EFFICIENT CLONE NODE DETECTION AND ELIMINATION IN WIRELESS SENSOR NETWORKS V.Lincy Shobika PG research scholar Department of Computer Science S.N.R Sons College,CBE-06 lincyshobika@gmail.com Dr.N.Sumathi Associate Professor Department of Computer Science S.N.R Sons College,CBE-06 Sumathikari73@gmail.com ABSTRACT In the Wireless sensor networks are vulnerable to the node clone, and several protocols have been proposed to detect this attack. So sensor networks are required too strong assumptions to be practical for large-scale, deployed sensor networks. We use two novel node clone detection protocols with different tradeoffs on network conditions and performance. The first one is based on a distributed hash table (DHT) in which Chord algorithm is used to detect the cloned node, every node is assigned with the key, before transmits the data nodes has to give its key which would be verified by the witness node. If same key is given by another Node then the witness node identifies the duplicated Node. The second one is based on the Distributed Detection Protocol which is same as Distributed Hash Table (DHT), but it is easy and cheaper implementation. Every node only needs to know the neighbor-list containing all neighbor IDs and its locations. In the proposed work, we are implementing RDE protocol, by location based nodes identification, where every region/location will have a group leader. The leader will generate a random number with time stamp to the available nodes in that location. Witness nodes verify the random number and time stamp to detect the duplicated node. The user messages are also encrypted for security purpose. Keywords DHT, Cloned Nodes, adversary s, Wireless Networks. 1. INTRODUCTION A wireless sensor network is a collection of nodes organized into a cooperative network. Each node consists of processing capability may contain multiple types of memory, have a Radio Frequency transceiver have a power source, and accommodate various sensors and actuators. Nodes communicate wirelessly and often self-organize after being deployed in an ad hoc fashion. Systems of 1000s nodes are anticipated; such systems can revolutionize the way we live and work. Currently, wireless sensor networks are beginning to be deployed at an accelerated pace. It is not unreasonable to expect that in 10-15 years that the world will be covered with wireless sensor networks with access to them via the Internet. This new technology is exciting with unlimited potential for numerous application areas including military, transportation, entertainment, crisis management, environmental, medical, homeland defense, and smart spaces. Wireless sensor networks gained a great deal of attention in the past decade due to their wide range of application areas and formidable design challenges. Wireless sensor networks consist of hundreds and thousands of low-cost, resource-constrained, distributed sensor nodes, which usually scatter in the surveillance area randomly, working without attendance. The operation environment is hostile, security mechanisms against adversaries should be taken into consideration. Among many physical attacks to sensor networks, the duplicate node is a serious and dangerous one. Because of production expense limitation, nodes are generally short of tamper-resistance hardware components; thus, 50
an adversary can capture a few nodes, extract code and al secret credentials, and use those materials to clone many nodes out of off-the-shelf sensor hardware. Those duplicated nodes that seem legitimate can freely join the sensor network and then significantly enlarge the adversary s capacities to manipulate the network maliciously. For example, those victim nodes occupy strategic positions and cooperatively corrupt the collected information. A large number of duplicated nodes under command, the adversary may even gain control of the whole network. Furthermore, the node duplication will exacerbate most of inside attacks against sensor networks. In this paper, we present two novel, practical duplication detection protocols with different tradeoffs on network conditions and performance. 2. RELATED WORKS The basic challenge for any distributed protocol for detecting node replicas is to minimize communication and per node memory costs while ensuring that the adversary cannot defeat the protocol. A protocol that deterministically maps a node s ID to a unique witness node would minimize communication costs and memory requirements per node, but would not offer much security because the adversary would need to compromise just a single witness node in order to be able to introduce a replica without detection. Unfortunately, sensor nodes typically employ low-cost commodity hardware components unprotected by the type of physical shielding that could preclude access to a sensor s memory, processing, sensing and communication components. Cost considerations make it impractical to use shielding that could detect pressure, voltage, and temperature changes that an adversary might use to access a sensor s internal state. Deploying unshielded sensor nodes in hostile environments enables an adversary to capture, replicate, and insert 51 duplicated nodes at chosen network locations with little effort. Thus, if the adversary compromises even a single node, she can replicate it indefinitely, spreading her influence throughout the network. If left undetected, node replication leaves any network vulnerable to a large class of insidious attacks. Using replicated nodes, the adversary can subvert data aggregation protocols by injecting false data or suppressing legitimate data. Further, blame for abnormal behavior can now be spread across the replicas, reducing the likelihood that any one node exceeds the detection threshold. Even more insidiously, node replicas placed at judiciously chosen locations can revoke legitimate nodes and disconnect the network by triggering correct execution of node-revocation protocols that rely on threshold voting schemes. Previous approaches for detecting node replication typically rely on centralized monitoring, since localized voting systems cannot detect distributed replication. A. Sensor Network Environments A sensor network typically consists of hundreds, or even thousands, of small, low-cost nodes distributed over a wide area. The nodes are expected to function in an unsupervised fashion even if new nodes are added, or old nodes disappear. While some networks include a central location for data collection, many operate in an entirely distributed manner, allowing the operators to retrieve aggregated data from any of the nodes in the network. Furthermore, data collection may only occur at irregular intervals. For example, many military applications strive to avoid any centralized and fixed points of failure. Instead, data is collected by mobile units that access the sensor network at unpredictable locations and utilize the first sensor node they encounter as a conduit for the information accumulated by the network. Since these networks often operate in an unsupervised fashion for long periods of time, we would like to detect a node replication attack
soon after it occurs. If we wait until the next data collection cycle, the adversary has time to use its presence in the network to corrupt data, decommission legitimate nodes, or otherwise subvert the network s intended purpose. Thus far, protocols for detecting node replication have relied on a trusted base station to provide global detection. For the sake of completeness, we also discuss the use of localized voting mechanisms. We consider these protocols in the abstract; for specific examples of previous protocols. Until now, it was generally believed that these two alternatives exhausted the space of possibilities. This paper expands the design space to offer new alternatives with strong security and efficiency characteristics. B. Centralized Detection The most straightforward detection scheme requires each node to send a list of its neighbors and their claimed locations to the base station. The base station can then examine every neighbor list to look for replicated nodes. If it discovers one or more replicas, it can revoke the replicated nodes by flooding the network with an authenticated revocation message. C. Local Detection To avoid relying on a central base station, we could instead rely on a node s neighbors to perform replication detection. Using a voting mechanism, the neighbors can reach a consensus on the legitimacy of a given node. Unfortunately, while achieving detection in a distributed fashion, this method fails to detect distributed node replication in disjoint neighborhoods within the network. As long as the replicated nodes are at least two hops away from each other, a purely local approach cannot succeed. 3. PROPOSED WORK We use two novels in node clone detection and elimination protocols with different tradeoffs on network conditions and performance. The first one is based on a distributed hash table (DHT) which is implemented by Chord algorithm; every node is assigned with the unique key before it transmits the data it has to give its key which would be verified by the witness node. If same key is given by another Node then the witness node identifies the cloned Node. The second one is based on the Distributed Detection Protocol which is same as DHT, but it is easy and cheaper implementation. Here every node only needs to know the neighbor-list containing all neighbor IDs and its locations. So that can detect node clone with high security level and holds strong resistance against adversary s attacks. The straightforward node-to-network broadcasting is a quite practical way to distributively detect the node clone, in which every node collects all of its neighbor s identities along with their locations and broadcasts to the network. The main problem in this approach is its extremely high communication overhead. Key-based caching and checking system is constructed to catch cloned nodes. To detect and eliminate the Clone Attacks in Wireless Sensor Networks. Cloning detection ensures that the number of attack edges is independent of the number of Cloning identities and is limited by the number of trust relation pairs between malicious users and honest users. Cloning detection observes that if malicious users create too many Cloning identities. Trusted central authority Limited by the number of trust relation pairs Prevention of Cloning 52
message s key. Messages with a same key will be stored in one destination node. Those facts build the foundation for our first detection protocol. Fig.1.Shows detected clone node in WSNs. Fig.2 shows the eliminated clone node in WSNs. Fig.1.Clone node detection Fig.2.Clone node elimination A. DHT-BASED DETECTION PROTOCOL The principle of our first distributed detection protocol is to make use of the DHT mechanism to form a decentralized caching and checking system that can effectively detect cloned nodes. Essentially, DHT enables sensor nodes to distributively construct an overlay network upon a physical sensor network and provides an efficient key-based routing within the overlay network. A message associated with a key will be transmitted through the overlay network to reach a destination node that is solely determined by the key; the source node does not need to specify or know which node a message s destination is the DHT key-based routing takes care of transportation details by the 53 As a beginning of a round of DHT-based clone detection, the initiator broadcasts the action message including a random seed. Then, every observer constructs a claiming message for each neighbor node, which is referred to as an examinee of the observer and the message, and sends the message with probability independently. The introduction of the claiming probability is intended to reduce the communication overwork in case of a high-node-degree network. In the protocol, a message s DHT key that determines its routing and destination is the hash value of concatenation of the seed and the examinee ID. By means of the DHT mechanism, a claiming message will eventually be transmitted to a deterministic destination node, which will cache the ID-location pair and check for duplicate node detection, acting as an inspector. In addition, some intermediate nodes also behave as inspectors to improve resilience against the adversary in an efficient way. CHORD There are several different types of DHT proposals to implement the DHT protocol, such as CAN, Chord, and Pastry. Chord is widely used, and we choose Chord as a DHT implementation to demonstrate our protocol. However, our protocol can easily migrate to build upon Pastry and present similar security and performance results. The technical core of Chord is to form a massive virtual ring in which every node is located at one point, owning a segment of the periphery. To achieve pseudo-randomness on output, a hash function is used to map an arbitrary input into a -bit space, which can be conceived as a ring. Each node is assigned with a
Chord coordinate upon joining the network. Practically for our protocol, a node s Chord point s coordinate is the hash value of the node s MAC address. Nodes divide the ring into segments by their Chord points. Likewise, the key of a record is the result of the hash function. Every node is responsible for one segment that ends at the node s Chord point, and all records whose keys fall into that segment will be transmitted to and stored in that node. CONCLUSION Sensor nodes lack tamper-resistant hardware and are subject to the node duplication attack. In this proposed work we present two distributed detection protocols: One is based on a distributed hash table, which forms a Chord network and provides the keybased routing, and checking facilities for duplicated node detection, and the other uses probabilistic directed technique to achieve efficient communication overhead for satisfactory detection probability. The randomly directed exploration presents outstanding communication performance and minimal storage consumption for dense sensor networks. Moreover, the proposed approach, the probability of detecting node duplication is much higher than that achieved in previous distributed protocols. However this protocol detects and eliminates the clone node efficiently than the previous proposed protocols. REFERENCES [1] B. Parno, A. Perrig, and V. Gligor, Distributed detection of node replication attacks in sensor networks, in Proc. IEEE Symp. Security Privacy, 2005, pp. 49 63. [2] B. Zhu, V. G. K. Addada, S. Setia, S. Jajodia, and S. Roy, Efficient distributed detection of node replication attacks in sensor networks, in Proc. 23rd ACSAC, 2007, pp. 257 267. [3] H. Balakrishnan, M. F. Kaashoek, D. Karger, R. Morris, and I. Stoica, Looking up data in P2P systems, Commun. ACM, vol. 46, no. 2, pp. 43 48, 2003. [4] H. Choi, S. Zhu, and T. F. La Porta, SET: Detecting node clones in sensor networks, in Proc. 3rd SecureComm, 2007, pp. 341 350. [5] L. Eschenauer and V. D. Gligor, A keymanagement scheme for distributed sensor networks, in Proc. 9th ACM Conf. Comput. Commun. Security, Washington, DC, 2002, pp. 41 47. [6] M. Conti, R. D. Pietro, L. V. Mancini, and A. Mei, A randomized, efficient, and distributed protocol for the detection of node replication attacks inwireless sensor networks, in Proc. 8thACMMobiHoc,Montreal, QC, Canada, 2007, pp. 80 89. [7] R. Brooks, P. Y. Govindaraju, M. Pirretti, N. Vijaykrishnan, and M. T. Kandemir, On the detection of clones in sensor networks using random key predistribution, IEEE Trans. Syst.s, Man, Cybern. C, Appl. Rev., vol. 37, no. 6, pp. 1246 1258, Nov. 2007. [8] S. Zhu, S. Setia, and S. Jajodia, LEAP: Efficient security mechanisms for large-scale distributed sensor networks, in Proc. 10th ACM CCS, Washington, DC, 2003, pp. 62 72. [9] Y. Zhang,W. Liu,W. Lou, andy. Fang, Locationbased compromisetolerant security mechanisms for wireless sensor networks, IEEE J. Sel. Areas Commun., vol. 24, no. 2, pp. 247 260, Feb. 2006. 54