a novel secure localization scheme against collaborative collusion in wireless sensor networks

A Novel Secure Localization Scheme Against Collaborative Collusion in Wireless Sensor Networks

Jinfang Jiang, Guangjie Han, Lei Shu, Han-Chieh Chao, Shojiro Nishio

Hohai University, China

2

Contents

Introduction Motivation Network model and assumptions Attack model The first phase of the TSFD scheme

Checking the coordinates' information Checking the time information Checking the ID information

The second phase of the TSFD scheme Security calculation Simulation Conclusion

3

Introduction

Security issues in WSN

Our topic

4

Motivation

Current localization methods are vulnerable to most attacks.

Design a secure localization algorithm against malicious attacks in WSNs.

Guarantee high detection rate, especially for collusion attacks Guarantee high localization accuracy, the designed secure localization algorithm should be able to localize sensor nodes under malicious attacks Consideration localization time and energy consumption, the designed secure localization algorithm should be able to fit the resource limited WSN

5

Three kinds of static nodes:

anchor node

sensor node

Intruder node

Different deployment

Different communication radii

Communication is two way

Network model and assumptions

sR

2a sR R=

s m aR R R£ £

The transmission information at least contains: 1) ID information, 2) coordinates of sending nodes and 3) time of sending information.

6

Attack model

CCAM (Collaborative Collusion Attack Model)

Two types of malicious nodes in CCAM intruder nodes compromised nodes

Malicious nodes can launch both external and internal attacks compromise normal sensor nodes distort replayed location information pretend as anchor nodes

7

CCAM is rather different from traditional attack models

• 1) Harder to detect;

• 2) Launch multiple malicious attacks;

• 3) Interfere with the communication in the entire WSN;

• 4) Distort received localization information randomly.

8

Using anchor nodes to identify suspicious nodes step by step

All the anchor nodes communicate with one-hop neighbor nodes Checking the coordinates' information

The first phase of the TSFD scheme (1)

aRb

c ad e

a%'d

d%

', ,ae a a abe d ed R d R d R> > >

,ae a aded R d R< <%%

not all malicious nodes can be detected as suspicious nodes through checking coordinates' information

If one node communicates with another node far away outside the communication range,

at least one suspicious node exists in these nodes to forward information from the sender to receiver.

9

Checking the time information

The first phase of the TSFD scheme (2)

aR

c ad e

a%d%max max

,

,

ae a ade

ae de

d R d R

t T t T

ì < <ïïíï > >ïî

%%

%%

If any malicious node replays information, more time is needed for data transmission and processing

malicious nodes can also revise time information. If time information is incorrect, using the time information to

detect suspicious nodes becomes useless.

10

Checking the ID information

The first phase of the TSFD scheme (3)

aR

c

( ) 2Num ae ³ ade

b

( ) 1Num ee ³

node e receives at least two pieces of messages from neighbor node b. One piece is directly delivered from node b. The other piece is forwarded by malicious node a.

If there is no malicious node within communication range of node a, the message from node b is received only one time.

node e receives its own information through malicious nodes c and d.

11

The period of time:

The delay time:

The delay time between two neighbor anchor nodes:

The average number of malicious nodes in communication range of each anchor node:

The maximum number of malicious nodes in communication range of each anchor node:

The first phase of the TSFD scheme (3)

maxpT T T= +D

1( )2 a

a

lT t

RD = ´ ´ D

(2 )a m avet NtD » D ´ ´

20

( )aR j

ave i lN N f l d= ´ ò

21

50% NN

N

´=

2

2 2

2 2

1 ( )( ) exp( )

2 2

( ) ( )

ji

i j i j

lf l

l x x y y

mps s

-= -

= - + -

12

The second phase of the TSFD scheme

Mesh generation method is used to isolate malicious nodes

In the left figure, traditional mesh generation divides the WSN into different levels and there are several nodes in each level

we propose a new mesh generation method that each unit mesh is a circumscribed square of anchor node. The WSN is divided into many unit meshes and

each unit mesh only contains one node

13

The second phase of the TSFD scheme

• After the first phase, each node keeps a record of suspicious node and these IDs are transported to the base station.

• Then, the base station calculates the number of recorded times of each ID. A node with higher number of recorded times is detected as a malicious one.

• The WSN is divided into four grades: untrusted area, suspicious area, uncertain area and trust area to isolate malicious nodes.

• Each ID is matched with a trust grade one by one. The base station broadcasts trust grades to all the nodes so that every node knows which area it belongs to.

14

Advantages of modified mesh generation method

• Making a detour against malicious nodes as almost destructive nodes are included in the untrusted area;

• Guaranteeing enough anchor nodes to complete localization as seldom normal nodes are erroneously judged as malicious ones.

• However, using the TSFD , not all the malicious nodes can be detected completely.

• Therefore, some measurements are still needed to detect the rest of malicious nodes in the process of calculating coordinates.

15

Security calculation

• The WSN has been divided into four trust grades in the process of isolating malicious nodes, the localization process is firstly performed in trust area, then in the uncertain area and suspicious area. The untrusted area is the last one.

• Thus, the proposed scheme chooses main anchor nodes from the higher trusted area to avoid malicious nodes pretending as anchor nodes.

• However, there may be still some malicious nodes surviving to pretend as vice anchor nodes, thus further detections should be taken by sensor nodes to filter out malicious localization information:• a) whether vice anchor node is outside the communication

range.• b) whether coordinates sent from the same main anchor node

is different.

16

Security calculation

A passive localization scheme only anchor nodes broadcast their localization information,

but sensor nodes do not preventing sensor nodes from declaring their positions

2 1

3 1

ab bd adb

ac cd adc

d d dt t t

v v vd d d

t t tv v v

ìïï +D + - = -ïïïíïï +D + - = -ïïïî

( ) ( )

( ) ( )

( ) ( )

2 2 2

2 2 2b

2 2 2c

a a ad

b b d

c c d

x x y y d

x x y y d

x x y y d

ìï - + - =ïïïï - + - =íïïï - + - =ïïî

Choose trusted anchors as main anchor nodes which only sent localization information,

like node a. Other nodes called vice anchor nodes,

like nodes b and c.

17

Simulation (1): The rate of detection

Robustness of TSFD compared with other secure localization schemes

As the rate of malicious nodes increases, TSFD is always the most robust one

18

Simulation (2): The localization error

Robustness of TSFD compared with other secure localization schemes

19

Conclusion

In this paper, we proposed a new attack model called CCAM and introduced a novel approach called TSFD in static WSNs

Simulation results show that TSFD is effective against malicious nodes in CCAM with high detection rate

And the modified localization scheme provides considerable localization accuracy

Thank you