International Journal of Emerging Technology and Advanced Engineering

Website: www.ijetae.com (ISSN 2250-2459, Volume 2, Issue 1, January 2012)

Simulation Based on An Effective Defence Against Duplicate Node Attacks in Wireless Networks.
Mr. Selvam E1, Mr. A. Siles Balasingh2
1,2

Lecturer, Department of Computer Science and Engineering & St. Joseph College of Engineering and Technology, Tanzania
1 2

viswa.selvam@yahoo.com singh_bala@yahoo.co.in

Abstract To achieve an efficient and effective approach to find out the duplicate node attacks in the wireless sensor networks still must be a challenge. Attacker, he/she can capture the node form the network and compromise over the network. Attacker he captured any node from the network by using the tamper resistant hardwares. Adversary can injects fake data into the network with the help of that captured node. And also from the captured node he identifies its ID and key first of all. Then he/she can easily generate the duplicate copies of the captured node. Several detection schemes are available only for fixed sensor networks. But here we proposed a detection scheme called as Speed time Probability ratio test. And we also proposed the isolative method to remove the detected duplicate node from the network. We show analytically and simulation experiments that our schemes will achieve effective and efficient detection and isolation of duplicate node attacks in the wireless sensor networks. In this paper we mainly focused on the mobile sensor networks for sake of convenience. Keywords Adversary, Random way point mobility, Random- trip mobility, Communication overhead, Network disruptions, Simulation, Location claims.
I.

INTRODUCTION

Mobile nodes, essentially small robots with sensing, wireless communications, & movement capabilities, are useful for tasks such as static sensor deployment, adaptive sampling, network repair, and event detection [4]. These advanced sensor network architectures could be used for a variety of applications including intruder detection, border monitoring, and military patrols. In potentially hostile environments, the security of un-attended mobile nodes is extremely critical. The attacker may be able to capture and compromise mobile nodes, and then use them to inject fake data, disrupt network operations,& eavesdrop on network communications. In which the adversary can capture node generate the duplicate copy of original one & attacks can be made. 278

Thus this types of attacks must be a dangerous and compromise over the network. This leads to the network disruptions over the network. Using that captured node the adversary takes the secret keying materials from a compromised node, gen- erates a large number of attacker-controlled replicas that share the compromised nodes keying materials and ID, and then spreads these replicas throughout the network. With a single captured node, an adversary can create as many replica nodes as he/she has the hardware to generate. The replica nodes are controlled by the adversary, but have keying materials that allow them to seem like authorized participants in the network. Protocols for secure sensor network communication would allow replica nodes to create pairwise shared keys with other nodes and the base station, thereby enabling the nodes to encrypt, decrypt, and authenticate all of their communications as if they were the original captured node. A more aggressive attacker could undermine common network protocols, including cluster formation, localization, and data aggregation, thereby causing continual disruption to network operations. Through these methods, an adversary with a large number of replica nodes can easily defeat the mission of the deployed network. A straightforward solution to stop replica node attacks is to prevent the adversary from extracting secret key materials from mobile nodes by equipping them with tamper-resistant hardware. We might expect such measures to be implemented in mobile nodes with security-critical missions. However, although tamper-resistant hardware can make it significantly harder and more time-consuming to extract keying materials from captured nodes, it may still be possible to bypass tamper resistance for a small number of nodes given enough time and attacker expertise.

International Journal of Emerging Technology and Advanced Engineering

Website: www.ijetae.com (ISSN 2250-2459, Volume 2, Issue 1, January 2012) The adversary can generate many replicas from a single captured node, this means that replica attacks are even more dangerous when compared with the possibility of compromising many nodes. We thus believe that it is very important to develop software-based countermeasures to defend mobile sensor networks against replica node attacks. Several software-based replica node detection schemes have been proposed for static sensor networks [3], [11], [17]. The primary method used by these schemes is to have nodes report location claims that identify their positions and for other nodes to attempt to detect conflicting reports that signal one node in multiple locations. However, since this approach requires fixed node locations, it cannot be used when nodes are expected to move. Thus, our challenge is to design an effective, fast, and robust replica detection scheme specifically for mobile sensor networks. In this paper, we proposed a novel mobile replica detection scheme based on the Speed Time Probability Ratio Test (STPRT) [15] and Isolation method. In this isolation method is mainly used for remove the detected replica nodes from the network and it can attained by using symmetric encryption key algorithm techniques. We use the fact that an uncompromised mobile node should never move at speeds in excess of the system-configured maximum speed. As a result, a benign mobile sensor nodes measured speed will nearly always be less than the system-configured maximum speed as long as we employ a speed measurement system with a low error rate. On the other hand, replica nodes are in two or more places at the same time. This makes it appear as if the replicated node is moving much faster than any of the benign nodes, and thus the replica nodes measured speeds will often be over the systemconfigured maximum speed. Accordingly, if we observe that a mobile nodes measured speed is over the system-configured maximum speed, it is then highly likely that at least two nodes with the same identity are present in the network. However, if the system decides that a node has been replicated based on a single observation of a node moving faster than it should, we might get many false positives because of errors in speed measurement. Raising the speed threshold or other simple ways of compensating can lead to high false negative rates.To minimize these false positives& false negatives, we apply the STPRT, a hypothesis testing method that can make decisions quickly & accurately. 279 We perform the STPRT on every mobile node using a null hypothesis that the mobile node has not been replicated and an alternate hypothesis that it has been replicated. In using the STPRT, the occurrence of a speed that is less than or exceeds the systemconfigured maximum speed will lead to acceptance of the null or alternate hypotheses, respectively. Once the alternate hypothesis is accepted, the replica nodes will be revoked from the network. We validate the effectiveness, efficiency, and robustness of our scheme through analysis and simulation experiments. Specifically, we find that the main attack against the STPRT- based scheme is when replica nodes fail to provide signed location and time information for speed measurement. To overcome this attack, we employ a quarantine defense technique to block the noncompliant nodes. We then study this techniques in two ways. First, we show through quarantine analysis that the amount of time, during a given time slot, that the replicas can impact the network is very limited. Second, we provide a detailed game-theoretic and analysis that shows the limits of any attacker strategy over any number of time slots. Specifically, we formulate a two- player game to model the interaction between the attacker and the defender, derive the optimal attack and defense strategies, and show that the attackers gain is greatly limited when the attacker and the defender follow their respective optimal strategies. We provide analyses of the number of speed measurements needed to make replica detection decisions, which we show is quite low, and the amount of overhead incurred by running the protocol. We also evaluate the performance of our scheme via simulation study using ns-2 simulator. In particular, we consider two types of replicas for performance evaluation: mobile and static. In case of mobile replicas, we investigate how replica mobility affects the detection capability of our scheme. In case of static (immobile) replicas, the attacker keeps his replica nodes close together and immobile to lessen the chance of speed-based detection. An exploration of the static replica case is useful since this case represents the worst case for detection, and thus we can see how our scheme works in the worst case. The simulation results of both cases show that this scheme very quickly detects mobile replicas with low false positive and negative rates.

International Journal of Emerging Technology and Advanced Engineering

Website: www.ijetae.com (ISSN 2250-2459, Volume 2, Issue 1, January 2012) II. PRELIMINARIES In this section, we first state the problem and the network assumptions for our proposed scheme and then describe the attacker models we use to evaluate our approach. 1) Problem Statement: In this work, we tackle the problem of mobile replica node attacks. We define a mobile replica node u as a node having the same ID and secret keying materials as a mobile node u . An attacker can creates replica node u as follows: He/she first compromises node u and extracts all secret keying materials from it. Then he /she prepares a new node u, sets the ID of u the same as u, and loads us secret keying materials into u. 2) Network Models: We consider a two-dimensional mobile sensor network where sensor nodes freely roam throughout the network. We assume that every mobile sensor nodes movement is physically limited by the system-configured maximum speed, Vmax. We also assume that all direct communication links between sensor nodes are bidirectional. This communication model is common in the current generation of sensor networks. We assume that every mobile sensor node is capable of obtaining its location information and also verifying the locations of its neighboring nodes. This can be implemented by employing secure localization methods [2], [7]. We assume that the clocks of all nodes are loosely synchronized. This can be achieved with the help of secure time synchronization protocols [12], [13]. We also assume that the nodes in the mobile sensor network communicate with a base station. The base station may be static or mobile, although we focus on a static base station for our simulations, as long as the nodes have a way to communicate reliably to the base station on a regular basis. 3) Attacker Models: We assume that an adversary may compromise and fully control a subset of the sensor nodes, enabling him to mount various kinds of attacks. For instance, he can inject false data packets into the network and disrupt local control protocols such as localization, time synchronization, and route discovery process. Furthermore, he/she can launch denial-of-service attacks by jamming the signals from benign nodes. However, we place some limits on the ability of the adversary to compromise nodes. We note that if the adversary can compromise a major fraction nodes of the network, he/she will not need nor benefit much from the deployment of replicas. To amplify his effectiveness, the adversary can also launch a replica node attack, which is the subject of our investigation. We assume that the adversary can produce many replica nodes and that they will be accepted as a legitimate part of the network. We also assume that the attacker attempts to employ as many replicas of one or more compromised sensor nodes in the network as will be effective for his attacks. The attacker can allow his replica nodes to randomly move or he could move his replica nodes in different patterns in an attempt to frustrate our proposed scheme. 4) Design Goals: In the above system and attacker models, we have three key design goals for replica detection. First, replica nodes should be detected with reasonable communication, computational, and storage overheads. Second, the detection schemes should be robust and highly resilient against attackers attempt to break the scheme. More specifically, the scheme should detect replicas unless the attacker compromises a substantial number of nodes. Finally, replica detection should be performed at the cost of minimal false positives and negatives. III. MOBILE NODE REPLICA DETECTION AND ISOLATION This section gives the details of our techniques to detect replica attacks in mobile sensor attacks. In fixed sensor networks, a sensor node is regarded as being replicated if it is placed in more than one location. If nodes are moving around in network, however, this technique does not work, because a benign mobile node would be treated as a replica due to its continuous change in location. Hence, we must use some other technique to detect replica nodes in mobile sensor networks. Fortunately, mobility provides us with a clue to help resolve the mobile replica detection problem. Specifically, a benign mobile sensor node should never move faster than the system configured maximum speed, Vmax . As a result, a benign mobile sensor nodes measured speed will appear to be at most Vmax as long as we employ a speed measurement. The system with a low rate of error. On the other hand, replica nodes will appear to move much faster than benign nodes and thus their measured speeds will likely be over Vmax because they need to be at two (or more) different places at once. Accordingly, if the mobile nodes measured speed exceeds Vmax , it is then highly likely that at least two nodes with the same identity are present in the network. 280

International Journal of Emerging Technology and Advanced Engineering

Website: www.ijetae.com (ISSN 2250-2459, Volume 2, Issue 1, January 2012) We propose a mobile replica detection scheme by leveraging this intuition. Our scheme is based on the Speed Time Probability Ratio Test [15] which is a statistical decision process. The STPRT can be thought of as one- dimensional random walk with the lower and upper limits [8]. Before the random walk starts, null and alternate hypotheses are defined in such a way that the null hypothesis is associated with the lower limit while the alternate one is associated with the upper limit. A random walk starts from a point between two limits and moves toward the lower or upper limit in accordance with each observation. If the walk reaches (or exceeds) the lower or upper limit, it terminates and the null or alternate hypothesis is selected, respectively. We believe that the STPRT is well suited for tackling the mobile replica detection problem since we can construct a random walk with two limits in such a way that each walk is determined by the observed speed of a mobile node. The lower and upper limits can be configured to be associated with speeds less than and in excess of Vmax, respectively. We apply the STPRT to the mobile replica detection problem as follows: Each time a mobile sensor node moves to a new location, each of its neighbors asks for a signed claim containing its location and time information and decides probabilistically whether to forward the received claim to the base station. The base station computes the speed from every two consecutive claims of a mobile node and performs the STPRT by considering speed as an observed sample. Each time the mobile nodes speed exceeds (respectively, remains below) Vmax , it will expedite the random walk to hit or cross the upper (respectively, lower) limit and thus lead to the base station accepting the alternate (respectively, null) hypothesis that the mobile node has been (respectively, not been) replicated. Once the base station decides that a mobile node has been replicated, it revokes the replica nodes from the network. Let us first describe the detection scheme and then analyze its security and performance. Vmax N || System configured maximum speed of mobile sensor nodes Total number of sensor nodes Concatenation symbol Protocol Descriptions We will use an identity-based public key scheme. It has been demonstrated that public key operations can be efficiently implemented in static sensor devices [9], [16]. Moreover, most replica detection schemes in static sensor networks [3], [11] employ identity-based public key signatures. Mobile sensor devices are generally more powerful than static ones in terms of battery power, due to the fact that the mobile sensor node consumes a lot of energy to move. Additionally, the energy consumption due to movement is known to be substantially larger than that for public key operations. For example, the power consumption for the movement of a mobile sensor device has been measured at 720 mW [4]. The energy consumption for computing and verifying a public key signature have been measured at between 2.9 and 48 mW and between 3.5 and 58.5 mW, respectively, in accordance with existing sensor hardware platforms [9]. Thus, we believe that a public key signature scheme can be practical for mobile sensor networks. Our proposed protocol proceeds in three phases. 1) Claim Generation and Forwarding: Every time a mobile sensor node u moves to a new location, it first discovers its location Lu and then discovers a set of neighboring nodes N(u). Every neighboring node asks for an authenticated location claim from node u by sending its current time T to node u .Here we estimated the time as well as the speed of each node. Using our proposed system we make the probability ratio test, in this test we focused on the speed vs time calculation of the node and location etc.
A)

2) Detection and Revocation: After receiving a location claim, the base station verifies the authenticity of the claim with the public key of node u and discards the claim if it is not authentic. If two nodes are moving with same speed means we can say that, there is a duplicate node found. Also we can tell that, any node moving with exceeds the system configured speed means that node must be a duplicate node. 3) Isolation of the Detected Node: We are used the symmetric encryption key algorithms like Advanced encryption system. In this we set the symmetric keys for all the nodes in the network and all the nodes having its own ID, here the ID must be encrypted. This algorithm never allow the injected node to capture ID of original node. Thus we can said this proposed system must be secure than the existing one. 281

TABLE 1 NOTATIONS USED FREQUENTLY IN THIS PAPER

International Journal of Emerging Technology and Advanced Engineering

Website: www.ijetae.com (ISSN 2250-2459, Volume 2, Issue 1, January 2012) Algorithm 1 Speed Time Probability Ratio Test for duplicate detection B) Security Analysis In this section, we will first describe the detection accuracy of our proposed scheme and then the limitations of replica node attacks and its isolation. For detection accuracy we obtained 93% of detected nodes and its isolation also. We used the symmetric key encryption algorithm like AES algorithm for isolation of duplicate nodes. Here in the network each and every nodes are having a separate ID and Key. Each alternative times, the Base station node (Admin) checks location for each and every nodes in the network. Suppose for example A is an original node and A is a duplicate node in the network. A node is follows the movement of A node and running with same speed of it. Here the isolation of node indicates that, the Base station always asks location claims for each node in the network. So the base station ask the location number of A node. This duplicate node dont know his exact location number and details. So the base station node can easily identify the duplicate node easily remove from the network. And also each nodes information must be encrypted by using a symmetric key algorithm like AES( Advanced Encryption Standard) algorithm. Here the same key must be used for both encryption and decryption. In this paper , this algorithm must be suite for the nodes in the network. Here the network nodes having separate ID. This ID must be encrypted and the base station node, attacker is controlling the all nodes in the network. So once the duplicate node enter into the network and try to hack the ID and information from any node means, it is not possible easily, because the network node must be controlled by base station and its ID must be encrypted. So the duplicate node cannot access the data from the node. Thus we can give the good security in the network nodes, enable the smoothing network communications. We proved mathematically and conducted simulation experiments which gives the complete proposed scheme in the right way. IV. SIMULATION RESULTS We use the following metrics to evaluate the performance of our scheme: Number of Claims is the number of claims required for the base station to decide whether a node has been replicated or not. False Positive is the error probability that a benign node is misidentified as replica node.

INITIALIZATION: n = 0 , wn = 0 INPUT : location information L and Time information T OUTPUT : accept the hypothesis H0 or H1 Cur_loc = L Cur_ time = T If n>0 then Compute T0 (n) and T1(n) Compute speed 0 from cur_loc and prev_loc, cur_time And prev_time If 0>Vmax then wn = wn + 1 end if if wn > =T1(n) then accept the hypothesis H1 and terminate the test end if if wn<=T0(n) then initialize n and wn to 0 and accept the hypothesis H0 return: end if end if n = n+1 prev_loc = cur_ loc prev_ time = cur_time 282

International Journal of Emerging Technology and Advanced Engineering

Website: www.ijetae.com (ISSN 2250-2459, Volume 2, Issue 1, January 2012) False Negative is the error probability that a replica node is misidentified as benign node.
10
8

In this section, we will describe the simulation environment and then discuss the simulation results. For each execution, we obtain each metric as the average of the results of STPRTs that are repeated. Note that STPRT will be terminated if it decides that the claim generator has been replicated. The average of the results of 1000 executions is presented. In the experiment, the average number of requests b was measured from 13 to 25 in accordance with Vmax . Finally shows the probability distribution of the number of claims in the case of replica_true_negative. For this distribution, we consider two cases of low and high mobility rates V max . A total of 70% and 75.7% of the cases fall in the range from 3 to 6 claims in the case of low and high mobility rates, respectively. This implies that in most cases, the number of claims is less than the average and thus STPRT detects duplicates in fewer than six claims in most cases.

6 4 2 0 10 20 30 40 50

replica _true_negat ive

benign_true _positive

Vmax (m/s)
FIGURE 2 AVERAGE NUMBER OF CLAIMS VS VMAX , WHEN V MAX = 40 M/S

10 9 8 7 6 5 4 3 2 1 0 10 20 30 40 50 replica_true_ negative benign_true _positive

When we analyze the above figures we can easily identified the results. First, there were no false positive or false negatives at all mobility rates. This implies that the replica was always detected with probability 1 and benign node was never misidentified as a replica at any mobility rate. From this observation, we see that STPRT works well against our random attacker model. Second, the results of the average number of claims are shown in Figure 2. We present the results of two cases. One is that the claim generator is a benign node and the STPRT by benign_true_positive in Figure 3. The other one is that the claim generators are compromised node and its replica node, and STPRT decides that these nodes are a compromised node and its replica. We denote this case by replica_true_negative.
100% 80% 60% replica_true _neagtive benign_true _positive

40%
20% 0% 10 20 30 40 50

Vmax (m/s)
FIGURE 1. AVERAGE NUMBER OF CLAIMS VS VMAX , WHEN V MAX = 20 M/S

Vmax (m/s)
FIGURE 3 AVERAGE NUMBER OF CLAIMS VS VMAX , WHEN V MAX = 60 M/S

283

International Journal of Emerging Technology and Advanced Engineering

Website: www.ijetae.com (ISSN 2250-2459, Volume 2, Issue 1, January 2012) We simulated the proposed scheme by using ns-2 network simulator. In our simulation, 300 mobile sensor nodes are placed within a square area of 300 m * 300 m. We use the Random Waypoint Mobility (RWM) model to determine the movements of mobile sensor nodes. In the RWM model, each node moves to a randomly chosen location with a randomly selected speed between a predefined minimum and maximum speed. After reaching that location, it stays there for a predefined pause time. It randomly choose another location after that pause time and moves to that location. This Random movement process is repeated during a simulation time. V. CONCLUSIONS We have proposed a replica detection and isolation scheme for mobile sensor networks based on the STPRT. We have analytically demonstrated the limitations of attacker strategies to evade our detection technique. In particular, we first showed the limitations of a group attack strategy in which the attacker controls the movements of a group of replicas. We presented quantitative analysis of the limit on the amount of time for which a group of replicas can avoid detection and quarantine. We also modeled the interaction between the detector and the adversary as a repeated game and found a Nash equilibrium. This Nash equilibrium shows that even the attackers optimal gains are still greatly limited by the combination of detection and quarantine. We performed simulations of the scheme under a random movement attack strategy in which the attacker lets replicas randomly move in the network and under a static placement attack strategy in which he keeps his replicas from moving to best evade detection. The results of these simulations show that our scheme quickly detects mobile replicas with a small number of location claims against either strategy.
[3] M. Conti, R.D. Pietro, L.V. Mancini, and A. Mei, A Randomized, Efficient, and Distributed Protocol for the Detection of Node Replication Attacks in Wireless Sensor Networks, Proc. ACM MobiHoc, pp. 80-89, Sept. 2007. K. Dantu, M. Rahimi, H. Shah, S. Babel, A. Dhariwal, and G.S.Sukhatme, Robomote: Enabling Mobility in Sensor Networks,Proc. Fourth IEEE Intl Symp. Information Processing in SensorNetworks (IPSN), pp. 404-409, Apr. 2005. J. Ho, M. Wright, and S.K. Das, Fast Detection of Replica Node Attacks in Mobile Sensor Networks Using Sequential Analysis, Proc. IEEE INFOCOM, pp. 1773-1781, Apr. 2009.

[4]

[5]

[6] J. Ho, D. Liu, M. Wright, and S.K. Das, Distributed Detection ofReplicas with Deployment Knowledge in Wireless Sensor Net- works, Ad Hoc Networks, vol. 7, no. 8, pp. 1476-1488, Nov. 2009. [7] L. Hu and D. Evans, Localization for Mobile Sensor Networks,Proc. ACM MobiCom, pp. 45-57, Sept. 2004. [8] J. Jung, V. Paxon, A.W. Berger, and H. Balakrishnan, Fast Portscan Detection Using Sequential Hypothesis Testing, Proc. IEEE Symp. Security and Privacy, pp. 211-225, May 2004.

[9] A. Liu and P. Ning, TinyECC: A Configurable Library for EllipticCurve Cryptography in Wireless Sensor Networks, Proc. Seventh IEEE Intl Symp. Information Processing in Sensor Networks (IPSN), pp. 245-256, Apr. 2008. [10] S. PalChaudhuri, J.-Y.L. Boudec, and M. Vojnovi c, Perfect Simulations for Random Trip Mobility Models, Proc. 38th Ann. Simulation Symp., Apr. 2005. [11] B. Parno, A. Perrig, and V.D. Gligor, Distributed Detection of Node Replication Attacks in Sensor Networks, Proc. IEEE Symp. Security and Privacy, pp. 49-63, May 2005. H. Song, S. Zhu, and G. Cao, Attack-Resilient Time Synchroniza- tion for Wireless Sensor Networks, Ad Hoc Networks, vol. 5, no. 1, pp. 112-125, Jan. 2007.

[12]

[13] K. Sun, P. Ning, C. Wang, A. Liu, and Y. Zhou TinySeRSync:Secure and Resilient Time Synchronization in Wireless Sensor Networks, Proc. 13th ACM Conf. Computer and Comm. Security (CCS), pp. 264-271, Oct. 2006. [14] G. Theodorakopoulos and J.S. Baras, Game Theoretic Modeling of Malicious Users in Collaborative Networks, IEEE J. Selected Areas in Comm., vol. 26, no. 7, pp. 1317-1326, Sept. 2008.

REFERENCES
1] J.-Y.L. Boudec and M. Vojnovi c,Perfect Simulation and Stationary of a Class of Mobility Models, Proc. IEEE INFOCOM, pp. 2743-2754, Mar. 2005. [2] S. C apkun and J.P. Hubaux, Secure Positioning in Wireless Networks, IEEE J. Selected Areas in Comm., vol. 24, no. 2, pp. 221-232,Feb. 2006.

[15] A. Wald, Sequential Analysis. Dover, 2004. [16] H. Wang, B. Sheng, C.C. Tan, and Q. Li, Comparing Symmetric- Key and Public-Key Based Security Schemes in Sensor Networks: A Case Study of User Access Control, Proc. IEEE Intl Conf. Distributed Computing Systems (ICDCS), pp. 11-18, June 2008.

284

International Journal of Emerging Technology and Advanced Engineering

Website: www.ijetae.com (ISSN 2250-2459, Volume 2, Issue 1, January 2012)
[17] K. Xing, F. Liu, X. Cheng, and H.C. Du, Real-Time Detection of Clone Attacks in Wireless Sensor Networks, Proc. IEEE Intl Conf. Distributed Computing Systems (ICDCS), pp. 3-10, June 2008. [18] C.-M. Yu, C.-S. Lu, and S.-Y. Kuo, Efficient and Distributed Detection of Node Replication Attacks in Mobile Sensor Net- works, Proc. IEEE Vehicular Technology Conf. Fall (VTC Fall), Sept.2008.

285