1

Computer Science

CSC 774 Advanced Network Security

Distributed detection of node replication attacks in sensor networks

(By Bryan Parno, Adrian Perrig, Virgil Gligor)Presenter: Amit Singh

18th Nov 2005

2Computer Science

Outline

• So, what’s the problem?

• Classical techniques of replication detection

• Centralized Scheme

• Neighborhood voting scheme

• Randomized multicast

• Line Selected Multicast

• Comparisons

• Conclusion & future work

3Computer Science

The Problem

• Tamper resistant hardware is expensive, so most wireless sensor networks are composed of unshielded sensor nodes

• An adversary can easily attack, analyze and clone the unshielded sensor nodes and create replicas and insert them in the network

• This gives the adversary to carry on a large class of insidious attacks like disrupting communication, subverting data aggregation, eavesdropping etc.

4Computer Science

Classical techniques of replication detection

• Central Detection Each node sends its list of neighbors to a central base station

Base station searches lists for replicas

Disadvantages:o Single point of failure

o Exhausts nodes near base station (and makes them targets)

o Some applications may not use base stations

• Localized Detection Neighborhoods use local voting protocols to detect replica

Disadvantage:o Replication is a global event that cannot be detected in a purely local

fashion

5Computer Science

Distributed approach

• Node-to-Network broadcast Each node floods the network with its location information. Each node stored the location information of it’s neighbors. If

it detects a conflicting claim, the offending node is revoked.

• Advantages Achieves 100% detection of duplicate nodes (assuming the

broadcast reaches throughout the network)

• Disadvantages Each node’s location broadcast requires O(n) messages Total communication cost is O(n2) messages

6Computer Science

Notation

7Computer Science

Deterministic Multicast

• Protocol A node broadcasts its location claim, which is sent by

its neighbors to a set of deterministically chosen witness nodes

Witnesses are chosen as a function of node ID If a node is replicated, the witnesses will get more

than one location claims for a single node ID which can then be revoked.

8Computer Science

Deterministic Multicast (contd.)

• ExampleNode α sends location claim to node γ, which then computes a set of witness nodes from node id α, F(α)={ω1, ω2,…, ωn} and sends the location claim to each node in the set. If α claims to be at more than one location, then the witness nodes will detect it and revoke the node id α.

• Disadvantage Since, the set of witnesses is a function of node id, and is

deterministic, the adversary can determine the witness node id’s which will become targets for subversion.

9Computer Science

Randomized multicast

ConflictConflictDetected!Detected!

10Computer Science

Randomized multicast (contd.)

• OverviewExtends the multicast protocol to select witness

nodes at random (not deterministically), so that adversary cannot detect their identities

In a network of n nodes, if each neighbor produces √n witnesses, then birthday paradox predicts one collision with high probability

So atleast one witness will receive a pair of conflicting location claims

11Computer Science

Randomized multicast (contd.)

• Protocol Description Each node α sends location claim to each of its neighbors γ1,

γ2,…,γn The location claim has the format <IDα, Lα,{H(IDα, Lα)}Kα

-1> Each neighbor γi verifies the signature of Lα, and will then

select g random nodes and will forward the location claim along the path to those nodes.

After receiving the location claim, the witness verifies the signature

It then checks the ID against all the location claims received thus far.

If a match is found, the node ID has been replicated and revocation protocol is invoked by flooding the network.

12Computer Science

Line Selected Multicast

• OverviewLocation claims from node α to γ, travel through

several intermediate nodes as well. If the intermediate nodes store the location claim,

then a line is effectively drawn through the network If a duplicate location claim crosses the line, it is

detected and revocation scheme is invoked. We only need a few lines to detect duplicate location

claims.

13Computer Science

Line Selected Multicast (contd.)

• Adversary has created a replica of α, namely α’• Neighbors βi and βi’ report claims to randomly selected

witnesses γi and γi’ and they intersect at σ

γ1β1

α

α’

γ2

β2

β3

β1’

β2’

β3’

γ1’

γ3’γ3

γ2’

Trapped!σ

14Computer Science

Line Selected Multicast (contd.)

• Protocol When α’s neighbors send out location claims to the r

witnesses, each node along the route stores a copy of the location claims as well

E.g. βi stores a copy of the location claim before sending it along the path of nodes σ1, σ2, σ3,…, σm to the witness γi

Each σk verifies the signature of the claim, stores a copy in its buffer and forwards it along to σk+1

However before forwarding, it checks if it already has stored a location claim for this node-id before.

If it finds a conflict, it floods the network with both the signed location claims Lα and Lα’ (un-forgeable evidence) resulting in revocation of α

15Computer Science

Detection probability vs. topology

16Computer Science

Communication overhead comparison

• Randomized multicast scales linearly as the no of nodes increases

• Line selected multicast scales as √n, so it is more scalable

17Computer Science

Summary of protocol costs

• Communication costs are for the entire network• Memory costs are per node

Communication Memory

Broadcast O(n2) O(d)

Deterministic multicast O(g . ln(g√n)/d) O(g)

Randomized multicast O(n2) O(√n)

Line-Selected multicast O(n√n) O(√n)

18Computer Science

Conclusion

• Emergent algorithms (randomized and line-selected multicast) utilize the collective efforts of multiple sensor nodes to provide capabilities beyond those of any single node

• They are robust to individual node failures and avoid the problem inherent in centralized solutions

• Line selected multicast in particular offers less communication and memory overhead and is an attractive choice for selection

19Computer Science

Future Work

• An assumption in the above two schemes is that the replicated nodes continue to follow the protocol.

• Adversary can suppress or drop messages of location claims to avoid detection of replicated nodes.

• The protocol needs to be extended to work even in case of such misbehaving nodes by detecting such nodes by secure implicit sampling technique.

• A periodical sweep of the network for replicas helps in preventing the adversary to establish a significant foothold in the network.