The Scientific World Journal

The Scientific World Journal / 2015 / Article

Research Article | Open Access

Volume 2015 |Article ID 841267 |

Udaya Suriya Raj Kumar Dhamodharan, Rajamani Vayanaperumal, "Detecting and Preventing Sybil Attacks in Wireless Sensor Networks Using Message Authentication and Passing Method", The Scientific World Journal, vol. 2015, Article ID 841267, 7 pages, 2015.

Detecting and Preventing Sybil Attacks in Wireless Sensor Networks Using Message Authentication and Passing Method

Academic Editor: Junghyun Nam
Received30 Mar 2015
Revised29 May 2015
Accepted30 May 2015
Published05 Jul 2015


Wireless sensor networks are highly indispensable for securing network protection. Highly critical attacks of various kinds have been documented in wireless sensor network till now by many researchers. The Sybil attack is a massive destructive attack against the sensor network where numerous genuine identities with forged identities are used for getting an illegal entry into a network. Discerning the Sybil attack, sinkhole, and wormhole attack while multicasting is a tremendous job in wireless sensor network. Basically a Sybil attack means a node which pretends its identity to other nodes. Communication to an illegal node results in data loss and becomes dangerous in the network. The existing method Random Password Comparison has only a scheme which just verifies the node identities by analyzing the neighbors. A survey was done on a Sybil attack with the objective of resolving this problem. The survey has proposed a combined CAM-PVM (compare and match-position verification method) with MAP (message authentication and passing) for detecting, eliminating, and eventually preventing the entry of Sybil nodes in the network. We propose a scheme of assuring security for wireless sensor network, to deal with attacks of these kinds in unicasting and multicasting.

1. Introduction

A wireless sensor network consists of applications such as environmental monitoring, target tracking, health monitoring, and other various maintenance options. Implementation and topology creation have become significant activities in modern research work [1]. The usage of wireless sensor network in a variety of applications is highly important with the emphasis on ensuring security. Still, Prevention and detection of malicious attacks of all levels may be high or low in wireless sensor network [2]. A variety of attacks on the network like wormholes, sinkhole, Sybil, sleep, and selective forward attacks in the network are being observed. Many researchers have identified their own infrastructures which have portable devices, used in various trade services in decentralized and scalable methods. Some of the devices are capable of synchronization without the use of the internet for multiuser applications. They are used for finding the exact location in the algorithms that enhance the accuracy. The Sybil attacker misleads other nodes by showing wrong ID or duplicate ID of the users who are aware of the nodes in the wireless sensor network.

In the latest network environment, alien nodes can appear in disguise in various identities and act as original nodes. Basically, there is no common master node in social and defense network for monitoring communication between network nodes intense [3]. The analysis of peer-to-peer network shows that these networks show the existence of these network logical functionalities or the virtual networks coventry exist, that is, the networks built on the top of other networks as in the internet. The network node addresses are based on the logical ID for structuring and forming networks [4].

The nodes in wireless sensor network are not in a fixed infrastructure, whether single-hop, multihop communication, base station, gateways, and access points [5]. Basically, wireless sensor networks have a smaller infrastructure which could be noninfrastructure networks. The term ad hoc implies the establishment for a special purpose and for applications such as tracking, function approximation and edge detection, monitoring environment, and security domain in the homeland. The application of wireless sensor network, resembling a military force, monitors absence of restriction on the infrastructure as well as in the intermediate hop nodes [6].

This paper deals with one of the hazardous security threats known as Sybil attack and proposes an algorithm known as message authentication and passing method to hinder a Sybil attack in a wireless sensor network. The rest of the paper is presented as follows: Section 2 defines the materials and methods of the Sybil attack; Section 3 defines the results and discussions. Section 4 provides conclusions and indications of future work.

2. Materials and Methods

Sybil attack is a matter of critical importance and consternation in network security leading to many fake identities that can cause disruption in the network [7]. Sybil attack occurs mostly during broadcasting and it functions without individual verification and identity comparison of communication entities [8]. The attacker node can acquire many identities. That entity in the system can endeavor to influence the Sybil attacker due to the awareness of only others in each entity via messages in the communication channel [9]. The attacker nodes are launched inside and outside the route as well as wireless sensor networks. The monitoring node specially identifies the attacker node on a unicast as well as in a multicast scenario. Here, [10] author proposes an authentication framework which can ensure hindrance to or mitigation of security attacks on wireless sensor network.

2.1. Security Attacks on WSN

Various types of malicious activities are patent in wireless sensor network. Some of these are created in terms of nodes while others are created in a network, data link, and application layers. Some are created in the physical state [11].

The attacks are currently classified as active and passive. The former is created by deployment of illegal information in the network that can affect it. Sybil, sinkhole, and eavesdropper are some of the active attacks. Passive attacks are those which are meant to affect the network resources such as lifetime and network size.

2.2. Sybil Attack

A node or a device takes many identities that may not necessarily be lawful. It does not impersonate any node, but fast it only assumes the identity of another among several nodes, causing redundancies in the routing protocol. Sybil attacks degrade data integrity, security, and resource utilization. It can also perform storage, routing mechanisms, air resource allocation, and misbehavior detection. In a sensor network hundreds of sensor nodes form the communication network. The wireless communication between these sensor nodes passes through a central station. These nodes communicate with a specified of nodes of a specified number [12]. There are many encryption techniques available to prevent external attack on the nodes, but nodes in the communication network can also mount an attack. One of these insider attacks is called a Sybil attack [1315] in which the node that spoofs the other node is called Sybil node and the other one is a normal node . In a proper communication system only nodes should communicate with one another. But here, node comes in another form of its own as an internal known node and launches an attack on the network. The Sybil node tries to communicate with neighboring nodes by using the identity of the normal node and in the process a single node gives many identities in the area to other nodes in the network which is illegal. A Sybil node can be formed as a new identity or as a pilfering legal identity. It is, therefore, considered an additional entity of a misbehaving node. This causes confusion in the network and it gets collapsed. A faulty node which enters into the network with different IDs is shown in Figure 1.

As a result Sybil attacks are classified into two forms on the basis of the manner of attack on the network. They are as follows.

(i) Direct Attack and Indirect Attack. In a direct attack, the real nodes communicate directly with Sybil nodes, whereas, in an indirect attack, the communication is done through a malicious node.

(ii) Fabricated Attack and Stolen Identity Attack. Legal identities of nodes are used to create new illegal nodes. That is to say, a sensor node which has an ID of 16-bit integers creates the same ID of 16 bits, which are fabricated nodes. The IDs stolen by the Sybil node are destroyed by checking the identity replication [16].

2.3. Existing Methodology

Random Password Generation (RPC) algorithm focuses on the various traffic levels and security during data transmission in WSN. RPC algorithm generates the routing table which holds information about deployed nodes. The intermediate nodes in the route are identified between source and destination. The intermediate node’s information is compares with RPC database during communication among nodes, based on the comparison results it decides whether Sybil or normal node. RPC also generates the route by adding the genuine node in its path from source to destination node using several subprocedures [17].

2.4. Proposed Approach

The main objective of this paper is to design and develop an algorithm for detecting and preventing Sybil attacks in wireless sensor network. It is referred to message authentication and passing algorithm. Creation of Sybil activity through use of the other personal identities is well known. Most of the existing research deals with the detection of the Sybil attack through verification of identities.

2.4.1. Network Model

In this paper, numbers of nodes are deployed in the network randomly under the control of and an administrator. These are well configured, energy efficient, and promising nodes in the network. During node creation, each node will receive a message from the with a timestamp message indicating the node creation time (birth time) in the network. The entire node responds to the BS with a RES message with ID, timestamp, and location. Then this information is stored in a under the control of the administrator of the network. The entire network model is presented as where is the number of nodes in the network. Each node is deployed in the network as , where is any location within the network area. The BS sends a HELLO packet to all the newly created nodes in the network which can be written asAnd, each node in the network is sending a RES packet to the BS which can be written as RES , where the HELLO and RES packet consist of node ID and the timestamp. and , where denotes the node, denotes timestamp of the node, and denotes identity of the node. The parameters such as ID and are used to verify that the node is a Sybil or not. CAM-PVM algorithm for Sybil detection.

In network , a node needs to transmit a data to a node . So, it is necessary to discover a route from to through an -hop intermediate node. The number of intermediate nodes depends on the network size. The routing mechanism used in this paper follows AODV protocol. During this process, current information about the intermediate nodes (ID, timestamp) is tentatively stored in a routing table named as .

The duration between the route discovery and data transmission in the discovered route is very small. While data transmission, the data entries are compared with the entries available in the shown in Table 1, where it helps to identify the duplicate nodes with id, timestamp, and the location. For example, is considered source node, the destination node, and the intermediate nodes are , , and . The route discovered from to is . The of the discovered route is shown in Table 2, which comprises the original node ID, timestamp , location, and the current timestamp during the time of route discovery.

Node ID


Node ID


Now during the data transmission, the discovered route is verified by comparing current intermediate node information with the by updating the node entries. From Table 3, it is clear that the information is replicated; it is found that the information of the replica node does not match the original information in .

Node ID


Sybil activity is identified with application of the CAM-PVM algorithm and is detected in the network. To provide prevention for Sybil activity, another MAP algorithm is applied along with CAM-PVM for prevention of Sybil activity. MAP comprises unicast as well as multicast based communication in the network. The algorithm for CAM-PVM and MAP is given below.

Compare and Match-Position Verification Method (CAM-PVM)(1)(2)(3) // Nodes are placedrandomly(4)(5);(6)(7) Let Li be the set of link between pair of nodes in the network(8)// For every nodes (9)distance(, )(10);(11)(12)(13)(14)(15)(16)(17)(18) //Route Discovery(19);(20);(21)(22)(23)// Data transmission(24)iROTINGtable==iNODEINFOtable)then(25)(26)(27)(28)(29)(30) entries clear(31)End

The CAM-PVM algorithm is used during the discovery and data transmission in the network, where the node’s information is checked from the BS . After verification of CAM-PVM algorithm, the algorithm collects the ID, timestamp, and current location information of the nodes and compares with initial information when they are registered. The results of the CAM-PVM algorithm can provide only the trusted nodes in the route to ensure secured data transmission. Otherwise the particular nodes are treated as unknown nodes such as Sybil and data transmission in the current is stopped and alternate path is selected.

Application of CAM-PVM is a time consuming process and also cost effective. So, that prevention device is suggested in this paper to eliminate Sybil activity. Each node should communicate by passing the authentication message. In case the source node suspects the destination dynamically, we can make use of the CAM-PVM with MAP algorithm for comparing and for message authentication to check whether the current node is Sybil or not. Where in the network , a node passes the data to node the node sends a request message to node with its key, as , which is generated by the BS while registering in the network . Node (destination node) submits its key message with , and later, both keys are verified by the base station and an ok signal produced for sharing the data and any other information. Data transmission occurs between once they get the signal from the base station. The pseudocode uses for the message authentication and passing method are given below in detail.

Message Authentication and Passing (MAP)(1)(2)(3)// node id, , values of node(4)(5)(6)(7)(8)(9) then(10)(11)(12)(13)(14)(15)(16)End

3. Results and Discussion

The entire system model is simulated using NS2 software with 25 nodes with a network size of 1200 × 1200. Each sensor node behaves under AODV (Ad Hoc on Demand Vector) protocol. All nodes are constructed under a single BS. In this network model, node 17 is ready to receive the data from node 0. When node 0 sends a REQ message to node 17, that node sends a RES message to node 0 back. This can be sensed by node 11 which sends a RES message with the label of node 17. This can be traced while node 11 is unable to submit its authenticated key value which belongs to node 17. So it is detected as a Sybil node and rejects node 11 from the network. In this paper, the efficiency of the network is calculated by comparing the throughput before and after inclusion of message authentication and passing algorithm in the network functionality. This is described in detail in Figure 2.

As the proposed approach is meant to ensure detection and prevention of the Sybil node, the performance can be analyzed by calculating the average delay of data packet transfer, throughput, malicious node, and other necessary factors for judging the quality of service of a routing protocol. In this paper, Figure 3 shows the average delay of the data packet transfer of the network before deployment of the message authentication and passing algorithm where data packets of different sizes are transmitted at different intervals of time. The behavior of Sybil nodes resembles dispatch of data at any time from any location and that would disturb the original nodes in the network. The figure shows the average delay is very less after applying the MAP algorithm.

In order to check the performance evaluation, a large number of nodes are deployed in the network and the detection rates of the Sybil nodes. A number of iterations can be made with different numbers of nodes in the network as shown by the performance. With the increase in the number of nodes, there is also an increase in the number of misbehaving nodes, which obviously affects the data and results in data loss. The throughput of the proposed approach before and after deployment with the routing protocol is calculated. In existing Random Password Comparison method, the throughput will be 74% whereas in case of CAM-PVM it will be 85% and in MAP it will be 95%. It shows the efficiency of the proposed approach. The comparison of throughput between existing method with CAM-PVM and MAP is shown in Figure 4.

Once a detection procedure is deployed during transmission, it detects the Sybil node and avoids transmission through that attacker node. Data loss can be thwarted through detection. In this scenario the number of times for consumption should be considered for the improvement of the quality of service. The detection rate of the Sybil attack is more accurate, but considering waste of time in such a kind of situation, prevention as a factor that directly eliminates the Sybil nodes is the deciding factor in the place of detection. Subsequent elimination of the procedure message authentication and passing method for prevention of the Sybil attack is applicable, but the detection rate is smaller compared to CAM-PVM and other existing methods. There is a clear indication of this fact. The same simulation is repeated for number of nodes with number of times in network simulation software. Table 4 shows the comparison of CAM-PVM with message authentication and passing method.

Number of nodes102030405060708090100

Sybil nodes2468101214161820

Simulation is also carried out in multiple rounds where the number of nodes deployed that are different for each round and there is a difference in the number of Sybil nodes according to the normal nodes. Here we had conducted a simulation of our proposed algorithm by assigning 2 Sybil nodes for each 10 nodes and forward our simulation process up to 100 nodes starting from 10 nodes. Table 4 shows our simulation result for Sybil node detection from which we can clearly say that our MAP algorithm produces 30% more detection accuracy compared with the CAM-PVM algorithm and existing RPC methods. In case of least Sybil nodes both algorithms produce same results but when the number of malicious nodes increased the performance of CAMPVM gets decrease while our algorithm maintains its consistency. The performance is comparatively good in message authentication and passing method. The optimized and compared output of the MAP with CAM-PVM algorithm and existing RPC method is given in the graphical representation as shown in Figure 5.

Figure 6 shows the comparison of detection rate with existing RPC methods with proposed CAM-PVM and MAP. In existing RPC method, the detection rate was only 60% whereas in proposed CAM-PVM the detection rate was 75% and in MAP the detection rate was 90%. It shows the efficiency of the proposed approach. The performance comparisons show three categories in which the performance values are compared using the existing methodology. The three factors are data packet transfer; throughput and detection of malicious node are computed and compared. In the first methodology, average delay of data packet transfer between existing RPC method with proposed method. The average delay is calculated as successful data packet transmission. In the second methodology throughput is calculated between the source nodes to destination node. By comparison with the existing system throughput will be 74% whereas in CAM-PVM is taking 85% and message authentication and passing method 95% of the total time. In the third methodology, the detection of malicious node comparison between the existing system is 60% whereas in CAM-PVM detects 65% of malicious node whereas the message authentication and passing method detects 90% of the malicious node. Hence message authentication and passing method is considered a better method than the CAM-PVM even under this criterion.

4. Conclusions

In this paper the message authentication and passing method is applied for checking the trustworthiness or otherwise for a Sybil node. The action of a node as a Sybil node with duplicate ID and information can happen only when the node has complete information about other nodes. Verification of the node needs the application of CAM-PVM. Instead of wasting time for CAM-PVM to check each and every node, the message authentication and passing procedure is applied for authentication prior to communication. If a node does not have any authorization by the network or by the base station, it cannot communicate with any other node in the network. The message authentication and passing method is so effective and is known for more time consuming than any other method.

Message authentication and passing method requires modification and reduction in time consumption and for cost effectiveness. The size of the network is not a constraint. The throughput of the network should be higher than the other security algorithm which is applied earlier in the network security.

Conflict of Interests

The authors declare that there is no conflict of interests regarding the publication of this paper.


One of the authors Dr. V. Rajamani acknowledges the DST, India, for sponsoring FIST Project at Vel Tech Multitech.


  1. V. Rathod and M. Mehta, “Security in wireless sensor network: a survey,” Ganpat University Journal of Engineering & Technology, vol. 1, pp. 35–44, 2011. View at: Google Scholar
  2. A. Modirkhazeni, N. Ithnin, and M. Abbasi, “Secure hierarchical routing protocols in wireless sensor network; security survey analysis,” International Journal of Computer Communications and Networks, vol. 2, pp. 6–16, 2012. View at: Google Scholar
  3. W. Niu, J. Lei, E. Tong et al., “Context-aware service ranking in wireless sensor networks,” Journal of Network and Systems Management, vol. 22, no. 1, pp. 50–74, 2014. View at: Publisher Site | Google Scholar
  4. Z. A. Baig, “Pattern recognition for detecting distributed node exhaustion attacks in wireless sensor networks,” Computer Communications, vol. 34, no. 3, pp. 468–484, 2011. View at: Publisher Site | Google Scholar
  5. D. G. Anand, H. G. Chandrakanth, and M. N. Giriprasad, “Security threats & issues in wireless sensor networks,” International Journal of Engineering Research and Application, vol. 2, pp. 911–916, 2012. View at: Google Scholar
  6. S. Abbas, M. Merabti, and D. Llewellyn-Jones, “Signal strength based Sybil attack detection in wireless Ad Hoc networks,” in Proceedings of the 2nd International Conference on Developments in eSystems Engineering (DESE '09), pp. 190–195, Abu Dhabi, UAE, December 2009. View at: Publisher Site | Google Scholar
  7. S. Sharmila and G. Umamaheswari, “Detection of sybil attack in mobile wireless sensor networks,” International Journal of Engineering Science & Advanced Technology, vol. 2, pp. 256–262, 2012. View at: Google Scholar
  8. K.-F. Ssu, W.-T. Wang, and W.-C. Chang, “Detecting sybil attacks in wireless sensor networks using neighboring information,” Computer Networks, vol. 53, no. 18, pp. 3042–3056, 2009. View at: Publisher Site | Google Scholar
  9. A. Vasudeva and M. Sood, “Sybil attack on lowest id clustering algorithm in the mobile ad hoc network,” International Journal of Network Security & Its Applications, vol. 4, no. 5, pp. 135–147, 2012. View at: Publisher Site | Google Scholar
  10. N. Balachandaran and S. Sanyal, “A review of techniques to mitigate sybil attacks,” International Journal of Advanced Networking and Applications, vol. 4, pp. 1–6, 2012. View at: Google Scholar
  11. G. Padmavathi and D. Shanmugapriya, “A survey of attacks, security mechanisms and challenges in wireless sensor networks,” International Journal of Computer Science and Information Security, vol. 4, pp. 1–9, 2009. View at: Google Scholar
  12. L. Xiao, L. J. Greenstein, N. B. Mandayam, and W. Trappe, “Channel-based detection of sybil attacks in wireless networks,” IEEE Transactions on Information Forensics and Security, vol. 4, no. 3, pp. 492–503, 2009. View at: Publisher Site | Google Scholar
  13. A. Tangpong, Managing sybil identities in distributed systems [Ph.D. thesis], Pennsylvania State University, 2010.
  14. H. Yu, P. B. Gibbons, M. Kaminsky, and F. Xiao, “SybilLimit: a near-optimal social network defense against sybil attacks,” IEEE/ACM Transactions on Networking, vol. 18, no. 3, pp. 885–898, 2010. View at: Publisher Site | Google Scholar
  15. G. Jing-Jing, W. Jin-Shuang, Z. Yu-Sen, and Z. Tao, “Formal threat analysis for ad-hoc routing protocol: modelling and checking the sybil attack,” Intelligent Automation & Soft Computing, vol. 17, no. 8, pp. 1035–1047, 2011. View at: Publisher Site | Google Scholar
  16. C. Komar, M. Y. Donmez, and C. Ersoy, “Detection quality of border surveillance wireless sensor networks in the existence of trespassers' favorite paths,” Computer Communications, vol. 35, no. 10, pp. 1185–1199, 2012. View at: Publisher Site | Google Scholar
  17. R. Amuthavalli and R. S. Bhuvaneswaran, “Detection and prevention of sybil attack in wireless sensor network employing random password comparison method,” Journal of Theoretical and Applied Information Technologygy, vol. 67, pp. 236–246, 2013. View at: Google Scholar

Copyright © 2015 Udaya Suriya Raj Kumar Dhamodharan and Rajamani Vayanaperumal. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

More related articles

 PDF Download Citation Citation
 Download other formatsMore
 Order printed copiesOrder

Related articles

Article of the Year Award: Outstanding research contributions of 2020, as selected by our Chief Editors. Read the winning articles.