detecting malicious beacon nodes for secure location discovery in wireless sensor networks l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Detecting Malicious Beacon Nodes for Secure Location Discovery in Wireless Sensor Networks PowerPoint Presentation
Download Presentation
Detecting Malicious Beacon Nodes for Secure Location Discovery in Wireless Sensor Networks

Loading in 2 Seconds...

play fullscreen
1 / 21

Detecting Malicious Beacon Nodes for Secure Location Discovery in Wireless Sensor Networks - PowerPoint PPT Presentation


  • 231 Views
  • Uploaded on

Detecting Malicious Beacon Nodes for Secure Location Discovery in Wireless Sensor Networks. Donggang Liu, Peng Ning – North Carolina State University Wenliang Du – Syracuse University Proc. ICDCS 2005. Presented by: Jacob Lynch. Overview. Introduction Related work

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Detecting Malicious Beacon Nodes for Secure Location Discovery in Wireless Sensor Networks' - Jimmy


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
detecting malicious beacon nodes for secure location discovery in wireless sensor networks

Detecting Malicious Beacon Nodes for Secure Location Discovery in Wireless Sensor Networks

Donggang Liu, Peng Ning – North Carolina State University

Wenliang Du – Syracuse University

Proc. ICDCS 2005

Presented by:

Jacob Lynch

overview
Overview
  • Introduction
  • Related work
  • Detecting malicious beacon signals
  • Filtering replayed beacon signals
  • Revoking nodes
  • Performance
  • Conclusion
introduction
Introduction
  • Technological advancements enable large scale sensor networks to be deployed
  • Many applications require sensors to know their locations
    • Environment monitoring, target tracking, etc.
  • Impractical to have GPS receiver on every node
  • Malicious nodes ignored so far
related work
Related work
  • Two stage location discovery algorithm
    • Stage 1: non-beacon nodes receive radio signals known as beacon signals from beacon nodes
    • Stage 2: after receiving enough beacon signals, sensors can calculate location
      • Received Signal Strength Indicator (RSSI), Time of Arrival (ToA), Time Difference of Arrival (TDoA), Angle of Arrival (AoA)
  • Cannot deal with compromised nodes
detecting malicious beacon signals 1
Detecting malicious beacon signals (1)
  • Malicious nodes want to remain undetected
    • Give normal information to beacon nodes
  • Malicious nodes shouldn’t know which nodes are beacon nodes
  • Implement fake IDs
    • Each beacon node is given multiple IDs with the corresponding secure keys for communication to all other nodes
detecting malicious beacon signals 2
Detecting malicious beacon signals (2)
  • Beacon node can request beacon signals when it detects them
    • Beacon node uses a fake ID that keeps the broadcaster from knowing it’s a beacon node
    • Paper assumes the nodes have no way to tell if an ID belongs to a beacon node or not
    • Beacon node then gets the beacon signal and can analyze it with GPS receiver
detecting malicious beacon signals 3
Detecting malicious beacon signals (3)
  • Detecting node (using fake ID) requests beacon signal
  • Detecting node uses packet location information in beacon signal to compare estimated distance and calculated distance
    • If distance is larger than the possible error, then the node may be malicious
filtering replayed beacon signals 1
Filtering replayed beacon signals (1)
  • Malicious beacon signal may contain benign node ID, not sure if the signal has been replayed or not
  • Beacon signal may be relayed through a wormhole
    • Attacker sends packets from one part of a network to another part of the network using a low latency link
    • Techniques have been established to filter these
filtering replayed beacon signals 2
Filtering replayed beacon signals (2)
  • Locally replayed beacon signals
    • Attacker replays a beacon signal received from a neighbor beacon node
    • Most wormhole detectors cannot detect this
  • Use round trip time (RTT) to filter out locally replayed beacon signals
    • Temporal leashes require time synchronization between nodes, while RTT does not
filtering replayed beacon signals 3
Filtering replayed beacon signals (3)
  • Compare observed RTT to range of RTT derived from experiments on an actual sensor network
    • If RTT <= max RTT, not locally replayed
    • If RTT > max RTT, locally replayed beacon signal, ignore it
filtering replayed beacon signals 4
Filtering replayed beacon signals (4)
  • Benign nodes only report other benign nodes when all of the following occur:
    • They are not neighbor nodes
    • The attacker creates a wormhole between them
    • The wormhole is not detected by detecting node
    • The delay is less than the detectable delay
  • Increase the number of IDs to increase detection rate
    • More malicious packets increases detection rate
filtering replayed beacon signals 413
Filtering replayed beacon signals (4)
  • Overhead cost
    • Beacon signals unicast, location information only done once for each non-beacon node
    • Sensors nodes usually only communicate with a few other nodes in communication range
    • Most overhead comes from key establishment and cryptographic operations
revoking nodes 1
Revoking nodes (1)
  • Nodes generate alerts containing IDs of target and detecting node
  • All alerts sent to a base station
  • Base station accepts alert if
    • Number of alerts from that detecting node is under a certain threshold
    • Target node has not been revoked
  • Accepted reports increase report counter of detecting node and alert counter of target node
revoking nodes 2
Revoking nodes (2)
  • If alert counter exceeds a certain threshold, the target node is considered a malicious beacon node and is revoked from the network
  • Alerts may still be accepted from revoked nodes if the node’s report limit is under the threshold and the target node is not revoked
    • Prevent malicious beacon nodes from getting benign nodes revoked before they can send alerts
revoking nodes 3
Revoking nodes (3)
  • Overhead cost
    • Observations must be reported to base station
    • Limited monitoring done by a beacon node, few alerts will be sent
    • No computation or storage overhead for sensors
    • Base station has more resources
performance 1
Performance (1)

Pr = detection rate

P = probability that (1) a requesting non-beacon

node receives a malicious beacon signal from a malicious

beacon node, and (2) this malicious beacon signal

is not removed by the replay detector

m = number of IDs on a detecting beacon node

performance 2
Performance (2)

Nc = number of requesting nodes

P = probability that (1) a requesting non-beacon node receives a malicious beacon signal from a malicious beacon node, and (2) this malicious beacon signal is not removed by the replay detector

performance 3
Performance (3)
  • Simulations were run on the TinyOS simulator Nido
  • 1,000 sensor nodes randomly deployed, 100 beacon nodes
  • P = probability that (1) a requesting non-beacon node receives a malicious beacon signal from a malicious beacon node, and (2) this malicious beacon signal is not removed by the replay detector
  • N’ = average number of requesting non-beacon nodes accepting the malicious beacon signals
performance 4
Performance (4)
  • Na = number of compromised nodes
  • τ’ = benign node report threshold
conclusion
Conclusion
  • Authors came up with a practical solution to detect malicious beacon signals as well as replayed beacon signals
  • Overhead added for these techniques is minimal
  • False positive rate pretty good when few nodes are malicious