Catching Packet Droppers and Modifiers in Wireless Sensor Networks- projects 2012
ABSTRACT:Catching Packet Droppers and Modifiers in Wireless Sensor Networks- projects 2012
Packet dropping and modification are common attacks that can be launched by an adversary to disrupt communication in wireless multihop sensor networks. Many schemes have been proposed to mitigate or tolerate such attacks, but very few can effectively and efficiently identify the intruders. To address this problem, we propose a simple yet effective scheme, which can identify misbehaving forwarders that drop or modify packets. Extensive analysis and simulations have been conducted to verify the effectiveness and efficiency of the scheme.
To identify packet droppers and modifiers, which are all common attacks that can be launched by an adversary to disrupt communication in wireless multihop sensor networks.
In a wireless sensor network, sensor nodes monitor the environment, detect events of interest, produce data, and collaborate in forwarding the data toward a sink, which could be a gateway, base station, storage node, or querying user. Because of the ease of deployment, the low cost of sensor nodes and the capability of self-organization, a sensor network is often deployed in an unattended and hostile environment to perform the monitoring and data collection tasks. When it is deployed in such an environment, it lacks physical protection and is subject to node compromise. After compromising one or multiple sensor nodes, an adversary may launch various attacks to disrupt the in-network communication.
Among wireless sensor attacks, two common ones are dropping packets and modifying packets, i.e., compromised nodes drop or modify the packets that they are supposed to forward. To deal with packet droppers, a widely adopted countermeasure is multipath forwarding in which each packet is forwarded along multiple redundant paths and hence packet dropping in some but not all of these paths can be tolerated. To deal with packet modifiers, most of existing countermeasures aim to filter modified messages en-route within a certain number of hops. These countermeasures can tolerate or mitigate the packet dropping and modification attacks, but the intruders are still there and can continue attacking the network without being caught.
To locate and identify packet droppers and modifiers, it has been proposed that nodes continuously monitor the forwarding behaviors of their neighbors to determine if their neighbors are misbehaving, and the approach can be extended by using the reputation based mechanisms to allow nodes to infer whether a non neighbor node is trustable. This methodology may be subject to high-energy cost incurred by the promiscuous operating mode of wireless interface; moreover, the reputation mechanisms have to be exercised with cautions to avoid or mitigate bad mouth attacks and others.
Consider a typical deployment of sensor networks, where a large number of sensor nodes are randomly deployed in a two dimensional area. Each sensor node generates sensory data and all these nodes collaborate to forward packets containing the data toward a sink. The sink is located within the network. The sink is aware of the network topology, which can be achieved by requiring nodes to report their neighboring nodes right after deployment.
v A widely adopted countermeasure to mitigate packet droppers, which is based on delivering redundant packets along multiple paths.
v The watchdog proposed to mitigate routing misbehavior in mobile ad hoc networks and is adopted to identify packet droppers in wireless sensor network.
v By obtaining responses from intermediate nodes, alarms, and detection of selective forwarding attacks can be conducted.
v To deal with packet modifiers, most of existing countermeasures are to filter modified messages within a certain number of hops so that energy will not be wasted to transmit modified messages.
v The effectiveness to detect malicious packet droppers and modifiers is limited without identifying them and excluding them from the network.
v Ye et al. proposed a probabilistic nested marking (PNM) scheme. But with the PNM scheme, modified packets should not be filtered out en route because they should be used as evidence to infer packet modifiers; hence, it cannot be used together with existing packet filtering schemes.
v These approaches assume the packet sources are trustable, which may not be valid in sensor networks.
v As in sensor networks, base station typically is the only one we can trust.
v These schemes require to set up pairwise keys among regular sensor nodes so as to verify the authenticity of ACK packets, which may cause considerable overhead for key management in sensor networks.
v A simple yet effective scheme to catch both packet droppers and modifiers is proposed.
v A routing tree rooted at the sink is first established.
v When sensor data are transmitted along the tree structure toward the sink, each packet sender or forwarder adds a small number of extra bits, which is called packet marks, to the packet.
v The format of the small packet marks is deliberately designed such that the sink can obtain very useful information from the marks.
v Identify nodes that are droppers/modifiers for sure or are suspicious droppers/ modifiers.
v Effective in identifying both packet droppers and modifiers,
v Low communication and energy overheads, and
v Compatible with existing false packet filtering schemes;
v It can be deployed together with the false packet filtering schemes
v Identify intruders