security concepts and sybil attack detection in …2013/04/25 · prevent sybil attack in wireless...

Web Site: www.ijettcs.org Email: [email protected], [email protected] Volume 2, Issue 2, March – April 2013 ISSN 2278-6856

Volume 2, Issue 2 March – April 2013 Page 383

Abstract: Due to broadcast nature of Wireless Sensor Networks (WSNs) and lack of tamper-resistant hardware, security in sensor networks is one of the major issues. Hence research is being done on many security attacks on wireless sensor networks. Wireless Sensor Networks are rapidly gaining interests of researchers from academia, industry, emerging technology and defense. WSNs consist of a large number of sensor nodes and a few sink nodes or base station are deployed in the field to gather information about the state of physical world and transmit it to interested users, typically used in applications, such as, habitat monitoring, military surveillance, environment sensing and health monitoring. Sensor nodes have limited resources in term of processing power, battery power, and data storage. When a node illegitimately claims multiple identities or claims fake id, is called Sybil attack. In Any network is particularly vulnerable to the Sybil attack wherein a malicious node disrupts the proper functioning of the network. Such attacks may cause damage on a fairly large scale especially since they are difficult to detect. This paper focuses on various security issues, security threats, Sybil attack and various methods to prevent Sybil attack. Keywords: AODV, Sybil attack, Wireless Sensor Networks, Security.

1. INTRODUCTION The evolution of wireless communication and circuit technology has enabled the development of an infrastructure consists of sensing, computation and communication units that makes administrator capable to observe and react to a phenomena in a particular environment. The building block of such an infrastructure which is comprised of hundreds or thousands of small, low cost, multifunctional sensing devices forms wireless sensor networks. Sensors are typically small, self-contained, battery-powered, low cost devices. A sensor is a device that measures a physical quantity, e.g. light, temperature, or pressure, and converts it into a signal which can be read by a human or by an instrument. The basic task of sensor networks is to sense the events, collect data and send it to their requested destination. Many of the features of these networks make them different from the traditional wired and wireless

distributed systems. Traditional wired or wireless networks have enough resources like unlimited power, memory, fixed network topologies, enough communication range and computational capabilities. These features make the traditional networks able to meet the communication demands. On the other hand, WSNs are resource constrained distributed systems with low energy, low bandwidth and short communication range. The basic features which make the constrained resource nature and unpredictable network structure pose numerous design and communication challenges for WSNs. The challenges in the hierarchy of detecting the relevant quantities, monitoring and collecting the data, assessing and evaluating the information, formulating meaningful user displays, and performing decision-making and alarm functions are enormous. A sensor network is designed to detect events or phenomena, collect and process data, and transmit sensed information to interested users. Basic features of sensor networks are:

1.1 Self-organizing capabilities. 1.2 Short-range broadcast communication and

multihop routing. 1.3 Dense deployment and cooperative effort of sensor

nodes. 1.4 Frequently changing topology due to fading and

node failures. 1.5 Limitations in energy transmit power, memory,

and computing power.

1.1 Network Architecture The sensor nodes are usually scattered in a sensor field as shown in Figure 1.1. Each of these scattered sensor nodes has the capabilities to collect data and route data back to the sink or base station and the end users. Data are routed back to the end user by a multi-hop infrastructureless architecture through the base station or sink as shown in Figure 1.2. The base station may communicate with the user node via Internet or Satellite.

Security Concepts and Sybil Attack Detection in Wireless Sensor Networks

Manjunatha T. N1, Sushma M. D2, Shivakumar K. M3

1M.Tech, IV Sem, Dept. of CSE,

Canara Engineering College, Mangalore,

2Asst. professor, Dept of CSE, Canara Engineering College, Mangalore,

3HOD & Professor, Dept of CSE,

Canara Engineering College, Mangalore,



Figure 1.1: Basic Architecture of Sensor Node

The Figure1.3 shows the system architecture of network in which the nodes are created configuration, base station are selected by the user or administrator by using the algorithm we will find out the Sybil node in the network.

Figure 1.2: Wireless Sensor Network architecture

Figure 1.3: System Architecture

1.2 Problem Statement Wireless sensor networks are becoming popular in the resent past due to the nature of functionality and application in critical areas of domain due to which secure information delivery in WSN is a major concern. Due to their deterministic nature the traditional multipath

routing methods are at high risk to Sybil attack as a result, once the routing algorithm becomes known to the hacker then it can compute the same routes known to the source making all data sent over these routes vulnerable. Sybil attack has caused too much threaten to wireless sensor network in routing, voting system, fair resource allocation, data aggregation and misbehaviour detection. Hence many methods are being proposed to detect and prevent Sybil attack in wireless sensor network.

2.EXISTING SYSTEM The position of nodes based on signal strength to find whether Sybil attack or not in wireless sensor networks. In the beginning initially all the nodes have the same power, computing capability and the positions of nodes are fixed. The network is safe when the nodes are initialized using the signal strength. A Sybil node impersonates other nodes by sending messages with multiple node identifiers (ID). The solution is robust since it detects all Sybil attack cases with full completeness and less than a few percent false positives [2]. Drawbacks

The nodes are time varying. Unreliable and radio transmission is non-

isotropic.

The Sybil attack is harmful attack in wireless sensor networks. In Sybil attack malicious node behaves as if it were a larger number of nodes, for example by impersonating other nodes or simply by claiming false identities. In some particular case, an attacker may generate an arbitrary number of additional node identities, using only one physical device [3]. A particularly harmful attack against wireless sensor and ad hoc networks is called as the Sybil attack, systematically analyses the threat posed by the Sybil attack to wireless sensor networks. The attack can be exceedingly detrimental to many important functions of the sensor network such as routing, resource allocation, misbehaviour detection, etc. Drawbacks

Most defences are not capable of defending against every type of Sybil attack. Additionally, each defence has different costs and relies on different assumptions.

Mobility is frequent problem for providing security services in ad hoc networks. Mobility can also be used for security. Especially the nodes which are in passively monitor traffic in the network can able to detect a Sybil attacker which uses a many network identities continuously. [4]. Drawbacks

A single entity posing multiple identities has an important constraint that can be detected easily as all identities are part of the same physical device, therefore they must move in


Volume 2, Issue 2 March – April 2013 85

unison.

Peer-to-peer and other decentralized, distributed systems are known to be particularly vulnerable to Sybil attacks. By controlling a large fraction of the nodes in the network, the malicious user is able to out vote the honest users in collaborative tasks such as Byzantine failure defences. The SybilGuard, a novel protocol for limiting the corruptive influences of Sybil attacks. The protocol is based on the social network among user identities, where an edge between two identities indicates a human-established trust relationship. Malicious users can create many identities but few trust relationships [5]. Drawbacks

A trusted central authority that issues and verifies credentials unique to an actual human being can control Sybil attacks easily.

The central authority may require a payment for each identity

The central authority can easily be a single point of failure

Bottleneck for performance

2.1 Radio Resource Testing [15]The node wants to verify that none of its neighbours are Sybil identities. The nodes can assign each of its neighbours a different channel to broadcast some message on. Then it chooses a channel randomly on which to listen [3]. Drawbacks

The radio resource verification defence may be breakable with custom radio hardware, and validation may be expensive in terms of energy

2.2 Registration [15] Another way to prevent the Sybil attack is to perform identity registration. To detect Sybil attacks, an entity could poll the network and compare the results to the known deployment. To prevent the Sybil attack, any node could check the list of known-good identities to validate another node as legitimate. Registration is likely to be a good initial defence in many scenarios, Drawbacks

The list of known identities must be protected from being maliciously modified.

If the attacker is able to add identities to this list, he will be able to add Sybil nodes to the network.

Node registration requires human work in order to securely add nodes to the network, and requires a way to securely maintain and query the current known topology information.

3. PROPOSED ALGORITHM [15] The proposed algorithm includes the following steps.

Start

Create a group of mobile nodes. One of the nodes is taken as base station. The base station sends HELLO packets to all

the other nodes for topology verification which are present in the sensor range.

The node which receives highest packets is chosen as the trust nodes.

The trust nodes now become the head nodes with a group of its own member nodes.

The member nodes send their ID and power value to the head nodes.

The head node checks for nodes with energy value below the threshold value.

If the energy value is lesser than the threshold value, those nodes are detected as Sybil nodes. End if

Stop The flow chart is given in Figure 3.1. In which the meaning of vi is member nodes, ui is head nodes. 3.1 Data Flow Diagrams Level 0

Level 1

4.ISSUES IN WIRELESS SENSOR NETWORK Managing a wide range of application types in WSN is hardly possible with single conception and design of the wireless network. However, certain attributes identified are related to the characteristics requirements of such systems. The realization of these characteristics is the major issues in WSN.

4.1 Hardware and operating system for WSN A sensor node is often abbreviated as a node. Sensors are



used to measure the changes to physical environment like pressure, humidity, sound the nodes used in sensor networks are small and have significant energy constraints. The hardware design issues of sensor nodes are quite different from other applications, vibration and changes to the health of person like blood pressure, stress and heartbeat.

Figure 3.1: Flow chart for algorithm

4.2 Wireless radio communication characteristics Performance of wireless sensor networks depends on the quality of wireless communication. But wireless communication in sensor networks is known for its unpredictable nature. By using the wireless medium it will sense the targeted area and reply back to the sinknode.

4.3 Medium access schemes Communication is a major source of energy consumption in WSNs and MAC protocols directly control the radio of the nodes in the network. MAC protocols should be designed for regulating energy consumption, which in turn influences the lifetime of the network.

4.4 Deployment Deployment means setting up an operational sensor network in a real world environment. Deployment of sensor network is a labor intensive and cumbersome activity as we do not have influence over the quality of wireless communication and also the real world puts strains on sensor nodes by interfering during communications. Sensor nodes can be deployed either by placing one after another in a sensor field or by dropping it from a plane. In mobile wireless sensor network the node will be moving so we have to consider the range of

the network.

4.5 Localization Sensor localization is a fundamental and crucial issue for network management and operation. In many of the real world scenarios, the sensors are deployed without knowing their positions in advance and also there is no supporting infrastructure available to locate and manage them once they are deployed. Determining the physical location of the sensors after they have been deployed is known as the problem of localization.

4.6 Synchronization Clock synchronization is an important service in sensor networks. Time Synchronization in a sensor network aims to provide a common timescale for local clocks of nodes in the network. A global clock in a sensor system will help process and analyze the data correctly and predict future system behavior. Some applications that require global clock synchronization are environment monitoring, navigation guidance, vehicle tracking etc. A clock synchronization service for a sensor network has to meet challenges that are substantially different from infrastructure based networks.

4.7 Calibration Calibration is the process of adjusting the raw sensor readings obtained from the sensors into corrected values by comparing it with some standard values. Manual calibration of sensors in a sensor network is a time consuming and difficult task due to failure of sensor nodes and random noise which makes manual calibration of sensors too expensive.

4.8 Data aggregation and data dissemination Data gathering is the main objective of sensor nodes. The sensors periodically sense the data from the surrounding environment, process it and transmit it to the base station or sink. The frequency of reporting the data and the number of sensors which report the data depends on the particular application. Data gathering involves systematically collecting the sensed data from multiple sensors and transmitting the data to the base station for further processing. But the data generated from sensors is often redundant and also the amount of data generated may be very huge for the base station to process it. Hence we need a method for combining the sensed data into high quality information and this is accomplished through Data Aggregation. Data Aggregation is defined as the process of aggregating the data from multiple sensors to eliminate redundant transmission and estimating the desired answer about the sensed environment, then providing fused information to the base station. Data dissemination is a process by which data and the queries for the data are routed in the sensor network. Data dissemination is a two step process. In the first step, if a node is interested in some events, like temperature or humidity, then it broadcasts its interests to its neighbors



periodically and then through the whole sensor network. In the second step, the nodes that have the requested data will send the data back to the source node after receiving the request. . The main difference between data aggregation and data dissemination is, in data dissemination all the nodes including the base station can request for the data while in data aggregation all al the aggregated data is periodically transmitted to the base station. In addition, data aggregation data can be transmitted periodically, while in data dissemination data is always transmitted on demand. Flooding is one important protocol which includes data dissemination approach.

4.9 Database centric and querying Wireless sensor networks have the potential to span and monitor a large geographical area producing massive amount of data. So sensor networks should be able to accept the queries for data and respond with the results.

4.10 Middleware A middleware for wireless sensor network should facilitate development, maintenance, deployment and execution of sensing-based applications. WSN middleware can be considered as a software infrastructure that glues together the network hardware, operating systems, network stacks and applications.

4.11 Quality of service Quality of service is the level of service provided by the sensor networks to its users. The Quality of Service (QoS) for sensor networks as the optimum number of sensors sending information towards information-collecting sinks or a base station. Since sensor networks are getting implemented in more and more number of applications which includes mission critical applications such as military applications and nuclear plant monitoring applications; QoS is being given considerable review as the events occurring in these situations are of utmost importance. The QoS routing algorithms for wired networks cannot be directly applied to wireless sensor networks due to the following reasons:

The performance of the most wired routing algorithms relies on the availability of the precise state information while the dynamic nature of sensor networks make availability of precise state information next to impossible.

Nodes in the sensor network may join, leave and rejoin and links may be broken at any time. Hence maintaining and re-establishing the paths dynamically which is a problem in WSN is not a big issue in wired networks.

4.12 Security Security in sensor networks is as much an important factor as performance and low energy consumption in many applications. Security in a sensor network is very challenging as WSN is not only being deployed in battlefield applications but also for surveillance, building

monitoring, burglar alarms and in critical systems such as airports and hospitals. The sensor nodes are present outside the building so it must protect from the physical changes such as raining, temperature etc. Since sensor networks are still a developing technology, researchers and developers agree that their efforts should be concentrated in developing and integrating security from the initial phases of sensor applications development; by doing so, they hope to provide a stronger and complete protection against illegal activities and maintain stability of the systems at the same time.

5. TYPES OF ATTACKS

5.1 Sybil attack taxonomy We define the Sybil attack as a malicious device illegitimately taking on multiple identities. We refer to a malicious device’s additional identities as Sybil nodes. This node will affect to the network by modifying network resource and collapse the network. The node replicates itself to make many copies to confuse and collapse the network. The system can attack internally or externally. External attacks can be prevented by authentication but not the internal attacks. There should be one to one mapping between identity and entity in WSN. But this attack violates this one-to-one mapping by creating multiple identities. In Figure 5.1 1, 2, 3, 4 is the Sybil nodes. When these nodes want to communicate to their neighbouring nodes they use any one of the identities. When packets transfer at the time these multiple identities will respond as a result it will confuse and collapse the network

Figure 5.1 Sybil attack

5.2 Types of security attack There are two types of security attack are present active attack and passive attack. Active attack in which the attacker cause modification of data. There is physical damage in the network like modification of resources, alteration of data, changing traffic direction or stoppage of data to sink nodes. These attacks are easily identifiable and we can stop the attackers as well as start the system recovery process. There are four categories of active attacks are present masquerade, replay, modification of messages, and denial of service. A masquerade takes place when one entity pretends to be



a different entity. A masquerade attack usually includes one of the other forms of active attack. For example in Figure 5.2 bob and Alice are communicating if masquerade is present then message from darth that appers to be from bob. Replay involves the passive capture of a data unit and its subsequent retransmission to produce an unauthorized effect. For example in Figure 5.3 bob and alice are communicating if reply attack has occurred means at the time darth capture message from bob to alice and later reply message to alice.

Figure 5.2 Masquerade

Figure 5.3 Reply

The messages means that some portion of a message is altered or those messages are delayed or reordered, to produce an unidentified effect. For example the message meaning “please transfer the amount of RS.5000 to manjunath account.” Is modified to mean “please transfer the amount of RS.50000 to santhosh account.” It is shown in Figure 5.4.

Figure 5.4 Modification

The denial of service will consume resource of network for unwanted operation. The denial of service prevents or inhibits the normal use or management of communications facilities. This attack may have a specific target, as a result the entire network either by

disabling the network or by overloading it with messages so as to degrade performance. It is shown in Figure 5.5.

Figure 5.5 Denial of service

Passive attacks are in the nature of eavesdropping on, or monitoring of, transmissions. The goal of this is to obtain information that is being transmitted. Two types of passive attacks are the release of message contents and traffic analysis. The release of message contents is easily understood in Figure 5.6. A telephone conversation, an electronic mail message, and a transferred file may contain sensitive or confidential information between bob and Alice. The darth will read the contents of message from bob to Alice he will not do nothing to message. The bob and Alice don’t know this type attack happened in the network.

Figure 5.6 Release of message contents

In traffic analysis the darth will observe pattern of message from Alice to bob. Figure5.7 shows the attack.

Figure 5.7 Traffic analysis



The different types of attack is given in Figure 5.8

Figure 5.8 Different types of security attack

In order to detect the Sybil attack as a malicious device illegitimately taking on multiple identities it is necessary to understand the different forms in which the network is attacked. To better understand the implications of the Sybil attack and how to defend against it. There are three orthogonal dimensions: direct vs. indirect communication, fabricated vs. stolen identities, and simultaneity.

5.3 Dimension I: Direct vs. Indirect Communication Direct Communication is one way to perform the Sybil attack is for the Sybil nodes to communicate directly with legitimate nodes. When a legitimate node sends a radio message to a Sybil node, one of the malicious devices listens to the message. Likewise, messages sent from Sybil nodes are actually sent from one of the malicious devices. Indirect Communication In this version of the attack, no legitimate nodes are able to communicate directly with the Sybil nodes. Instead, one or more of the malicious devices claims to be able to reach the Sybil nodes. Messages sent to a Sybil node are routed through one of these malicious nodes, which pretend to pass on the message to a Sybil node.

5.4 Dimension II: Fabricated vs. Stolen Identities A Sybil node can get an identity in one of two ways. It can fabricate a new identity, or it can steal an identity from a legitimate node. Fabricated Identities In some cases, the attacker can simply create arbitrary new Sybil identities. For instance, if each node is identified by a 32-bit integer, the attacker can simply assign each Sybil node a random 32-bit value. Or it creates a new identity for itself based on the identities of the legitimate nodes, that is, if legitimate nodes have an ID with length 32 bit integer, it randomly creates ID of 32 bit integer. These nodes have fabricated identities. Stolen Identities Given a mechanism to identify legitimate node identities, an attacker cannot fabricate new identities. In stolen identities, attacker identifies legitimate identities and then uses it. The attack may go unidentified if the node whose identity has been stolen is

destroyed. Identity replication is when the same identities are used many times in the same places.

5.5 Simultaneous and non-simultaneous attack Simultaneous: In simultaneous, all the Sybil identities participate in the network at the same time. Since only one identity appears at a time, practically cycling through identities will make it appear simultaneous. The attacker may try to have his Sybil identities all participate in the network at once. While a particular hardware entity can only act as one identity at a time, it can cycle through these identities to make it appear that they are all present simultaneously. The number of identities the attacker uses is equal to the number of physical devices; each device presents different identities at different times. Non-Simultaneous: Alternately, the attacker might present a large number of identities over a period of time, while only acting as a smaller number of identities at any given time. The attacker can do this by having one identity seem to leave the network, and have another identity join in its place. A particular identity might leave and join multiple times, or the attacker might only use each identity once. Another possibility is that the attacker could have several physical devices in the network, and could have these devices swap identities. While the number of identities the attacker uses is equal to the number of physical devices, each device presents different identities at different times.

6. CONCLUSION In this paper, we have presented the general concept of wireless sensor network and security in wireless sensor network. The various existing method for the detection of Sybil attack have been discussed and an algorithm is proposed for detection of Sybil attack in wireless sensor network. By using that algorithm we will find the Sybil node or not. Current research so far focuses on the security of wireless sensor network. We have also described so many attacks that occur in sensor network and also apply to sensor node. REFERENCES [1] Kuo-Feng Ssu, Wei-Tong Wang, Wen-Chung

Chang, “Detecting Sybil attacks in Wireless Sensor Networks using neighboring information”, Computer Networks 53 (2009) 3042–3056.

[2] D. Murat, and S. Youngwhan, “An RSSI-based Scheme for Sybil Attack Detection in Wireless Sensor Networks”, World of Wireless, Mobile and Multimedia Networks, WoWMoM 2006. International Symposium, 2006, pp.259-268.

[3] J. Newsome, E. Shi, and D. Song, “The Sybil Attack in Sensor Network: Analysis & Defences,” The Third Intl. Symposium on Information Processing in Sensor Networks (IPSN’04), Berkeley, California, USA: ACN Press, 2004, pp.185-191.



[4] A. V. PRAMO, Md. Abdul Azeem, M. OM PRAKASH “Detecting the Sybil Attack in Wireless Sensor Network”, International Journal of Computers & Technology, ISSN: 2277-3061 Volume 3, No. 1, AUG, 2012.

[5] H. Yu, M. Kaminsky, P. B. Gibbons, and A. Flaxman. “Sybilguard: Defending against sybil attacks via social networks,”. In Proc. ACM SIGCOMM, 2006.

[6] J.Wang, G. Yang, Y. Sun, and S.Chen, “Sybil attack detection based on RSSI for wireless sensor network,” WiCom ’07: International Conference on Wireless Communications, Networking and Mobile Computing, September 2007, pp. 2684-2687, 21-25.

[7] C. Karlof and D. Wagner. “Secure routing in wireless sensor networks: attacks and countermeasures.” Ad Hoc Networks, 2003, 1(2-3):293-315.

[8] Chen, Geng Yang and Shengshou Chen. “A Security Routing Mechanism against Sybil Attack for Wireless Sensor Networks.” International Conference on Communications and Mobile Computing, 2010.

[9] S.Abbas, M.Merabti, and D.Llewellyn-Jones. “Signal Strength Based Sybil Attack Detection in Wireless Ad hoc Networks.” Second International Conference on Developments in eSystems Engineering, 2009.

[10] Qiu Hui-Min. “Principle of Sybil attack and the defence,” Network and Computer Security, vol 10, pp.63-65, October 2005.

[11] L. Shaohe, W. F. Xiaodong, Z. Xin, and Z. Xingming, “Detecting the Sybil Attack Cooperatively in Wireless sensor Networks,” in International Conference on Computational Intelligence and Security, CIS ’08. Vol.1 2008, pp.442-446.

[12] Z. Qinghua, W. Pan, S. Douglas, and P Ning, “Defending against Sybil attacks in sensor networks,” Proceedings of the 25th IEEE International Conference on Distributed Computing Systems Workshop (ICDCSW’05), 2005, pp.185-191.

[13] J.R. Douceur. “The Sybil attack.” In First International Workshop on Peer-to Peer Systems (IPTPS’02), Mar. 2002.

[14] Weichao Wang, Di Pu and Alex Wyglinski. “Detecting Sybil Nodes in Wireless Networks with Physical Layer Network Coding.” IEEE/IFIP International Conference on Dependable Systems & Networks (DSN), 2010.

[15] S.Sharmila, G Umamaheswari, “ Detection of Sybil Attack in Mobile Wireless Sensor Networks”, [IJESAT] International Journal of Engineering Science & Advanced Technology, Volume-2, Issue-2, 256 – 262.

[16] William Stallings: Network Security Essentials Applications and Standards, Person, 2000.

AUTHORS Manjunatha T. N received his B.E degree in Computer Science and Engineering from Sri Siddhartha Institute of Technology, Tumkur in 2008. Currently he is perusing M.Tech degree in Computer Science and Engineering at Canara Engineering

College, Mangalore. During 2008- 2011 he has worked in RRIT and M S Ramaiah Polytechnic Bangalore. His areas of interest are Wireless Sensor Networks, Network Security etc.

Mrs. Sushma M.D received her B.E degree in Information Science & Engineering from P.A College of Engineering, Mangalore and M.Tech in Computer Science & Engineering from Nitte Meenakshi Institute

of Technology, Bangalore in 2008 & 2011 respectively. Worked as Lecturer at P.A College of engineering, Mangalore. Currently working as Asst. Professor at Canara Engineering College, Mangalore.

Shivakumar received his B.E degree in Computer Science and Engineering from UBDT, Davanegere in 1995. He received M.Tech degree in Computer Science and Engineering from AIT, Chikmagalur in

2008. He is currently working as HOD in Canara Engineering College, Mangalore. He has guided 30 B.E projects in CSE and ISE departments and currently guiding two M.Tech projects. His areas of interests are Wireless Sensor Networks, Wi-Max technologies, Neural Networks, and Artificial neural networks etc.

security concepts and sybil attack detection in …2013/04/25 · prevent sybil attack in wireless...

Documents