210 likes | 482 Vues
Detecting Malicious Beacon Nodes for Secure Location Discovery in Wireless Sensor Networks. Donggang Liu, Peng Ning – North Carolina State University Wenliang Du – Syracuse University Proc. ICDCS 2005. Presented by: Jacob Lynch. Overview. Introduction Related work
E N D
Detecting Malicious Beacon Nodes for Secure Location Discovery in Wireless Sensor Networks Donggang Liu, Peng Ning – North Carolina State University Wenliang Du – Syracuse University Proc. ICDCS 2005 Presented by: Jacob Lynch
Overview • Introduction • Related work • Detecting malicious beacon signals • Filtering replayed beacon signals • Revoking nodes • Performance • Conclusion
Introduction • Technological advancements enable large scale sensor networks to be deployed • Many applications require sensors to know their locations • Environment monitoring, target tracking, etc. • Impractical to have GPS receiver on every node • Malicious nodes ignored so far
Related work • Two stage location discovery algorithm • Stage 1: non-beacon nodes receive radio signals known as beacon signals from beacon nodes • Stage 2: after receiving enough beacon signals, sensors can calculate location • Received Signal Strength Indicator (RSSI), Time of Arrival (ToA), Time Difference of Arrival (TDoA), Angle of Arrival (AoA) • Cannot deal with compromised nodes
Detecting malicious beacon signals (1) • Malicious nodes want to remain undetected • Give normal information to beacon nodes • Malicious nodes shouldn’t know which nodes are beacon nodes • Implement fake IDs • Each beacon node is given multiple IDs with the corresponding secure keys for communication to all other nodes
Detecting malicious beacon signals (2) • Beacon node can request beacon signals when it detects them • Beacon node uses a fake ID that keeps the broadcaster from knowing it’s a beacon node • Paper assumes the nodes have no way to tell if an ID belongs to a beacon node or not • Beacon node then gets the beacon signal and can analyze it with GPS receiver
Detecting malicious beacon signals (3) • Detecting node (using fake ID) requests beacon signal • Detecting node uses packet location information in beacon signal to compare estimated distance and calculated distance • If distance is larger than the possible error, then the node may be malicious
Filtering replayed beacon signals (1) • Malicious beacon signal may contain benign node ID, not sure if the signal has been replayed or not • Beacon signal may be relayed through a wormhole • Attacker sends packets from one part of a network to another part of the network using a low latency link • Techniques have been established to filter these
Filtering replayed beacon signals (2) • Locally replayed beacon signals • Attacker replays a beacon signal received from a neighbor beacon node • Most wormhole detectors cannot detect this • Use round trip time (RTT) to filter out locally replayed beacon signals • Temporal leashes require time synchronization between nodes, while RTT does not
Filtering replayed beacon signals (3) • Compare observed RTT to range of RTT derived from experiments on an actual sensor network • If RTT <= max RTT, not locally replayed • If RTT > max RTT, locally replayed beacon signal, ignore it
Filtering replayed beacon signals (4) • Benign nodes only report other benign nodes when all of the following occur: • They are not neighbor nodes • The attacker creates a wormhole between them • The wormhole is not detected by detecting node • The delay is less than the detectable delay • Increase the number of IDs to increase detection rate • More malicious packets increases detection rate
Filtering replayed beacon signals (4) • Overhead cost • Beacon signals unicast, location information only done once for each non-beacon node • Sensors nodes usually only communicate with a few other nodes in communication range • Most overhead comes from key establishment and cryptographic operations
Revoking nodes (1) • Nodes generate alerts containing IDs of target and detecting node • All alerts sent to a base station • Base station accepts alert if • Number of alerts from that detecting node is under a certain threshold • Target node has not been revoked • Accepted reports increase report counter of detecting node and alert counter of target node
Revoking nodes (2) • If alert counter exceeds a certain threshold, the target node is considered a malicious beacon node and is revoked from the network • Alerts may still be accepted from revoked nodes if the node’s report limit is under the threshold and the target node is not revoked • Prevent malicious beacon nodes from getting benign nodes revoked before they can send alerts
Revoking nodes (3) • Overhead cost • Observations must be reported to base station • Limited monitoring done by a beacon node, few alerts will be sent • No computation or storage overhead for sensors • Base station has more resources
Performance (1) Pr = detection rate P = probability that (1) a requesting non-beacon node receives a malicious beacon signal from a malicious beacon node, and (2) this malicious beacon signal is not removed by the replay detector m = number of IDs on a detecting beacon node
Performance (2) Nc = number of requesting nodes P = probability that (1) a requesting non-beacon node receives a malicious beacon signal from a malicious beacon node, and (2) this malicious beacon signal is not removed by the replay detector
Performance (3) • Simulations were run on the TinyOS simulator Nido • 1,000 sensor nodes randomly deployed, 100 beacon nodes • P = probability that (1) a requesting non-beacon node receives a malicious beacon signal from a malicious beacon node, and (2) this malicious beacon signal is not removed by the replay detector • N’ = average number of requesting non-beacon nodes accepting the malicious beacon signals
Performance (4) • Na = number of compromised nodes • τ’ = benign node report threshold
Conclusion • Authors came up with a practical solution to detect malicious beacon signals as well as replayed beacon signals • Overhead added for these techniques is minimal • False positive rate pretty good when few nodes are malicious