A Dynamic En-route Filtering Scheme for Data Reporting in Wireless Sensor Networks

Aim
The aim of this project is to drop the false data injection using Hill Climbing approach in Dynamic En-route filtering scheme in wireless sensor network.

Synopsis
This paper proposed to detect the false report using Multiple Keyed Message Authentication codes (Macs) scheme and it is classified as 1. Pre-deployment phase. 2. Post -deployment phase. 3. Filtering phase. 1. Pre-deployment phase. Each node preloads an authentication key and a number of secret keys. The secret keys are picked from some global key pools and used to encrypt the authentication key. 2. Post-deployment phase: Each cluster head disseminates the encrypted authentication keys of all nodes in its cluster to the forwarding nodes. Each forwarding node stores the keys it can decrypt and forwards all the keys to most possible next hop nodes. 3. Filtering Phase: The false reports are detected and dropped in the filtering phase. After disseminating the authentication keys, cluster head can send the final reports aggregated from the sensing reports of nodes. In wireless sensor network consist of a large number of small sensor nodes, this sensor nodes organized into cluster and send some report to base station. This sensor networks may suffer different types of malicious attacks. One type is called false report injection attack, in which adversaries inject into sensor networks the false data reports

containing nonexistent events or faked readings from compromised nodes. These attacks not only cause false alarms at the base station, but also drain out the limited energy of forwarding nodes.

Existing System
There are several existing scheme for filtering the false data injection, they are SEF, IHA, CCEF and LED have been proposed to address false report injection attacks and/or DoS attacks. And they have some limitation. SEF is independent of network topology, but it has limited filtering capacity and cannot prevent impersonating attacks on legitimate nodes. IHA has a drawback, that is, it must periodically establish multihop pairwise keys between nodes. Moreover, it asks for a fixed path between the base station and each cluster-head to transmit messages in both directions, which cannot be guaranteed due to the dynamic topology of sensor networks. CCEF also relies on the fixed paths as IHA does and it is even built on top of expensive public-key operations. More severely, it does not support en-route filtering. LEDS utilize location-based keys to filter false reports. They assume that sensor nodes can determine their locations in a short period of time. However, this is not practical, because many localization approaches take quite long and are also vulnerable to malicious attacks.

Disadvantages: False Data injection attack in which an adversary injects the false data and makes the base station or relayed nodes resources drained. In existing system SEF (Statistical En route Detection and Filtering) technique used in which all nodes have the same pre-determined probability to detect and filter false reports and its drawback is limited to fewer nodes.

In post deployment scheme each node establish a pair wise key in multihop nature and it can defend false data injection with a limited number of nodes. Its drawback is to transfer message base station and cluster vice versa. This is impractical in dynamic networks.

Proposed System
We propose a dynamic en-route filtering scheme to address both false report injection attacks and DoS attacks in wireless sensor networks. In our scheme, sensor nodes are organized into clusters. Each legitimate report should be validated by multiple message authentication codes (MACs), which are produced by sensing nodes using their own authentication keys. The authentication keys of each node are created from a hash chain. Before sending reports, nodes disseminate their keys to forwarding nodes using Hill Climbing approach. Then, they send reports in rounds. In each round, every sensing node endorses its reports using a new key and then discloses the key to forwarding nodes. Using the disseminated and disclosed keys, the forwarding nodes can validate the reports. In our scheme, each node can monitor its neighbors by overhearing their broadcast, which prevents the compromised nodes from changing the reports. Report forwarding and key disclosure are repeatedly executed by

each forwarding node at every hop, until the reports are dropped or delivered to the base station. Advantages: In the proposed system false data injection is detected with secret information and it is authenticated using MAC (Message Authentication Codes). In addition Hill Climbing approach is used to disseminate the secret keys in Sensor nodes.

Modules
1. Pre-deployment phase. 2. Post-deployment phase. 3. Filtering phase. 4. Report Forwarding Phase.

1. Pre-deployment phase
In the Pre-deployment phase each sensor nodes preloaded with distinct seed key. From the seed key, it can generate a sequence of auth-keys using a common hash function. Using these auth-keys to encrypt the report and forward at the base station. The first key of the hash chain, also it should be used first at the encryption process; meanwhile, it is the final one generated from the seed key. We assume that the base station is aware of each nodes seed key, so the adversaries cannot impersonate the uncompromised nodes. The key per-distribution phase is performed before the sensor nodes are deployed (e.g. it can be done in offline).

2. Post-deployment phase

In the Post-deployment phase the sensing nodes organized as the cluster, form which cluster head randomly selected. This phase will happen before sending the report. In this phase the cluster head aggregates the auth-keys of the sensing nodes and the cluster-head should disseminate the first auth-keys of all nodes to the forwarding nodes before sending the reports. By using the disseminated keys, the forwarding nodes can verify the authenticity of the disclosed auth-keys, which are in turn used to check the validity and integrity of the reports. The first unused auth-key of a node is called the current auth-key of that node. When none of a nodes auth-keys has ever been used, the current auth-key is just the first auth-key of its hash chain.

3. Filtering Phase: Each sensing nodes having own authentication keys using Mac algorithm. Using Mac algorithm to encrypt the data using authentication key and each node sends the encrypt data to every forward node, forward node to transfer encrypt data to relevant base station.

4. Report Forwarding Phase

In the report forwarding phase the sensing nodes forwarding the report to base station. The reports are organized into rounds, each containing a fixed number of reports. In every round, each sensing node chooses a new auth-key to authenticate its reports. To facilitate verification of the forwarding nodes, the sensing nodes disclose their auth-keys at the end of each round. Meanwhile, to prevent the forwarding nodes from abusing the disclosed keys, a forwarding node can receive the disclosed auth-keys, only after its upstream node overhears that it has already broadcast the reports. Receiving the disclosed keys, each forwarding node verifies the reports, and informs its next-hop node to forward or drop the reports based on the verification result. If the reports are valid, it discloses the keys to its next-hop node after overhearing. The forwarding nodes at every hop repeat the

processes of verification, overhearing, and key disclosure until the reports are dropped or delivered to the base station.

Architecture Diagram

Cluster N Keysharing

N N

Forwarding Nodes Inter1 Inter2 Inter3

Macs filtering

Destination

Conclusion

A dynamic en-route filtering scheme used to drop the false report in wireless sensor network. In the network each sensing nodes uses its own auth-keys to authenticate their reports. The auth-keys of each node form a hash chain and are updated in each round. The cluster-head disseminates the first auth-key of every node to forwarding nodes and then sends the reports followed by disclosed auth-keys. The forwarding nodes verify the authenticity of the disclosed keys by hashing the disseminated keys and then check the integrity and validity of the reports using the disclosed keys. According to the verification report the next node or hop forwarding the report to another node or hop; otherwise it will drop the report.

Software Requirements:
Windows operating system 2000 and above JDK 1.6

Hardware Requirements:
Hard Disk: 20GB and Above RAM: 512MB and Above Processor: Pentium III and Above