Poster: Detection of Wormhole Attack on Wireless Sensor Networks in Duty-Cycling Operation Takashi Minohara and Kyosuke Nishiyama Department of Computer Science Takushoku University

[email protected]

1

Introduction

Although wireless sensor networks(WSN) attracted attentions in various areas, many research challenges exist in WSN. One of the major issues WSN face is power management. In order to achieve a long life with small size batteries, wireless sensor nodes are duty-cycling, i.e. they will periodically sleep in order to reduce power consumption. Another important issue is security. Because of the open nature of the wireless communication, they are vulnerable to security attacks. Wormhole attack is one of the most serious attacks against WSN, because wormholes are created with regular routing procedure. Various countermeasures against wormhole attacks are proposed[1, 2], but most of them assume continuous operation, which is not satisfied in duty-cycling WSN. In this work, we focused on an actual behavior of WSN, and propose wormhole detection based on delay observed in synchronized communication.

2

Time Synchronization in Duty-Cycling Wireless Sensor Networks

In most cases, WSN applications have very low data rates and do not require continuous network operation. So power cycling of sensor nodes will be the most effective way to reduce power consumption. Even though a considerable portion of power is consumed in the radio transceiver, it is difficult to power down the radio, because a node must send messages on the exact time when its peer is listening to the radio. We assume that both synchronous and asynchronous communications are used to achieve duty-cycling operation, and every node wakes up at fixed intervals to listen for activity. When a node has a message to send, it transmits a preamble signal before the message so that its peer can notice the signal. Since the preamble of asynchronous commu-

International Conference on Embedded Wireless Systems and Networks (EWSN) 2016 15–17 February, Graz, Austria © 2016 Copyright is held by the authors. Permission is granted for indexing in the ACM Digital Library ISBN: 978-0-9949886-0-7

nication must be longer than the wake-up interval time, it is less efficient than synchronous communication. So a time synchronization process on top of asynchronous communication is required to reduce the power consumption. Many time synchronization protocols were proposed for WSN[5][3]. We assume the following synchronization protocol which distributes the system clock of the base station in a similar way used in XMesh protocol[4]. • Each node broadcasts messages which contain a time stamp measured by its own clock. • The broadcasted message also contains an Authority Rating(AR) value. The AR represents a kind of confidence of the time stamp, and the value zero is assigned to the AR of the base station. • The receivers adjust their clock by using the received time stamps, if the received AR is lower than their owns, and they also set their AR to the received AR + 2.

3

Proposed Detection Mechanism

Wormhole attacks are categorized into several types. In this work, we propose a method to detect the so-called stealthy attacks which will be launched by a pair of hidden collaborating nodes. One end of the wormhole overhears the packets and forwards them to the other end, where the packets are replayed to the local area. Since a wormhole forwards the packets without altering the contents, it is invisible to normal sensor nodes, and the sensor nodes near the both ends of wormhole feel themselves within only single hop distance from each other. Our proposed method is based on the delay increased by wormhole, and consists of two parts, a detection in time synchronization procedure, and a detection in synchronized communications.

3.1

Detection by Synchronization Protocols

Figure 1 shows an example of the time synchronization process without wormhole attacks. Each node adjusts its own clock with considering the propagation delay δ, when it receives a time stamp T(x) from the upstream node x. Then the receiver node y sends its time stamp T(y) after some delay time t(y), caused by the send/receive process, the media access and so on, is elapsed, As shown in this example, messages for time synchronization may propagate through multiple paths. Unless any wormhole exists, the total time passed on two independent

281

b

c

a

a

a

T(a) δ

e

T(x) : Time stamp sent by node x t(x) : Elapsed time passed on node x δ : Propagation delay

f

T(b) = T(a) + δ + t(b)

t(c)

c

t(e)

δ

f

w2

T(c) = T(a) + 2δ + t(b) + t(c) t(c)

δ t(d) δ

e

paths should match with a predictable difference; 3δ + t(b) + t(c) + t(d) ≈ 3δ + t(e) + t( f ) Since time synchronization will be performed in flooding manner, there is a path for all propagation paths, such that the path doesn’t contain a wormhole. As shown in Figure 2, the elapsed time ∆ which is spent in a wormhole tunnel is not included in the total time. So we can observe a significant difference at the point where two propagation paths meet. 3δ + t(b) + t(c) + t(d) 6≈ 3δ + t(e) + t( f ) Furthermore, message flooding causes backwards propagation, and a node will receive time synchronization messages from its downstream nodes. If wormhole exists, the time difference observed by these reflective messages is twice as much as that in single way propagation. In order to detect wormholes by checking the time difference, we modified the synchronization process as follows. • Each node broadcasts messages which contain a time stamp and an AR. • When the received AR is lower than its own AR, the receiver node compares the time stamp with its clock, and detects wormhole if the value is too early to accept. Otherwise, the receivers adjust their clock by using the received time stamps, and they also set their AR to the received AR + 2. • When the received AR is not greater than its own AR by two, the message may be reflective one, and the receiver node detects a wormhole if the time stamp is not acceptable.

Detection by Synchronized Communication

In the synchronized communication, the message transmissions are aligned to the wake-up cycle of sensor nodes. Therefore each node must wait for the next cycle to forward

t(e)

δ

f

δ T(e) = T(a) + δ + t(e) T(f) = T(a) + 2δ + t(e) + t(f)

Figure 1. time synchronization with multiple propagation path

282

e

T(b) = T(a) + δ + t(b)

d

t(f)

3.2

d

w1

c t(d)

f

c

t(b) δ

b

δ

d e

T(a) δ

a

T(c) = T(a) + 2δ + t(b) + t(c)

t(b) δ

b

b

d



t(f)

δ T(e) = T(a) + 2δ + t(f) + t(e)

w1 T(e) = T(a) + δ + t(f) w2

Figure 2. influence of wormhole on time synchronization a message. Even though the terminal nodes of a wormhole need not to power down the radio, they also wait for the awakening of normal nodes. A wormhole attack pretends to provide a direct radio connection between two sensor nodes in a long distance, but it is hard to receive and forward a message at the both ends of wormhole at the same time because of the propagation delay. Thus, at least one more cycle time is added to the entire propagation time of a message. With time stamping the message at the source node, this additional delay can be detected at the base station by examining a mismatch between the hop counts and overall delay time.

4

Conclusion

In this work, we have proposed a method to detect the wormhole attacks to duty-cycling WSN based on delay observed in synchronized communication. We are implementing the proposed method on an experimental WSN consists of IRIS[4] motes, and the evaluation remains for future work.

5

Acknowledgments

A part of this work was supported by JSPS KAKENHI Grant Number 25330158.

6

References

[1] D. Buch and D. Jinwala. Prevention of wormhole attack in wireless sensor netwok. International Journal of Network Security & Its Applications, 3(5):85–98, Sept. 2011. [2] I. Khalil and S. Bagchi. Stealthy attacks in wireless ad hoc networks: Detection and countermeasure. IEEE Transactions on Mobile Computing, 10(8):1096–1112, 2011. [3] M. Mar´oti, B. Kusy, G. Simon, and A. L´edeczi. The flooding time synchronization protocol. In Proceedings of the 2Nd International Conference on Embedded Networked Sensor Systems, SenSys ’04, pages 39–49, New York, NY, USA, 2004. ACM. [4] MEMSIC Inc., www.memsic.com. XMesh User Manual, 2010. [5] E. Serpedin and Q. M. Chaudhari. Synchronization in Wireless Sensor Networks. Cambridge Unversity Press, 2009.

Poster: Detection of Wormhole Attack on Wireless Sensor ... - EWSN

Poster: Detection of Wormhole Attack on Wireless Sensor ... wireless sensor nodes are duty-cycling, i.e. they will period- .... Cambridge Unversity Press, 2009.

135KB Sizes 4 Downloads 263 Views

Recommend Documents

Design and Evaluation of Underground Wireless Sensor ... - EWSN
loosen up and store rain water over a longer period of time. Furthermore, they ... store the measurement results, and a real-time clock further helps to reduce the ...

TWIN Node, A Flexible Wireless Sensor Network Testbed - EWSN
node via a Raspberry Pi. • WiFi based back channel that replaces active USB ca- bles. • Performance evaluation of battery and USB powered wireless sensor nodes. • Remote programming and monitoring of wireless sen- sor nodes. 237. International

Bounds on the Lifetime of Wireless Sensor Networks Employing ...
each sensor node can send its data to any one of these BSs (may be to the ... deployed as data sinks along the periphery of the observation region R.

Bounds on the Lifetime of Wireless Sensor Networks Employing ...
Indian Institute of Science. Bangalore – 560012. INDIA .... deployed as data sinks along the periphery of the observation region R. – obtaining optimal locations ...

On the Improvement of Wireless Sensor Networks ...
data management and security in sensor networks and the need to compare research ... However, the application of diversity techniques by the use of multiple ...

Bounds on the Lifetime of Wireless Sensor Networks Employing ...
Wireless Research Lab: http://wrl.ece.iisc.ernet.in ... Key issues in wireless sensor networks ... NW lifetime can be enhanced by the use of multiple BSs. – deploy ...

A Review on Prevention of Wormhole Attack in Mobile Ad-hoc ... - IJRIT
3.8 Malicious Code Attacks: Malicious code, such as viruses, worms, spywares, and Trojan Horses, can attack both operating systems and user applications. These malicious programs usually spread themselves through the network and cause the computer sy

Demo: Ball and Plate Wireless Control - EWSN
now targeting control applications in many domains such as industries ... monitoring systems. Despite ... antee, at the application level, the state of the system.

The Next Generation of Sensor Node in Wireless Sensor Networks
good choice for a battery-limited device likes sensor node. This paper ... Index Terms—Wireless sensor network, Dynamic Partial Reconfigurable, FPGA.

A Review on Prevention of Wormhole Attack in Mobile Ad-hoc Network
3.4 Interference and Jamming: Radio signals can be blocked or interfered with, which causes the message to be corrupted or lost. If the attacker has a powerful transmitter, a signal can be generated that will be strong enough to overwhelm the targete

A Review on Prevention of Wormhole Attack in Mobile Ad-hoc Network
Abstract: Security is one of the major issues in Mobile Ad-hoc Network (MANET) because of its inherent liabilities. Its infrastructure- less network with dynamic topology pose a number of challenges to security design and makes it vulnerable for diff

WIRELESS SENSOR NETWORKS.pdf
ii) Attribute-based routing. iii) MICA mote architecture. iv) TOSSIM simulator. ______. Page 2 of 2. WIRELESS SENSOR NETWORKS.pdf. WIRELESS SENSOR ...

WIRELESS SENSOR NETWORKS.pdf
3. a) Write the principle of the following unicast geographic routing techniques and. explain with an example for each. 10. i) Greedy distance routing. ii) Compass ...

Poster: Integrating rich user interfaces with real systems - EWSN
top of the application. This prevents from offering a real user experience beyond data plotting in the cloud. For instance, how to build a single interface to monitor ...

On Renewable Sensor Networks with Wireless Energy ...
energy could be transferred efficiently from one source coil to one receiver coil via .... and energy dynamics at a sensor node (Section II-D). B. WCV Traveling ...

Profile Injection Attack Detection for Securing ... - CiteSeerX
6.4.2 Robustness Comparison Against Nuke Attacks . . . . . . . . . . . . . . 34. 7 Defense ..... As a result, we have focused on profile analytics data and attribute ...... Data Mining: Practical machine learning tools and techniques, 2nd. Edition. M

Profile Injection Attack Detection for Securing ... - CiteSeerX
to Bamshad Mobasher for inspiring and encouraging me to pursue an academic career in computer science. His thoroughness and promptness in reviewing my ...

Sensor Data Cryptography in Wireless Sensor Networks - IEEE Xplore
IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 3, NO. 2, JUNE 2008. 273. Sensor Data Cryptography in. Wireless Sensor ...

Host based Attack Detection using System Calls
Apr 3, 2012 - This calls for better host based intrusion detection[1]. ... Intrusion detection is the process of monitoring the events occurring in a ... System Call in Linux ... Rootkits[2] are a set of software tools used by an attacker to gain.

Competition: Towards Low-Latency, Low-Power Wireless ... - EWSN
Beshr Al Nahas, Olaf Landsiedel. Department of Computer Science and Engineering. Chalmers University of Technology, Sweden beshr, olafl @chalmers.se.

Enhanced TCP SYN Attack Detection
prevalent in the Internet, with attacks targeting banking and financial companies, online gambling firms, web retailers and governments. The 2007 Symantec Threat Report [2] indicates that over 5000 DoS attacks were observed worldwide on a daily basis

Enhanced Dynamic Detection of Code Injection Attack in OS ... - IJRIT
At runtime, a monitor compares the behavior of the variants at certain ... The global decision is made by a data fusion center, ... complete solution. Modern static ...