Research ArticleDetecting and Preventing Sybil Attacks in Wireless SensorNetworks Using Message Authentication and Passing Method
Udaya Suriya Raj Kumar Dhamodharan1 and Rajamani Vayanaperumal2
1Department of Computer Science and Engineering, Sathyabama University, Chennai, Tamil Nadu 600 119, India2Department of Electronic and Communication Engineering, Veltech Multitech Dr. Rangarajan Dr. Sakunthala Engineering College,Avadi, Chennai, Tamil Nadu 600 062, India
Correspondence should be addressed to Udaya Suriya Raj Kumar Dhamodharan; u [email protected]
Received 30 March 2015; Revised 29 May 2015; Accepted 30 May 2015
Wireless sensor networks are highly indispensable for securing network protection. Highly critical attacks of various kinds havebeen documented in wireless sensor network till now by many researchers. The Sybil attack is a massive destructive attack againstthe sensor network where numerous genuine identities with forged identities are used for getting an illegal entry into a network.Discerning the Sybil attack, sinkhole, and wormhole attack while multicasting is a tremendous job in wireless sensor network.Basically a Sybil attack means a node which pretends its identity to other nodes. Communication to an illegal node results indata loss and becomes dangerous in the network. The existing method Random Password Comparison has only a scheme whichjust verifies the node identities by analyzing the neighbors. A survey was done on a Sybil attack with the objective of resolving thisproblem.The survey has proposed a combinedCAM-PVM (compare andmatch-position verificationmethod) withMAP (messageauthentication and passing) for detecting, eliminating, and eventually preventing the entry of Sybil nodes in the network. Wepropose a scheme of assuring security for wireless sensor network, to deal with attacks of these kinds in unicasting andmulticasting.
1. Introduction
A wireless sensor network consists of applications such asenvironmental monitoring, target tracking, health monitor-ing, and other various maintenance options. Implementationand topology creation have become significant activities inmodern research work [1]. The usage of wireless sensornetwork in a variety of applications is highly importantwith the emphasis on ensuring security. Still, Preventionand detection of malicious attacks of all levels may be highor low in wireless sensor network [2]. A variety of attackson the network like wormholes, sinkhole, Sybil, sleep, andselective forward attacks in the network are being observed.Many researchers have identified their own infrastructureswhich have portable devices, used in various trade servicesin decentralized and scalable methods. Some of the devicesare capable of synchronization without the use of the internetfor multiuser applications.They are used for finding the exactlocation in the algorithms that enhance the accuracy. The
Sybil attacker misleads other nodes by showing wrong ID orduplicate ID of the users who are aware of the nodes in thewireless sensor network.
In the latest network environment, alien nodes can appearin disguise in various identities and act as original nodes.Basically, there is no common master node in social anddefense network for monitoring communication betweennetwork nodes intense [3]. The analysis of peer-to-peernetwork shows that these networks show the existence ofthese network logical functionalities or the virtual networkscoventry exist, that is, the networks built on the top of othernetworks as in the internet. The network node addresses arebased on the logical ID for structuring and forming networks[4].
The nodes in wireless sensor network are not in a fixedinfrastructure, whether single-hop, multihop communica-tion, base station, gateways, and access points [5]. Basi-cally, wireless sensor networks have a smaller infrastructurewhich could be noninfrastructure networks. The term ad
Hindawi Publishing Corporatione Scientific World JournalVolume 2015, Article ID 841267, 7 pageshttp://dx.doi.org/10.1155/2015/841267
2 The Scientific World Journal
hoc implies the establishment for a special purpose andfor applications such as tracking, function approximationand edge detection, monitoring environment, and securitydomain in the homeland. The application of wireless sensornetwork, resembling a military force, monitors absence ofrestriction on the infrastructure as well as in the intermediatehop nodes [6].
This paper deals with one of the hazardous securitythreats known as Sybil attack and proposes an algorithmknown as message authentication and passing method tohinder a Sybil attack in a wireless sensor network. The restof the paper is presented as follows: Section 2 defines thematerials and methods of the Sybil attack; Section 3 definesthe results and discussions. Section 4 provides conclusionsand indications of future work.
2. Materials and Methods
Sybil attack is a matter of critical importance and conster-nation in network security leading to many fake identitiesthat can cause disruption in the network [7]. Sybil attackoccurs mostly during broadcasting and it functions withoutindividual verification and identity comparison of commu-nication entities [8]. The attacker node can acquire manyidentities.That entity in the system can endeavor to influencethe Sybil attacker due to the awareness of only others ineach entity via messages in the communication channel [9].The attacker nodes are launched inside and outside the routeas well as wireless sensor networks. The monitoring nodespecially identifies the attacker node on a unicast as wellas in a multicast scenario. Here, [10] author proposes anauthentication framework which can ensure hindrance to ormitigation of security attacks on wireless sensor network.
2.1. Security Attacks on WSN. Various types of maliciousactivities are patent in wireless sensor network. Some of theseare created in terms of nodes while others are created in anetwork, data link, and application layers. Some are createdin the physical state [11].
The attacks are currently classified as active and passive.The former is created by deployment of illegal informationin the network that can affect it. Sybil, sinkhole, and eaves-dropper are some of the active attacks. Passive attacks arethose which are meant to affect the network resources suchas lifetime and network size.
2.2. Sybil Attack. A node or a device takes many identitiesthat may not necessarily be lawful. It does not impersonateany node, but fast it only assumes the identity of anotheramong several nodes, causing redundancies in the routingprotocol. Sybil attacks degrade data integrity, security, andresource utilization. It can also perform storage, routingmechanisms, air resource allocation, and misbehavior detec-tion. In a sensor network hundreds of sensor nodes formthe communication network. The wireless communicationbetween these sensor nodes passes through a central station.These nodes communicate with a specified of nodes of aspecified number [12].There aremany encryption techniques
E
F
Y
Z
X A
C
B
A
B
C
Figure 1: Sybil attacks with multiple ID.
available to prevent external attack on the nodes, but nodesin the communication network can also mount an attack.One of these insider attacks is called a Sybil attack [13–15]in which the node that spoofs the other node is called Sybilnode 𝑆 and the other one is a normal node 𝑁. In a propercommunication system only 𝑁 nodes should communicatewith one another. But here, 𝑆 node comes in another formof its own as an internal known node and launches an attackon the network. The Sybil node tries to communicate withneighboring nodes by using the identity of the normal nodeand in the process a single node gives many identities in thearea to other nodes in the network which is illegal. A Sybilnode can be formed as a new identity or as a pilfering legalidentity. It is, therefore, considered an additional entity of amisbehaving node.This causes confusion in the network andit gets collapsed. A faulty node which enters into the networkwith different IDs is shown in Figure 1.
As a result Sybil attacks are classified into two forms onthe basis of the manner of attack on the network. They are asfollows.
(i) Direct Attack and Indirect Attack. In a direct attack, thereal nodes communicate directly with Sybil nodes, whereas,in an indirect attack, the communication is done through amalicious node.
(ii) Fabricated Attack and Stolen Identity Attack. Legal iden-tities of nodes are used to create new illegal nodes. That is tosay, a sensor node which has an ID of 16-bit integers createsthe same ID of 16 bits, which are fabricated nodes. The IDsstolen by the Sybil node are destroyed by checking the identityreplication [16].
2.3. Existing Methodology. Random Password Generation(RPC) algorithm focuses on the various traffic levels andsecurity during data transmission in WSN. RPC algorithmgenerates the routing table which holds information aboutdeployed nodes. The intermediate nodes in the route areidentified between source and destination. The intermediatenode’s information is compares with RPC database duringcommunication among nodes, based on the comparisonresults it decides whether Sybil or normal node. RPC alsogenerates the route by adding the genuine node in its pathfrom source to destination node using several subprocedures[17].
2.4. Proposed Approach. Themain objective of this paper is todesign and develop an algorithm for detecting and preventingSybil attacks in wireless sensor network. It is referred tomessage authentication and passing algorithm. Creation ofSybil activity through use of the other personal identitiesis well known. Most of the existing research deals with thedetection of the Sybil attack through verification of identities.
2.4.1. Network Model. In this paper, 𝑁 numbers of nodesare deployed in the network randomly under the controlof and an administrator. These are well configured, energyefficient, and promising nodes in the network. During nodecreation, each node will receive a 𝐻𝐸𝐿𝐿𝑂 message fromthe 𝐵𝑆 with a timestamp message indicating the nodecreation time (birth time) in the network. The entire noderesponds to the BS with a RES message with ID, times-tamp, and location. Then this information is stored in a𝑖𝑁𝑂𝐷𝐸𝐼𝑁𝐹𝑂 𝑡𝑎𝑏𝑙𝑒 under the control of the administratorof the network. The entire network model is presented as𝐺 = {(𝑁1,𝑁2, . . . , 𝑁𝑖, . . . , 𝑁𝑚), 𝐵𝑆,Admin} where 𝑚 is thenumber of nodes in the network. Each node is deployed in thenetwork as Location(𝑁𝑖) = (rand(𝑥), rand(𝑦)), where𝑋,𝑌 isany location within the network area.The BS sends a HELLOpacket to all the newly created nodes in the network whichcan be written as
𝐵𝑆 (Msg, 𝜏)𝑚
∑
𝑖=1𝑁𝑖,
where 𝑁1,𝑁2, . . . , 𝑁𝑖, . . . , 𝑁𝑚 are Nodes.
(1)
And, each node in the network is sending a RES packet to theBSwhich can be written as𝑁𝑖 RES 𝐵𝑆, where the HELLO andRES packet consist of node ID and the timestamp. HELLO =
𝜏(𝑁𝑖) and 𝑅𝐸𝑆 = (ID(𝑁𝑖), 𝜏(𝑁𝑖)), where 𝑁𝑖 denotes the 𝑖thnode, 𝜏(𝑁𝑖) denotes timestamp of the 𝑖th node, and ID(𝑁𝑖)denotes identity of the 𝑖th node. The parameters such as IDand 𝜏 are used to verify that the node is a Sybil or not. CAM-PVM algorithm for Sybil detection.
In network𝐺, a node 𝑆 needs to transmit a data to a node𝐷. So, it is necessary to discover a route from 𝑆 to𝐷 throughan 𝑁-hop intermediate node. The number of intermediatenodes depends on the network size. The routing mechanismused in this paper follows AODV protocol. During thisprocess, current information about the intermediate nodes(ID, timestamp) is tentatively stored in a routing table namedas 𝑖𝑅𝑂𝑈𝑇𝐼𝑁𝐺 𝑡𝑎𝑏𝑙𝑒.
The duration between the route discovery and datatransmission in the discovered route is very small.While datatransmission, the 𝑖𝑅𝑂𝑈𝑇𝐼𝑁𝐺 𝑡𝑎𝑏𝑙𝑒 data entries are com-pared with the entries available in the 𝑖𝑁𝑂𝐷𝐸𝐼𝑁𝐹𝑂 𝑡𝑎𝑏𝑙𝑒
shown in Table 1, where it helps to identify the duplicatenodes with id, timestamp, and the location. For example,𝐺 = {𝑁1,𝑁2, . . . , 𝑁𝑖, . . . , 𝑁𝑚}𝑁3 is considered source node,𝑁9 the destination node, and the intermediate nodes are𝑁5,𝑁7, and 𝑁8. The route discovered from𝑁3 to 𝑁9 is 𝑁3 →𝑁5 → 𝑁7 → 𝑁8 → 𝑁9. The 𝑖𝑅𝑂𝑈𝑇𝐼𝑁𝐺 𝑡𝑎𝑏𝑙𝑒 of thediscovered route is shown in Table 2, which comprises theoriginal node ID, timestamp [𝜏], location, and the currenttimestamp during the time of route discovery.
Now during the data transmission, the discovered route isverified by comparing current intermediate node informationwith the 𝑖𝑅𝑂𝑈𝑇𝐼𝑁𝐺 𝑡𝑎𝑏𝑙𝑒 by updating the node entries.From Table 3, it is clear that the𝑁7 information is replicated;it is found that the information of the replica node does notmatch the original𝑁7 information in 𝑖𝑁𝑂𝐷𝐸𝐼𝑁𝐹𝑂 𝑡𝑎𝑏𝑙𝑒.
Sybil activity is identified with application of the CAM-PVM algorithm and is detected in the network. To pro-vide prevention for Sybil activity, another MAP algorithmis applied along with CAM-PVM for prevention of Sybilactivity. MAP comprises unicast as well as multicast basedcommunication in the network. The algorithm for CAM-PVM and MAP is given below.
Compare and Match-Position VerificationMethod (CAM-PVM)
The CAM-PVM algorithm is used during the discoveryand data transmission in the network, where the node’sinformation is checked from the BS 𝑖𝑁𝑂𝐷𝐸𝐼𝑁𝐹𝑂 𝑡𝑎𝑏𝑙𝑒.After verification of CAM-PVM algorithm, the algorithmcollects the ID, timestamp, and current location informationof the nodes and compareswith initial informationwhen theyare registered. The results of the CAM-PVM algorithm canprovide only the trusted nodes in the route to ensure secureddata transmission. Otherwise the particular nodes are treatedas unknown nodes such as Sybil and data transmission in thecurrent is stopped and alternate path is selected.
Application of CAM-PVM is a time consuming processand also cost effective. So, that prevention device is suggestedin this paper to eliminate Sybil activity. Each node shouldcommunicate by passing the authentication message. In casethe source node suspects the destination dynamically, wecan make use of the CAM-PVM with MAP algorithm forcomparing and for message authentication to check whetherthe current node is Sybil or not. Where in the network 𝐺,a node 𝑁𝑖 passes the data to node 𝑁𝑗 the node 𝑁𝑖 sends arequest message to node 𝑁𝑗 with its key, as msg(𝑁𝑖), whichis generated by the BS while registering in the network 𝐺.
Node 𝑁𝑗 (destination node) submits its key message withmsg(𝑁𝑗), and later, both keys are verified by the base stationand an ok signal produced for sharing the data and any otherinformation. Data transmission occurs between𝑁𝑖,𝑁𝑗 oncethey get the signal from the base station.Thepseudocode usesfor the message authentication and passing method are givenbelow in detail.
Theentire systemmodel is simulated usingNS2 softwarewith25 nodes with a network size of 1200 × 1200. Each sensornode behaves under AODV (Ad Hoc on Demand Vector)protocol. All nodes are constructed under a single BS. In thisnetworkmodel, node 17 is ready to receive the data fromnode0. When node 0 sends a REQ message to node 17, that nodesends a RES message to node 0 back. This can be sensed bynode 11 which sends a RES message with the label of node17. This can be traced while node 11 is unable to submit itsauthenticated key value which belongs to node 17. So it isdetected as a Sybil node and rejects node 11 from the network.In this paper, the efficiency of the network is calculatedby comparing the throughput before and after inclusion ofmessage authentication and passing algorithm in the networkfunctionality. This is described in detail in Figure 2.
As the proposed approach is meant to ensure detectionand prevention of the Sybil node, the performance can beanalyzed by calculating the average delay of data packettransfer, throughput, malicious node, and other necessaryfactors for judging the quality of service of a routing protocol.In this paper, Figure 3 shows the average delay of the datapacket transfer of the network before deployment of themessage authentication and passing algorithm where datapackets of different sizes are transmitted at different intervals
The Scientific World Journal 5
Figure 2: Simulation of identifying Sybil node.
00.5
11.5
22.5
33.5
4
10 20 30 40 50 60 70 80 90 100
Aver
age d
elay
(%)
Number of nodes
Average delay
RPC methodCAM-PVM
MAP
Figure 3: Comparison of average delay of data packet transferbetween existing method RPC with CAM-PVM and MAP.
of time. The behavior of Sybil nodes resembles dispatch ofdata at any time from any location and that would disturb theoriginal nodes in the network. The figure shows the averagedelay is very less after applying the MAP algorithm.
In order to check the performance evaluation, a largenumber of nodes are deployed in the network and thedetection rates of the Sybil nodes. A number of iterationscan be made with different numbers of nodes in the networkas shown by the performance. With the increase in thenumber of nodes, there is also an increase in the numberof misbehaving nodes, which obviously affects the data andresults in data loss.The throughput of the proposed approachbefore and after deployment with the routing protocol is cal-culated. In existing Random Password Comparison method,the throughput will be 74% whereas in case of CAM-PVMit will be 85% and in MAP it will be 95%. It shows theefficiency of the proposed approach. The comparison ofthroughput between existing method with CAM-PVM andMAP is shown in Figure 4.
Once a detection procedure is deployed during trans-mission, it detects the Sybil node and avoids transmissionthrough that attacker node. Data loss can be thwartedthrough detection. In this scenario the number of timesfor consumption should be considered for the improvementof the quality of service. The detection rate of the Sybilattack is more accurate, but considering waste of time insuch a kind of situation, prevention as a factor that directly
RPC methodCAM-PVM
MAP
0102030405060708090
100
25 50 75 100 125 150 175 200 225 250Pack
et d
eliv
ered
succ
essfu
lly (%
)
Time (ms)
Throughput
Figure 4: Comparison of throughput between existing RPCmethodwith CAM-PVM and MAP.
eliminates the Sybil nodes is the deciding factor in the place ofdetection. Subsequent elimination of the procedure messageauthentication andpassingmethod for prevention of the Sybilattack is applicable, but the detection rate is smaller comparedto CAM-PVM and other existing methods. There is a clearindication of this fact. The same simulation is repeated for𝑛 number of nodes with 𝑛 number of times in networksimulation software. Table 4 shows the comparison of CAM-PVM with message authentication and passing method.
Simulation is also carried out in multiple rounds wherethe number of nodes deployed that are different for eachround and there is a difference in the number of Sybil nodesaccording to the normal nodes. Here we had conducted asimulation of our proposed algorithm by assigning 2 Sybilnodes for each 10 nodes and forward our simulation processup to 100 nodes starting from 10 nodes. Table 4 shows oursimulation result for Sybil node detection from which wecan clearly say that our MAP algorithm produces 30% moredetection accuracy compared with the CAM-PVMalgorithmand existing RPC methods. In case of least Sybil nodes bothalgorithms produce same results but when the number ofmalicious nodes increased the performance of CAMPVMgets decrease while our algorithm maintains its consistency.The performance is comparatively good in message authen-tication and passing method. The optimized and comparedoutput of the MAP with CAM-PVM algorithm and existingRPC method is given in the graphical representation asshown in Figure 5.
Figure 6 shows the comparison of detection rate withexisting RPC methods with proposed CAM-PVM and MAP.In existing RPC method, the detection rate was only 60%whereas in proposed CAM-PVM the detection rate was 75%and in MAP the detection rate was 90%. It shows the effi-ciency of the proposed approach. The performance compar-isons show three categories in which the performance valuesare compared using the existing methodology. The threefactors are data packet transfer; throughput and detectionof malicious node are computed and compared. In the firstmethodology, average delay of data packet transfer betweenexisting RPC method with proposed method. The averagedelay is calculated as successful data packet transmission. In
6 The Scientific World Journal
Table 4: Comparison of Sybil node with existing RPC method with CAM-PVM and MAP.
Figure 5: Number of Sybil node detection with existing RPCmethod with proposed between CAM-PVM and MAP.
00.10.20.30.40.50.60.70.80.9
1
2 4 6 8 10 12 14 16 18 20
Det
ectio
n ra
te
Number of Sybil nodes
Detection rate
RPC methodCAM-PVM
MAP
Figure 6: Comparison of detection rate with existing RPC methodwith proposed CAM-PVM and MAP.
the second methodology throughput is calculated betweenthe source nodes to destination node. By comparison withthe existing system throughput will be 74%whereas in CAM-PVM is taking 85% and message authentication and passingmethod 95% of the total time. In the third methodology,the detection of malicious node comparison between theexisting system is 60% whereas in CAM-PVM detects 65%of malicious node whereas the message authentication andpassing method detects 90% of the malicious node. Hencemessage authentication and passing method is considered abettermethod than the CAM-PVMeven under this criterion.
4. Conclusions
In this paper the message authentication and passingmethodis applied for checking the trustworthiness or otherwise fora Sybil node. The action of a node as a Sybil node withduplicate ID and information can happen onlywhen the nodehas complete information about other nodes. Verification ofthe node needs the application of CAM-PVM. Instead ofwasting time for CAM-PVM to check each and every node,the message authentication and passing procedure is appliedfor authentication prior to communication. If a node doesnot have any authorization by the network or by the basestation, it cannot communicate with any other node in thenetwork. The message authentication and passing method isso effective and is known for more time consuming than anyother method.
Message authentication and passing method requiresmodification and reduction in time consumption and for costeffectiveness. The size of the network is not a constraint. Thethroughput of the network should be higher than the othersecurity algorithm which is applied earlier in the networksecurity.
Conflict of Interests
The authors declare that there is no conflict of interestsregarding the publication of this paper.
Acknowledgment
One of the authors Dr. V. Rajamani acknowledges the DST,India, for sponsoring FIST Project at Vel Tech Multitech.
References
[1] V. Rathod andM.Mehta, “Security in wireless sensor network: asurvey,”Ganpat University Journal of Engineering & Technology,vol. 1, pp. 35–44, 2011.
[2] A. Modirkhazeni, N. Ithnin, and M. Abbasi, “Secure hierarchi-cal routing protocols inwireless sensor network; security surveyanalysis,” International Journal of Computer Communicationsand Networks, vol. 2, pp. 6–16, 2012.
[3] W. Niu, J. Lei, E. Tong et al., “Context-aware service rankingin wireless sensor networks,” Journal of Network and SystemsManagement, vol. 22, no. 1, pp. 50–74, 2014.
[4] Z. A. Baig, “Pattern recognition for detecting distributed nodeexhaustion attacks in wireless sensor networks,” ComputerCommunications, vol. 34, no. 3, pp. 468–484, 2011.
The Scientific World Journal 7
[5] D.G.Anand,H.G.Chandrakanth, andM.N.Giriprasad, “Secu-rity threats & issues in wireless sensor networks,” InternationalJournal of Engineering Research and Application, vol. 2, pp. 911–916, 2012.
[6] S. Abbas, M. Merabti, and D. Llewellyn-Jones, “Signal strengthbased Sybil attack detection in wireless Ad Hoc networks,” inProceedings of the 2nd International Conference onDevelopmentsin eSystems Engineering (DESE ’09), pp. 190–195, Abu Dhabi,UAE, December 2009.
[7] S. Sharmila and G. Umamaheswari, “Detection of sybil attackin mobile wireless sensor networks,” International Journal ofEngineering Science&Advanced Technology, vol. 2, pp. 256–262,2012.
[8] K.-F. Ssu, W.-T. Wang, and W.-C. Chang, “Detecting sybilattacks in wireless sensor networks using neighboring informa-tion,” Computer Networks, vol. 53, no. 18, pp. 3042–3056, 2009.
[9] A. Vasudeva and M. Sood, “Sybil attack on lowest id clusteringalgorithm in the mobile ad hoc network,” International Journalof Network Security & Its Applications, vol. 4, no. 5, pp. 135–147,2012.
[10] N. Balachandaran and S. Sanyal, “A review of techniquesto mitigate sybil attacks,” International Journal of AdvancedNetworking and Applications, vol. 4, pp. 1–6, 2012.
[11] G. Padmavathi and D. Shanmugapriya, “A survey of attacks,security mechanisms and challenges in wireless sensor net-works,” International Journal of Computer Science and Informa-tion Security, vol. 4, pp. 1–9, 2009.
[12] L. Xiao, L. J. Greenstein, N. B. Mandayam, and W. Trappe,“Channel-based detection of sybil attacks in wireless networks,”IEEE Transactions on Information Forensics and Security, vol. 4,no. 3, pp. 492–503, 2009.
[13] A. Tangpong, Managing sybil identities in distributed systems[Ph.D. thesis], Pennsylvania State University, 2010.
[14] H. Yu, P. B. Gibbons, M. Kaminsky, and F. Xiao, “SybilLimit:a near-optimal social network defense against sybil attacks,”IEEE/ACM Transactions on Networking, vol. 18, no. 3, pp. 885–898, 2010.
[15] G. Jing-Jing, W. Jin-Shuang, Z. Yu-Sen, and Z. Tao, “Formalthreat analysis for ad-hoc routing protocol: modelling andchecking the sybil attack,” Intelligent Automation & Soft Com-puting, vol. 17, no. 8, pp. 1035–1047, 2011.
[16] C. Komar, M. Y. Donmez, and C. Ersoy, “Detection quality ofborder surveillance wireless sensor networks in the existence oftrespassers’ favorite paths,” Computer Communications, vol. 35,no. 10, pp. 1185–1199, 2012.
[17] R. Amuthavalli and R. S. Bhuvaneswaran, “Detection andprevention of sybil attack in wireless sensor network employingrandom password comparison method,” Journal of Theoreticaland Applied Information Technologygy, vol. 67, pp. 236–246,2013.
