detecting malicious beacon nodes for secure location discovery in wireless sensor networks

Detecting Malicious Beacon Nodes for Secure Location Discovery in Wireless Sensor Networks

Donggang Liu (NCSU)Peng Ning (NCSU)

Wenliang Du (Syracuse University)ICDCS 2005

Presented by Liang Zhang Oct 31, 2005

Outline Problem Definition A Detector for Malicious Beacon

Nodes Revoking Malicious Beacon Nodes Simulation Evaluation Discussion

Location Discovery Location Discovery in Wireless Sensor

Networks Applications: environment monitoring and

target tracking Fundamental techniques: routing protocol

Naive Methods GPS Manual Configuration

Beacon Nodes Special nodes which are assumed to know

their own locations

Location Discovery Protocols based on Beacon Nodes1. Non-beacon node <- (beacon packet) <-

beacon node.2. The non-beacon nodes estimate certain

measurements (e.g., distance) based on features of the beacon signals. Received Signal Strength Indicator (RSSI) Time of Arrival (ToA) Time Difference of Arrival (TDoA) Angle of Arrival (AoA).

3. A sensor node determines its own location after getting enough number of location references from different beacon nodes.

Masquerade beacon node

Compromised beacon node

Replay attack

Problems to be Solved in Paper Detecting Malicious Beacon Nodes Revoking Malicious Beacon Nodes

Problem Definition A Detector for Malicious Beacon


Detecting Malicious Beacon Signals

Malicious Beacon Signals v.s. Malicious Beacon Nodes Question

Malicious signal -> Malicious beacon node?

Replay Attack Wormhole attack Locally replayed beacon signal

Replayed Beacon Signals from Wormholes Assume a wormhole detector is

installed on every node. The detecting node finds a

malicious beacon signal Wormhole attack Calculated dist > radio comm range

of target node

Locally Replayed Beacon Singals Goal: to detect locally replayed

beacon signals Observation: local replay

introduces extra delay Approach: to find the

characteristics of RTT between 2 neighbor sensor nodes?

Round Trip Time

RTT = (t2 – t1) + (t4 – t3)

= (t4 - t1) – (t3 - t2)

= d1 + d2 + d3 + d4 + 2D/c

RTT d1, d2, d3 and d4 are mainly

determined by hardware 2D/c can be negligible RTT should be within a narrow

range

Measured Range of RTT

RTTmin = 1951 RTTmax = 7506

Detector for locally replayed beacon signals Node u communicate with a

beacon node v Node u compute RTT If RTT <= RTTmax, no locally replay

Malicious signal -> malicious node If RTT > RTTmax, local replay

occurs, signal is ignored.

Problem Definition A Detector for Malicious Beacon


Revoking Malicious Beacon Nodes All alerts from detecting nodes are

sent to the base station. An alert includes IDdetecting and Idtarget

Each beacon nodes is associated with 2 counters: alert & report

Q: why is report counter necessary?

Algorithm When base station receive an alert(IDdetecting ,

IDtarget ) If (report_counter[IDdetecting]<=τ’) && (node

IDtarget is not revoked) report_counter [IDdetecting]++; alert_counter[IDtarget]++;

If alert_counter[IDtarget]> τ Revoke node IDtarget

Note: an alert from a revoked detecting node will still be considered by the base station.

Simulation Evaluation 1,000 sensor nodes (N=1000) Randomly deployed in 1000*1000 square

feet 100 beacon nodes in which 10 are

compromised Each detecting node has m=8 detecting IDs Detection rate of the wormhole detector is

pd=0.9 A wormhole is between (100,200) and

(800,700)

Detection Rate v.s. P

P – prob of a requesting non-beacon node receives a non-replayed malicious beacon signal from a malicious beacon node

Average number of infected node per malicious beacon node

Detection Rate v.s. False Positive rate

P is chosen to maximize N’ Achieve different false positive rate by using

different value of τ . Na - # of malicious beacon nodes

Discussion Multiple detecting ID

Detecting node need multiple set of keys How many IDs can be used to communicate

with a target node? How to revoke a malicious beacon node?

(Base station broadcasts revocation list? Every node keeps a list?)

Centralized revocation scheme (base station) v.s. distributed revocation scheme

Does each node have to know every revoked beacon node?

Thank you!

detecting malicious beacon nodes for secure location discovery in wireless sensor networks

Documents