WIRELESS SENSOR networks (WSNs), and particularly

Transcription

1 26 IEEE SYSTEMS JOURNAL, VOL. 7, NO. 1, MARCH 2013 Classification and Experimental Analysis for Clone Detection Approaches in Wireless Sensor Networks Kwantae Cho, Minho Jo, Member, IEEE, Taekyoung Kwon, Hsiao-Hwa Chen, Fellow, IEEE, and Dong Hoon Lee, Member, IEEE Abstract Wireless sensor networks (WSNs) consist of tiny sensor nodes that communicate with each other over wireless channels, often in a hostile environment where nodes can be captured and compromised. Consequently, an adversary may launch a clone attack by replicating the captured nodes to enlarge the compromised areas employing clones. Thus, it is critical to detect clone nodes promptly for minimizing their damage to WSNs. Recently, various clone detection schemes were proposed for WSNs, considering different types of network configurations, such as device types and deployment strategies. In order to choose an effective clone detection scheme for a given sensor network, the selection criteria play an important role. In this paper, we first investigate the selection criteria of clone detection schemes with regard to device types, detection methodologies, deployment strategies, and detection ranges. We then classify the existing schemes according to the proposed criteria. Simulation experiments are conducted to compare their performances. It is concluded that it is beneficial to utilize the grid deployment knowledge for static sensor networks; the scheme using the grid deployment knowledge can save energy by up to 94.44% in comparable performance (specifically in terms of clone detection ratio and the completion time), as compared to others. On the other hand, for mobile sensor networks, no existing approach works efficiently in reducing detection error rate. Index Terms Clone attack, clone detection, network security, replica attack, wireless sensor networks (WSNs). I. Introduction WIRELESS SENSOR networks (WSNs), and particularly their security issues, have received great attention recently in both academia and industry. Since tiny sensor nodes Manuscript received April 25, 2011; revised November 20, 2011; accepted January 22, Date of publication April 3, 2012; date of current version February 20, This work was supported in part by the Taiwan National Science Council, under Research Grant NSC E MY3, by the IT Research and Development Program of MKE/KEIT (KI002113, Development of Security Technology for Car-Healthcare), and by the National Research Foundation of Korea, under Grant funded by the Ministry of Education, Science, and Technology, Korean Government. K. Cho and D. H. Lee are with the Graduate School of Information Security, Korea University, Seoul , Korea ( ckt27@korea.ac.kr; donghlee@korea.ac.kr). M. Jo is with the College of Information and Communications, Korea University, Seoul , Korea ( minhojo@korea.ac.kr). T. Kwon is with the Department of Computer Engineering, Sejong University, Seoul , Korea ( prof.tkwon@gmail.com). H.-H. Chen is with the Department of Engineering Science, National Cheng Kung University, Tainan 701, Taiwan ( hshwchen@ieee.org). Color versions of one or more of the figures in this paper are available online at Digital Object Identifier /JSYST /$31.00 c 2012 IEEE in WSNs have meager resources for computation, communication, power, and storage, it is challenging to provide efficient security functions and mechanisms for WSNs. Above all, since WSNs are frequently deployed in hostile environments, sensor nodes can be captured and compromised easily by an adversary who may extract secret information from the captured nodes. After such a compromise, a clone attack can be launched by replicating the captured nodes and injecting them sporadically over the networks such that the adversary can enlarge the compromised areas by employing the clones. The secret information, such as access keys, extracted from the captured nodes and still contained in clones, may allow the adversary to gain access to communication systems throughout WSNs. For instance, clones would be authenticated as genuine nodes in a key establishment scheme of WSNs in different locations, eventually taking over a local segment or an entire network to launch various attacks, such as corrupting data aggregation, injecting false data, and dropping packets selectively. Thus, it is essential to detect clone nodes promptly for minimizing their damages to WSNs. The simplest defensive measure against the clone attacks is to prevent an adversary from extracting secret key materials from captured nodes by virtue of tamper-resistant hardware. However, the hardware-based defensive measures are too expensive to be practical for resource-restricted sensor nodes. Various kinds of software-based clone detection schemes [1] [13] have recently been proposed for WSNs, considering many different types of network configuration, such as device types and deployment strategies. The limitation of softwarebased clone detection schemes is undoubtedly that they are not generic, meaning that their performance and effectiveness may depend upon their preconfigured network settings. For example, a clone detection scheme designed for mobile WSNs is useless in static WSNs. In order to choose an effective detection scheme for a certain sensor network, it is desirable to have a set of well-designed selection criteria. In this paper, we first investigate the selection criteria of clone detection schemes with regard to device types, detection methodologies, deployment strategies and detection ranges, and then we classify the existing schemes according to the proposed criteria. First, we divide static and mobile sensors according to their mobility. A static sensor node cannot move, while the location of a mobile sensor changes depending on operational scenarios. Clone detection strategies can be classified in this sense as well. Second, we classify the detection

2 CHO et al.: CLASSIFICATION AND EXPERIMENTAL ANALYSIS FOR CLONE DETECTION APPROACHES 27 schemes to centralized and distributed schemes, i.e., in terms of the ways to collect and verify evidence of clones. One is that a central node, such as a base station (BS), acts solely on detecting clones, and the other is that a group of sensor nodes conduct the clone detection cooperatively. Third, according to the ways how to deploy sensor nodes, we divide them into random uniform deployment and grid deployment strategies. The former is that sensor nodes are scattered in a region randomly, and the latter works in a way that they are placed in prescheduled zones by dividing a given deployment field into a number of practical locational zones. Finally, according to clone detection locations, we divide the schemes into whole area and local area detection schemes. In the former schemes, all sensor nodes work jointly in detecting clones, but in the latter schemes only a subset of them will conduct it locally. To summarize, we classify the existing clone detection schemes based on the following criteria: 1) device type: static (sensor) versus mobile (sensor); 2) detection method: centralized (detection) versus distributed (detection); 3) deployment strategy: random uniform (deployment) versus grid (deployment); 4) detection range: whole (area detection) versus local (area detection). The remainder of this paper provides more detailed results on the aforementioned classifications along with our simulation experiments to compare their performances and discover unexpected error rates. Our results are useful in selecting an effective clone detection scheme for a given WSN environment. Finally, we conclude that it is beneficial to utilize the grid deployment knowledge for static sensor networks. Unfortunately, for mobile sensor networks, no existing approach could work efficiently in reducing detection error rate. II. Adversary Model and Clone Detection Scenario In this section, we define an adversary model and then describe a clone detection scenario to detect a clone attack. A. Adversary Model A clone attack means that an adversary injects one or more replicated nodes into a network by using the same ID as another node, i.e., a captured node [1], to compromise a large fraction of a network successfully. With regard to this attack, it is assumed that an adversary captures only a tiny fraction of nodes in the network because capturing a large fraction may not even require clones at all and must be much more costly and easier to detect. It is reasonable to assume that an adversary captures only a small number of nodes and makes clones by replicating the captured nodes to inject them back into the network for achieving adversarial objectives, such as controlling the target area and so forth. Since the adversary already knows the secret of the captured node, it is useless to employ the existing security systems, such as the ones given in [14] [19]. Thus, the clone detection is necessarily required and it is enforced on the following clone detection scenario. B. Clone Detection Scenario First, for starting the clone attack, an adversary captures one or more nodes deployed in the network where the adversary wants to obtain information for achieving adversarial goals. After that, the adversary makes clones using the secret information extracted from the captured nodes and then deploys the clones into the targeted areas. To get some useful information from the clone s neighboring nodes or control them in the target areas, the clone should establish a secret key with them for a secure channel. However, before the key establishment procedure, all newly inserted nodes including the clone must pass the clone detection protocol. In other words, the clone cannot achieve its malicious goals in the target area until it passes the test. Based on this scenario, we will run simulation experiments in Section IV to test different clone detection schemes. Because the existing security systems cannot protect themselves from the clone attacks effectively, in this paper we will introduce various solutions to address this issue in Section III. III. Clone Detection Schemes Fig. 1 depicts a taxonomy of clone detection schemes of WSNs, in which we define the selection criteria as what we discussed before. First, we divide the taxonomy according to device types, such as static and mobile WSNs. In Fig. 1(a), the clone detection schemes of static WSNs are classified into four types [i.e., static, centralized, random uniform, and whole (SCRW), static, distributed, random uniform, and whole (SDRW), static, distributed, grid, and whole (SDGW), and static, distributed, grid, and local (SDGL)] according to their detection methods, deployment strategies, and detection ranges. In Fig. 1(b), the clone detection schemes of mobile WSNs are classified into two types [i.e., mobile, centralized, and whole (MCW) and mobile, distributed, and whole (MDW)] according to their detection methods and detection ranges. We will provide a review on such classifications in more detail as follows. A. Type SCRW Parno et al. [1] proposed a centralized detection scheme (i.e., BS-based scheme) as a basic clone detection scheme. Presumably, each node sends IDs and estimates the locations of its neighbors to a BS. 1 If there is a collision of IDs in far distinct locations, then the BS revokes the corresponding sensor nodes by broadcasting an authentic command. Brooks et al. [2] also proposed a centralized clone detection scheme under the assumption that the keys are randomly predistributed. If a key is used for multiple times over a predefined threshold, then the BS revokes the corresponding key as a clone key. Choi et al. [3] proposed a clone detection scheme, called SET, to detect clones by set operations, such as intersection and union, of exclusive subsets of IDs in a network. Since the set of IDs are divided by clustering regional sensor nodes after deployment, an intersection of distinct subsets must be 1 The location of a sensor node can be estimated in several ways, such as those reported in [20] [25].

3 28 IEEE SYSTEMS JOURNAL, VOL. 7, NO. 1, MARCH 2013 Fig. 1. Taxonomy of clone detection schemes in WSNs. (a) Static WSNs. (b) Mobile WSNs. empty. If there is a nonempty intersection, then the BS will be reported by corresponding cluster heads to detect cloning activities. Besides, Xing et al. [4] proposed a replica detection scheme using a fingerprint, which includes information of neighboring nodes. Since the fingerprints are fixed on deployment, it requires additional complex processes to add new sensor nodes. B. Type SDRW Parno et al. [1] proposed a distributed clone detection scheme, in which node-to-network broadcast was used. Every node collects the IDs and locations of its neighbors, and it broadcasts them to a network. When a node receives a broadcast message from the others, it compares the others neighbors with its own. If there is a collision of IDs in distinct locations, then the corresponding node and clones are revoked. The main problem with this approach is its high communication overload in the network. Subsequently, Parno et al. [1] proposed two probabilistic detection protocols. Randomized multicast (RM) scheme distributes IDs and locations of neighboring nodes to randomly selected (witness) nodes, exploiting the birthday paradox effect 2 to find the collisions, while line-selected multicast (LSM) scheme increases the collision probability of RM by adding check points. In the LSM scheme, in addition to witness nodes, the intermediate nodes within the multicast path also can check clones. Both schemes require a relatively high cost for storage, while the communication cost of RM is similar to that of node-to-network broadcast. Conti et al. [5] proposed the randomized, efficient and distributed (RED) scheme to improve the detection ratio of RM by increasing the collision probability using a specific pseudo random function. 2 In probability theory, birthday paradox relates to the probability that in a set of randomly chosen people some pair of them will have the same birthday. For example, in a group of at least 23 randomly chosen people, there is more than 50% probability that some pairs of them were born on the same day. There are several other derivatives or improved versions of the LSM scheme, such as a distributed hash table-based scheme using a distributed hash table [6], an active detection scheme that works by receiving its neighbors IDs and locations from a randomly chosen witness node [7], a randomwalk-based detection scheme [8], a clone detection scheme collecting neighbor IDs instead of locations [9], and so forth. C. Type SDGW Zhu et al. [10] proposed two grid-based clone detection schemes, i.e., single deterministic cell (SDC) and parallel multiple probabilistic cells (P-MPC), which improve the collision probability of RM by using grid information given to each node. In SDC, the IDs and locations of the neighbors are forwarded to a single zone that is determined from one-way hash function with a node ID as input. However, in P-MPC, the pair information is forwarded to multiple zones that are determined in the same way. Then, every node checks whether or not the IDs received from the other nodes are in conflict. Although P-MPC requires a higher communication cost than SDC, it can detect clones by virtue of nodes in the other zones, even in the case where all nodes in a given zone are compromised by an adversary. We assume that a powerful adversary could compromise a whole zone as an aggressive adversary in this paper. D. Type SDGL A specific network configuration based on grid deployment is preferred for local network clone detection. A WSN configured by grid deployment can place sensor nodes in a predetermined zone and utilize their locations to detect clones. For example, if a node is detected in a zone that is far from its predetermined zone over a threshold distance, then it is suspected as a replicated node. Ho et al. [11] defined this approach as a basic approach of local network clone detection. Though the basic approach is efficient, its detection quality

4 CHO et al.: CLASSIFICATION AND EXPERIMENTAL ANALYSIS FOR CLONE DETECTION APPROACHES Fig Comparison of energy consumption between types SCRW and SDRW, where two values in parentheses denote Pd and Td, respectively. depends very much on a possible deployment error in WSNs. If a genuine node is located erroneously in a zone that is out of the threshold distance, then the basic approach may yield a detection error (a false alarm) by determining it as a clone. Thus, Ho et al. [11] proposed two more schemes, i.e., location claim approach (LCA) and multigroup approach (MGA), to reduce the detection error of the basic approach via letting the neighbors of an erroneously deployed node send out its location to the nodes in the predetermined zone in an authenticated manner. The schemes reduce detection errors significantly by checking a collision of ID in two zones. MGA improves the robustness of LCA against an aggressive adversary similarly to P-MPC. E. Type MCW Ho et al. [12] proposed a centralized detection scheme for mobile WSNs by exploiting the fact that a genuine node never moves beyond the maximum speed. Every node in WSNs collects the IDs and locations of its neighbors along with their communication times,3 and every node then transmits the collected data to the BS in an authentic way. If a node moving over the maximum speed is found, then the BS determines that the node is replicated. F. Type MDW Yu et al. [13] proposed a distributed detection scheme, called extremely efficient detection (XED), for mobile WSNs. In XED, mobile nodes exchange their IDs and random numbers when they meet each other, and they record them for further verification. If the previously exchanged random numbers match when they meet again, then they update random numbers. Otherwise, they determine their counterparts as clones. However, it is noted that XED yields detection 3 The communication time can be smoothly measured by time synchronization methods, such as [26] [31]. errors such as false positive4 and false negative5 errors due to the limited memory of sensor nodes. In our simulation experiments, as described in Fig. 6, we could observe that the detection errors of XED are relatively high. IV. Simulations of Clone Detection Schemes A. Simulation Environments and Scenarios Based on the aforementioned selection criteria, we conducted the simulation experiments on the representative clone detection schemes with regard to detection performance. For this purpose, we run the simulations in each scenario for a duration of 1000 s using a ns-2 network simulator [32]. Each node uses IEEE as a media access control protocol,6 in which the transmission range is 100 m, and the sizes of the areas covered by static WSNs and mobile WSNs are 1000 m 1000 m and 500 m 500 m, respectively. In order to determine the movement of mobile nodes, we employed the random trip mobility (RTM) model used in Ho s scheme as well. In the RTM model, each mobile node moves to a randomly chosen location with a given 4 False positive error means an error of rejecting a null hypothesis when it is actually true. For instance, consider that the detection process for node a has produced a positive result (indicating that node a must be a clone), even though node a is actually not a clone. False positive error can be viewed as an error of excessive credulity. 5 False negative error means an error of failing to reject a null hypothesis when it is not true. If clone a is determined not to be a clone, this instance is a false negative. False negative error can be viewed as an error of excessive skepticism. 6 Generally speaking, a sensor node uses one of medium access control protocols released in IEEE Standard supporting a low duty cycle, within a small fraction of time that a sensor node is in an active state. Nevertheless, the reason that we employed IEEE is that we did not get reliable results in using IEEE because unsynchronized communications between nodes had a big impact on our simulation results. In fact, we could hardly get meaningful results when using IEEE Moreover, in IEEE Standard, synchronization between nodes is still one of the most challenging issues. For these reasons, we used IEEE in order to assure that synchronization between nodes does not have any big impact on our simulation results.

5 30 IEEE SYSTEMS JOURNAL, VOL. 7, NO. 1, MARCH 2013 Simulation Parameters Simulation time Field size for static and mobile WSNs Velocity of a mobile node Radio range Initial energy for static and mobile nodes Performance Metrics Total consumed energy (E d ) a Clone detection ratio (P d ) Completion time (T d ) b False positive/negative errors TABLE I Simulation Parameters and Performance Metrics Values 1000 s 1000 m 1000 m and 500 m 500 m, respectively 1 20 m/s 100 m 10 3 and 10 5 mj, respectively Description The sum of communication and computation costs consumed by all nodes to detect a clone. The ratio of successful detection times divided by the total number of simulation experiments. The simulation time to the moment when a clone is first detected. We note that the completion time is used only for relative comparison purposes since it is simulation time. Two major detection errors measured in mobile WSNs. Specifically, frequent changes of mobile nodes may cause high detection errors, which may deteriorate the quality of clone detection schemes due to costly false detection with regard to the high clone detection ratio. a All energy-related parameters are defined based on [33] and those parameters were used in our simulation experiments. Wander et al. [33] calculated the communication cost of transmission/reception and the computation cost of cryptographic algorithms, such as elliptic curve digital signature algorithm (ECDSA) and secure hash algorithm (SHA)-1, on the Atmel ATmega128 processor of Mica2dot. In [33], it was found that energy costs required for signing and verifying through ECDSA-160 are mj and mj, respectively. The energy cost required for computing SHA-1 is mj/b. In addition, the energy costs required for transmitting and receiving 1 B are mj and mj, respectively. In our simulations, we also selected ECDSA-160 for digital signature algorithm and SHA-1 for one-way hash function and random number generator. b As the computation time of cryptographic algorithms used in each scheme affects the completion time, we consider the computation time based on [34] and [35]. In our simulations, we selected ECDSA-160 for the digital signature algorithm and SHA-1 for the hash function and random number generator. In [35], the computation times of signature and verification of ECDSA-160 on an Atmel Atmega128 processor are s and s, respectively, and in [34] a 160-bit SHA1 hash function evaluation on the same processor took only s, which is much less than that of signing and verifying of ECDSA-160, as widely known. If no clone is detected during the simulation time, then the completion time will be 1000 s, that is, the maximum simulation time. speed between a minimum speed (1 m/s) and a maximum speed (20 m/s), and each mobile node then moves to another randomly chosen location. This random movement process is repeated throughout the entire simulation period. To test the detection schemes under the same simulation environments as used in [1] and [12], we focused on detecting single node replications (two clones reproduced from a single genuine node) and then calculated the average of simulation results through more than 100 simulation experiments, which were collected and analyzed based on our performance metrics. Simulation parameters and the performance metrics are summarized in Table I. B. Simulation Results To compare the clone detection schemes classified by the selection criteria as shown in Fig. 1, we measure their E d, P d, and T d, and then depict them in Figs. 2 5, in which the x-axes describe the number of nodes in the network and the y-axes give E d. Moreover, both values in parentheses give P d and T d, respectively. On the other hand, Fig. 6 depicts the false positive ratio and false negative ratio, respectively, of mobile clone detection schemes. 1) SCRW Versus SDRW: Fig. 2 illustrates the simulation results for a centralized detection scheme (i.e., BS-based scheme [1]) and three distributed detection schemes (i.e., RM [1], LSM [1], and RED [5]), to conduct the whole network detection in static WSNs constructed by random uniform deployment. In Fig. 2, it is shown that the total consumed energy of RM is the highest amongst the four schemes, while that of the BS-based scheme is the lowest. Taking into account the fact that the four schemes use the same cryptographic algorithms and their clone detection ratios are similar, we can easily learn that the difference of the total energy consumption amongst the different schemes is related closely to their completion time, e.g., RM spending the longest completion time on detecting a clone requires a higher energy cost than the others. Namely, the shorter completion time a clone detection scheme requires, the more energy it can save. Although the BS-based scheme looks more efficient than the other distributed schemes, if considering the shortcomings with a centralized detection scheme, such as a single point of failure [1], we cannot assure that the BS-based scheme is the most efficient. Besides, in our simulations, we overlooked one fact to simplify the comparisons; that is, the BS was assigned a large amount of tasks (e.g., monitoring networks, collecting sensing information from all other nodes, synchronizing a clock, and so on) than normal sensors, such that BS s wireless channel is much busier than those for normal sensors. The channel occupation will induce communication latency and packet losses, finally degrading the original capability of a BS-based scheme. 2) MCW Versus MDW: Fig. 3 illustrates the simulation results for a centralized detection scheme (Ho s scheme [12]) and a distributed detection scheme (XED [13]), to conduct the whole network detection in mobile WSNs. Compared with Fig. 2, Fig. 3 offers several interesting characteristic features. First, as shown in Fig. 2 a centralized scheme, or a BS-based scheme, needs less energy than the other distributed schemes, while as shown in Fig. 3 another centralized scheme, Ho s scheme, needs more energy than a distributed scheme, XED, due to the big difference of computational costs. In general, the computation cost of a digital signature used in

6 CHO et al.: CLASSIFICATION AND EXPERIMENTAL ANALYSIS FOR CLONE DETECTION APPROACHES Fig. 3. Comparison of energy consumption in types MCW and MDW, where two values in parentheses imply Pd and Td, respectively. Fig. 4. Comparison of energy consumption between types SDRW and SDGW, where two values in parentheses imply Pd and Td, respectively. Ho s scheme is 1000 times more than that of a pseudorandom generator used in XED. Second, the clone detection ratios in Fig. 2 tend to be nearly constant independently of the number of nodes, while those of schemes shown in Fig. 3 tend to decrease as the number of nodes increases. Frequent changes of node location in mobile WSNs bring in additional packet overhead caused by frequent routing updates, resulting in packet losses and a drop of the clone detection ratio. Third, the clone detection ratio of Ho s scheme decreases slowly on the x-axes, while that of XED decreases suddenly from 80 nodes due to high detection errors, false positive errors and false negative errors, of XED. In XED, for example, node A saves the ID and random number received from neighbor node B. If the memory of A is full, then the oldest record for another node, for example, C, will be replaced by the new record of B. Afterward, if A meets C again, then C may be suspected as a clone because the record of C does not exist in its memory. This may result in a high false positive error, as 31 shown in Fig. 6. False negative errors occur when a clone is not determined as a replicated node although the clone already joined the clone detection process more than once. Similar to the false positive errors, XED generates higher false negative errors than Ho s scheme in most cases as shown in Fig. 6. Imagine that node A and node A are clones of node A. After node B meets A and then saves in its memory an ID and random number received from neighbor A, it continually meets the other nodes and finally the record of A is removed due to its limited memory. After that, if B meets A, although it already met A with the same ID as A, B recognizes A as a new node. That is, B does not recognize A as a clone. This progress results in increasing false negative errors. Overall as indicated in Figs. 3 and 6, we can observe that the false negative errors of XED and Ho s scheme have a strong negative impact on their clone detection ratios. 3) SDRW Versus SDGW: Fig. 4 shows the simulation results to compare the random uniform deployment schemes (LSM [1] and RM [1]) and the grid deployment schemes

7 32 Fig. 5. IEEE SYSTEMS JOURNAL, VOL. 7, NO. 1, MARCH 2013 Comparison of energy consumption between types SDGW and SDGL, where two values in parentheses imply Pd and Td, respectively. (SDC [10] and P-MPC [10]), to conduct distributed and whole network detection in static WSNs. Amongst the four schemes shown in Fig. 4, RM is inefficient in terms of energy cost, while LSM and SDC are similarly efficient. The energy cost of P-MPC, which resides between those aforementioned schemes, is notable since SDC does not consider security functions. Zhu et al. [10] claimed that SDC produces a higher clone detection ratio and lower communication cost than LSM on irregular network topologies with variant shapes such as H, S, and Cross. In our simulation experiments using the grid deployment, however, there is no big difference between SDC and LSM. If SDC had been designed to make a full use of grid deployment, then it could have been better than LSM. The way to make a full use of grid deployment will be introduced in Section IV-B4. 4) SDGW Versus SDGL: Fig. 5 illustrates the simulation results for comparing the whole detection (SDC [10] and P-MPC [10]) and the local detection (LCA [11] and MGA [11]) within the scope of distributed detection in a static WSN, which was constructed by grid deployment. Since P-MPC and MGA were designed to be resistant against aggressive adversary, the energy consumption of the two schemes is conspicuously higher than those of SDC and LCA. Unlike SDC and P-MPC, LCA and MGA can make a full use of grid deployment by conducting local detection, allowing LCA and MGA to detect clones more economically and faster than SDC and P-MPC. V. Discussions We have simulated several representative clone detection schemes and evaluated them with the following performance metrics, i.e., total consumed energy, clone detection ratio, completion time, false positive error, and false negative error. In this section, we will briefly discuss how to design effective clone detection schemes in static and mobile WSNs. As mentioned in [1], the centralized approaches may create a single-point of failure. Compromising the central node or an associated communication channel will significantly degrade the whole network performance. Furthermore, the sensor nodes closest to the central node may have more routing loads than the others, and thus they would be more appealing to an adversary. In many cases, a distributed and balanced detection scheme is more desirable. From Figs. 2, 4, and 5, we can know that a local network detection scheme, LCA, is the most effective clone detection scheme amongst the all existing distributed schemes for static WSNs. Even with an aggressive adversary, MGA conducting the local network detection is more energy-efficient than P-MPC in a large-scale network. To design a local network detection scheme, however, there are two essential requirements. The first requirement is the grid deployment. When numerous sensors are deployed, the grid deployment may be more reasonable than the random uniform deployment. As it is difficult to deploy numerous sensors at one time, it is more practical to deploy sensors at several distinct times. A simple way to deploy a series of sensors would be to keep the groups of nodes marked with the group IDs and to use a marked map with the group IDs on it. The group ID can be a zone ID. All it needs is a map of the given field and a way to predetermine the deployment points, such as assigning a point on a grid to each group. This assertion is considerably supported by the fact that the grid deployment strategy has been used for various applications in WSNs, such as key distribution [36], [37], anomaly detection in localization [38], and public key authentication [39]. Moreover, some researchers showed that the grid deployment requires less density of nodes than the random deployment does, for achieving the same level of coverage. The second requirement is to verify the zone IDs received from its neighbors. If the zone IDs are fabricated, then the local detection schemes will be useless. However, the zone ID fabrication can be easily prevented by using a zone-based key scheme, such as the one reported in [40] [42], with zone ID as an input. The specific research on zone ID authentication can be one of the notable challenges in the clone detection research of WSNs.

8 CHO et al.: CLASSIFICATION AND EXPERIMENTAL ANALYSIS FOR CLONE DETECTION APPROACHES 33 Fig. 6. False positive error and false negative error ratios. For distributed detection in mobile WSNs, as far as we know, there is only XED, which experiences performance degradation due to the restriction of memory in sensor nodes, as depicted in Figs. 3 and 6. One of the solutions addressing this problem is that neighboring nodes with which each node can exchange information are restricted to predefined nodes. Although this approach may require a longer completion time than XED, this solution will lessen the sensor s load and largely reduce false positive errors and false negative errors. A study on the clone detection schemes in mobile WSNs is as important as that in static WSNs. If we are more interested in studying the clone detection in mobile WSNs, then it will not be difficult to design more effective clone detection schemes in mobile WSNs. The explosive growth of interest and actual deployment of WSNs will make various applications possible in the near future, but obviously security concerns still remain. It is challenging to consider security functions and mechanisms for WSNs due to the resource constraints of tiny sensor nodes. Above all, sensor nodes deployed in unattended and hostile environments are vulnerable to physical capture attacks. After such a compromise, an adversary could replicate them for clone attacks. In the case that clones are left undetected, the adversary will compromise an entire network very easily, resulting in various kinds of malicious attacks. For example, using clones, an adversary can overhear communications widely inside networks, and the adversary can corrupt data aggregation and routing by injecting false data. Thus, clone detection schemes are necessary for enabling clones to be detected and removed. VI. Conclusion In this paper, we surveyed most existing clone detection schemes in WSNs, starting with the adversary model and the classification criteria of clone detection. After that, we demonstrated our simulation results for the clone detection schemes representing different classification criteria. Then, we discussed how to construct the most effective clone detection scheme in WSNs. Although the discussions on clone detection schemes certainly need more restriction such as zone-based network in static WSNs, the results are reasonable and can guide us to choose proper schemes to achieve considerable energy savings (e.g., LCA can save energy by up to 94.44% and 75.55% as compared to RM and LSM in our simulation results, respectively). Such energy savings are highly desirable and often required in many ad hoc sensor network applications, such as monitoring emergency disaster notification data. Unlike static WSNs, in mobile WSNs, there are a few clone detection schemes that produce high detection errors shown in our simulation results. The problems can be addressed by using a more sophisticated approach. The advancement of sensor hardware is continuously extending the scope of applications of static WSNs, as well as mobile WSNs, further strengthening the power of an adversary, which can launch more powerful attacks using the improved devices. Thus, we should study various strategies taken by adversaries to find more effective countermeasures against them. This can be explored in our future work. References [1] B. Parno, A. Perrig, and V. Gligor, Distributed detection of node replication attacks in sensor networks, in Proc. IEEE Symp. Security Privacy, May 2005, pp [2] R. Brooks, P. Y. Govindaraju, M. Pirretti, N. Vijaykrishnan, and M. T. Kandemir, On the detection of clones in sensor networks using random key predistribution, IEEE Trans. Syst. Man Cybern., vol. 37, no. 6, pp , Nov [3] H. Choi, S. Zhu, and T. F. L. Porta, SET: Detecting node clones in sensor networks, in Proc. Security Privacy Commun. Netw. Workshops, 2007, pp [4] K. Xing, F. Liu, X. Cheng, and D. H. C. Du, Real-time detection of clone attacks in wireless sensor networks, in Proc. ICDCS, 2008, pp. 3 10, [5] M. Conti, R. Pietro, L. V. Mancini, and A. Mei, A randomized, efficient, and distributed protocol for the detection of node replication attacks in wireless sensor networks, in Proc. ACM Int. Symp. Mobile Ad Hoc Netw. Comput., 2007, pp [6] Z. Li and G. Gong, DHT-based detection of node clone in wireless sensor networks, in Proc. 1st Int. Conf. Ad Hoc Netw., 2009, pp [7] C. A. Melchor, B. Ait-Salem, P. Gaborit, and K. Tamine, Active detection of node replication attacks, Int. J. Comput. Sci. Netw. Security, vol. 9, no. 2, pp , Feb

9 34 IEEE SYSTEMS JOURNAL, VOL. 7, NO. 1, MARCH 2013 [8] Y. Zeng, J. Cao, S. Zhang, S. Guo, and L. Xie, Random-walk based approach to detect clone attacks in wireless sensor networks, IEEE J. Sel. Areas Commun., vol. 28, no. 5, pp , Jun [9] Z. Li and G. Gong, Randomly directed exploration: An efficient node clone detection protocol in wireless sensor networks, in Proc. IEEE Int. Conf. Mobile Adhoc Sensor Syst., Oct. 2009, pp [10] B. Zhu, S. Setia, S. Jajodia, S. Roy, and L. Wang, Localized multicast: Efficient and distributed replica detection in large-scale sensor networks, IEEE Trans. Mobile Comput., vol. 9, no. 7, pp , Jul [11] J. W. Ho, D. Liu, M. Wright, and S. K. Das, Distributed detection of replica node attacks with group deployment knowledge in wireless sensor networks, Ad Hoc Netw., vol. 7, no. 8, pp , Nov [12] J. W. Ho, M. Wright, and S. K. Das, Fast detection of replica node attacks in mobile sensor networks using sequential analysis, in Proc. IEEE Int. Conf. Comput. Commun., Apr. 2009, pp [13] C. M. Yu, C. S. Lu, and S. Y. Kuo, Mobile sensor network resilient against node replication attacks, in Proc. IEEE Commun. Soc. Conf. Sensor Mesh Ad Hoc Commun. Netw., Jun. 2008, pp [14] L. Zhang, Y. Hu, and Q. Wu, Identity-based threshold broadcast encryption in the standard model, KSII Trans. Internet Inform. Syst., vol. 4, no. 3, pp , Jun [15] A. Mohaisen, J. W. Choi, and D. Hong, On the insecurity of asymmetric key-based architecture in wireless sensor networks, KSII Trans. Internet Inform. Syst., vol. 3, no. 4, pp , [16] T. Shon and Y. Park, A hybrid adaptive security framework for IEEE based wireless sensor networks, KSII Trans. Internet Inform. Syst., vol. 3, no. 6, pp , Dec [17] A. Mohaisen, D. Nyang, and T. AbuHmed, Two-level key pool design-based random key pre-distribution in wireless sensor networks, KSII Trans. Internet Inform. Syst., vol. 2, no. 5, pp , [18] M. M. Haque, A. K. Pathan, C. S. Hong, and E. Huh, An asymmetric key-based security architecture for wireless sensor networks, KSII Trans. Internet Inform. Syst., vol. 2, no. 5, pp , Oct [19] A. Seshadri, M. Luk, and A. Perrig, SAKE: Software attestation for key establishment in sensor networks, in Proc. Distributed Comput. Sensor Syst., 2008, pp [20] P. Zhang and M. Martonosi, LOCALE: Collaborative localization estimation for sparse mobile sensor networks, in Proc. 7th Int. Conf. IPSN, 2008, pp [21] Z. Su, F. Shang, and R. Wang, A wireless sensor network location algorithm based on simulated annealing, in Proc. Int. Conf. Biomed. Eng. Inform., 2009, pp [22] M. Kadkhoda, M. Totounchi, M. H. Yaghmaee, and Z. Davarzani, A probabilistic fuzzy approach for sensor location estimation in wireless sensor networks, in Proc. IEEE Int. Conf. Fuzzy Syst., Jul. 2010, pp [23] X. Zhou, H. Shi, and W. Shang, The evaluation method of sensor location for transmission fault diagnosis, in Proc. IEEE Youth Conf. Inform. Comput. Telecommun., Nov. 2010, pp [24] C. Y. Chow, M. F. Mokbel, and T. He, A privacy-preserving location monitoring system for wireless sensor networks, IEEE Trans. Mobile Comput., vol. 10, no. 1, pp , Jan [25] A. Gupta, S. Tapaswi, and V. Jain, Recurrent grid based voting approach for location estimation in wireless sensor networks symposia and workshops on ubiquitous, in Proc. UIC-ATC, vol , pp [26] S. Ganeriwal, C. Popper, S. Capkun, and M. B. Srivastava, Secure time synchronization in sensor networks, ACM Trans. Inform. Syst. Security, vol. 11, no. 4, p. 23, [27] X. Du, M. Guizani, Y. Xiao, and H. H. Chen, Secure and efficient time synchronization in heterogeneous sensor networks, IEEE Trans. Vehic. Technol., vol. 57, no. 4, pp , Jul [28] L. Ma, H. Zhu, G. Nallamothu, B. Ryu, and Z. Zhang, Impact of linear regression on time synchronization accuracy and energy consumption for wireless sensor networks, in Proc. IEEE MILCOM, Nov. 2008, pp [29] D. Jiadong, G. Lichen, and Z. Chunxiang, Research and application on time synchronization of wireless sensor network based on information fusion, in Proc. ICCET, vol. 3. Apr. 2010, pp. V3-75 V3-77. [30] X. Z. Tian, Y. G. Miao, W. Xu, B. J. Fan, and J. Pan, Research on time synchronization for wireless sensor networks based on Bayesian estimation Asia-Pacific, in Proc. Conf. Wearable Comput. Syst., 2010, pp [31] L. Gheorghe, R. Rughinis, and N. Tapus, Fault-tolerant flooding time synchronization protocol for wireless sensor networks, in Proc. ICNS, 2010, pp [32] The Network Simulator, ns-2 [Online]. Available: edu/nsnam/ns [33] A. S. Wander, N. Gura, H. Eberle, V. Gupta, and S. C. Shantz, Energy analysis of public-key cryptography for wireless sensor networks, in Proc. IEEE Int. Conf. Pervasive Comput. Commun., Mar. 2005, pp [34] P. Ganesan, R. Venugopalan, P. Peddabachagari, A. Dean, F. Mueller, and M. Sichitiu, Analyzing and modeling encryption overhead for sensor network nodes, in Proc. 2nd ACM Int. Conf. Wirel. Sensor Netw. Applicat., 2003, pp [35] A. Liu and P. Ning, TinyECC: A configurable library for elliptic curve cryptography in wireless sensor networks, in Proc. IPSN, Apr. 2008, pp [36] W. Du, J. Deng, Y. S. Han, S. Chen, and P. Varshney, A key management scheme for wireless sensor networks using deployment knowledge, in Proc. IEEE Int. Conf. Comput. Commun., Mar. 2004, pp [37] D. Liu, P. Ning, and W. Du, Group-based key pre-distribution in wireless sensor networks, in Proc. ACM Workshop Wirel. Security, 2005, pp [38] W. Du, L. Fang, and P. Ning, LAD: Localization anomaly detection for wireless sensor networks, in Proc. IEEE IPDPS, Apr. 2005, p. 41a. [39] W. Du, R. Wang, and P. Ning, An efficient scheme for authenticating public keys in sensor networks, in Proc. ACM Int. Symp. Mobile Ad Hoc Netw. Comput., 2005, pp [40] H. Chan and A. Perrig, PIKE: Peer intermediaries for key establishment in sensor networks, in Proc. IEEE Int. Conf. Comput. Commun., Mar. 2005, pp [41] A. Mohaisen, D. H. Nyang, Y. J. Maeng, K. H. Lee, and D. Hong, Grid-based key pre-distribution in wireless sensor networks, KSII Trans. Internet Inform. Syst., vol. 3, no. 2, pp , [42] Y. Zhou and Y. Fang, A two-layer key establishment scheme for wireless sensor networks, IEEE Trans. Mobile Comput., vol. 6, no. 9, pp , Sep Kwantae Cho received the B.S. degree in computer science and the M.S. degree in information security from Korea University, Seoul, Korea, in 2005 and 2008, respectively. He is currently pursuing the Ph.D. degree in information security with the Graduate School of Information Security, Korea University. His current research interests include protocol design and analysis for security and privacy in ad hoc networks, such as wireless sensor networks and vehicular ad hoc networks. Minho Jo (M 07) received the B.S. degree in industrial engineering from Chosun University, Gwangju, Korea, and the Ph.D. degree in computer networks from the Department of Industrial and Systems Engineering, Lehigh University, Bethlehem, PA, in He was a Staff Researcher with Samsung Electronics, Seoul, Korea, and was a Professor with the School of Ubiquitous Computing and Systems, Sejong Cyber University, Seoul. He is currently a Brain Korea Professor with the College of Information and Communications, Korea University, Seoul. He is the Executive Director of the Korean Society for Internet Information (KSII) and the Board of Trustees of the Institute of Electronics Engineers of Korea. His current research interests include cognitive radio, wireless sensor networks, radio frequency identification, wireless mesh networks, network security, wireless body area networks, and mobile computing. Dr. Jo is the Founding Editor-in-Chief and the Chair of the Steering Committee of the KSII Transactions on Internet and Information Systems. He serves as an Editor of IEEE Network. He is an Editor of the Journal of Wireless Communications and Mobile Computing and is an Associate Editor of the Journal of Security and Communication Networks (Wiley). He serves as an Associate Editor of the Journal of Computer Systems, Networks, and Communications (Hindawi). He served as the Chairman of the IEEE/ACM WiMax/WiBro Services and QoS Management Symposium, IWCMC, in He was the TPC Chair of the IEEE Vehicular Technology Conference in He is the General Chair of the International Ubiquitous Conference and the Co-Chair of the International Conference on Ubiquitous Convergence Technology. He was in the technical program committees of the IEEE ICC 2008, 2009, IEEE GLOBECOM 2008, 2009, and was the TPC Chair of the CHINACOM 2009 Network and Information Security Symposium.

10 CHO et al.: CLASSIFICATION AND EXPERIMENTAL ANALYSIS FOR CLONE DETECTION APPROACHES 35 Taekyoung Kwon received the B.S., M.S., and Ph.D. degrees in computer science from Yonsei University, Seoul, Korea, in 1992, 1995, and 1999, respectively. He was a Post-Doctoral Research Fellow with the University of California, Berkeley, from 1999 to 2000, and developed a cryptographic protocol, which was later standardized by IEEE P and ISO/IEC JTC1 SC In 2001, he joined the Department of Computer Engineering, Sejong University, Seoul, where he is currently an Associate Professor. His current research interests include information security and privacy, applied cryptography, network protocols, and human computer interaction. Dong Hoon Lee (M 06) received the B.S. degree from the Department of Economics, Korea University, Seoul, Korea, in 1985, and the M.S. and Ph.D. degrees in computer science from the University of Oklahoma, Norman, in 1988 and 1992, respectively. Currently, he is a Professor and the Vice Director of the Graduate School of Information Security, Korea University. Since 1993, he has been with the Faculty of Computer Science and Information Security, Korea University. Since 2004, he has been the President of the Ubiquitous Information Security Organization, Seoul, which has been supported by the BK21 Project in Korea. His current research interests include the design and analysis of cryptographic protocols in key agreement, encryption, signatures, embedded device security, and privacy-enhancing technology. Hsiao-Hwa Chen (S 89 M 91 SM 00 F 10) received the B.Sc. and M.Sc. degrees from Zhejiang University, Hangzhou, China, and the Ph.D. degree from the University of Oulu, Oulu, Finland, in 1982, 1985, and 1991, respectively. He is currently a Distinguished Professor with the Department of Engineering Science, National Cheng Kung University, Tainan, Taiwan. He has authored or co-authored over 400 technical papers in major international journals and conferences, six books, and more than ten book chapters in the areas of communications. Dr. Chen has served as the General Chair, the TPC Chair, and the Symposium Chair for many international conferences. He has served or is serving as an Editor or/and a Guest Editor for numerous technical journals. He is the Founding Editor-in-Chief of Wiley s Security and Communication Networks Journal. He received the Best Paper Award in IEEE WCNC 2008 and the IEEE Radio Communications Committee Outstanding Service Award in He is a Fellow of IET and BCS.