Detection of Distributed Clone Attacks for Safety Transactions in WSN

Page 1

INTERNATIONAL JOURNAL FOR TRENDS IN ENGINEERING & TECHNOLOGY VOLUME 4 ISSUE 1 – APRIL 2015 - ISSN: 2349 - 9303

Detection of Distributed Clone Attacks for Safety Transactions in WSN N.Karthickkumar1

D.Sasikala2

Department of Computer Science & Engineering, Bannari Amman Institute of Technology, 1 Anna University, nkarthick82@gmail.com

Department of Computer Science & Engineering, Bannari Amman Institute of Technology, 2 Anna University, anjansasikala@gmail.com

Abstract - Wireless sensor Networks (WSNs) are usually deployed in hostile environments wherever associate degree person will physically capture a number of the nodes, first will reprogram, and then, will replicate them in an exceedingly sizable amount of clones, simply taking management over the network. Some distributed solutions to handle this basic drawback are recently projected. However, these solutions don't seem to be satisfactory. First, they are energy and memory demanding: a significant downside for any protocol to be employed in the WSN- resource strained surroundings. Further, they are risk of the particular person models introduced during this paper. The contributions of this work are threefold. First, the desirable properties of a distributed mechanism for the detection of node duplication attacks are examined. Second, the far-famed solutions for this drawback is shown and don't fully meet the required needs. Third, a replacement self-healing, Randomized, Efficient, and Distributed (RED) protocol for the detection of node replication attacks is projected, and it's shown that it satisfies the introduced needs. The novel Implementation specifies that the user can specify its ID, Location ID (LID), Random range (RN), Destination ID (DID) alongside Destination LID, to the Witness Node (WN). The witness can verify the internally finite user ID with the user given ID. If the verification is success, the packets are sent to the destination. A changed RED theme (MRED) is projected to spot biological research attacks within the network. Index Terms: Distributed protocol, efficiency, node replication attack detection, Wireless sensor networks security, resilience. I.

information. The threat of a clone attack will be characterized by two main points: A clone is taken into account completely honest by its neighbors actually, while not international countermeasures, honest nodes can't be alert to the actual fact that they need a clone among their neighbors. To own an outsized quantity of compromised nodes, the person ought not to compromise a high variety of nodes. Indeed, once one node has been captured and compromised, the most price of the attack has been sustained. Creating any clones of an equivalent node will be thought of low cost. Whereas centralized protocols have one purpose of failure and high communication price, native protocols don't discover replicated nodes that area unit distributed in several areas of the network. During this work, a network self-healing mechanism is taken into account, wherever nodes autonomously establish the presence of clones and excluded them from to any extent further network activity. Especially, this mechanism is intended to tell as a ―routine‖ event: it's designed for continuous iteration while not considerably moving the network performances, whereas achieving high clone detection rate. During this paper, the fascinating properties of distributed mechanisms area unit analyzed for detection of node replication attack. The primary protocol for distributed detection is analyzed, proposed, and shown that

INTRODUCTION

Wireless sensing element Network (WSN) could be an assortment of sensors with restricted resources that employment along to realize a typical goal. WSNs will be deployed in harsh environments to meet each military and civil application. As a result of their operative nature, they are usually unattended, thence liable to completely different styles of novel attacks. As an example, associate in nursing person might overhang drop all network communications; any, Associate in nursing person might capture nodes exploit all the data keep there in sensors area unit ordinarily assumed to be not tamper-proof. Therefore, Associate in nursing person might replicate captured sensors and deploy them within the network to launch a spread of malicious activities. This attack is mentioned because the clone attack since a clone has legitimate data (code and scientific discipline material), it's going to participate within the network operations within the same method as a non compromised node thence, and cloned nodes will launch a spread of attacks. A little are represented within the manuscript. As an example, a clone might produce a part, initiate a hollow attack with a collaborating person, or inject false information or combination information in such some way to bias the ultimate result. Further, clones will leak

27


INTERNATIONAL JOURNAL FOR TRENDS IN ENGINEERING & TECHNOLOGY VOLUME 4 ISSUE 1 – APRIL 2015 - ISSN: 2349 - 9303 this protocol isn't utterly satisfactory with relation to the on top of properties. In fact, while not international countermeasures, honest nodes can't be alert to the actual fact that they need a clone among their neighbors. To own an outsized quantity of compromised nodes, the person ought not to compromise a high variety of nodes. Indeed, once one node has been captured and compromised, the most price of the attack has been sustained. Creating any clones of an equivalent node will be thought of low cost. Whereas centralized protocols have one purpose of failure and high communication price, native protocols don't discover replicated nodes that area unit distributed in several areas of the network. During this work, a network selfhealing mechanism is taken into account, wherever nodes autonomously establish the presence of clones and excluded them from to any extent further network activity. Especially, this mechanism is intended to tell as a ―routine‖ event: it's designed for continuous iteration while not considerably moving the network performances, whereas achieving high clone detection rate. During this paper, the fascinating properties of distributed mechanisms area unit analyzed for detection of node replication attack. The primary protocol for distributed detection is analyzed, proposed, and shown that this protocol isn't utterly satisfactory with relation to the on top of properties. Lastly, galvanized by a brand new randomized, efficient, and distributed (RED) protocol for the detection of node replication attacks is additionally planned and it\'s well-tried that this protocol will meet all the on top of cited necessities. what is more Associate in Nursingalytical results area unit provided once RED and its contestant face an person that by selection drops messages that might cause clone detection. Finally, MRED show that it's extremely economical as for communications, memory, and computations needed and shows improved attack detection likelihood (even once the person is allowed to by selection drop messages) compared to alternative distributed protocols. II.

Another centralized clone detection protocol has been recently planned in. resolution assumes that a random key pre distribution security theme is enforced within the device network. That is, every node is appointed a group of isosceles keys, every which way designated from a bigger pool of keys. For the detection, every node constructs a investigating Bloom filter from the keys it uses for communication. Centralized clone detection protocol in each network is that the existing System. This resolution assumes that a random key pre allocation security theme is enforced within the device network. That is, every node is appointed a group of k isosceles keys, haphazardly designated from a bigger pool of keys. For the detection, every node constructs a investigating Bloom filter from the keys it uses for communication. Then, every node sends its own filter to the bottom Station (BS) of each network. From all the reports, the baccalaureate counts the quantity of times every secret is employed in the network. The keys used too typically (above a threshold) are thought of cloned and a corresponding revocation procedure is raised. Different solutions trust native detection. Selection mechanism is employed inside a section to agree on the legitimacy of a given node. However, this sort of a thought applied to the obscurity of duplication coverage fails to note clones that don\'t seem to be inside the similar neighborhood. Line designated Multicast protocol (LSM) is employed, has just one WN that verifies & detects cloned node. Provided that the cloned node & original node sends packet victimization identical WN at identical time, then LSM would find the cloned copy. Then, every node sends its own filter to the baccalaureate. From all the reports, the baccalaureate counts the quantity of times every secret is employed in the network. The keys used too typically (above a threshold) are thought of cloned and a corresponding revocation procedure is raised. The LSM protocol is analogous to RM; however it introduces a motivating improvement in terms of detection likelihood. In LSM, once a node announces its location, each neighbor 1st domestically checks the signature of the claim, and then, with likelihood p, forwards it to g_1 haphazardly designated destination nodes. As associate example, in Figure one, node a, announce sits location and one amongst its neighbors, node b, forwards the claim to node. A location claim, once motion from supply to destination, should tolerate many intermediate nodes that type the alleged claim message path.

RELATED WORKS

One of the primary solutions for the detection of clone attacks depends on a centralized Base Station (BS). During this resolution, every node sends an inventory of its neighbors and their locations (that is, the geographical coordinates of every node) to a baccalaureate. The same node ID in two lists with inconsistent locations can lead to clone detection. Then, the baccalaureate revokes the clones. This resolution has many drawbacks, like the presence of one purpose of failure (the BS) and high communication value because of the massive variety of messages.

Moreover, each node that routes this claim message should check the signature, to store the message, and to envision the coherence with the opposite location claims received inside identical run of the detection protocol. Node

Further, nodes near the baccalaureate are going to be needed to route far more messages than different nodes, thus shortening their operational life.

28


INTERNATIONAL JOURNAL FOR TRENDS IN ENGINEERING & TECHNOLOGY VOLUME 4 ISSUE 1 – APRIL 2015 - ISSN: 2349 - 9303 replication is detected by the node (if present) on the intersection of two ways generated by two totally different completely different} node claims carrying identical ID and returning from two different nodes. Within the example shown in Figure one, node a0 may be a twin of node a (it has identical ID of node a). The claim of a0 is forwarded by node c to node e. within the example; node w can then lead to the intersection of two ways carrying the claim of ID a returning from completely different locations. Node w, the witness, detects the attack and triggers a revocation procedure.

protocol. The analysis and the further set of simulations presented show that the RED protocol can be actually implemented in sensor network. Also, it can be continuously iterated over the same network, as a self-healing mechanism, without significantly affecting the network performance (nodes energy and memory) and the detection protocol itself. Furthermore, the influence of an attacker is investigated intervening on message routing both for RED and LSM. III. ARCHITECTURAL DESIGN REQUIREMENTS FOR THE DISTRIBUTED DETECTION PROTOCOL A: NETWORK CONSTRUCTION This module is developed so as to form a dynamic network. During a network, nodes square measure interconnected with the admin that is observance all the opposite nodes. All nodes square measure sharing their data with every other. B: NODE REGISTRATION AND NODE property Here, the quantity of nodes registers for sharing their data through constant network or totally different network maintained. And conjointly it connects the supply node to the destination node path property for causing knowledge in secure transfer of the every network maintained within the Network Construction.

Figure 1. Example of LSM protocol iteration.

C: NODE IDENTIFICATION FOR CLONE DETECTS

same ID and coming from two different nodes. In the example shown in Figure 1, node a0 is a clone of node a (it has the same ID of node a). The claim of a0 is forwarded by node c to node e. In the example, node w will then result in the intersection of two paths carrying the claim of ID a coming from different locations. Node w, the witness, detects the attack and triggers a revocation procedure.

Here each registered yet because the path property nodes square measure moving into the system generation for those input data‘s square measure sharing from supply to destination depends upon the property path. So, it detects the clone node simply and identifies those nodes through the Network cluster Maintenance. D: WITNESS NODE DISTRIBUTION A major issue in coming up with a protocol to discover clone attacks are that the choice of the witnesses. ‗Witness‘ is named as a node that detects the existence of a node in 2 totally different locations inside constant protocol run. If the individual is aware of the longer term witnesses before the detection protocol executes, the individual might subvert these nodes so the attack goes undiscovered. Here, 2 varieties of predictions square measure known, 1. ID-based prediction 2. Location-based prediction. A protocol for duplicate detection is ID unaware, if it doesn't give any data on the ID of the sensors which will be the witnesses of the clone attack throughout subsequent

Figure 2. Example of intersecting paths without intersection node in LSM.

In this paper, a review of the contribution is performed and a thorough investigation on the feasibility of the RED

29


INTERNATIONAL JOURNAL FOR TRENDS IN ENGINEERING & TECHNOLOGY VOLUME 4 ISSUE 1 – APRIL 2015 - ISSN: 2349 - 9303 protocol run. Similarly, a protocol is space unaware, if chance doesn't rely on the geographical position of node within the network. Clearly, once a protocol is neither ID nor space unaware, then a wise individual will have sensible probabilities of succeeding, since it\'s able to use this data to destabilize the nodes that, likely, are the witnesses. E: VERIFICATION OF USER ID Each node is assigned associate degree ID as individual, once it\'s registered into the network associate degreed conjointly an ID for the total cluster, i.e., LID is generated for every and each location. The node ID and LID also are appended with one (Encrypted with RSA algorithm). Then the WN can then check the node ID + LID that is generated with the user data. If each the info square measure matched, then the WN can make sure that this node thereupon location is real.

Figure 3. Examples of protocols iteration: n ¼ 1;000, r ¼ 0:1, g ¼ 1, and p ¼ 0:1. (a) LSM protocol. (b) RED protocol.

IV.

SYSTEM ARCHITECTURE

In this Project RED, a new protocol is used for the detection of clone attacks. RED is similar, in principle, to the Randomized Multicast protocol, but with witnesses chosen pseudo randomly based on a network-wide seed. In exchange for the assumption that efficient distribution of the seed is possible, RED achieves a large improvement over RM in terms of communication and computation.

F: VERIFICATION OF RANDOM range Random key pre-distribution security theme is enforced within the sensing element network. That is, every node is assigned variety at random with Time Stamp (TS) from cluster Leader (GL). Then the GL can transmit RN (Encrypted with RSA algorithm) that was generated with relation to those TS to the Witness node. WN can currently check the RN that is generated with the user data. If each the info square measure matched then the WN can make sure that this node is real.

Nodes are registered in a location. GL is elected, then the GL will start transmit a RN to all the nodes which are attached to that GL. If a node A in the Location 1 wants to send a data to another node D in the Location 4, then the following steps are carried. 1. Node ID of A + LID of A – 1 + RN of GL (1) + TS+ DID of Node D + LID of D – 4 --------------------- 1

G: biological research DETECTION AND knowledge TRANSFER

2. Internal Sender Node ID and LID is also tagged with 1.

Only the WN confirms the sender node, the info is send to the destination that is real. If user nominative data and therefore the internal data square measure varied then the WN can determine that\'s biological research or some malpractice has occurred and therefore the packets square measure discarded by the WN. The projected design relies on a Dynamic En-Route Filter (DEF) wherever every RISC core is assigned a hard and fast role i.e. perform is distributed among every code design core. it\'s a multi-tier design that performs cluster of incoming packets then it mines data to spot attacks in passive manner latter anomaly detection is allotted in parallel.

3. Encrypt 1 with RSA Algorithm then send to the Witness Node. 4. WN will Decrypt 1, then will compare with user specified node ID and LID with internally tagged node ID and LID, which is original. 5. If the both those user specified and internally tagged information‘s are matched, then the WN will check the RN with respect to the TS by sending the request to the GL of the Location 1. 6. The GL will transmit RN which was generated with respect to those TS to the WN. 7. WN will check the RN which is generated with the user information. If both the data are matched then the WN will confirm that this node is genuine.

30


INTERNATIONAL JOURNAL FOR TRENDS IN ENGINEERING & TECHNOLOGY VOLUME 4 ISSUE 1 – APRIL 2015 - ISSN: 2349 - 9303 8. Only if the WN confirms the sender node, the data is send to the destination, which is genuine.

network space. Moreover, it\'s assumed that no routing failure happens and from every neighbourhood, precisely one claim message is shipped (It isn't expressly thoughtabout that d, p, and g values are sent). The hypothesis is controlled and each claims are sent through path of length l=c/n nodes (with constant network density, the common path length). The nodes on the 2 ways (the 1st one outgoing from the honest node a and therefore the other from the clone a0) are those concerned within the detection method by the 2 protocols.

9. If user specified information and the internal information are varied then the WN will identify that cloning or some malpractice has occurred and the packets are discarded by the WN. RED is used in which GL is elected. GL will multicast a RN to all its Group Nodes at TS. RED will verify RN, node ID, LID, and TS via WN which is encrypted automatically from the user, decrypted and verified by the WN. Here multiple WN is maintained.

In RED, if only one of those 2‗nodes within the 2 ways is malicious, detection will fail. In fact, the corrupted forwarding node will merely drop the received location claim. The chance that a minimum of one malicious node is gift within the 2 ways. However, note that the chance in (3) refers to geometric line intersection. Then, it is, in fact, Associate in Nursing optimistic boundary (also still forward no failure within the routing). In fact, 2 decussate ways (geometrically) don\'t essentially have a node in common—an example of this case is shown. Though this reality exists within the following, optimistically take into account (3) because the chance that the clone is detected, once no malicious nodes are gift. Let U be the event that the attack is undetected for single protocol iteration. For LSM, the subsequent 2 disjoint events are thought-about. Here, the concept is that malicious nodes will stop clone detection given that they\'re within the path before the witness. Currently define:. Event Eh: All of the forwarding nodes before the (possibly present) witness are honest. Event Em: there's a minimum of one malicious forwarding node before the (possibly present) witness.

Figure 4: The Detailed Diagram for Clone Attacks

Figure five shows the analytical results for RED and LSM on non detection chance. Prompt that whereas the analysis for RED is actually tight, the one for LSM is optimistic, since it depends on the belief that ways that geometrically see have a node in common. This can be not true, particularly once the network is dense. The particular detection rate depends on many factors like node density, for instance. Nevertheless, RED outperforms LSM even within the presence of malicious nodes that may stop the protocol. Figure five shows the analytical results for many values of c (c controls the length of the common random path within the network, being the non detection chance. ensuing protocol iterations (x-axis) are thought-about. The results are planned for c =0:1; 0:2; . . . ; 1. It is attention-grabbing to notice that however w and c influence the detection chance. Larger c means that longer ways, and thus, higher chance that one amongst the malicious nodes will stop clone detection. Larger w implies that the opponent will typically ruin the protocols and influence detection chance significantly, particularly once c is giant. All told cases, it's clear that RED will converge to

MODIFICATION This is proposed to compare the RN & also the node ID given by the user and the original node ID tagged with the data.

V .DETECTION PROBABILITY WITH MALICIOUS NODES In this section, clone detection chance is investigated throughout a sequence of iterations. it\'s assumed that the opponent has cloned a node, it\'s additionally already dominant a set of at random selected different nodes, and no mechanism for preventing packet dropping is enforced, so malicious nodes will stop claim forwarding. Further, it's assumed that a node (say a) is cloned and one amongst its clone (say a‘) is at random deployed inside the

31


INTERNATIONAL JOURNAL FOR TRENDS IN ENGINEERING & TECHNOLOGY VOLUME 4 ISSUE 1 – APRIL 2015 - ISSN: 2349 - 9303 terribly high detection chance terribly quickly. Note that RED is additional influenced

such a protocol that was indicated ought to be not solely tiny, however additionally equally distributed among the nodes, each in computation and memory. Further, new person threat models are brought in. However, a significant contribution of this paper is that the proposal of a selfhealing, randomized, efficient, and distributed (MRED) protocol to observe node replication attacks. MRED protocol is analytically compared with RED through this state of technology, LSM answer and proved that the overhead introduced by RED is low and virtually equally balanced among the nodes; RED is each ID-unaware and space unaware; to boot, RED out performs LSM in terms of potency and effectiveness. Intensive simulations make sure these results. Lastly, additionally within the presence of compromised nodes, it will analytically be shown that RED is a lot of resilient in its detection capabilities than LSM. VII. REFERENCES [1] I.F. Akyildiz, W. Su, Y. Sankarasubramaniam, and E. Cayirci, ―Wireless Sensor Networks: A Survey,‖ Int‘l J. Computer and Telecomm. Networking, vol. 38, no. 4, pp. 393-422, 2002.

Figure. 5. Non detection probability (n ¼ 1; 000 and c ¼ 0:5).

Than LSM by path lengths, since a malicious node will stop the protocol where it seems within the methods. However, experiments show that for a network of one, 000 nodes and communication vary zero.1 in a very network space of aspect one, c is regarding zero.35. Therefore, it will be complete that RED has higher detection likelihood and converges quicker than LSM for all sensible values of the network parameters.

[2] C. Bettstetter, ―On the Minimum Node Degree and Connectivity of a Wireless Multihop Network,‖ Proc. MobiHoc ‘02, pp. 80-91, 2002. [3] S. Capkun and J.-P. Hubaux, ―Secure Positioning of Wireless Devices with Application to Sensor Networks,‖ Proc. IEEE INFOCOM ‘05, pp. 1917-1928, 2005. [4] R. Di Pietro, D. Ma, C. Soriente, and G. Tsudik, ―Posh: Proactive Co-Operative Self-healing in Unattended Wireless Sensor Networks,‖Proc.IEEE Symp. Reliable Distributed Systems (SRDS), pp.185-194, 2008.

Only the WN confirms the Sender node, the information is send to the destination that is real. If user nominative info and also the internal info are varied then the WN can determine that biological research or some malpractice has occurred and also the packets are discarded by the WN.

[5] D. Ganesan, R. Govindan, S. Shenker, and D. Estrin, ―HighlyResilient, Energy-Efficient Multipath Routing in Wireless Sensor Networks,‖ SIGMOBILE Mobile Computing and Comm. Rev., vol. 5,no. 4, pp. 11-25, 2001.

The planned design relies on a Dynamic En-Route Filter (DEF) wherever every RISC core is assigned a hard and fast role i.e. perform is distributed among every computer code design core. it\'s a multi-tier design that performs cluster of incoming packets then it mine info to spot attacks in passive manner; latter anomaly detection is disbursed in parallel.

[6] S. Kwon and N.B. Shroff, ―Paradox of Shortest Path Routing for Large Multi-Hop Wireless Networks,‖ Proc. IEEE INFOCOM ‘07,pp. 1001-1009, 2007.

VI. CONCLUSION [7] J. Newsome, E. Shi, D. Song, and A. Perrig, ―The Sybil Attack in Sensor Networks: Analysis & Defenses,‖ Proc. Int‘l Symp.Information Processing in Sensor Networks (IPSN ‘04), pp. 259-268, 2004.

In this paper, many basic needs of a perfect protocol for distributed detection of node replicas ought to be enforced. This can be more improved, conferred and even. Specially, the most plan of ID-unawareness and space unknowingness is initiated that conveys a live of the standard of the node replicas detection protocol; that's, its flexibility to a sensible person is taken into account. Moreover, the overhead of

32


Turn static files into dynamic content formats.

Create a flipbook
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.