1 / 26

Detecting Malicious Beacon Nodes for Secure Location Discovery in Wireless Sensor Networks

Detecting Malicious Beacon Nodes for Secure Location Discovery in Wireless Sensor Networks. Donggang Liu (NCSU) Peng Ning (NCSU) Wenliang Du (Syracuse University) ICDCS 2005 Presented by Liang Zhang Oct 31, 2005. Outline. Problem Definition A Detector for Malicious Beacon Nodes

yama
Download Presentation

Detecting Malicious Beacon Nodes for Secure Location Discovery in Wireless Sensor Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Detecting Malicious Beacon Nodes for Secure Location Discovery in Wireless Sensor Networks Donggang Liu (NCSU) Peng Ning (NCSU) Wenliang Du (Syracuse University) ICDCS 2005 Presented by Liang Zhang Oct 31, 2005

  2. Outline • Problem Definition • A Detector for Malicious Beacon Nodes • Revoking Malicious Beacon Nodes • Simulation Evaluation • Discussion

  3. Location Discovery • Location Discovery in Wireless Sensor Networks • Applications: environment monitoring and target tracking • Fundamental techniques: routing protocol • Naive Methods • GPS • Manual Configuration • Beacon Nodes • Special nodes which are assumed to know their own locations

  4. Location Discovery Protocols based on Beacon Nodes • Non-beacon node <- (beacon packet) <- beacon node. • The non-beacon nodes estimate certain measurements (e.g., distance) based on features of the beacon signals. • Received Signal Strength Indicator (RSSI) • Time of Arrival (ToA) • Time Difference of Arrival (TDoA) • Angle of Arrival (AoA). • A sensor node determines its own location after getting enough number of location references from different beacon nodes.

  5. Masquerade beacon node

  6. Compromised beacon node

  7. Replay attack

  8. Problems to be Solved in Paper • Detecting Malicious Beacon Nodes • Revoking Malicious Beacon Nodes

  9. Problem Definition • A Detector for Malicious Beacon Nodes • Revoking Malicious Beacon Nodes • Simulation Evaluation • Discussion

  10. Detecting Malicious Beacon Signals

  11. Malicious Beacon Signals v.s. Malicious Beacon Nodes • Question • Malicious signal -> Malicious beacon node? • Replay Attack • Wormhole attack • Locally replayed beacon signal

  12. Replayed Beacon Signals from Wormholes • Assume a wormhole detector is installed on every node. • The detecting node finds a malicious beacon signal • Wormhole attack • Calculated dist > radio comm range of target node

  13. Locally Replayed Beacon Singals • Goal: to detect locally replayed beacon signals • Observation: local replay introduces extra delay • Approach: to find the characteristics of RTT between 2 neighbor sensor nodes?

  14. Round Trip Time • RTT = (t2– t1) + (t4– t3) = (t4 - t1) – (t3 - t2) = d1 + d2 + d3 + d4 + 2D/c

  15. RTT • d1, d2, d3 and d4 are mainly determined by hardware • 2D/c can be negligible • RTT should be within a narrow range

  16. Measured Range of RTT • RTTmin = 1951 • RTTmax = 7506

  17. Detector for locally replayed beacon signals • Node u communicate with a beacon node v • Node u compute RTT • If RTT <= RTTmax, no locally replay • Malicious signal -> malicious node • If RTT > RTTmax, local replay occurs, signal is ignored.

  18. Problem Definition • A Detector for Malicious Beacon Nodes • Revoking Malicious Beacon Nodes • Simulation Evaluation • Discussion

  19. Revoking Malicious Beacon Nodes • All alerts from detecting nodes are sent to the base station. • An alert includes IDdetecting and Idtarget • Each beacon nodes is associated with 2 counters: alert & report • Q: why is report counter necessary?

  20. Algorithm • When base station receive an alert(IDdetecting ,IDtarget ) • If (report_counter[IDdetecting]<=τ’) && (node IDtarget is not revoked) • report_counter [IDdetecting]++; • alert_counter[IDtarget]++; • If alert_counter[IDtarget]> τ • Revoke node IDtarget • Note: an alert from a revoked detecting node will still be considered by the base station.

  21. Simulation Evaluation • 1,000 sensor nodes (N=1000) • Randomly deployed in 1000*1000 square feet • 100 beacon nodes in which 10 are compromised • Each detecting node has m=8 detecting IDs • Detection rate of the wormhole detector is pd=0.9 • A wormhole is between (100,200) and (800,700)

  22. Detection Rate v.s. P • P– prob of a requesting non-beacon node receives a non-replayed malicious beacon signal from a malicious beacon node

  23. Average number of infected node per malicious beacon node

  24. Detection Rate v.s. False Positive rate • P is chosen to maximize N’ • Achieve different false positive rate by using different value of τ . • Na - # of malicious beacon nodes

  25. Discussion • Multiple detecting ID • Detecting node need multiple set of keys • How many IDs can be used to communicate with a target node? • How to revoke a malicious beacon node? (Base station broadcasts revocation list? Every node keeps a list?) • Centralized revocation scheme (base station) v.s. distributed revocation scheme • Does each node have to know every revoked beacon node?

  26. Thank you!

More Related