Recent Advances in Security and Privacy for Wireless Sensor Networks 2016View this Special Issue
Low Complexity Signed Response Based Sybil Attack Detection Mechanism in Wireless Sensor Networks
Security is always a major concern in wireless sensor networks (WSNs). Identity based attacks such as spoofing and sybil not only compromise the network but also slow down its performance. This paper proposes a low complexity sybil attack detection scheme, that is, based on signed response (SRES) authentication mechanism developed for Global System for Mobile (GSM) communications. A probabilistic model is presented which analyzes the proposed authentication mechanism for its probability of sybil attack. The paper also presents a simulation based comparative analysis of the existing sybil attack schemes with respect to the proposed scheme. It is observed that the proposed sybil detection scheme exhibits lesser computational cost and power consumption as compared to the existing schemes for the same sybil detection performance.
1. Overview and Related Work
Introduction. The wireless sensor networks have been widely applied in various fields in order to monitor the physical world like harvesting, battle field, habitat monitoring, and so forth. The scope of this deployment gets increased day by day due to its low cost, large scaled deployment, and self-configuration nature [1–4]. The existing designs of application for wireless sensors allow a better flexibility in terms of communication and exchange of data but are also establishing communications and increasing system automation, but also the WSNs are lacking security and privacy [3, 5, 6]. The inadequate battery life and communication and processing resources are the main limitation of a sensor node . Due to these reasons, a sensor network becomes vulnerable to different threats which can lead an attacker to access secret information . Sybil attack is one of the most widely launched attacks in wireless sensor networks. The sybil attack is considered very easy to be launched because of the open and broadcast nature of the wireless sensor network. In such attacks, the sybil node creates multiple identities at different locations deceiving the cluster heads (CHs) or the other nodes of the network and tries to become part of the network. The current mechanisms to detect sybil attacks are mainly based upon centralized and decentralized approaches. In centralized approach, a central entity is responsible for determining the attack and pointing out the attacking node where, as in decentralized approach, a distributed approach is used for this purpose. In , the authors proposed an attack detection model for sybil attacks based on RSSI. According to the authors, the model does not require any extra resources like third party or antennas and also the mobility of nodes is supported by the model. One of the implemented solutions is certification of the nodes . This mechanism requires the presence of trusted and authorized third party for the validation of participating entities. The authors in  proposed a solution for sybil attacks based upon social networks known as sybil control which is an admission based control designed for distributed WSN. The proposed solution is basically a protocol in which a node calculates the computational work done by the other respective nodes in order to detect a malicious or misbehaving node present in the network. According to the authors, a malicious or attacking node does not have the capability to calculate the computational work of other nodes properly. Similarly, another protocol known as Gatekeeper  which is a decentralized admission control protocol is also based on social network approach. Another RSSI based solution is proposed in . The authors used -means algorithm for the detection of attacking node. According to the authors, the proposed solution can also detect the location of attacking node and is enough robust to handle the variable transmission power level of attacking nodes. The RSSI based solutions are considered to be lighter in overhead since only one message is communicated but, on the other hand, RSSI being a time varying and unreliable parameter exhibits nonisotropic behavior most of the time. In [14, 15], a ranging method based approach is proposed for sybil attack detection. However, range-based algorithms involve the distance estimations by using the measurement of various physical properties of signal such as RSSI, time of arrival (TOA), and time difference of arrival (TDOA). In , a scheme for the detection of sybil attack is proposed on the basis of radio resource testing and registration but such approaches use high power and violate the limitation of battery power consumption. In [17, 18], the authors use Gaussian mixture model to read RSSI readings but the paper does not clearly explain how the sybil attacks are localized. In , the authors proposed a defense mechanism for sybil attacks based upon various resource testing like radio resource testing, position verification and registration, and so forth. In , a hop-by-hop authentication procedure is proposed. The authors in  proposed a key management mechanism that refreshes all authentication keys in order to protect them from being compromised. The authors in  proposed a framework, that is, performed by cluster heads in hierarchical WSN.
Problem Statement and Proposed Solution. As discussed earlier, almost every existing protocol proposed for the detection of location based attacks (like sybil attack) in sensor networks focused only on security and protection from attacks neglecting the effect of its computational complexity on the resource-constrained and bottleneck parameters like power consumption, processing capability, traffic intensity, and message latency. These parameters may lead the network towards poor performance if not handled properly. In this paper, we propose an algorithm to protect the sensor network from location based attacks like spoofing attack and sybil and so forth. The scope of this work is intentionally made limited to sybil attack in order to extend simplicity for the reader. The proposed authentication scheme is inherited from the SRES (signed response) authentication mechanism used in second-generation cellular mobile communication system, the Global System for Mobile (GSM) communication . The SRES mechanism is responsible for authenticating the user and encrypting the voice data. In order to implement the SRES in WSNs, we modified the original scheme to fit it into ad hoc scenario. Simulations are performed to validate the performance of the proposed algorithm in MATLAB®. From the simulation results, we prove that the proposed scheme not only is enough efficient to detect the sybil attack but also requires lesser processing and battery power as compared to notable existing authentication schemes. Moreover, the scheme creates little message overhead resulting in negligible increase in the traffic of the network. In order to prove the efficiency, comparison of the proposed algorithm is carried out with two notable attack detection and authentication schemes, that is, Detecting and Locating Location Based Attack Detection (LBAD) in wireless sensor networks  and Lightweight Sybil Attack Detection (LwSAD) in MANETs . Both the schemes are evaluated over probability, processing overhead, and power consumption.
The rest of the paper is organized as follows.
Section 2 explains the procedure of authentication in GSM technology. Section 3 discusses the proposed attack model and defense strategy, respectively. The simulation results and performance comparison are discussed in Section 4 followed by conclusions in Section 5.
2. Working of Authentication Algorithms in GSM
The signed response procedure is originally designed for second-generation GSM based networks. This mechanism is responsible for handset authentication to the network. The A3 algorithm is used to produce a response against the challenge (SRES) as elaborated in Figure 1. The Subscriber Identity Module (SIM) also contains the ciphering key generating algorithm (A8 algorithm). The A8 algorithm is used to calculate the 64-bit ciphering key () which is used to encrypt the voice data before it is sent over the channel. The ciphering algorithm A5 is used to authenticate and ensure the secure communication between the mobile station (MS) and the network. The GSM network initiates a request and sends to mobile station over the channel. The A3 algorithm which is embedded in the handset is responsible for generating the signed response (SRES). The block diagram of A3 algorithm is shown in Figure 2 which involves the process of creating a 32-bit signed response from 128-bit key (RAND). The detailed step-by-step procedure of mobile authentication and voice encryption in GSM is given below:(1)The mobile station (MS) initiates process to sign in to the network.(2)A request for 5 triples to Mobile Services Switching Center (MSC) is forwarded from the Home Location Register (HLR).(3)With the help of A8 algorithm, the five triples are created by Home Location Register and sent to MSC comprising the following main components:(i)128-bit random challenge (RAND).(ii)32-bit matching SRES.(iii)64-bit ciphering key used as a Session Key ().(4)From the first triple, a random challenge is sent to Base Transceiver Station (BTS) from the Mobile Services Switching Center. The BTS then forwards the challenge to mobile station.(5)After receiving the challenge from BTS, the mobile station starts the process of encryption with authentication key assigned to it. The encryption process is carried out with the help of A3 algorithm.(6)Mobile station creates a SRES and sends to the BTS.(7)The Base Transceiver Station forwards the SRES to the Mobile Services Switching Center.(8)The SRES is verified by Mobile Services Switching Center.The use of A8 algorithm for session creation by a mobile station is not discussed in this section since it does not come in our scope.
3. Low Complexity Signed Response Based Sybil Attack Detection Mechanism
3.1. Network Model and Assumptions
Figure 3 illustrates a distributed network with hierarchical structure having cluster heads (CHs) along with the member sensor nodes. We assume that the CH is a powerful node that may become a sink in case of a centralized network. The sybil nodes are assumed to be present in the network and they have the complete information of security mechanism of the network. The CH is responsible for monitoring the behavior of sensor nodes in its vicinity and ensuring that there is no attacker or sybil node. The CH sends the attack information to the BS or any controlling entity if determined. Although only one BS is shown in Figure 3 but there could be as many BS as required by the network and environment. The deployment of nodes can be aerial or manual depending upon the nature of physical environment. Each sensor node is assigned an ID and the position of the sensor node is assumed to be known to it. We also assume that the sink or cluster head has all the necessary information about member sensor nodes like sensor ID, sensor MAC address, and the assigned authentication key .
3.2. Proposed Methodology
In order to implement the SRES mechanism in WSN, we make necessary modifications in the existing authentication scheme implemented in GSM. The proposed mechanism can also be used both in centralized and in clustered ad hoc environment. In ad hoc mode, a sink is responsible for coordinating with all the nodes in the network whereas, in clustered mode, a cluster head can authenticate the node. Since data encryption is not covered in this paper, we will not use the voice encryption algorithm which is also part of the GSM security module. The step-by-step procedure of the proposed algorithm is given below:(1)The five triples are generated and provided by the server or cluster head (CH) or sink side. The five triples are comprised of the following:(i)128-bit random challenge (RAND).(ii)32-bit matching SRES.(iii)64-bit ciphering key used as a Session Key ().(2)RAND is forwarded to the sensor nodes as a challenge in order to authenticate it.(3)This challenge can be sent either as a broadcast if all the nodes need to be authenticated through single challenge number or as a unicast if a specific node is meant to be authenticated.(4)Every node has a MAC address and is also provided a preshared key . Thus, a node can produce the SRES with either MAC address or depending upon the implementation.(5)The signed response (SRES) can be sent by the node directly to either a server, CH, or SN depending upon the nature of the wireless sensor network.(6)The server, CH, or sink verifies the SRES sent by the node and acts accordingly (allowing or disallowing the node).Figure 4 shows the block diagram of proposed authentication scheme where a sink generates and forwards a challenge to the node(s). The MAC address of each node that can be considered as is required to be registered with the sink or CH. The GSM does not allow a mobile station to authenticate the network. However, in our proposed scheme, we will use the SRES to authenticate the network by each member node of the network. In order to verify the network, a node can request the sink or cluster head to resend its already sent SRES to it for confirmation. It means that a node can verify whether it is communicating with the right and authentic network or not. However, this verification can be carried out after a certain number of SRESs have already been generated by the node . As an extension of this work in the future, we will enable the node to reverse the authentication process without sending any challenge to the network.
3.3. Attack Model and Defense Strategy
In order to launch the attacks and test the efficiency of the proposed scheme, we establish a network of 1000 sensor nodes deployed randomly in an arbitrary area. It is assumed that each node is able to communicate with at least one neighboring node in the network. Since the proposed scheme can work both in centralized and in hierarchical networks, we take both structures on board in our simulations while launching attack and executing defense mechanism. The sybil node present in the network is assumed to be a powerful node with respect to both processing and battery power. A sybil node cannot be registered to the network until it successfully verifies itself as a member sensor node of the network to either the server, CH, or SN. To become a member of the network, the sybil node launches repeated attacks in two ways; it either generates and sends the fake IDs to the respective SN or CH or attempts to steal the ID of a valid member sensor node from the network. If the sybil node with a fake ID achieves success in participating in the network without being identified, we will call it a valid sybil identity. In order to make the situation harder for a sybil node, we will perform validation test. There are two types of validations, direct validation and indirect validation. In direct validation, a node can directly check whether the node in its neighborhood or vicinity is having a valid identity or not based upon the knowledge it possesses. In indirect validation, different nodes can communicate during validating a targeted node so that a globally consistent decision can be made. The indirect validation mechanism is considered to be costly as compared to direct validation because, in the latter case, if a node having an identity tries to validate an identity of a node , the massages need to be exchanged only between nodes and via a single hop, whereas, in the former case, other nodes of the network have to be taken on board for an identity validation. In order to prove the efficiency of the proposed authentication protocol, we evaluate it on both direct and indirect validation processes. To verify a node and its identity in the network through direct validation, the verifier (CH or SN) challenges the identity by sending challenge to the targeted node laying in its one-hop neighborhood. The challenge in our case is a 128-bit random number generated by authenticating party, that is, the server or CH or SN. Upon the reception of challenge number, the targeted node will encrypt it with either its MAC address or with the help of A3 algorithm to generate the SRES. At the same time the authenticating party also calculates the SRES from the random number sent and the same from the database as with the targeted node. When the authenticating party receives the SRES from the targeted node, both the values of SRES are compared. These values must be the same if the node is a valid one; otherwise it will be declared as sybil node. In case of indirect validation, the authenticating node sends a challenge to a targeted node which is not in its one-hop neighborhood . Thus, this challenge has to reach the targeted node in a hop-by-hop manner. Upon the reception of the challenge, the node will calculate the SRES through A3 algorithm and sends back to node . The process of calculating the SRES is the same as discussed for direct validation.
The steps involved in the proposed authentication scheme are represented in Algorithm 1. Line () generates five vectors of sizes 32, 64, 128, 256, and 512. Note that each value of table ranges from 0 to , where . In line () the sybil node generates and forwards the SRES to the authenticating party through whereas the authenticating party validate the SRES received from attacking node through . Similarly lines ()–() show the step-by-step process of by dividing the RAND and into LHS and RHS to produce the 32-bit SRES.
4. Probabilistic Model of the Proposed Scheme
let the key size be , and let the pool size in the sink be .
Consider , where is the predistributed th key from a vector space of size . If the sybil node generates a random key , then the probability of this key being a valid key iswhere is the cardinality of the vector space . Since therefore
This gives us the probability of a randomly generated key to be accepted by the sink. let us suppose that a node uses a pool size of of predistributed keys, and then is the subspace of predistributed keys in the pool such that , where . Now, with the probability of any key being in the subspace , becomes Probability that a key is being attacked by the sybil node from the pool of keys is Suppose that we have number of sybil nodes attacking on a network. The probability that attacking sybil nodes are successful out of nodes is given as
Therefore, probability of total successful sybil attacks if nodes attack the network is given asFigure 5 shows the probability that at least one sybil node is successful out of attacking sybil nodes in the proposed sybil prevention scheme. Moreover, Figure 6 shows the maximum probability when one or more attacking sybil nodes become successful under different sizes of authentication key. This figure shows a sharp exponentially declining trend in the probability as the number of useful sybil nodes increases.
5. Results and Discussion
In this section, we discuss the simulation results and provide a detailed performance analysis of the proposed scheme. As discussed earlier, the simulations are based on a network of 1000 sensor nodes. The parameters that we consider for performance are probability of usable sybil, traffic behavior, power consumption, and probability of attack detection.
5.1. Probability of Usable Sybils
The capability of a security algorithm can be better judged on the basis of its probability of letting sybil nodes successfully utilize the network. Figure 7 shows the probability of successful sybil attacks as exhibited by the proposed and referenced mechanisms. If a sybil node is successfully injected to the network without being detected, we call it usable attack. The attacks are launched and tested with the pool sizes of and . The case of is even more harder for sybil node to get through as compared to . However, the earlier case requires relatively more processing overhead than the latter one. The result shows that the proposed scheme provides a better protection since the probability of usable sybil node is lower in both cases ( and ) than the LBAD and LwSAD.
5.2. Traffic Analysis
The lifetime of a wireless sensor network is directly proportional to the rate of exchange of packets. Excessive amount of packet exchange leads to a rapid battery drain due to which the network may die out. Figure 8 shows the behavior of algorithms against the traffic of the network during authentication process. It can be observed from the figure that the proposed scheme produces lesser number of packets in both cases of and as compared to LBAD and LwSAD. The number of packets generated is also directly proportional to the number of authentication rounds launched by a node or CH and will thus be borne at the cost of enhanced security of the network. This result also verifies our claim that the proposed scheme consumes lesser processing power and does not adversely affect the network lifetime.
The little overhead produced as a result of exchange of packets regarding authentication of the nodes can be borne at the cost of secure network. The traffic overhead is directly proportional to the number of authentication procedures launched by CH or SN depending upon the network.
5.3. Node Power Consumption
While designing a protocol for sensor nodes, the power consumption should always be taken on board especially when the network has no resource of additional power supply once deployed. The power consumption of nodes is also calculated in case of direct and indirect validation of the nodes. As already discussed, the indirect validation requires more processing and communication power as compared to direct validation. Figures 9(a) and 9(b) illustrate the results of simulation with respect to power consumption in both direct and indirect validation process against authentication rounds. The graph shows the combined power consumption of all nodes either at both ends of the communication link or at the intermediate nodes during the process of authentication of a node or a set of nodes. The proposed authentication protocol consumes much lesser power in indirect validation as compared to direct validation as shown in Figures 9(a) and 9(b). The power consumption in case of indirect validation is due to information exchange like challenge and SRES between the originating and destination sensor nodes. This operation engages all the nodes that come in the path. Power consumption in case of indirect validation thus depends significantly on nodes population. Larger networks will consume more power in indirect validation and vice versa.
(a) Indirect validation
(b) Direct validation
5.4. Probability of Attack Detection
Probability of attack detection is a major parametric criterion to evaluate the performance of a security algorithm. Figure 10 represents the probability of detection shown by each algorithm applied to the network. It can be clearly seen that the proposed algorithm provides a better protection against the sybil attacks. If we increase the pool size of keys in the sensor nodes, the situation will become even harder for the sybil node. However, this may demand more memory and processing capability available at each sensor node. Therefor, we limited the size up to . The pool size thus is subject to the requirement of the desired security level, power availability at the sensor nodes, and number of nodes in the network.
The existing approaches of defense against the sybil attacks are becoming incapable day by day due to increase in the processing power and capability of attacking nodes. A sybil node can now launch thousands of attacks before its battery gets drained or its processing capability is exhausted. In this paper, we have proposed a low complexity sybil attack detection mechanism which is based on the SRES authentication mechanism developed for Global System for Mobile (GSM) communications. The SRES mechanism is responsible for authenticating the user and encrypting the voice data. The proposed scheme can be implemented in both hierarchical and centralized wireless sensor networks. The proposed scheme has been analyzed for its performance under various sybil attacks. The scheme has been evaluated for its probability of detecting sybil nodes when different authentication key pool sizes are utilized. After extensive simulations, it has also been observed that the proposed scheme is able to detect sybil attacks with higher probability as compared to existing state-of-the-art existing schemes. It has been observed that the proposed sybil detection scheme exhibits lesser computational cost and power consumption as compared to the existing schemes for the same sybil detection performance.
The authors declare that they have no competing interests.
M. Demirbas and Y. Song, “An RSSI-based scheme for sybil attack detection in wireless sensor networks,” in Proceedings of the International Symposium on on World of Wireless, Mobile and Multimedia Networks (WOWMOM '06), pp. 564–570, IEEE Computer Society, Buffalo, NY, USA, June 2006.View at: Google Scholar
D. B. Faria and D. R. Cheriton, “Detecting identity-based attacks in wireless networks using signalprints,” in Proceedings of the 5th ACM Workshop on Wireless Security (WiSe '06), pp. 43–52, New York, NY, USA, 2006.View at: Google Scholar
J. Newsome, E. Shi, D. Song, and A. Perrig, “The sybil attack in sensor networks: analysis & defenses,” in Proceedings of the 3rd International Symposium on Information Processing in Sensor Networks (IPSN '04), pp. 259–268, ACM, Berkeley, Calif, USA, April 2004.View at: Google Scholar
M. Bohge and W. Trappe, “An authentication framework for hierarchical ad hoc sensor networks,” in Proceedings of the 2nd ACM Workshop on Wireless Security (WiSe '03), pp. 79–87, ACM, San Diego, Calif, USA, September 2003.View at: Google Scholar
S. Zhu, S. Xu, S. Setia, and S. Jajodia, “LHAP: a lightweight hop-by-hop authentication protocol for ad-hoc networks,” in Proceedings of the 23rd International Conference on Distributed Computing Systems Workshops (ICDCSW '03), pp. 749–755, Providence, RI, USA, May 2003.View at: Publisher Site | Google Scholar
P. Bahl and V. N. Padmanabhan, “RADAR: an in-building RF-based user location and tracking system,” in Proceedings of the 19th Annual Joint Conference of the IEEE Computer and Communications Societies (INFOCOM '00), vol. 2, pp. 775–784, IEEE, March 2000.View at: Google Scholar
M. Y. Rhee, Mobile Communication Systems and Security, John Wiley & Sons, New York, NY, USA, 2009.