Mei, "Energy Efficient Node-to-Node Authentication and Communication Confidentiality in Wireless Sensor Networks," Wireless Networks, vol. 12, no. 6, pp. 709-721, 2006.
[26] R. Di Pietro, L.V. Mancini, A. Mei, A. Panconesi, and J. Radhakrishnan, "Connectivity Properties of Secure Wireless Sensor Networks," Proc. Workshop Security of Ad Hoc and Sensor Networks (SASN '04), pp. 53-58, 2004.
[27] R. Di Pietro, L.V. Mancini, A. Mei, A. Panconesi, and J. Radhakrishnan, "Sensor Networks That Are Provably Resilient," Proc. Int'l Conf. Security and Privacy in Comm. Networks and the Workshops (SecureComm '06), pp. 1-10, 2006.
[28] R. Di Pietro, L.V. Mancini, C. Soriente, A. Spognardi, and G. Tsudik, "Playing Hide-and-Seek with a Focused Mobile Adversary in Unattended Wireless Sensor Networks," Ad Hoc Networks, vol. 7, no. 8, pp. 1463-1475, 2009.
[29] J.R. Douceur, "The Sybil Attack," Proc. Int'l Workshop Peer-to-Peer Systems (IPTPS '01), pp. 251-260, 2002.
[30] D. Dubhashi, O. Häggström, L. Orecchia, A. Panconesi, C. Petrioli, and A. Vitaletti, "Localized Techniques for Broadcasting in Wireless Sensor Networks," Algorithmica, vol. 49, no. 4, pp. 412-446, 2007.
[31] J. Elson and D. Estrin, "Time Synchronization for Wireless Sensor Networks," Proc. Int'l Parallel and Distributed Processing Symp. (IPDPS '01), pp. 1965-1970, 2001.
[32] J. Elson, L. Girod, and D. Estrin, "Fine-Grained Network Time Synchronization Using Reference Broadcasts," SIGOPS Operating Systems Rev., vol. 36, pp. 147-163, 2002.
[33] L. Eschenauer and V.D. Gligor, "A Key-Management Scheme for Distributed Sensor Networks," Proc. Conf. Computer and Comm. Security (CCS '02), pp. 41-47, 2002.
[34] F. Fu, J. Liu, and X. Yin, "Space-Time Related Pairwise Key Predistribution Scheme for Wireless Sensor Networks," Proc. Int'l Conf. Wireless Comm., Networking and Mobile Computing (WiCom '07), pp. 2692-2696, 2007.
[35] D. Ganesan, R. Govindan, S. Shenker, and D. Estrin, "Highly-Resilient, Energy-Efficient Multipath Routing in Wireless Sensor Networks," SIGMOBILE Mobile Computing and Comm. Rev., vol. 5, no. 4, pp. 11-25, 2001.
[36] V.D. Gligor, "Emergent Properties in Ad-Hoc Networks: A Security Perspective," Proc. ACM Symp. Information, Computer and Comm. Security (ASIACCS '06), p. 1, 2006.
[37] Y.C. Hu, A. Perrig, and D.B. Johnson, "Packet Leashes: A Defense against Wormhole Attacks in Wireless Networks," Proc. IEEE INFOCOM '03, pp. 1976-1986, 2003.
[38] C. Karlof and D. Wagner, "Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures," Ad Hoc Networks, vol. 1, nos. 2/3, pp. 293-315, 2003.
[39] B. Karp and H.T. Kung, "GPSR: Greedy Perimeter Stateless Routing for Wireless Networks," Proc. ACM MobiCom '00, pp. 243-254, 2000.
[40] J. Kong, H. Luo, K. Xu, D.L. Gu, M. Gerla, and S. Lu, "Adaptive Security for Multi-Layer Ad-Hoc Networks," Wireless Communication and Mobile Computing, vol. 2, no. 5, pp. 533-547, Wiley Interscience Press, 2002.
[41] S. Kwon and N.B. Shroff, "Paradox of Shortest Path Routing for Large Multi-Hop Wireless Networks," Proc. IEEE INFOCOM '07, pp. 1001-1009, 2007.
[42] A. Mei and J. Stefa, "Routing in Outer Space: Fair Traffic Load in Multi-Hop Wireless Networks," Proc. MobiHoc '08, pp. 23-32, 2008.
[43] J. Newsome, E. Shi, D. Song, and A. Perrig, "The Sybil Attack in Sensor Networks: Analysis & Defenses," Proc. Int'l Symp. Information Processing in Sensor Networks (IPSN '04), pp. 259-268, 2004.
[44] J. Newsome and D.X. Song, "Gem: Graph Embedding for Routing and Data-Centric Storage in Sensor Networks without Geographic Information," Proc. Conf. Embedded Networked Sensor Systems (SenSys '03), pp. 76-88, 2003.
[45] B. Parno, A. Perrig, and V.D. Gligor, "Distributed Detection of Node Replication Attacks in Sensor Networks," Proc. IEEE Symp. Security and Privacy (S&P '05), pp. 49-63, 2005.
[46] A. Shamir, "Identity-Based Cryptosystems and Signature Schemes," Proc. Advances in Cryptology (CRYPTO '84), pp. 47-53, 1985.
[47] H. Song, L. Xie, S. Zhu, and G. Cao, "Sensor Node Compromise Detection: The Location Perspective," Proc. Int'l Conf. Wireless Comm. and Mobile Computing (IWCMC '07), pp. 242-247, 2007.
[48] S. Vasudevan, B. DeCleene, N. Immerman, J. Kurose, and D. Towsley, "Leader Election Algorithms for Wireless Ad Hoc Networks," Proc. DARPA Information Survivability Conf. and Exposition (DISCEX '03), pp. 261-272, 2003.
[49] A. Wander, N. Gura, H. Eberle, V. Gupta, and S.C. Shantz, "Energy Analysis of Public-Key Cryptography for Wireless Sensor Networks," Proc. IEEE Int'l Conf. Pervasive Computing and Comm. (PERCOM '05), pp. 324-328, 2005.
[50] Y. Yang, X. Wang, S. Zhu, and G. Cao, "SDAP: A Secure Hop-by-Hop Data Aggregation Protocol for Sensor Networks," Proc. MobiHoc '06, pp. 356-367, 2006.
[51] Q. Zhang, T. Yu, and P. Ning, "A Framework for Identifying Compromised Nodes in Wireless Sensor Networks," ACM Trans. Information and System Security, vol. 11, no. 3, pp. 1-37, 2008.
[52] B. Zhu, V.G.K. Addada, S. Setia, S. Jajodia, and S. Roy, "Efficient Distributed Detection of Node Replication Attacks in Sensor Networks," Proc. Ann. Computer Security Applications Conf. (ACSAC '07), pp. 257-266, 2007.
[53] S. Zhu, S. Setia, and S. Jajodia, "LEAP: Efficient Security Mechanisms for Large-Scale Distributed Sensor Networks," Proc. Conf. Computer and Comm. Security (CCS '03), pp. 62-72, 2003.
20 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool