一种基于到达时间差的无线传感器网络中Sybil攻击检测方案.docx

一种基于到达时间差的无线传感器网络中Sybil攻击检测方案.docx

《一种基于到达时间差的无线传感器网络中Sybil攻击检测方案.docx》由会员分享，可在线阅读，更多相关《一种基于到达时间差的无线传感器网络中Sybil攻击检测方案.docx（10页珍藏版）》请在冰豆网上搜索。

一种基于到达时间差的无线传感器网络中Sybil攻击检测方案

1ProjectsupportedbytheSpecializedResearchFundfortheDoctoralProgramofHigherEducation（SRFDP,undergrantNo.20050248043.

TDOA-basedSybilAttackDetectionSchemefor

WirelessSensorNetworks1

WenMi,Lihui,ZhengYanfei,ChenKefei

Cryptography&InformationSecurityLab,ShanghaiJiaoTongUniversity,Shanghai,

China（200240

E-mail:

Abstract

Aswirelesssensornetworkaredeployedinfiremonitoring,objecttrackingapplications,securityemergesasacentralrequirement.AcasethatSybilnodeillegitimatelyreportsmessagestothemasternodewithmultiplenon-existentidentities（ID,willcauseharmfuleffectsonthedecisionmakingorresourceallocationintheseapplications.Inthispaper,wepresentanefficientandlightweightsolutionforSybilattackdetectionbasedontheTimeDifferenceofArrival（TDOAbetweenthesourcenodeandbeaconnodes.OursolutioncannotonlydetecttheexistenceofSybilattacksbutalsolocatetheSybilnodes.Andwedemonstratetheefficiencyofoursolutionthroughexperiments.TheexperimentsshowthatoursolutioncandetectSybilattackcaseswith100%completeness.

Keywords:

AttackDetection;SybilAttack;TimeDifferenceofArrival;WirelessSensorNetworks

1.IntroductionsWirelesssensornetwork（WSNhasrecentlyemergedasanimportantapplicationresultingfromthefusionofwirelesscommunicationsandembeddedcomputingtechnologies.Ithasbeenwildlyappliedinallfields,includingmonitoring,location,trackingandforesting.However,thenatureofwirelesssensornetworkmakesthemvulnerabletosecurityattacks.Especially,withoutatrustedcentralizedauthority,theSybilattackisalwayspossible.TheSybilattackintroducedin[1]denotesanattackthattheSybilnodetriestoforgemultipleidentificationstobroadcastmessagesinacertainregion.Broadcastingmessageswithmultipleidentificationscanbeexceedinglyharmfultomanyimportantfunctionsofthesensornetwork,suchasvoting,fairresourceallocation,groupbaseddecisions,routing,dataaggregation,misbehaviordetectionetc.AnumberofprotocolsforSybilattackpreventionhavebeenproposedinrecentyears.Butmostofthemaretoocostlyfortheresource-poorsensors.Douceur[1]proposesaresourcetestingmethod.Itassumesthateachphysicalentityislimitedinsomeresource.Theverifiertestswhetheridentities

correspondtodifferentphysicalentitiesby

verifyingthateachidentityhasasmuchofthetestedresourceasaphysicaldevice.Itisunsuitableforwirelesssensornetworks,becausetheattackermaybeusingaphysicaldevicewithseveralordersofmagnitudemoreresourcesthanaresourcestarvedsensornode.Karlof[2]commendstouseaNeedham-Schroederlikeprotocoltoverifyeachother’sidentityandestablishasharedkey.Consequently,itcanlimitthenumberofneighborsanodeallowedtohaveandsendanerrormessagewhenanodeexceedsit.ButthismethodjustlimitthecapabilityoftheSybilattackanditcan’tlocatetheSybilnodeandremoveit.Newsome[3]adoptskeyvalidationforrandomkeypre-distributionandregistration;however,theyconsumepreciousmemoryspaceaseverynodeisrequiredtostorepair-wisekeyswithneighbors.Bazzi[7]preventsSybilattacksviageometric

distinctnesscertification,whichteststhatamongstagroupofidentitiesalargeenoughsubsetresidesonasetofdistinctentities.It’stoocomplexandenergyconsumptive.Demirbas[8]presentsaschemebasedonthereceivedsignalstrengthindicator（RSSI

readingsofmessagestodetecttheSybilattack.Thisistheonemostclosetoours.Zhang[9]proposesasuiteoflocation-basedcompromise-tolerantsecuritymechanisms,whichbasedonanewcryptographicconceptcalledpairing.Tothebestofourknowledge,pairingisenergy-consuminganditisnotsuitableforthesensornetworks.

Themajorcontributionofthispaperisthat,itproposesaTimeDifferenceofArrival（TDOAbasedsolutionforSybilattackdetectionanddemonstratesitsefficiencybyexperiments.ThissolutioncannotonlydetecttheexistenceofSybilattacksbutalsolocatetheSybilnodes.Itrequiresminimalstorageandcommunicationoverheadforsensors,astheyarelistenedbythreebeaconnodesineachcluster,whichareassumedtoknowtheirownlocations（e.g.,throughGPSreceiversormanualconfiguration.ItalsodoesnotburdentheWSNwithsharedkeysorpiggybackingofkeystomessages.TheessentialpointoftheTDOAbasedsolutionisassociatingtheTDOAratiowiththesender’sID.OncethesameTDOAratiowithdifferentIDisreceived,thereceiverknowsthereisaSybilattack.TouseTDOAratioinsteadofTDOAtoassociatetheIDistoavoidthesensorsatthecirclecenteredatoneofthebeaconnodesbeingmisdiagnosed.

Thispaperisorganizedasfollows.Insection2wediscussthenetworkmodelandmethodology.InSection3wepresentourSybilattackdetectionschemes.InSection4wediscusstheexperimentsofoursolution,andinsection5weanalyzetheperformanceofoursolution.Finally,inSection6wegiveourconclusionandfuturework.

2.Networkmodeland

methodology

2.1Networkmodel

Weassumeastaticnetwork,whereall

nodesaredeployedrandomlyovera2-dimensionalmonitoredarea（itcanbeeasily

expandto3-dimensions.Ifthenodesaredeployedtoodense,ononehand,thepositionofmorethanonenodemaybelocatedatthesameplace.ThislocationerrormayinfluencethedetectionoftheSybilattack.Ontheotherhand,inthelargescalenetwork,whichdeployedoutdoor,it’sexpensivetodeploynodestoodensely.So,weassumethatthedensityofthesensornetworkisbeyond10m（10misthepositionaccuracyofMTS420C,whichistheMICA2GPSSensorBoardofCrossbow.Weassumetherearetimesynchronizationbetweenthesourcenodesandthebeaconnodes.Threebeaconnodes123,,SSSwithknowncoordinates（1X,1Y,（2X,2Y,and（3X,3Yrespectively,areplacedattheboundaryofthemonitoredarea（usuallyacluster,asshowninFig1.Let（x,ybetheSybilnode’slocation,whichwillbedeterminedbytime-basedpositioningschemes[4],[5].Eachnodecanreachallbeaconnodesinthecluster.NotethatSybilnodecanforgenon-existentmultipleidentities.

2.2TimeDifferenceofArrivalPrinciple

TheTDOAofamessagecanbeestimatedbyHyperbolicPositionLocationSolution（HPL[6].Assumethat1Sisthemasterbeaconnode.Thedistancebetweenthesourceandthei

thbeaconnodeis

iR=（1

Now,thedistancedifferencebetween

Fig1HyperbolicPositionLocationRedraw

[5]

beaconnodeswithrespectto1Sisgivenas,1iR=,1icd=iR−1R（2

Wherecisthesignalpropagationspeed,

1iRistherangedistancedifferencebetween1Sand（1iiS>,,1idistheestimatedTDOA

between1Sand（1iiS>.Thisdefinesthesetofnonlinearhyperbolicequationswhosesolution

givesthe2-Dcoordinatesofthesource.From（2weknowthat,

iR=,1iR+1R（3

Subtracting（1ati=1from（3resultsin2,1iR+12iRR

=

2

iX+2

iY−2,1iXx−2,1iYy−

2

1X−

2

1Y（4

Where,1iXand,1iYareequalto1iXX−and1iYY−respectively.Andwithoutlossofgenerality,weassumethebeaconnode1Sislocatedat（0,0.From（2weobtain

2221Rxy=+（5

Forathreebasestationsystem,Chan'smethod[6]producingtwoTDOAtorendersolutionforxandyintermsof1Risintheform（6as

1

22,12,12,12,121123,13,13,13,1

311*2XYRRKKxRyRXYRKK−⎫⎡⎤⎡⎤⎧−+⎡⎤⎡⎤⎪

⎪⎢⎥⎢⎥=−+⎢⎥⎨⎬⎢⎥⎢⎥⎢⎥−+⎢⎥⎣⎦⎪⎪⎣⎦⎩⎣⎦⎣⎦⎭Where,

22111KXY=+,22222KXY=+,22333KXY=+,

2,12,1,Rcd=3,13,1Rcd=

Ontherightsideofaboveequation,allthequantitiesareknownquantitiesexcept1R.Thereforesolutionofxandywillbedeterminedby1R.Whenthesevaluesofxandyaresubstitutedintotheequation（5,aquadraticequationintermsof1Risproduced.Oncetherootsof1Rareknown,valuesofxandycanbedetermined.

3.TDOA-basedSybilnodedetectionHerewefirstpresentabasicTDOA-basedSybilattackdetectionprotocolinsection3.1,andinsection3.2,weproposeanadvancedonebyconsideringtheenvironmenterrors.

3.1BasicAlgorithm

Wearegoingtousethelocalizationalgorithminsection2.2todetecttheSybilattackasfollows.Oncehearingamessage{,}ixmdataD=fromsourceS,thethreebeaconnodesrecorditsarrivingtimerespectively,forexample,123,,tttat123,,SSS.Themasterbeaconnode1ScancomputetheTimeDifferenceofArrivalwhenreceive23tandtfrom23SandSanddeducethelocationofthesourceusingequation（2and（6.Then1Sassociatesthislocationwiththesource-IDincludedinthemessage.Later,whenanothermessagewithadifferentsource-IDisreceivedandthelocationofthesourceiscomputedtobethesameasthepreviousone,thebeaconnodesdetectaSybilattack.

But,itiscostlyandveryinconvenienttocalculatethelocationofeverynodeateverycommunicationsessionusingequation（6.Infact,wedonotneedthiscomputationforSybilnodedetection,becauseitispossibletodetectSybilattackbyjustrecordingandcomparingtheratioofTDOAforthereceivedmessages.OnlyaftertheSybilattackisfoundcanweuseequation（6tolocatetheSybilone.

Suppose,aSybilnodeforgeitsIDasD1,D2…,Dxandsoon.Consideringatsession1,aSybilnodebroadcastsmessage1{,1}mdataD=withD1.WhenbeaconnodeshearthemessagefromSourcenode,theytransmittheirownIDandthearrivingtimeofmessage1mas1（1{,1,}iiireportSDt>=to1S.

1Swilluse

1

1111*（/DiiidttRRc=−=−（7

todenotetheTDOAvaluebetween（1iiS>anditself.Then,1

Scomputes

theratio

11

12,13,1/DDtrdd=（8

andstoresitlocally.

Similarly,atsession2,theSourcenode

broad