Distributed Detection Of Node Replication Attacks In Sensor

Networks

Presenter: Kirtesh Patil

Acknowledgement: Slides on Paper originally provided by Bryan Parno, Adrian Perrig and Virgil Gligor

By Bryan Parno, Adrian Perrig and Virgil Gligor

Sensor Networks

• Wireless sensor networks contain thousands of nodes

• Each node has limited processing, storage capacity and power

• Low Cost• Easy to deploy– No Tamper proof

Replication Attack

• Capture one node– pressure, voltage and temperature sensing not

built-in to detect intrusion– Read memory

• Replicate nodes – same IDs– Affects data aggregation protocols– Replicated nodes can be used to kick legitimate

nodes out (node-revocation protocol)

Outline

• Introduction• Problem Statement and Previous Work• Solution• Evaluation• Discussion

Introduction Problem Statement Solution 1 Solution 2 Evaluation Discussion

Assumptions

• Adversary can’t deploy nodes with arbitrary ID – paper assumes n/w implements required safeguards

• Adversary has limited node capturing capability

• Cloned node has at least one legitimate node in neighborhood (Can be eliminated)

• All node know their geographical location and node are primarily stationary

Introduction Problem Statement Solution 1 Solution 2 Evaluation Discussion

Objectives• Detect node replication with high probability

• Secure against adaptive adversary– Unpredictable to adversary– No central point of failure

• Minimize communication overhead

Introduction Problem Statement Solution 1 Solution 2 Evaluation Discussion

Previous Approaches• Centralized scheme– Each node sends location to central base station– Central base station examines list for conflicts– Revocation: flood network with authenticated

revocation message– Disadvantages:

• Vulnerable to single point failure– Compromise base station– Interfere with its communication

• Node surrounding base station – undue routing of traffic• Revocation can be delayed

– Advantages: 100% detection

Introduction Problem Statement Solution 1 Solution 2 Evaluation Discussion

Previous Approaches (Contd.)

• Local Detection Scheme– Neighbor try to detect replicated nodes– Fails to detect distributed node replicated in

disjoint neighborhood

Introduction Problem Statement Solution 1 Solution 2 Evaluation Discussion

Emergent Properties

• They are properties that only emerge through collective action of multiple nodes

• Advantages:– No Central Point of Failure– Attractive approach to thwart unpredictable and

adaptive adversary

Introduction Problem Statement Solution 1 Solution 2 Evaluation Discussion

Simple Approach

• Node-To-Network Broadcast– Each node broadcast location information– 100% detection– Assumption: Broadcast reaches all nodes • Attacker can easily jam or interfere with

communication

Introduction Problem Statement Solution 1 Solution 2 Evaluation Discussion

Simple Approach (Contd.)

• Deterministic Multicast– Node sends location to neighbors– Neighbors choose witness and forward location to

them– Problem:• Predictable – attacker can jam all messages to

witnesses • Witnesses become target to subversion

Introduction Problem Statement Solution 1 Solution 2 Evaluation Discussion

Approach Overview

STEP1: Announce location– Sign and broadcast location to neighbors

STEP 2: Detect Replicas– Use Emergent properties– Ensure at least one witness receives two conflicting

locations

STEP 3: Revoke replicas– Flood network with conflicting location claims

(signed)

Introduction Problem Statement Solution 1 Solution 2 Evaluation Discussion

Randomized Multicast Protocol

STEP 2• Witness chosen randomly• Each neighbor chooses witnesses• So n neighbor send location to witnesses • By Birthday Paradox – if there are clones then

location conflict will occur. • Probability of detection

Introduction Problem Statement Solution 1 Solution 2 Evaluation Discussion

dn

n

n

Rw

Detect eP

2

1

Line Selected Multicast

• Use routing topology of network to select witnesses

• All the intermediate nodes between neighbor and witness check for conflict

• Geometric probability says replicated nodes will be detected

Introduction Problem Statement Solution 1 Solution 2 Evaluation Discussion

Line Selected Multicast Detection

Introduction Problem Statement Solution 1 Solution 2 Evaluation Discussion

Line Selected Multicast Detection

Introduction Problem Statement Solution 1 Solution 2 Evaluation Discussion

Y

Line Selected Multicast Detection

Introduction Problem Statement Solution 1 Solution 2 Evaluation Discussion

Y

With five line segments per point : 95%

Theoretical Communication Overhead

Detection Scheme Average # of Messages / Nodes

Centralized Detection

Randomized Multicast

Line Selected Multicast

Introduction Problem Statement Solution 1 Solution 2 Evaluation Discussion

)( nO

)( nO

)(nO

Communication Overhead

Introduction Problem Statement Solution 1 Solution 2 Evaluation Discussion

Topologies

Introduction Problem Statement Solution 1 Solution 2 Evaluation Discussion

Probability of Detection in Irregular Topologies

Introduction Problem Statement Solution 1 Solution 2 Evaluation Discussion

Timing Issue And Masked-Replication

• How often to perform detection1. Every T unit of time – node forgets previous

claims2. Time slots• Time slots based on ID• Witness remember claims during time slot

• Adversary captures neighbors– Solution: pseudo-neighbors – neighbors ask for

location claim

Introduction Problem Statement Solution 1 Solution 2 Evaluation Discussion

Conclusion And Future Work

• Use of emergent properties to tackle node replication– High probability of detection– Resilient to adaptive adversary– Minimum communication overhead

• Scheme assumes captured nodes follow protocol– Implicit sampling to detect nodes that suppress or

drop messages

Introduction Problem Statement Solution 1 Solution 2 Evaluation Discussion

Comments and Questions?

Introduction Problem Statement Solution 1 Solution 2 Evaluation Discussion