Detecting Wormhole Attacks in Wireless Networks Using Local Neighborhood Information W. Znaidi M. Minier and JP. Babau Centre d'innovations en Télécommunication & Intégration de services wassim.znaidi@insa-lyon.fr PIMRC 2008 1
Outline Introduction and related work Our proposition Simulations and some results Conclusion 2
a Wireless Sensors Network No infrastructure Hundreds/Thousands of tiny devices Difficult/impossible access to nodes A typical application: the fire detection Sensor Devices : Have limited energy memory and computation resources No tamper-resistant devices (physical compromising) + + = 3
Attacks Sinkhole attack Sybil attack Routing cycle attack Hello flooding attack Others attacks: Tampering jamming blackholes wormhole collision desynchronisation traffic analysis eavesdropping 4
What is a wormhole? Wormhole Attack: Two wireless devices (X and Y) connected with an out-of-band connection (by cable or high-power Wireless radios). Y captures wireless transmissions in its neighborhood transfers them through Wormhole Link to X and X reinjects all the packets there into the network (and vice versa). Characteristics: Dangerous : all the traffic attracted to X-Y Easy to mount and to launch Hard to detect 5
What is a wormhole? Network effect: Routing protocol may choose routes that contains the wormhole link Monitor traffic or drop packets etc. distorts the network topology Our goal: Detection and prevention of the wormhole attack in WSNs 6
Not specific to WSN: RFID access control system: gate equipped with contactless smart card reader contactless smart card wormhole contactless smart card emulator fast connection smart card reader emulator user may be far away from the building 7
Overview of some detection algorithms of wormhole attack Protocol Description Drawbacks Hu and al. 2003 Use of packet leaches with geographical and temporal information requires synchronized clocks and GPS equipped devices L. Hu and al. 2004 Use the direction of the antenna Of the neighbors use of directional antenna R. Maheshwari and al. 2007 Search for forbidden structure caused by the wormhole Difficulty to compute a parameter to determine forbidden structure 8
Our detection algorithm Main idea: Every sensor node computes the connectivity degree of its neighbors Using this parameter each node declares if it detected the presence of the wormhole Assumption: Bidirectional link Static and dense network 9
Background used Edge-clustering coefficient: C z g g i j i j = g si j i j Ex. g=3 3 C i j = 2 4 Modified edge-clustering coefficient: C g i j\ X = z s g i j \ X g i j\ X i k j Ex. g=3 3 C i j\ k = 1 3 10
Def. of the wormhole using the edge-clustering coefficient Assumption: in a dense network such a WSN we suppose that every couple of sensor nodes has at least one common 1-2 hop neighbor Let a and b two nodes in the WSN: g = 34 a declares b as a wormhole if X V1 ( b) such C a X \ b = 0 Example: C 3 a 4 y\ X = 0 and Ca y\ X = 0 Node a declares X as a wormhole node 11
Limitation and Solutions Generalization: X is away l-hop from node a a declares X as a wormhole if l+ 2 k V1 ( X ) such C a k \ X = 0 But: False positive: C 3 j 4 g \ a = 0 and C j g \ a = 0 Solution: use the voting technique: every node declares a wormhole only if it received a sufficient number of alerts. 12
Proposed algorithm 1. Neighborhood discovery: each node maintains the list of its 1-hop and 2-hop neighbors. 2. Computing: each node computes first if it s = 0 4 then it computes. C..\. 3 C..\. 3. Isolation: if a node is declared as a wormhole it uses the voting technique Our algorithm is distributed uses local neighborhood information and no extra hardware. 13
Simulations Scenario: Single wormhole 2 different topologies: random and grid distribution 125 nodes over 400mx400m Disk graph connectivity model IEEE 802.11 MAC layer WSNet Simulator (developed in CITI Lab) http://wsnet.gforge.inria.fr/ 14
Some results Grid topology Random topology Probability of wormhole detection graph disconnection false positive and false positive without boundary nodes 15
Some results Impact of the threshold T am on the false positive probability 16
Conclusion Our algorithm is resilient to wormhole attack: Without relying on any location inform (GPS) Without introducing any special hardware No packet added Our algorithm is simple practical local and provides a 100% detection of the wormhole detection. The mechanism used in our protocol such the edgeclustering coefficient can be used for other proposals such auto-organization in WSNs Current work: Establishment pairwise key and access control using trivariate polynomial 17
Thank you! Questions? 18
WSN s Key management using trivariate Polynomials Wassim Znaidi Encadrants: Marine Minier 19
Motivation Resource constraints: public keys not possible Symmetric method: keys shared between nodes. Assumptions: Static node deployed anytime Trusted and powerful Sink All information are extract when a node is captured 20
21 Main Idea Blundo Model : Our trivariate polynomial : Characteristic: t-secure Danger: If t nodes are compromised all the system is broken 1 ij a where1 mod (Q) ) ( 0 = = Q t y x i a y x f j i j i j 1 ijk a 1 where mod (Q) ) ( 0 = = Q t z y x i a z y x f k j i k j i jk ) ( ) ( x y f y x f with = ) ( ) ( z x y f z y x f with =
22 Initialization phase (before nodes deployment) The BS loads into each node i: : order of node i 2 authentication parameters: ) ( ) ( z y id f z y i f i = i z ) 1 ( i a' w i z N h = ) 0 ( i a w N h =
Pair-wise key establishment 23
Path-key establishment A pair-wise key established between non-neighboring nodes u and v Find a secure path of already established pair-wise keys Follow the pair-wise key establishment process where all exchanged messages between u and v are authenticated throw the path 24
Thank you! Questions? 25
Pair-wise key establishment 26