Proceedings of International Conference on Developments in Engineering Research
www.iaetsd.in
A Survey on Enroute Filtering Scheme in Wireless Sensor Networks P.Pritto Paul, Asst Professor, Velammal Engg. College, Anna University, Chennai. p.prittopaul@gmail.com
Abstract— Wireless Sensor Networking is one of the most prominent technology that is used in almost all real time applications. WSN is used in the estimation of temperature in Cyber Physical Network System(CPNS) where the sensor nodes are deployed in hostile environment. In this environment the sensor nodes sense the data and forward the report to the base station. When the report is being forwarded to the base station the attacker may forge the data or may inject false data into the report by compromising the sensor nodes in the network this leads the base station to generate false decision. The solution to overcome the False Data Injection Attack is to implement the Enroute Filtering Scheme in WSN. The Enroute Filtering is used to check the correctness of the data before it is being forwarded to the base station. In this paper some of the most efficient Enroute Filtering Schemes for filtering false data have been discussed with their advantages and disadvantages. And also forwarding and filtering of data in Cluster based environment which provides high security than other filtering schemes have been discussed.
I. Introduction WIRELESS sensor networks are expected to interact with the physical world at an unprecedented level to enable various new applications. However, a large-scale sensor network may be deployed in a potentially adverse or even hostile environment and potential threats can range from accidental node failures to intentional tampering. Due to their relatively small sizes and unattended operations, sensor nodes have a high risk of being captured and compromised. False sensing reports can be injected through compromised nodes, which can lead to not only false alarms but also the depletion of limited energy resource in a battery powered network.
ISBN NO : 378 - 26 - 13840 - 9
K.Thejaswi, PG-Student, Velammal Engg. College, Anna University, Chennai. tejaswi.kessamsetti@gmail.com
The false data injection in a cyber physical network system can be overcome by the formation of clusters where the neighbor sensor node with nearly similar properties will be organized into the form of clusters. In the hierarchical network structure each cluster has a leader, which is also called the cluster head (CH). The sensor nodes periodically transmit their data to the CH nodes.CH nodes aggregate the data and transmit them to the base station (BS) either directly or through the intermediate communication with other CH nodes. The BS is the data processing unit for the data received from the sensor nodes.The Base Station is fixed at a place in a stationary manner which is far away from the all the sensor nodes .The function of each CH,is to perform common functions for all the nodes in the cluster, like aggregating the data before sending it to the BS. In some way, the CH is the sink for the cluster nodes, and the BS is the sink for the CHs. The advantages of cluster based environment is: 1) supporting network scalability and decreasing energy consumption through data aggregation 2) It can localize the route setup within the cluster and thus reduce the size of the routing table stored at the individual node. . The main parameters included in clustering are: Number of clusters, Nodes and CH mobility, Nodes types and roles, Cluster formation methodology, Cluster-head selection.
INTERNATIONAL ASSOCIATION OF ENGINEERING & TECHNOLOGY FOR SKILL DEVELOPMENT 7
Proceedings of International Conference on Developments in Engineering Research
www.iaetsd.in
In past different scheme have been proposed for filtering false data in wireless sensor networks where the data is transferred in a environment where the sensor nodes are scattered. For example inStatisticalEnroute Filtering Scheme[1],Interleaved Hop-by-Hop Schemes[2] have the limitation of node compromising where the false data can be injected in order to generate the false reports. In the paper we discuss about the compromise resilient enroute filtering scheme where the sensor nodes are organized into the form of clusters. And the data is transferred to Base station (sink) with the help of forwarding nodes which act as an intermediate between the cluster and the base station. The rest of the paper is organized as follows: 1) a brief survey on existing filtering schemes. overview of compromise resilient enroute filtering scheme in cluster based environment in WSN. 2) a survey on compromised resilient enroute filtering scheme in WSN.3) Then, a detailed literature survey on enroute filtering devised for WSNs is provided along with comments on their prominent and lacking feature.
To overcome the threshold limitation and to reduce the increasing number of compromised nodes which we have seen in SEF. We come up with LBRS b) Location-Based Resilient Security (LBRS)[2] approach which make use of two techniques: location-binding keys and location-based key assignment. In location based resilient scheme the location of the sensors and sink is stationary by which it can assign fixed key values for the sensor in order to provide security. Based on its location, a node stores one key for each of its local neighboring cells and a few randomly chosen remote cells. LBRS provides a solution to this security problem, but it depends on the stationary of the sink and the fixed routing model such that it cannot work with mobile sinks and various routing protocols. The disadvantage of LBRS is it relies on special data dissemination protocol to confirm a bean model. c) Grouping-Based Resilient Statistical Enroute Filtering (GRSEF)[4]scheme for filtering false data. The GRSEF does not depend on sink stationary. It improves the filtering efficiency by II.RELATED WORKS dividing the sensor nodes into certain number of groups(e.g.: T-groups) and assigns authentications We discuss about existing filtering schemes, to the groups. GRSEF employees a multi-axis which make use of MAC(message authentication division technique to overcome the threshold Codes) for transferring the data. limitation problem that we have seen in SEF[1] and IHA[4]. In GRSEF, the Redundancy is increased to a) Statistical Enroute Filtering (SEF)[1] is the achieve the robustness against this attacks but the most basic mechanism in which dense deployment disadvantage of GRSEF is it has no resilience to the of large sensor networks takes place. To prevent selective forwarding attack and report disruption any single compromised node from breaking down attack . the entire system, SEF sends only limited of All the early proposed scheme have the amount of security information assigned to each disadvantage of T-threshold limitations, this node, and depends on the collective decisions of schemes does not adopt to dynamic topology, takes multiple sensors for false report detection. As a long time for a network to become stable, sensor report is forwarded through multiple hops toward nodes are scattered in a wireless networks were the sink, each intermediate node verifies the there is no security for the transmission of data, correctness of the MACs carried in the report and Requires node localization and takes a long time to drops the report if an incorrect MAC is detected. be stable. Inorder to overcome the disadvantages The disadvantage of SEF is probability of detecting our survey has come up with formation of clusters incorrect MACs increases with the number of hops in wireless sensor network where the sensor nodes the report travels. SEF[1] and IHA[4] have the Tare grouped to form clusters. threshold limitations. That is, if the adversary compromises T nodes from different groups, they could inject false data to generate the false report.
ISBN NO : 378 - 26 - 13840 - 9
INTERNATIONAL ASSOCIATION OF ENGINEERING & TECHNOLOGY FOR SKILL DEVELOPMENT 8
Proceedings of International Conference on Developments in Engineering Research
III. Preliminary a) The Basics of Enroute Filtering: The enroute filtering is technique used in wireless networks with which the intermediate nodes checks the correctness of the data that is being travelled along the route from source to the sink with the help of intermediate nodes present in the network. The intermediate node not only checks the correctness of the data but also can filter the false data effectively. The intermediate nodes after receiving the report checks whether it contain valid T-MAC. The report with less number of T-MAC will be dropped. If any false data which is not filtered by the intermediate nodes will be detected by the sink where it gets filtered. The sink acts as the final defense that catches false reports not filtered out by forwarding nodes. b) System model of Enroute Filtering:
Sensor node
Intermediate node should check for correct MAC
sink Compromised node(injection of false data)
c) Security Model Of Enroute Filtering:
We consider a large sensor network field where nodes are deployed. So after the network initialization phase the sensor nodes forms into groups and elect a cluster head based on different parameters like remaining energy etc. Whenever events of interest occurs in the terrain say if a tank moves, all the cluster members near to the event will sense the happening and report to their cluster heads. On receiving the reports cluster head ISBN NO : 378 - 26 - 13840 - 9
www.iaetsd.in
aggregates them and sends a single copy of the valid report to the base station through selected report forwarding nodes. The selections of report forwarding nodes are up to the underlying routing protocol’s work . And also the selection parameters are independent of the application. We assume that there are attackers present within the terrain are capable of monitoring the communication pattern between the sensor members and the cluster head to guess the message from the reports if intercepted. We assume that each cluster contains at most t-1 compromised nodes, which may collaborate with each other to generate false reports by sharing their secret key information. The potential attacks which we consider in our work DoS attacks. DoS attacks include selective forwarding and report disrupt d) Proposed System for Enroute Filtering: The proposed system for enroute filtering is based on cluster environment where the sensor nodes are organized into groups(clusters).In cluster based sensor nodes makes use of two keys authentication key and check key instead of MAC used in the existing systems. The sensor nodes within the cluster are assigned with authentication key and the forward nodes are assigned with check key in order to provide additional security. The security keys for the sensing node and the forwarding node is assigned by the sink. Different nodes present in different clusters are assigned with different authentication keys. In this way a compromised node present in one cluster will not effect the nodes present in the other cluster. Therefore this scheme achieves better resilience to the increased number of compromised nodes. The main advantage of this scheme is that it does not depend on static routes and node localization. This scheme mainly consists of two principles: Management of authentication information: this is used to assign the key values to the nodes present in the network. Management of data security: this is used to detect and filter the false data. The report that is being forwarded from one cluster should contain: the encrypted measurement, cluster key, sensor node ID, local ID of the node from where it has been generated, authentication information of the measurement generated by the node.
INTERNATIONAL ASSOCIATION OF ENGINEERING & TECHNOLOGY FOR SKILL DEVELOPMENT 9
Proceedings of International Conference on Developments in Engineering Research
www.iaetsd.in
e) System model of proposed system:
C1
CH
FS1 S1
S2
C2
CH
S2
S3
FS2 C3
SINK
S1
CH S3
FS1, FS2 - Forward Sensor Nodes C1, C2, C3 - Clusters CH - Cluster Head S1, S2, S3 - Sensor Nodes
f) Algorithms used in Enroute Filtering:
Type Of Algorithm
Algorithm Usage
1. Kar and Banerjee’s algorithm 2. Greedy algorithm
Sensor-deployment in a network
Distributed algorithm
Compute Support Weight(SW) between the sensor nodes in a network.
Veltri et al. algorithm
Distributed localized algorithm
Kanan et al. algorithm
Polynomial time algorithms
Clustering Algorithm
1. LEACH – C Algorithm 2. Efficient Cluster Head Selection Scheme For Data Aggregation [EECHSSDA] 3. Hybrid Energy- Efficient Distributed Clustering
Greedy base-station algorithm ISBN NO : 378 - 26 - 13840 - 9
1. For unidirectional antennas 2. For omnidirectional antennas
Advantages 1. Achieve Coverage 2. Achieve Connectivity 1. Construct Local Neighborhood Graph. 2. Construct Best Support Path 1. To find an approximate minimal exposure path. 2. Linear programming formulation for minimal- and maximal-exposure paths is obtained. 1. compute the maximum vulnerability of a sensor deployment to attack by intelligent adversary . 2. To compute optimal deployments with minimal vulnerability. Cluster Head Selection takes place based on following clustering algorithm.
Forwarding of data to the base station
INTERNATIONAL ASSOCIATION OF ENGINEERING & TECHNOLOGY FOR SKILL DEVELOPMENT 10
Proceedings of International Conference on Developments in Engineering Research
www.iaetsd.in
IV. Literature Survey Schemes for filtering false data
Advantages
Disadvantages
Statistical Enroute Filtering
Dynamic topology shared key mechanism
Threshold problems No resilience to attacks.
Location-Based Resilient Security
Not applied to dynamic topology Require node localization
Require node localization Lower resilience to attacks.
Grouping-Based Resilient Statistical
Avoid threshold limitations Location-basedkey generation
Uses multi-axis division technique Avoid threshold limitations
V. Conclusion The clustering scheme achieves not only high en-routing filtering probability but also high reliability for filtering the injected false data with multi-reports without depending on static routes and node localization. Due to the simplicity and effectiveness, the cluster based scheme could be applied to other fast and distributed authentication scenarios in wireless network.
VI. References 1) F. Ye, H. Luo, S. Lu, and L. Zhang, “Statistical en-route filtering of injection false data in sensor networks,” IEEE Journal on data in sensor networks,” IEEE Journal on selected areas in communication,VOL.23, NO. 4, April 2005 2)” Toward Resilient Security in Wireless Sensor Networks” Hao Yang, Fan Ye, Yuan Yuan, Songwu Lu, William Arbaugh
ISBN NO : 378 - 26 - 13840 - 9
3) L. Yu and J. Li, “Grouping-based resilient statistical en-route filtering for sensor networks,” in Proc. of the 28th IEEE International Conference on Computer Communications (INFOCOM’09), 2009, pp. 1782–1790. 4) S. Zhu, S. Setia, S. Jajodia, and P. Ning, “An interleaved hop-byhop authentication scheme for filtering of injection false data in sensor networks,” ACM Transactions on Sensor Networks (TOSN), vol. 3, no
5) N.Parashuram, Y.Sanjay sai raj, A.Sagar, B.Uma “An Active En-route Filtering Scheme for Secured Data Dissemination in Wireless Sensor Networks” IJCSET |April 2012| Vol 2, Issue 4,1102-1
INTERNATIONAL ASSOCIATION OF ENGINEERING & TECHNOLOGY FOR SKILL DEVELOPMENT 11
Proceedings of International Conference on Developments in Engineering Research
www.iaetsd.in
6) “Clustering in Wireless Sensor Networks” textbook Basilis Mamalis, Damianos Gavalas, Charalampos Konstantopoulos, and Grammati Pantziou. 7)“Algorithms For Wireless Sensor Networks” Sartaj Sahni and Xiaochun Xu Department of Computer and Information Science and Engineering, University of Florida, Gainesville, FL 32611 {sahni,xxu}@cise.ufl.edu September 7, 2004 8)” A Random Perturbation-Based Scheme for Pairwise Key Establishment in Sensor Networks” Wensheng Zhang and Minh Tran Dept. of Computer Science, Iowa State University, Ames, IA 50014, USA 9) “Filtering Schemes for Injected False Data in Wsn” IOSR Journal of Computer Engineering (IOSR-JCE) e-ISSN: 2278-0661, p- ISSN: 2278-8727Volume 13, Issue 6 (Jul. Aug. 2013), PP 29-31.
ISBN NO : 378 - 26 - 13840 - 9
INTERNATIONAL ASSOCIATION OF ENGINEERING & TECHNOLOGY FOR SKILL DEVELOPMENT 12