Citation
Memory Efficient Distributed Detection of Node Replication Attacks in Wireless Sensor Networks

Material Information

Title:
Memory Efficient Distributed Detection of Node Replication Attacks in Wireless Sensor Networks
Creator:
Khanapure, Vishal
Place of Publication:
[Gainesville, Fla.]
Publisher:
University of Florida
Publication Date:
Language:
english
Physical Description:
1 online resource (32 p.)

Thesis/Dissertation Information

Degree:
Master's ( M.S.)
Degree Grantor:
University of Florida
Degree Disciplines:
Computer Engineering
Computer and Information Science and Engineering
Committee Chair:
Chen, Shigang
Committee Members:
Dobra, Alin
Mishra, Prabhat
Graduation Date:
8/8/2009

Subjects

Subjects / Keywords:
Broadcasting industry ( jstor )
Bytes ( jstor )
Data models ( jstor )
Energy consumption ( jstor )
False positive errors ( jstor )
Geodetic position ( jstor )
Line segments ( jstor )
Professional license revocation ( jstor )
Sensors ( jstor )
Simulations ( jstor )
Computer and Information Science and Engineering -- Dissertations, Academic -- UF
attacks, protocols, replication, security, sensors
Genre:
Electronic Thesis or Dissertation
born-digital ( sobekcm )
Computer Engineering thesis, M.S.

Notes

Abstract:
Low cost availability of sensor nodes makes them an attractive choice for sensor networks and their applications. To keep the costs low, sensor nodes are generally unshielded. This unshielded nature of sensor-network nodes combined with their ease of deployment, makes them vulnerable because an adversary can capture these nodes, copy security information to make replicas and deploy the replicas in the network to render malicious attacks. Replication attacks can be extremely hazardous to a network if done in a strategic way. For any node replication detection protocol, the three most important design issues are memory usage, detection probability and energy consumption. Previous node replication detection schemes either incur large memory overhead or consume excessive energy, particularly in the central region of the network. This thesis presents a Memory Efficient Line-Selected Multicast (MELSeM) algorithm which uses efficient bloom filter data structure. We propose a novel distributed technique for detecting node replication attacks using MELSeM. MELSeM reduces the average memory overhead of the network by nearly 70% than the previous distributed schemes while achieving nearly same detection probability. ( en )
General Note:
In the series University of Florida Digital Collections.
General Note:
Includes vita.
Bibliography:
Includes bibliographical references.
Source of Description:
Description based on online resource; title from PDF title page.
Source of Description:
This bibliographic record is available under the Creative Commons CC0 public domain dedication. The University of Florida Libraries, as creator of this bibliographic record, has waived all rights to it worldwide under copyright law, including all related and neighboring rights, to the extent allowed by law.
Thesis:
Thesis (M.S.)--University of Florida, 2009.
Local:
Adviser: Chen, Shigang.
Electronic Access:
RESTRICTED TO UF STUDENTS, STAFF, FACULTY, AND ON-CAMPUS USE UNTIL 2010-08-31
Statement of Responsibility:
by Vishal Khanapure.

Record Information

Source Institution:
University of Florida
Holding Location:
University of Florida
Rights Management:
Copyright Khanapure, Vishal. Permission granted to the University of Florida to digitize, archive and distribute this item for non-profit research and educational purposes. Any reuse of this item in excess of fair use or other copyright exemptions requires permission of the copyright holder.
Embargo Date:
8/31/2010
Resource Identifier:
489119624 ( OCLC )
Classification:
LD1780 2009 ( lcc )

Downloads

This item has the following downloads:


Full Text





CHAPTER 1
INTRODUCTION

A Wireless Sensor Network (WSN) is a network of wireless sensor nodes or devices

which work cooperatively to achieve a common purpose. There are numerous applications of

WSNs ranging from military use and surveillance, to civil use. The low cost availability and

ease of deployment of sensor nodes makes them an attractive choice for these applications.

Furthermore, these networks are highly scalable as adding and removing new nodes to them

is fairly simple. New nodes can join such a network without administrative intervention

or without communication with a central authority such as a base station. These nodes

only need to initiate a neighbor discovery protocol [7, 13] by broadcasting their pre-stored

credentials.

Security is one of the key concerns for the proper functioning of WSNs, especially in

military applications in which sensor nodes are deploy, l1 in enemy territory to carry out

critical functions [3]. To be able to produce sensor nodes at low costs they are not usually

provided with tamper-proof hardware or shielding that can detect pressure, voltage and

temperature changes [11, 20, 22]. The unshielded nature of the nodes can be exploited by

an adversary to access a sensor's internal state. If an adversary is able to capture a sensor

node and extract its encryption/authentication keys, it can copy those keys to other generic

nodes to create several replicas and insert them into the network at strategic locations,

which is commonly known as node replication attack. Node replication attacks can render

the network susceptible to large class of harmful attacks [4, 6]. If the replicas are placed at

wisely chosen locations, they can revoke legitimate nodes, inject false data, spy for critical

information and may even disconnect the network by invoking node revocation protocols

that are based on threshold voting schemes [7, 10, 13, 17].

The main technical challenge in detecting node replication attacks arises from the memory

constrained nature of sensor nodes. If a single authentication key is being used at two or

more distinct locations in the network, it means there has been replication. An effective









problem with this approach is that when an adversary captures a node, it would be able

to determine the location to which the conflicting claims go based on the node's ID. If the

adversary compromises that location or if it jams that portion of the network, the detection

of replication would fail and the adversary would be able to produce as many replicas as he

wants. [18]

To solve this problem of predictability, one solution is to make the location where a claim

will be stored unpredictable. Which implies we store each claim at random unpredictable

places in the network. Parno et. al. in [18] used this approach and proposed two distributed

solutions namely Randomize Multicast (RM) and Line-Selected Multicast (LSM) that store

claims at random locations in the network. In RM, each location claim is stored at O(V )

randomly selected witness nodes (discussed in 2.2.1), where n is the number of nodes in the

network. The birthdlil paradox [16] assures that a common witness node will receive any two

conflicting claims with a high probability. This witness node will be able to detect replication

attack since it would have two claims with same IDs but with different locations. The witness

node will then broadcast the claim to the entire network informing that the node to which

the claim belongs has been compromised. The compromised node and all its replicas with

the same ID are then cut off from the network. The problem with RM protocol is that

each node has to store O(Vn) claims on average and the communication requirement of the

network is O(n2). The second approach, LSM, reduces the communication overhead of the

network compared to RM. In LSM, a node's claim is stored at all intermediate nodes along

different paths called line segments from a node to its witness nodes. The main idea of LSM

is that the line segments from two conflicting claims will have high probability to intersect

at a node which is on both line segments. This node will be able to detect replication attack

since it will have both the claims i.e. it will see two claims with same node ID but different

locations.

Although LSM reduces the communication overhead in RM, it still has its own drawbacks.

First problem is that each node in LSM is required to store O(kv ) claims where k is the

























Detection probability in a uniformly distributed square area

1 I I MELSeM
LSM



0.8





0.6




0.4





0.2
00





0 -- -- - -- -- - -- --
1000 2000 3000 4000 5000 6000 7000 8000 9000 10000
Number of nodes



Figure 4-5. Detection Probability of LSM and MELSeM in a uniformly deploy, 1 square
area with different node densities






























Figure 4-1. An example of 5'. incremental sub areas


for security purposes including replication detection can be very limited. The basic difference

between LSM and MELSeM is that in LSM every node in the network stores a complete

copy of the location claim whereas in MELSeM only witness nodes store the complete i'v of

location claim. The rest of the nodes in MELSeM store only the Bloom filter representations

of the location claims that pass through them. Storing several hundreds of complete location

claims will lead to memory overflow of nodes in LSM, which might cause the nodes to crash.

The efficient use of Bloom filters in our protocol drastically reduces the memory requirement

of the network, preventing the nodes from memory overflows and crashing.

Figure 4-2 shows average memory consumption by LSM and MELSeM for different

network sizes. As it can be observed, the memory consumption increases as network size

increases. This is because each node in the network has to store more information either in

the form of location claims or Bloom filter representations. MELSeM reduces the memory

overhead of the network by nearly 71' compared to LSM.

Figure 4-3 shows the maximal memory consumption for LSM and MELSeM. Maximal

memory consumption is the maximum amount of memory consumed by a node in the









3.4 Impact of false positive

As MELSeM uses Bloom filters, the false positive aspect of Bloom filters must be taken

into account and the impact of false positive on the working of MELSeM must be considered.

In MELSeM, when 7 receives Ca for the first time, it should not have mappings for IDa and

la in its Bloom filters. But due to false positive, it is possible that IDa might be present

in the ID filter. If la is not present in the location filter, 7 will erroneously term Ca as a

conflicting claim. This leads to false initiation of the revocation protocol. The probability

of this false initiation of revocation, Pf is -



Pf = PB(1 PB) M (1 -(1 ( e )) (3-2)

The probability of false initiation of revocation can be made negligible by adjusting

various parameters. For example by increasing the number of bits m in the Bloom filter

array or by increasing the number of hash functions u used etc. We have found through

extensive simulations that this probability is so small that it hardly ever causes the MELSeM

protocol to falsely report a replication attack.









MEMORY EFFICIENT DISTRIBUTED DETECTION OF NODE REPLICATION
ATTACKS IN WIRELESS SENSOR NETWORKS



















By

VISHAL KHANAPURE


A THESIS PRESENTED TO THE GRADUATE SCHOOL
OF THE UNIVERSITY OF FLORIDA IN PARTIAL FULFILLMENT
OF THE REQUIREMENTS FOR THE DEGREE OF
MASTER OF SCIENCE

UNIVERSITY OF FLORIDA

2009









10000 ..
9000 S
9000 MELSeM
S 8000
7000 -
S 6000
S 5000 -
S 4000 -
S 3000 -
2000 -
1000 --
0 1I I I I I I I
0 2 4 6 8 10 12 14 16 18 20
Number of sub-area

Figure 4-4. Average memory distribution

network. It is clear from the figure that for most network sizes the maximal memory

consumption of LSM exceeds 10KB which can easily exhaust the memory capacity of low-end

sensor nodes. In this scenario, MELSeM stands out, which can reduce the memory overhead

of the network up to 85.

Figure 4-4 shows the distribution of memory consumption for LSM and MELSeM in a

network of 5000 nodes. As described in simulation settings at the beginning of this chapter,

the network is divided into 20 equal sub-areas as shown in 4-1. It is quite clear that LSM

consumes a lot more memory in the central sub-areas than in the outer sub-areas. On

the other hand, MELSeM balances the memory consumption across all sub-areas evenly.
This is because LSM has more witness nodes (storing complete copies of location claims)

concentrated in the central region of the network whereas in MELSeM witness nodes are

evenly spread across the network. MELSeM also has many intermediate nodes concentrated

in the central region, however their cumulative memory consumption is not too high because

they use space efficient Bloom filters instead of storing the complete claims.









ACKNOWLEDGMENTS

First and foremost, I thank Dr. C'I, i for his invaluable guidance. Without his

encouragement this thesis would not have been possible. My supervisory committee

members Dr. Prabhat Mishra and Dr. Alin Dobra provided effective positive comments

and -ii-:.- -1 i ..i for which I am grateful to them.

I am fortunate for having extremely loving and caring parents. They have been

a steadfast support all through my education and have constantly been a source of

motivation. I am also thankful to my friends. Especially Aparna Venkatesan, Rebecca

David and Ming Zhang for their -ii--, -I i.. -.










LIST OF FIGURES


Figu

3-1


page


claim in two


re

A simplified example of mapping of ID and location of a node's
distinct Bloom filters stored at each intermediate node .. ...

An example of replica detection process used in MELSeM .

An example of 5'`. incremental sub areas .. ...........

Average memory consumption .. ................

Maximal memory consumption .. ..............

Average memory distribution .. ...............

Detection Probability of LSM and MELSeM in a uniformly depl
with different node densities .. ................


oi, square area









BIOGRAPHICAL SKETCH

Vishal is from the city of Latur, which is in Maharashtra state of India. He did his

bachelor's in computer science and engineering from Government College of Engineering-Aurangabad

(2005). He worked with Cognizant Technology Solutions Pvt. Ltd in Pune as a Programmer

Analyst for one and a half years. He did his master's in computer engineering from the

Computer and Information Science and Engineering Department at the University of Florida

(2009). His research interests include Network & Systems Security, Quality of Service in

Wireless Networks, Internet protocols, Distributed Systems and Secure Embedded Systems.









key was compromised to produce malicious replicas. In order to prevent replication attacks

and malicious nodes from entering the network, the above detection process is carried out

periodically. Any new genuine nodes which want to enter the network or existing nodes

which want to relocate to some other place in the network, also have to go through this

detection process, so as to prevent insidious replicas from becoming a part of the network.

In the distributed solutions based on location claims the identity-based public key system

[8, 19] is used in which every node stores its own private I. ;, and a master public I ;1

The private key of a node is computed using its node ID and a master private I. ;, This

computation is done before the node is deploy, ,1 in the network. The master private key is

kept secret and not loaded on any of the nodes. To verify the signature of a location claim,

only the public key of the node which produces the claim needs to be computed. The public

key of a node can be computed using its node ID and the master public key. Location-claims

are said to be conflicting with each other if they have same node ID and signature but their

physical locations are different. As mentioned in subsection 2.2.2, an adversary has limited

control, hence it will not be able to produce a valid pair of node ID and private key which

can potentially generate a verifiable signature, without the knowledge of the master private

key. Thus the only option an adversary has is to produce replicas by (. ., iing the private

keys and node IDs of compromised nodes on to generic nodes.

One basic difference between the existing distributed solutions for detecting node replication

attacks is the manner in which they store location claims, which has a significant impact

on the memory and communication overhead of the network. The simplest solution is to

use a network wide broadcast protocol where each location claim is broadcast to every

node in the network and stored at each of them. Although this method can achieve 10it' .

accuracy and detection probability, it is not feasible since it incurs tremendous memory and

communication overhead. Another solution is to store the location claim of a node at a

pseudo-random location in the network that is determined by the ID of the node. In this

solution, the conflicting claims would be forwarded to the same location for verification. The









REFERENCES


[1] Sensor node. [internet] Wikipedia; [updated 'ii,' June 29; cited ',,,"' June 30]. Available
from: http://en.wikipedia.org/wiki/Sensornode.

[2] Digital signature standard. FIPS PUB 186-3, March, 2006.

[3] I. F. Akyildiz, W. Su, Y. Sankarasubramaniam, and E. Cayirci. Wireless sensor
networks:a survey. International Journal of Computer and Telecommunications Net-
working Elsevier, 38(4):393-422, Mar.2002.

[4] A. Becher, Z. Benenson, and M. Dornseif. Tampering with motes:real-world physical
attacks on wireless sensor networks. In Proceedings of the 3rd International Conference
on S.. ;',./; in Pervasive Corn,,';/.:., (SPC), pages 104-118, 2006.

[5] A. Broder and M. Mitzenmacher. Networking applications of bloom filters: A survey.
In Proceedings of Allerton Conference, 2002.

[6] S. Capkun and J.P. Hubaux. Secure positioning of wireless devices with application to
sensor networks. In INFOCOM, pages 1917-19 '., 2005.

[7] H. C'!i ini A. Perrig, and V.D. Song. Random key predistribution schemes for sensor
networks. In Proc. of IEEE Symposium on S.. .'; and Pr''. ,;l (S&P'OS), AM ,i.2003.

[8] C. Cocks. An identity based encryption scheme based on quadratic resides. In Pro-
ceedings of the 8th IMA International Conference on Cril,., 'I',i',l,; and Coding, pages
360-363, London, UK, Springer-Verlag., 2001.

[9] M. Conti, R.D. Pietro, and L.V. Mancini. A randomized, efficient, and distributed
protocol for the detection of node replication attacks in wireless sensor networks. In
Proc. of the 8th ACM' International Symposium on Mobile Ad Hoc Networking and
Comput- ing (_[obiHoc'07), pages 80-89, 2007.

[10] J.R. Douceur. The sybil attack. In Proceedings of Workshop on Peer-to-Peer S1,4i.
(IPTPS)., Mar.2002.

[11] J. Dyer, M. Lindemann, R. Sailer, L. Van Doom, S.W. Smith, and S. Weingart. Building
the ibm 4758 secure coprocessor. IEEE Computer, 2001.

[12] J. Elson, L. Girod, and D. Estrin. Fine-grained network time synchronization using
reference broadcasts. SIGOPS Operating S,.1 m, Review, 36(SI):147-163, 2002.

[13] L. Eschenauer and V. Gligor. A key-management scheme for distributed sensor
networks. In Proc. of the ACM' Conference on Computer and Communication Secu-
i;:/, (CCS), Nov.2002.

[14] V.D. Gligor. Security of emergent properties in ad-hoc networks. In Proc. of Interna-
tional Workshop on S,. iii.; Protocols, Apr.2004.









CHAPTER 3
THE MELSEM PROTOCOL

We have used Bloom filter data structure in MELSeM protocol. So we discuss Bloom

filter in the next section to lay the foundation for understanding MELSeM. We give the

outline and basic idea behind MELSeM in section 3.2 and describe MELSeM protocol in

detail with an example in section 3.3.

3.1 Bloom Filter

Bloom Filter Definition: "A Bloom filter is a simple space-efficient randomized data

structure for representing a set in order to support membership queries" [5].

The Bloom filter begins as an array of all Os. The purpose of this filter is to support

membership queries by indicating the presence or absence of an element in a set. Whenever

a new item z is to be added to a set, it is hashed u times using u different hash functions,

where u can vary as per need. Each of these u hashes result in a bit location in the array

which is set to 1. To test the membership of an element z' in the set, similar hashing is

repeated and the corresponding bits are checked in the array. If all these bits have been

set to 1, the element might be present in the set. Note that we are -Z.iing that the element

might be present in the set because the corresponding bits might be set to 1 as a result of

insertion of other elements in the set. This property of Bloom filter where it indicates that

an element is present in the set when it is actually not present is called false positive. The

probability of false positive PB for a Bloom filter as per [5] is -




PB = ( -(- u)u (1 -e -)u. (3-1)

where s is the number of elements in the set, u is the number of hash functions used and

m is the number of bits in the Bloom filter array. Another interesting property of Bloom

filter is that it has no false negative i.e. if it represents that an element is not present in the

set, that means that the element is actually not present in the set and is 10('. accurate.









CHAPTER 2
BACKGROUND AND RELATED WORK

2.1 Background

In this section we discuss the characteristics of sensor nodes that make them vulnerable

and susceptible to attacks, followed by node replication attacks. We explain how a node

replication attack can be launched and list its consequences.

2.1.1 Sensor Networks

A typical large scale sensor network usually consists of many low-cost, low-end sensor

nodes. Each of these nodes in a network has a CPU and around 10KB of RAM [1].

Due to the processing capability of the sensor nodes, numerous applications are developed

based on them, especially military applications. Some other examples of these applications

include burglar alarms, emergency response, habitat monitoring, battlefield surveillance,

home automation and traffic control. The typical characteristics of low cost sensor nodes

include no shielding or protection li1,. lriii and limited battery life. Another important

characteristic of sensor nodes is that they are easy to deploy. They can be added to a

network without administrative supervision. Due to these characteristics they are susceptible

to attacks from an adversary.

2.1.2 Node Replication Attacks

Replication attacks are easy to launch on sensor networks because of the ease of deployment

and unshielded nature of sensor nodes. An adversary would only need to capture one node.

As these nodes have no shielding, the adversary will be able to extract the captured node's

secrets, transfer these secrets to generic nodes and deploy the clones. The consequences of

clone attacks can be hazardous. This is because a malicious clone knows every secret that

the compromised node knew. An adversary can use this to his advantage and inject false

data, suppress legitimate data, perform malicious activities in the network, blame innocent

nodes for malicious activities, revoke legitimate nodes by using -- related voting, monitor









[15] B. Karp and H. T. Kung. Gpsr: Greedy perimeter stateless routing for wireless networks.
In Proceedings of the 6th Annual AC I /IEEE International Conference on Mobile Com-
puting and Networking (1[obiCom '00), pages 243-254, 2000.

[16] A.J. Menezes, S.A. Vanstone, and P.C.V. Orschot. Handbook of applied cryptography.
CRC Press, Inc., 1996.

[17] J. N, v.- i,,-, E. Shi, D. Song, and A. Perrig. The sybil attack in sensor networks:
Analysis and defenses. In Proceedings of IEEE Conference on Information Processing
in Sensor Networks (IPSN)., Apr.2004.

[18] B. Parno, A. Perrig, and V.D. Gligor. Distributed detection of node replication attacks in
sensor networks. In Proc. of 2005 IEEE Symposium on i';, and Pr':; ;, (SiP'05),
pages 49-63, Washington, DC, USA, 2005.

[19] A. Shamir. Identity-based cryptosystems and signature schemes. In Proceedings of
CRYPTO 84 on Advances in cr;,l 'i.1. i;, pages 47-53, Springer-Verlag New York, Inc.,
1985.

[20] S.W. Smith and S. Weingart. Building a highperformance, programmable secure
coprocessor. Computer Networks, Special Issue on Computer Network S,. ,I
Apr.1999.

[21] A. Wander, N. Gura, H. Eberle, V. Gupta, and S. C. Shantz. Energy analysis of
public-key cryptography for wireless sensor networks. In Proceedings of the Third Annual
IEEE International Conference on Pervasive CornT,,i,.,: and Communications (PER-
COM '05), pages 324-,- .:', 2005.

[22] S. Weingart and S. Weingart. Physical security devices for computer subsystems: A
survey of attacks and defenses. In Cr;,l 'l,i',''l,'.: Hardware and Embedded Sii 14.
(CHES)., Aug.2000.

[23] Bo Zhu, Venkata Gopala Krishna Addada, Sanjeev Setia, Sushil Jajodia, and Sankardas
Roy. Efficient distributed detection of node replication attacks in sensor networks.
Computer S. .: Applications Conference, volume 0, pages 257-267, issn 1063-9527,
Los Alamitos, CA, USA, 2007.









TABLE OF CONTENTS


page

ACKNOW LEDGMENTS ................................. 4

LIST OF FIGURES .................................... 6

A B ST R A C T . . . . . . . . . . 7

CHAPTER

1 INTRODUCTION .................................. 8

2 BACKGROUND AND RELATED WORK ........ ............. 11

2.1 B background . . . . . . . . 11
2.1.1 Sensor Networks ........ ........... ....... 11
2.1.2 Node Replication Attacks ........ ........... ... 11
2.2 Models .............. .. .......................... 12
2.2.1 Network Model .. .... ............ ....... 12
2.2.2 Adversary M odel .................. ......... 12
2.3 Related W ork .................. ............... 13
2.3.1 Centralized Solution .................. ........ 13
2.3.2 Localized Solution .................. ......... 13
2.3.3 Distributed Solutions .................. ....... 13

3 THE MELSeM PROTOCOL .................. ......... 17

3.1 Bloom Filter .. .. .. ... .. .. .. ... .. .. .. .. ... ..... 17
3.2 MELSeM Protocol Outline .................. ........ 18
3.3 M ELSeM Details .................. ............. 19
3.4 Impact of false positive ................... . . 21

4 SIMULATIONS AND ANALYSIS ........... . . 22

4.1 Memory Performance .................. ........... 22
4.2 Energy Performance .................. ........... 26
4.3 Detection Probability .................. ........... 26

5 CONCLUSION .................. ................. 28

5.1 Future W ork Scope .................. .......... .28
5.2 Sum m ary .................. ................. 29

REFERENCES ... ............ ............... .... 30

BIOGRAPHICAL SKETCH ........... ........ . 32









all the communication going on in the network and may even be able subvert the entire

network.

2.2 Models

In this section we describe the network model and the adversary or threat model used in

MELSeM protocol which are similar to those used in [9, 18].

2.2.1 Network Model

For simulations and for execution of MELSeM protocol we consider a large sensor network

deploy, .1 in a hostile environment in which sensor nodes are uniformly deploy, .1 After

deployment these nodes remain relatively stationary. Each of these nodes knows its own

geographic location as well as the locations of its neighbors. Due to this knowledge of the

nodes, geographic routing [15] is possible in which, a packet can be routed hop by hop until

it reaches the destination. Similar to [18] we also assume that clocks of sensor nodes are

loosely synchronized [12] and identity based public key system [8, 19] is used. Each node, by

using its private key, can establish a pairwise secret with its neighboring nodes for mutual

authentication and also can produce a digital signature that can be verified by other nodes

in the network.

The location claim of a node a is represented as Ca = (IDa, la, [H(ID,, la)]K,-), where

IDa is its unique ID, 10 is its location, H is a hash function and K-1 is its private key.

A node which stores the complete location claim Ca for node a and which can verify the

identity of a is called its witness node.

2.2.2 Adversary Model

We assume that the adversary has the ability of compromising only a few sensor nodes.

This is because an adversary that can capture many nodes can obviously break any protocol

running in the network. The adversary, after capturing a few nodes, can launch arbitrary

attacks on the network including node replication attack. Similar to [9, 18] we make the

assumption that any cloned node has at least one legitimate neighboring node. We also

assume that the nodes under enemy control can communicate and collaborate with other






























) 2009 Vishal Khanapure









nodes in the network. Furthermore, we assume that the adversary operates in a covert way

in order to avoid detection.

2.3 Related Work

In this section we discuss the existing solutions for detecting node replication attacks,

analyze them and point out their limitations.

2.3.1 Centralized Solution

In the Centralized Detection [13] scheme, each node sends a list of its neighbors and their

location claims, to a central authority like a Base Station. The base station searches for

the lists of duplicate claims and finds existing conflicts. The disadvantage of this approach

is that, there is a single authority to perform this checking. If this authority fails or is

compromised, the entire network can be compromised. Thus it suffers from the well known

single point of failure problem. The other disadvantage is that some applications may not

use base stations at all. Furthermore, in this approach the nodes near the base stations get

exhausted sooner and become attack targets.

2.3.2 Localized Solution

In the Localized Detection [7] scheme, neighbors of a node use voting protocols and come

to a conclusion about the authenticity of a node. The principal drawback of this approach

is that replication is a global event and cannot be detected if done just locally, which means

that this method fails to detect replicas that are two hops away from the locality.

2.3.3 Distributed Solutions

The existing solutions for distributed detection of node replication attacks such as [9,

18, 23] require each node in the network to sign its actual location with its private key in

a location claim. The correctness of a claim and the signature of the node is verified by

its neighboring nodes. If a node refuses to provide its location claim, the neighbors of the

node cut it off from the network and deny any communication with it. To detect replication

attacks we check if the same private key is used to sign two or more location claims. If a

private key has been used more than once we conclude that the node which owns the private









In this thesis, we propose Memory Efficient Line-Selected Multicast Protocol (\! I'I.SeM)

for distributed detection of node replication attacks, which is based on LSM. We use bloom

filter data structure and emergent properties (the properties that are achieved only through

the collective action of multiple nodes) [14] to accomplish our algorithm. MELSeM reduces

the number of location claims stored at each sensor node to O(k) from 0(kvn) in LSM. The

basic idea of MELSem is to encode the location-claim information into two compact Bloom

filters instead of storing the actual location-claim at each node. Only select few nodes,

which are the witnesses of the node store its actual location-claim. With these memory

savings, we have designed a novel distributed technique to detect node replication attacks.

We evaluated MELSeM through extensive simulations and the results show that MELSeM

reduces the memory overhead of a network up to 7i' on an average and yet achieves nearly

same detection probability as LSM.

The rest of the thesis is organized as follows: background and related work is discussed

in C'!i lpter 2. The MELSeM protocol is presented in ('!i lpter 3. In C'!i lpter 4, we present

our simulation results and compare MELSeM with LSM. Finally, in ('! Ilpter 5 we discuss

future work directions and wrap up.




































To my parents









w
O Replicated Nodes
Q Intermediate Nodes
... *. Witness Nodes



aa

Figure 3-2. An example of replica detection process used in MELSeM


that there are conflicting representations in the filters. It implies that a conflicting claim C'

with the same IDa and a different location Ia has gone via 7 and left its trail in the filters.

In the second case of phase two, when the node 7 does not find IDa in its ID filter or la

in its location filter, the newly arrived claim Ca is treated as a legitimate claim. This claim is

approved of having passed the two-phase conflict check. Then 7 tries to forward Ca towards

Widest. If there are no other nodes close to Idest, 7 stores the location claim in its memory

and acts as a witness node itself. Else if there is another node closer to Idest, 7 forwards the

claim to that node and acts as an intermediate node by making appropriate entries in its

two Bloom filters for IDa and la. This explains the working of MELSeM protocol.

Figure 3-2 shows an example of how replica's are detected in MELSeM. A location claim

forwarding path is shown using solid arrows while the dashed arrows show the action taken

by an intermediate node 7 upon replica detection. Node 7 initiates a revocation protocol by

locally broadcasting Ca and C' to its one-hop neighbors. Among these neighbors, the ones

that find conflicts with Ca or C' in their Bloom filters continue this one-hop local broadcast

until the claim eventually reaches one of the witness nodes, which then notifies the entire

network about the replication attack.

It is worth noting that during the revocation, not just the replica node but also the

legitimate node that has been compromised is removed. The reason for this is that, a

compromised node can be duplicated any number of times and we want to prevent it.









5.2 Summary

Sensor networks are susceptible to node replication attacks. The memory of sensor nodes

is limited and valuable. MELSeM protocol proposed in this thesis, used storage efficient

Bloom filter data structure and devised a novel algorithm for detecting node replication

attacks. MELSeM provides distributed detection of node replication attacks in sensor

networks and reduces the average memory overhead of the network by nearly 7i' than

the previous distributed schemes. This saves the valuable memory of sensor nodes which can

be used for other meaningful data.









average number of line segments for each claim. For high detection probability the value

of k should be reasonably high, such as six used in [18]. Moreover, since we know that the

security of a digital signature depends on its size, the size of each location claim should be

reasonably large to achieve high-level security. Usually, the size of a claim would be more than

40 bytes since digital signature requires 40 bytes according to DSS [2]. The memory of sensor

nodes is limited and it is required to perform many other functions such as communication,

measurements and computations. This means that storing O(kvn) location claims at each

sensor node could pose a serious concern, especially when n is large. Another problem of

LSM arises from the fact that it uses random line segments. It is known that random line

segments tend to pass through the central region more frequently than the outer region in

a convex deployment area [9]. Thus a node in the central region of the network area would

have to store much more claims than the nodes at the periphery. This storage requirement

can be so high for the nodes at the center that many of them might crash just because of

memory overflow.

The goal in this thesis is to reduce the memory overhead of the network. We use an

approach similar to LSM while devising a novel distributed protocol using efficient Bloom

filters for detecting node replication attacks. In C'i plter 3 we describe our MELSeM protocol

in detail.









Abstract of Thesis Presented to the Graduate School
of the University of Florida in Partial Fulfillment of the
Requirements for the Degree of Master of Science

MEMORY EFFICIENT DISTRIBUTED DETECTION OF NODE REPLICATION
ATTACKS IN WIRELESS SENSOR NETWORKS

By

Vishal Khanapure

August 2009

('C! ,i: Shigang C (',
Major: Computer Engineering

Low cost availability of sensor nodes makes them an attractive choice for sensor networks

and their applications. To keep the costs low, sensor nodes are generally unshielded. This

unshielded nature of sensor-network nodes combined with their ease of deployment, makes

them vulnerable because an adversary can capture these nodes, copy security information to

make replicas and deploy the replicas in the network to render malicious attacks. Replication

attacks can be extremely hazardous to a network if done in a strategic way. For any node

replication detection protocol, the three most important design issues are memory usage,

detection probability and energy consumption. Previous node replication detection schemes

either incur large memory overhead or consume excessive energy, particularly in the central

region of the network. This thesis presents a Memory Efficient Line-Selected Multicast

(\l I.tSeM) algorithm which uses efficient bloom filter data structure. We propose a novel

distributed technique for detecting node replication attacks using MELSeM. MELSeM reduces

the average memory overhead of the network by nearly 7ii' than the previous distributed

schemes while achieving nearly same detection probability.









4.2 Energy Performance

The energy consumption of the network is measured by counting the number of messages

sent and received by each node. We use the energy model from [21] in which a new node has

a total of 324,000 mJ of available energy. Bit sending costs 0.059 mJ and bit receiving costs

0.028 mJ. From our simulations we found that, MELSeM incurs approximately ;:' more

energy consumption on average than LSM. This is because in LSM, any intermediate node

which detects replication can itself broadcast both the conflicting claims to the network since

it has the complete ( .i,- of location claim. Whereas in MELSeM, extra communication is

required for the revocation protocol in which, the intermediate node sends the conflicting

claims to the witness nodes since the intermediate node itself doesn't have the complete copy

of location claim. Though the energy consumption of MELSeM is slightly higher than LSM,

it is quite acceptable considering the amount of memory savings achieved through MELSeM.

In terms of communication, since we assume that the length of one line segment is O(Vn)

and there are k line segments drawn for each node, for the whole network the number of

messages sent and received are both O(kn v) in MELSeM as in LSM.

4.3 Detection Probability

We denote detection probability, the probability to detect node replication attack in

one detection period, as Pd. A larger value of Pd implies greater accuracy in detecting

replication attacks. Figure 4-5 shows the detection probability of LSM and MELSeM for a

uniformly deploy, -l square area with node densities ranging from 1000 through 10000. It

is clear from the figure that Pd ranges from 85'. to 95'. for both LSM and MELSeM and

is approximately same for both protocols. One might think that increasing the number of

replicas in the network is harmful, but it actually improves the detection probability since

there will more line-segments in the network which increase the chances of conflicting claims

being caught.









filters respectively. The information stored in the Bloom filters helps the intermediate nodes

to detect a conflicting claim C. Upon seeing a conflicting claim C', a revocation protocol is

invoked and the intermediate node which detects this conflict forwards C'7 along the routing

path P so that it reaches Q and/or w. When a witness node Q or w receives a conflicting

claim C', for the node a it broadcasts Co and C' to the entire network so that node a and

all its replicas can be revoked.

3.3 MELSeM Details

Every node a in the network must broadcast its location claim C, to its one hop neighbors

at the beginning of every detection period. If it refuses to broadcast its location claim, it is cut

off from the network by all its one hop neighbors by refusing to collaborate or communicate

with it. Whenever a neighboring node Q receives C, it tests the correctness of la and verifies

the signature present in the claim. When Ca is verified and found to be valid, Q makes itself

a witness node for a with a certain probability p and forwards Ca to a random location oldest

in the network.

On the forwarding path from 3 to oldest whenever any node 7 receives Ca, a two-phase

conflict check is performed by it to test if any conflicting claims can be detected. In the

first phase, the signature present in Ca is verified by 7. If the location claim appears to be

invalid or fake, it is dropped immediately. Then 7 being a witness node for other nodes in

the network, it compares Ca with the location claims stored locally with it. If 7 finds a claim

conflicting with Ca, a replication attack is detected. It then invokes a revocation protocol,

in which the conflicting claims are forwarded to the witness nodes. The first witness node to

receive this information broadcasts the conflicting claims to the entire network so that the

replication attack can be taken care of. If node 7 does not detect any conflicting claims, the

MELSeM protocol proceeds to phase two.

In phase two, there are two possible cases. The first case is where node 7 finds mapping

for IDa in its ID filter while there is no mapping for la in its location filter. This means









CHAPTER 4
SIMULATIONS AND ANALYSIS

Simulation Settings

In order to simulate LSM and MELSeM protocols we consider a 1000 x 1000 unit square

area in which n nodes are deploy, 1 uniformly with n ranging from 1000 through 10000.

Similar to [18] we assume bidirectional communication model with links between one-hop

neighbors. We select transmission range such that each node has approximately 20 neighbors.

Location claims are forwarded by simulating a simplified geographic routing protocol [15]

where a node greedily forwards a location claim to the neighbor closest to the destination.

When a node finds no node closer to the destination, forwarding is stopped. We use six

line segments for LSM (as originally used in [18]) as well as for MELSeM. We compromise a

random node in the network and insert its one replica at a random location in the network.

We also consider the cases for multiple replicas. We create 100 random network graphs for

each network size and calculate the average for results.

For our simulations we have assumed that the size of each location claim is 46 bytes

where 2 bytes are for ID, 4 bytes for location (x and y coordinates) and 40 bytes for the

digital signature as per DSS [2]. We adjust the number of bits m and number of members

s to be inserted in the Bloom filter such that m/s = 15. This means we use 15 bits; along

with 7 hash functions u to store an element in a Bloom filter.

Figure 4-1 shows a square deployment area which is divided into 20 equal sub-areas. Each

of these sub-areas accounts for 5'. of the deployment region. The numbering of sub-areas

is done from 0 through 19, with the central sub-area being number 0 and the outermost

sub-area being 19.

4.1 Memory Performance

Sensor nodes have limited memory usually 4KB 10KB [1], so it is a critical resource.

A sensor node has to perform various functions in a networks such as communication,

measurements, collaboration, computations etc. Thus the memory that might be available









solution must be able to detect any such occurrence, with high probability. This kind of

detection requires comparison of authentication information on a network-wide scale. The

limited memory of sensor nodes, which is usually less than 10K of RAM [1] for low-end

sensors, restricts the amount of authentication information that can be stored at each node.

The limited battery life of sensor nodes, also restricts the amount of energy that can be spent

on replication detection. Thus memory efficiency, energy efficiency and detection probability

are the principle criteria for detection of replication attacks.

Previous schemes to detect node replication attacks either incur high memory overhead or

high energy overhead or both. The first solutions for replication detection include centralized

schemes [13] and localized voting protocols [7]. However, the former usually rely on a base

station (BS) and have the problem of single point of failure; the latter cannot deal with

distributed node replication attacks, in which replicas are placed at least two hops away

from each other. A fully distributed solution is needed that can detect replicas anywhere in

the network and yet incur small memory and energy overhead.

In [18], Parno et al. proposed a distributed detection scheme called Line-Selected Multicast

(LSM) which utilizes network topology to select witness nodes for a node's location and

exploits geometrical properties of the network to detect replicas. In LSM, for each node in

the network a digitally-signed location-claim is generated and stored along randomly chosen

k line segments. Usually a unique key is used to sign each location which is stored at that

location. When a node replica is created it uses the same key as the node to sign a different

location where it is placed. Parno et al. [18] show that when k is sufficiently large, the line

segments of two conflicting location claims (signed with the same key for distinct locations)

intersect with a high probability. The replication attack is detected at the intersection node

since it can see both the conflicting location claims i.e. two locations for the same node.

Though LSM provides a distributed solution, it has its own drawbacks. It is shown through

simulations in Chapter 4 that in a network of n nodes, in LSM, each node has to store

O(kvn) location claims which can easily exhaust the limited memory of sensor nodes.









H1(ID) H2(ID) H3(ID)


1 0 a1 0 i 0 1 1 010101
H4(Location) H5(Location) H6(Location) H7(Location)


110 10 1

Figure 3-1. A simplified example of mapping of ID and location of a node's claim in two
distinct Bloom filters stored at each intermediate node.


3.2 MELSeM Protocol Outline

In MELSeM, each node in the network has two Bloom filters in it. Two types of nodes

are involved in the determining whether a node in the network is legitimate or a replica.

These nodes are called witness nodes and intermediate nodes. Witness nodes, as discussed

in 2.2.1 store the complete location claims while intermediate nodes are the nodes which

store only the Bloom filter representations. For storing these Bloom filter representations,

the intermediate nodes insert any node a's ID and location into its two Bloom filters which

are known as the ID filter and the location filter respectively. Even though the intermediate

nodes do not store the complete copy of the claim, they have enough information in their two

Bloom filters to tell whether they have seen a claim previously. Figure 3-1 shows a simplified

example of mapping a node's ID and location in two Bloom filters. The upper Bloom filter

is similar to ID filter and lower Bloom filter is similar to location filter used in MELSeM.

The MELSeM protocol outline is as follows Initially, the location claim Ca of a node a

is multicasted to a number of randomly-selected witness nodes in the network via its one-hop

neighbors using geographic routing. A one-hop neighbor / of a has a certain probability p

to participate in the multicast. If it participates, it becomes one of the witness nodes for a

and continues to forward the location claim Ca to a randomly-selected location. The node

closest to this randomly selected location receives the location claim C, and becomes another

witness node w by storing C,. All the intermediate nodes on the routing path P from / to

w store just the Bloom filter representations of IDa and la in their ID filters and location









CHAPTER 5
CONCLUSION

5.1 Future Work Scope

The primary focus of the approach in this thesis is to reduce the memory requirements of a

sensor network and still be able to effectively detect node replication attacks. The MELSeM

protocol proposed, induces slightly higher communication cost on the network compared to

LSM since an instance of replication detection has to be propagated till the witness node

which has the location-claim and can take corrective action. This additional communication

leads to more energy consumption. A future enhancement would be to reduce the energy

consumption of the network as much as possible.

In LSM as well as in MELSeM, k random line segments are used to store location-claim

information. When line segments are drawn at random in a convex area, they pass through

the central region more frequently than other regions. So the network will have higher

node density in the central region of the network. These nodes in the central region of the

network incur higher memory and energy overhead than the nodes at the periphery. This

is called the crowded center problem Conti et al. [9] solve the crowded center by the use

of a periodically renewed pseudo random number on a network wide scale. However, the

infrastructure required for this solution may not be alv--, available in the network. To

reduce the energy and memory burden on the nodes in the central region of the network,

without relying on additional infrastructure can be an interesting area for future research.

The other problem with line segments method is that, when two line segments intersect

they might not intersect at a node. When such an intersection happens, no common node

has sufficient information to detect node replication attack. Further research to handle such

occurrences can be done.

The node replication detection probability of MELSeM is similar to that of LSM and is

in the range of 85-95' Although this amount of accuracy is not bad, it is desirable to attain

a detection probability and accuracy of 10' in the future.













3500

3000

2500

2000

1500

1000


500


1000 2000 3000 4000 5000 6000 7000 8000 900010000
Number of nodes

Figure 4-2. Average memory consumption


30000


25000


20000


15000


10000


5000


0


1000 2000 3000 4000 5000 6000 7000 8000 900010000
Number of nodes


Figure 4-3. Maximal memory consumption


LSM 1
MELSeM -x






-





._--x-----x----
.. ..- .X .X. .. .X . .- X .

I-




Full Text

PAGE 1

1

PAGE 2

2

PAGE 3

3

PAGE 4

Firstandforemost,IthankDr.Chenforhisinvaluableguidance.Withouthisencouragementthisthesiswouldnothavebeenpossible.MysupervisorycommitteemembersDr.PrabhatMishraandDr.AlinDobraprovidedeectivepositivecommentsandsuggestionsforwhichIamgratefultothem.Iamfortunateforhavingextremelylovingandcaringparents.Theyhavebeenasteadfastsupportallthroughmyeducationandhaveconstantlybeenasourceofmotivation.Iamalsothankfultomyfriends.EspeciallyAparnaVenkatesan,RebeccaDavidandMingZhangfortheirsuggestions. 4

PAGE 5

page ACKNOWLEDGMENTS ................................. 4 LISTOFFIGURES .................................... 6 ABSTRACT ........................................ 7 CHAPTER 1INTRODUCTION .................................. 8 2BACKGROUNDANDRELATEDWORK ..................... 11 2.1Background ................................... 11 2.1.1SensorNetworks ............................. 11 2.1.2NodeReplicationAttacks ........................ 11 2.2Models ...................................... 12 2.2.1NetworkModel ............................. 12 2.2.2AdversaryModel ............................ 12 2.3RelatedWork .................................. 13 2.3.1CentralizedSolution ........................... 13 2.3.2LocalizedSolution ............................ 13 2.3.3DistributedSolutions .......................... 13 3THEMELSeMPROTOCOL ............................ 17 3.1BloomFilter ................................... 17 3.2MELSeMProtocolOutline ........................... 18 3.3MELSeMDetails ................................ 19 3.4Impactoffalsepositive ............................. 21 4SIMULATIONSANDANALYSIS .......................... 22 4.1MemoryPerformance .............................. 22 4.2EnergyPerformance .............................. 26 4.3DetectionProbability .............................. 26 5CONCLUSION .................................... 28 5.1FutureWorkScope ............................... 28 5.2Summary .................................... 29 REFERENCES ....................................... 30 BIOGRAPHICALSKETCH ................................ 32 5

PAGE 6

Figure page 3-1AsimpliedexampleofmappingofIDandlocationofanode'sclaimintwodistinctBloomltersstoredateachintermediatenode. .............. 18 3-2AnexampleofreplicadetectionprocessusedinMELSeM ............ 20 4-1Anexampleof5%incrementalsubareas ...................... 23 4-2Averagememoryconsumption ............................ 24 4-3Maximalmemoryconsumption ........................... 24 4-4Averagememorydistribution ............................ 25 4-5DetectionProbabilityofLSMandMELSeMinauniformlydeployedsquareareawithdierentnodedensities ............................. 27 6

PAGE 7

Lowcostavailabilityofsensornodesmakesthemanattractivechoiceforsensornetworksandtheirapplications.Tokeepthecostslow,sensornodesaregenerallyunshielded.Thisunshieldednatureofsensor-networknodescombinedwiththeireaseofdeployment,makesthemvulnerablebecauseanadversarycancapturethesenodes,copysecurityinformationtomakereplicasanddeploythereplicasinthenetworktorendermaliciousattacks.Replicationattackscanbeextremelyhazardoustoanetworkifdoneinastrategicway.Foranynodereplicationdetectionprotocol,thethreemostimportantdesignissuesarememoryusage,detectionprobabilityandenergyconsumption.Previousnodereplicationdetectionschemeseitherincurlargememoryoverheadorconsumeexcessiveenergy,particularlyinthecentralregionofthenetwork.ThisthesispresentsaMemoryEcientLine-SelectedMulticast(MELSeM)algorithmwhichusesecientbloomlterdatastructure.WeproposeanoveldistributedtechniquefordetectingnodereplicationattacksusingMELSeM.MELSeMreducestheaveragememoryoverheadofthenetworkbynearly70%thanthepreviousdistributedschemeswhileachievingnearlysamedetectionprobability. 7

PAGE 8

AWirelessSensorNetwork(WSN)isanetworkofwirelesssensornodesordeviceswhichworkcooperativelytoachieveacommonpurpose.TherearenumerousapplicationsofWSNsrangingfrommilitaryuseandsurveillance,tociviluse.Thelowcostavailabilityandeaseofdeploymentofsensornodesmakesthemanattractivechoicefortheseapplications.Furthermore,thesenetworksarehighlyscalableasaddingandremovingnewnodestothemisfairlysimple.Newnodescanjoinsuchanetworkwithoutadministrativeinterventionorwithoutcommunicationwithacentralauthoritysuchasabasestation.Thesenodesonlyneedtoinitiateaneighbordiscoveryprotocol[ 7 13 ]bybroadcastingtheirpre-storedcredentials. SecurityisoneofthekeyconcernsfortheproperfunctioningofWSNs,especiallyinmilitaryapplicationsinwhichsensornodesaredeployedinenemyterritorytocarryoutcriticalfunctions[ 3 ].Tobeabletoproducesensornodesatlowcoststheyarenotusuallyprovidedwithtamper-proofhardwareorshieldingthatcandetectpressure,voltageandtemperaturechanges[ 11 20 22 ].Theunshieldednatureofthenodescanbeexploitedbyanadversarytoaccessasensor'sinternalstate.Ifanadversaryisabletocaptureasensornodeandextractitsencryption/authenticationkeys,itcancopythosekeystoothergenericnodestocreateseveralreplicasandinsertthemintothenetworkatstrategiclocations,whichiscommonlyknownasnodereplicationattack.Nodereplicationattackscanrenderthenetworksusceptibletolargeclassofharmfulattacks[ 4 6 ].Ifthereplicasareplacedatwiselychosenlocations,theycanrevokelegitimatenodes,injectfalsedata,spyforcriticalinformationandmayevendisconnectthenetworkbyinvokingnoderevocationprotocolsthatarebasedonthresholdvotingschemes[ 7 10 13 17 ]. Themaintechnicalchallengeindetectingnodereplicationattacksarisesfromthememoryconstrainednatureofsensornodes.Ifasingleauthenticationkeyisbeingusedattwoormoredistinctlocationsinthenetwork,itmeanstherehasbeenreplication.Aneective 8

PAGE 9

1 ]forlow-endsensors,restrictstheamountofauthenticationinformationthatcanbestoredateachnode.Thelimitedbatterylifeofsensornodes,alsorestrictstheamountofenergythatcanbespentonreplicationdetection.Thusmemoryeciency,energyeciencyanddetectionprobabilityaretheprinciplecriteriafordetectionofreplicationattacks. Previousschemestodetectnodereplicationattackseitherincurhighmemoryoverheadorhighenergyoverheadorboth.Therstsolutionsforreplicationdetectionincludecentralizedschemes[ 13 ]andlocalizedvotingprotocols[ 7 ].However,theformerusuallyrelyonabasestation(BS)andhavetheproblemofsinglepointoffailure;thelattercannotdealwithdistributednodereplicationattacks,inwhichreplicasareplacedatleasttwohopsawayfromeachother.Afullydistributedsolutionisneededthatcandetectreplicasanywhereinthenetworkandyetincursmallmemoryandenergyoverhead. In[ 18 ],Parnoetal.proposedadistributeddetectionschemecalledLine-SelectedMulticast(LSM)whichutilizesnetworktopologytoselectwitnessnodesforanode'slocationandexploitsgeometricalpropertiesofthenetworktodetectreplicas.InLSM,foreachnodeinthenetworkadigitally-signedlocation-claimisgeneratedandstoredalongrandomlychosenklinesegments.Usuallyauniquekeyisusedtosigneachlocationwhichisstoredatthatlocation.Whenanodereplicaiscreateditusesthesamekeyasthenodetosignadierentlocationwhereitisplaced.Parnoetal.[ 18 ]showthatwhenkissucientlylarge,thelinesegmentsoftwoconictinglocationclaims(signedwiththesamekeyfordistinctlocations)intersectwithahighprobability.Thereplicationattackisdetectedattheintersectionnodesinceitcanseeboththeconictinglocationclaimsi.e.twolocationsforthesamenode.ThoughLSMprovidesadistributedsolution,ithasitsowndrawbacks.ItisshownthroughsimulationsinChapter 4 thatinanetworkofnnodes,inLSM,eachnodehastostoreO(kp 9

PAGE 10

14 ]toaccomplishouralgorithm.MELSeMreducesthenumberoflocationclaimsstoredateachsensornodetoO(k)fromO(kp Therestofthethesisisorganizedasfollows:backgroundandrelatedworkisdiscussedinChapter 2 .TheMELSeMprotocolispresentedinChapter 3 .InChapter 4 ,wepresentoursimulationresultsandcompareMELSeMwithLSM.Finally,inChapter 5 wediscussfutureworkdirectionsandwrapup. 10

PAGE 11

1 ].Duetotheprocessingcapabilityofthesensornodes,numerousapplicationsaredevelopedbasedonthem,especiallymilitaryapplications.Someotherexamplesoftheseapplicationsincludeburglaralarms,emergencyresponse,habitatmonitoring,battleeldsurveillance,homeautomationandtraccontrol.Thetypicalcharacteristicsoflowcostsensornodesincludenoshieldingorprotectionlayeringandlimitedbatterylife.Anotherimportantcharacteristicofsensornodesisthattheyareeasytodeploy.Theycanbeaddedtoanetworkwithoutadministrativesupervision.Duetothesecharacteristicstheyaresusceptibletoattacksfromanadversary. 11

PAGE 12

9 18 ]. 15 ]ispossibleinwhich,apacketcanberoutedhopbyhopuntilitreachesthedestination.Similarto[ 18 ]wealsoassumethatclocksofsensornodesarelooselysynchronized[ 12 ]andidentitybasedpublickeysystem[ 8 19 ]isused.Eachnode,byusingitsprivatekey,canestablishapairwisesecretwithitsneighboringnodesformutualauthenticationandalsocanproduceadigitalsignaturethatcanbeveriedbyothernodesinthenetwork. ThelocationclaimofanodeisrepresentedasC=hID;l;[H(ID;l)]K1i,whereIDisitsuniqueID,lisitslocation,HisahashfunctionandK1isitsprivatekey. AnodewhichstoresthecompletelocationclaimCfornodeandwhichcanverifytheidentityofiscalleditswitnessnode. 9 18 ]wemaketheassumptionthatanyclonednodehasatleastonelegitimateneighboringnode.Wealsoassumethatthenodesunderenemycontrolcancommunicateandcollaboratewithother 12

PAGE 13

13 ]scheme,eachnodesendsalistofitsneighborsandtheirlocationclaims,toacentralauthoritylikeaBaseStation.Thebasestationsearchesforthelistsofduplicateclaimsandndsexistingconicts.Thedisadvantageofthisapproachisthat,thereisasingleauthoritytoperformthischecking.Ifthisauthorityfailsoriscompromised,theentirenetworkcanbecompromised.Thusitsuersfromthewellknownsinglepointoffailureproblem.Theotherdisadvantageisthatsomeapplicationsmaynotusebasestationsatall.Furthermore,inthisapproachthenodesnearthebasestationsgetexhaustedsoonerandbecomeattacktargets. 7 ]scheme,neighborsofanodeusevotingprotocolsandcometoaconclusionabouttheauthenticityofanode.Theprincipaldrawbackofthisapproachisthatreplicationisaglobaleventandcannotbedetectedifdonejustlocally,whichmeansthatthismethodfailstodetectreplicasthataretwohopsawayfromthelocality. 9 18 23 ]requireeachnodeinthenetworktosignitsactuallocationwithitsprivatekeyinalocationclaim.Thecorrectnessofaclaimandthesignatureofthenodeisveriedbyitsneighboringnodes.Ifanoderefusestoprovideitslocationclaim,theneighborsofthenodecutitofromthenetworkanddenyanycommunicationwithit.Todetectreplicationattackswecheckifthesameprivatekeyisusedtosigntwoormorelocationclaims.Ifaprivatekeyhasbeenusedmorethanonceweconcludethatthenodewhichownstheprivate 13

PAGE 14

Inthedistributedsolutionsbasedonlocationclaimstheidentity-basedpublickeysystem[ 8 19 ]isusedinwhicheverynodestoresitsownprivatekeyandamasterpublickey.TheprivatekeyofanodeiscomputedusingitsnodeIDandamasterprivatekey.Thiscomputationisdonebeforethenodeisdeployedinthenetwork.Themasterprivatekeyiskeptsecretandnotloadedonanyofthenodes.Toverifythesignatureofalocationclaim,onlythepublickeyofthenodewhichproducestheclaimneedstobecomputed.ThepublickeyofanodecanbecomputedusingitsnodeIDandthemasterpublickey.Location-claimsaresaidtobeconictingwitheachotheriftheyhavesamenodeIDandsignaturebuttheirphysicallocationsaredierent.Asmentionedinsubsection 2.2.2 ,anadversaryhaslimitedcontrol,henceitwillnotbeabletoproduceavalidpairofnodeIDandprivatekeywhichcanpotentiallygenerateaveriablesignature,withouttheknowledgeofthemasterprivatekey.ThustheonlyoptionanadversaryhasistoproducereplicasbycopyingtheprivatekeysandnodeIDsofcompromisednodesontogenericnodes. Onebasicdierencebetweentheexistingdistributedsolutionsfordetectingnodereplicationattacksisthemannerinwhichtheystorelocationclaims,whichhasasignicantimpactonthememoryandcommunicationoverheadofthenetwork.Thesimplestsolutionistouseanetworkwidebroadcastprotocolwhereeachlocationclaimisbroadcasttoeverynodeinthenetworkandstoredateachofthem.Althoughthismethodcanachieve100%accuracyanddetectionprobability,itisnotfeasiblesinceitincurstremendousmemoryandcommunicationoverhead.Anothersolutionistostorethelocationclaimofanodeatapseudo-randomlocationinthenetworkthatisdeterminedbytheIDofthenode.Inthissolution,theconictingclaimswouldbeforwardedtothesamelocationforverication.The 14

PAGE 15

18 ] Tosolvethisproblemofpredictability,onesolutionistomakethelocationwhereaclaimwillbestoredunpredictable.Whichimplieswestoreeachclaimatrandomunpredictableplacesinthenetwork.Parnoet.al.in[ 18 ]usedthisapproachandproposedtwodistributedsolutionsnamelyRandomizeMulticast(RM)andLine-SelectedMulticast(LSM)thatstoreclaimsatrandomlocationsinthenetwork.InRM,eachlocationclaimisstoredatO(p 2.2.1 ),wherenisthenumberofnodesinthenetwork.Thebirthdayparadox[ 16 ]assuresthatacommonwitnessnodewillreceiveanytwoconictingclaimswithahighprobability.ThiswitnessnodewillbeabletodetectreplicationattacksinceitwouldhavetwoclaimswithsameIDsbutwithdierentlocations.Thewitnessnodewillthenbroadcasttheclaimtotheentirenetworkinformingthatthenodetowhichtheclaimbelongshasbeencompromised.ThecompromisednodeandallitsreplicaswiththesameIDarethencutofromthenetwork.TheproblemwithRMprotocolisthateachnodehastostoreO(p AlthoughLSMreducesthecommunicationoverheadinRM,itstillhasitsowndrawbacks.FirstproblemisthateachnodeinLSMisrequiredtostoreO(kp 15

PAGE 16

18 ].Moreover,sinceweknowthatthesecurityofadigitalsignaturedependsonitssize,thesizeofeachlocationclaimshouldbereasonablylargetoachievehigh-levelsecurity.Usually,thesizeofaclaimwouldbemorethan40bytessincedigitalsignaturerequires40bytesaccordingtoDSS[ 2 ].Thememoryofsensornodesislimitedanditisrequiredtoperformmanyotherfunctionssuchascommunication,measurementsandcomputations.ThismeansthatstoringO(kp 9 ].Thusanodeinthecentralregionofthenetworkareawouldhavetostoremuchmoreclaimsthanthenodesattheperiphery.Thisstoragerequirementcanbesohighforthenodesatthecenterthatmanyofthemmightcrashjustbecauseofmemoryoverow. Thegoalinthisthesisistoreducethememoryoverheadofthenetwork.WeuseanapproachsimilartoLSMwhiledevisinganoveldistributedprotocolusingecientBloomltersfordetectingnodereplicationattacks.InChapter 3 wedescribeourMELSeMprotocolindetail. 16

PAGE 17

WehaveusedBloomlterdatastructureinMELSeMprotocol.SowediscussBloomlterinthenextsectiontolaythefoundationforunderstandingMELSeM.WegivetheoutlineandbasicideabehindMELSeMinsection 3.2 anddescribeMELSeMprotocolindetailwithanexampleinsection 3.3 5 ]. TheBloomlterbeginsasanarrayofall0s.Thepurposeofthislteristosupportmembershipqueriesbyindicatingthepresenceorabsenceofanelementinaset.Wheneveranewitemzistobeaddedtoaset,itishashedutimesusingudierenthashfunctions,whereucanvaryasperneed.Eachoftheseuhashesresultinabitlocationinthearraywhichissetto1.Totestthemembershipofanelementz0intheset,similarhashingisrepeatedandthecorrespondingbitsarecheckedinthearray.Ifallthesebitshavebeensetto1,theelementmightbepresentintheset.Notethatwearesayingthattheelementmightbepresentinthesetbecausethecorrespondingbitsmightbesetto1asaresultofinsertionofotherelementsintheset.ThispropertyofBloomlterwhereitindicatesthatanelementispresentinthesetwhenitisactuallynotpresentiscalledfalsepositive.TheprobabilityoffalsepositivePBforaBloomlterasper[ 5 ]ism)u: wheresisthenumberofelementsintheset,uisthenumberofhashfunctionsusedandmisthenumberofbitsintheBloomlterarray.AnotherinterestingpropertyofBloomlteristhatithasnofalsenegativei.e.ifitrepresentsthatanelementisnotpresentintheset,thatmeansthattheelementisactuallynotpresentinthesetandis100%accurate. 17

PAGE 18

AsimpliedexampleofmappingofIDandlocationofanode'sclaimintwodistinctBloomltersstoredateachintermediatenode. 2.2.1 storethecompletelocationclaimswhileintermediatenodesarethenodeswhichstoreonlytheBloomlterrepresentations.ForstoringtheseBloomlterrepresentations,theintermediatenodesinsertanynode'sIDandlocationintoitstwoBloomlterswhichareknownastheIDlterandthelocationlterrespectively.Eventhoughtheintermediatenodesdonotstorethecompletecopyoftheclaim,theyhaveenoughinformationintheirtwoBloomlterstotellwhethertheyhaveseenaclaimpreviously.Figure 3-1 showsasimpliedexampleofmappinganode'sIDandlocationintwoBloomlters.TheupperBloomlterissimilartoIDlterandlowerBloomlterissimilartolocationlterusedinMELSeM. TheMELSeMprotocoloutlineisasfollows-Initially,thelocationclaimCofanodeismulticastedtoanumberofrandomly-selectedwitnessnodesinthenetworkviaitsone-hopneighborsusinggeographicrouting.Aone-hopneighborofhasacertainprobabilityptoparticipateinthemulticast.Ifitparticipates,itbecomesoneofthewitnessnodesforandcontinuestoforwardthelocationclaimCtoarandomly-selectedlocation.ThenodeclosesttothisrandomlyselectedlocationreceivesthelocationclaimCandbecomesanotherwitnessnodewbystoringC.AlltheintermediatenodesontheroutingpathPfromtowstorejusttheBloomlterrepresentationsofIDandlintheirIDltersandlocation 18

PAGE 19

OntheforwardingpathfromtoldestwheneveranynodereceivesC,atwo-phaseconictcheckisperformedbyittotestifanyconictingclaimscanbedetected.Intherstphase,thesignaturepresentinCisveriedby.Ifthelocationclaimappearstobeinvalidorfake,itisdroppedimmediately.Thenbeingawitnessnodeforothernodesinthenetwork,itcomparesCwiththelocationclaimsstoredlocallywithit.IfndsaclaimconictingwithC,areplicationattackisdetected.Ittheninvokesarevocationprotocol,inwhichtheconictingclaimsareforwardedtothewitnessnodes.Therstwitnessnodetoreceivethisinformationbroadcaststheconictingclaimstotheentirenetworksothatthereplicationattackcanbetakencareof.Ifnodedoesnotdetectanyconictingclaims,theMELSeMprotocolproceedstophasetwo. Inphasetwo,therearetwopossiblecases.TherstcaseiswherenodendsmappingforIDinitsIDlterwhilethereisnomappingforlinitslocationlter.Thismeans 19

PAGE 20

AnexampleofreplicadetectionprocessusedinMELSeM thatthereareconictingrepresentationsinthelters.ItimpliesthataconictingclaimC0withthesameIDandadierentlocationl0hasgoneviaandleftitstrailinthelters. Inthesecondcaseofphasetwo,whenthenodedoesnotndIDinitsIDlterorlinitslocationlter,thenewlyarrivedclaimCistreatedasalegitimateclaim.Thisclaimisapprovedofhavingpassedthetwo-phaseconictcheck.ThentriestoforwardCtowardsldest.Iftherearenoothernodesclosetoldest,storesthelocationclaiminitsmemoryandactsasawitnessnodeitself.Elseifthereisanothernodeclosertoldest,forwardstheclaimtothatnodeandactsasanintermediatenodebymakingappropriateentriesinitstwoBloomltersforIDandl.ThisexplainstheworkingofMELSeMprotocol. Figure 3-2 showsanexampleofhowreplica'saredetectedinMELSeM.Alocationclaimforwardingpathisshownusingsolidarrowswhilethedashedarrowsshowtheactiontakenbyanintermediatenodeuponreplicadetection.NodeinitiatesarevocationprotocolbylocallybroadcastingCandC0toitsone-hopneighbors.Amongtheseneighbors,theonesthatndconictswithCorC0intheirBloomlterscontinuethisone-hoplocalbroadcastuntiltheclaimeventuallyreachesoneofthewitnessnodes,whichthennotiestheentirenetworkaboutthereplicationattack. Itisworthnotingthatduringtherevocation,notjustthereplicanodebutalsothelegitimatenodethathasbeencompromisedisremoved.Thereasonforthisisthat,acompromisednodecanbeduplicatedanynumberoftimesandwewanttopreventit. 20

PAGE 21

m)u(1(1esu m)u)(3{2) Theprobabilityoffalseinitiationofrevocationcanbemadenegligiblebyadjustingvariousparameters.ForexamplebyincreasingthenumberofbitsmintheBloomlterarrayorbyincreasingthenumberofhashfunctionsuusedetc.WehavefoundthroughextensivesimulationsthatthisprobabilityissosmallthatithardlyevercausestheMELSeMprotocoltofalselyreportareplicationattack. 21

PAGE 22

18 ]weassumebidirectionalcommunicationmodelwithlinksbetweenone-hopneighbors.Weselecttransmissionrangesuchthateachnodehasapproximately20neighbors.Locationclaimsareforwardedbysimulatingasimpliedgeographicroutingprotocol[ 15 ]whereanodegreedilyforwardsalocationclaimtotheneighborclosesttothedestination.Whenanodendsnonodeclosertothedestination,forwardingisstopped.WeusesixlinesegmentsforLSM(asorginallyusedin[ 18 ])aswellasforMELSeM.Wecompromisearandomnodeinthenetworkandinsertitsonereplicaatarandomlocationinthenetwork.Wealsoconsiderthecasesformultiplereplicas.Wecreate100randomnetworkgraphsforeachnetworksizeandcalculatetheaverageforresults. Foroursimulationswehaveassumedthatthesizeofeachlocationclaimis46byteswhere2bytesareforID,4bytesforlocation(xandycoordinates)and40bytesforthedigitalsignatureasperDSS[ 2 ].WeadjustthenumberofbitsmandnumberofmembersstobeinsertedintheBloomltersuchthatm/s=15.Thismeansweuse15bits;alongwith7hashfunctionsutostoreanelementinaBloomlter. Figure 4-1 showsasquaredeploymentareawhichisdividedinto20equalsub-areas.Eachofthesesub-areasaccountsfor5%ofthedeploymentregion.Thenumberingofsub-areasisdonefrom0through19,withthecentralsub-areabeingnumber0andtheoutermostsub-areabeing19. 1 ],soitisacriticalresource.Asensornodehastoperformvariousfunctionsinanetworkssuchascommunication,measurements,collaboration,computationsetc.Thusthememorythatmightbeavailable 22

PAGE 23

Anexampleof5%incrementalsubareas forsecuritypurposesincludingreplicationdetectioncanbeverylimited.ThebasicdierencebetweenLSMandMELSeMisthatinLSMeverynodeinthenetworkstoresacompletecopyofthelocationclaimwhereasinMELSeMonlywitnessnodesstorethecompletecopyoflocationclaim.TherestofthenodesinMELSeMstoreonlytheBloomlterrepresentationsofthelocationclaimsthatpassthroughthem.StoringseveralhundredsofcompletelocationclaimswillleadtomemoryoverowofnodesinLSM,whichmightcausethenodestocrash.TheecientuseofBloomltersinourprotocoldrasticallyreducesthememoryrequirementofthenetwork,preventingthenodesfrommemoryoverowsandcrashing. Figure 4-2 showsaveragememoryconsumptionbyLSMandMELSeMfordierentnetworksizes.Asitcanbeobserved,thememoryconsumptionincreasesasnetworksizeincreases.ThisisbecauseeachnodeinthenetworkhastostoremoreinformationeitherintheformoflocationclaimsorBloomlterrepresentations.MELSeMreducesthememoryoverheadofthenetworkbynearly70%comparedtoLSM. Figure 4-3 showsthemaximalmemoryconsumptionforLSMandMELSeM.Maximalmemoryconsumptionisthemaximumamountofmemoryconsumedbyanodeinthe 23

PAGE 24

Averagememoryconsumption Figure4-3. Maximalmemoryconsumption 24

PAGE 25

Averagememorydistribution network.ItisclearfromthegurethatformostnetworksizesthemaximalmemoryconsumptionofLSMexceeds10KBwhichcaneasilyexhaustthememorycapacityoflow-endsensornodes.Inthisscenario,MELSeMstandsout,whichcanreducethememoryoverheadofthenetworkupto85%. Figure 4-4 showsthedistributionofmemoryconsumptionforLSMandMELSeMinanetworkof5000nodes.Asdescribedinsimulationsettingsatthebeginningofthischapter,thenetworkisdividedinto20equalsub-areasasshownin 4-1 .ItisquiteclearthatLSMconsumesalotmorememoryinthecentralsub-areasthanintheoutersub-areas.Ontheotherhand,MELSeMbalancesthememoryconsumptionacrossallsub-areasevenly.ThisisbecauseLSMhasmorewitnessnodes(storingcompletecopiesoflocationclaims)concentratedinthecentralregionofthenetworkwhereasinMELSeMwitnessnodesareevenlyspreadacrossthenetwork.MELSeMalsohasmanyintermediatenodesconcentratedinthecentralregion,howevertheircumulativememoryconsumptionisnottoohighbecausetheyusespaceecientBloomltersinsteadofstoringthecompleteclaims. 25

PAGE 26

21 ]inwhichanewnodehasatotalof324,000mJofavailableenergy.Bitsendingcosts0.059mJandbitreceivingcosts0.028mJ.Fromoursimulationswefoundthat,MELSeMincursapproximately3%moreenergyconsumptiononaveragethanLSM.ThisisbecauseinLSM,anyintermediatenodewhichdetectsreplicationcanitselfbroadcastboththeconictingclaimstothenetworksinceithasthecompletecopyoflocationclaim.WhereasinMELSeM,extracommunicationisrequiredfortherevocationprotocolinwhich,theintermediatenodesendstheconictingclaimstothewitnessnodessincetheintermediatenodeitselfdoesn'thavethecompletecopyoflocationclaim.ThoughtheenergyconsumptionofMELSeMisslightlyhigherthanLSM,itisquiteacceptableconsideringtheamountofmemorysavingsachievedthroughMELSeM. Intermsofcommunication,sinceweassumethatthelengthofonelinesegmentisO(p 4-5 showsthedetectionprobabilityofLSMandMELSeMforauniformlydeployedsquareareawithnodedensitiesrangingfrom1000through10000.ItisclearfromthegurethatPdrangesfrom85%to95%forbothLSMandMELSeMandisapproximatelysameforbothprotocols.Onemightthinkthatincreasingthenumberofreplicasinthenetworkisharmful,butitactuallyimprovesthedetectionprobabilitysincetherewillmoreline-segmentsinthenetworkwhichincreasethechancesofconictingclaimsbeingcaught. 26

PAGE 27

DetectionProbabilityofLSMandMELSeMinauniformlydeployedsquareareawithdierentnodedensities 27

PAGE 28

InLSMaswellasinMELSeM,krandomlinesegmentsareusedtostorelocation-claiminformation.Whenlinesegmentsaredrawnatrandominaconvexarea,theypassthroughthecentralregionmorefrequentlythanotherregions.Sothenetworkwillhavehighernodedensityinthecentralregionofthenetwork.Thesenodesinthecentralregionofthenetworkincurhighermemoryandenergyoverheadthanthenodesattheperiphery.Thisiscalledthecrowdedcenterproblem.Contietal.[ 9 ]solvethecrowdedcenterbytheuseofaperiodicallyrenewedpseudorandomnumberonanetworkwidescale.However,theinfrastructurerequiredforthissolutionmaynotbealwaysavailableinthenetwork.Toreducetheenergyandmemoryburdenonthenodesinthecentralregionofthenetwork,withoutrelyingonadditionalinfrastructurecanbeaninterestingareaforfutureresearch. Theotherproblemwithlinesegmentsmethodisthat,whentwolinesegmentsintersecttheymightnotintersectatanode.Whensuchanintersectionhappens,nocommonnodehassucientinformationtodetectnodereplicationattack.Furtherresearchtohandlesuchoccurrencescanbedone. ThenodereplicationdetectionprobabilityofMELSeMissimilartothatofLSMandisintherangeof85-95%.Althoughthisamountofaccuracyisnotbad,itisdesirabletoattainadetectionprobabilityandaccuracyof100%inthefuture. 28

PAGE 29

29

PAGE 30

[1] Sensornode.[internet]Wikipedia;[updated2009June29;cited2009June30].Availabefrom: http://en.wikipedia.org/wiki/Sensor node [2] Digitalsignaturestandard.FIPSPUB186-3,March,2006. [3] I.F.Akyildiz,W.Su,Y.Sankarasubramaniam,andE.Cayirci.Wirelesssensornetworks:asurvey.InternationalJournalofComputerandTelecommunicationsNet-workingElsevier,38(4):393-422,Mar.2002. [4] A.Becher,Z.Benenson,andM.Dornseif.Tamperingwithmotes:real-worldphysicalattacksonwirelesssensornetworks.InProceedingsofthe3rdInternationalConferenceonSecurityinPervasiveComputing(SPC),pages104-118,2006. [5] A.BroderandM.Mitzenmacher.Networkingapplicationsofbloomlters:Asurvey.InProceedingsofAllertonConference,2002. [6] S.CapkunandJ.P.Hubaux.Securepositioningofwirelessdeviceswithapplicationtosensornetworks.InINFOCOM,pages1917-1928,2005. [7] H.Chan,A.Perrig,andV.D.Song.Randomkeypredistributionschemesforsensornetworks.InProc.ofIEEESymposiumonSecurityandPrivacy(S&P'03),May.2003. [8] C.Cocks.Anidentitybasedencryptionschemebasedonquadraticresides.InPro-ceedingsofthe8thIMAInternationalConferenceonCryptographyandCoding,pages360-363,London,UK,Springer-Verlag.,2001. [9] M.Conti,R.D.Pietro,andL.V.Mancini.Arandomized,ecient,anddistributedprotocolforthedetectionofnodereplicationattacksinwirelesssensornetworks.InProc.ofthe8thACMInternationalSymposiumonMobileAdHocNetworkingandComput-ing(MobiHoc'07),pages80-89,2007. [10] J.R.Douceur.Thesybilattack.InProceedingsofWorkshoponPeer-to-PeerSystems(IPTPS).,Mar.2002. [11] J.Dyer,M.Lindemann,R.Sailer,L.VanDoorn,S.W.Smith,andS.Weingart.Buildingtheibm4758securecoprocessor.IEEEComputer,2001. [12] J.Elson,L.Girod,andD.Estrin.Fine-grainednetworktimesynchronizationusingreferencebroadcasts.SIGOPSOperatingSystemsReview,36(SI):147-163,2002. [13] L.EschenauerandV.Gligor.Akey-managementschemefordistributedsensornetworks.InProc.oftheACMConferenceonComputerandCommunicationSecu-rity(CCS),Nov.2002. [14] V.D.Gligor.Securityofemergentpropertiesinad-hocnetworks.InProc.ofInterna-tionalWorkshoponSecurityProtocols,Apr.2004. 30

PAGE 31

B.KarpandH.T.Kung.Gpsr:Greedyperimeterstatelessroutingforwirelessnetworks.InProceedingsofthe6thAnnualACM/IEEEInternationalConferenceonMobileCom-putingandNetworking(MobiCom'00),pages243-254,2000. [16] A.J.Menezes,S.A.Vanstone,andP.C.V.Orschot.Handbookofappliedcryptography.CRCPress,Inc.,1996. [17] J.Newsome,E.Shi,D.Song,andA.Perrig.Thesybilattackinsensornetworks:Analysisanddefenses.InProceedingsofIEEEConferenceonInformationProcessinginSensorNetworks(IPSN).,Apr.2004. [18] B.Parno,A.Perrig,andV.D.Gligor.Distributeddetectionofnodereplicationattacksinsensornetworks.InProc.of2005IEEESymposiumonSecurityandPrivacy(S&P'05),pages49-63,Washington,DC,USA,2005. [19] A.Shamir.Identity-basedcryptosystemsandsignatureschemes.InProceedingsofCRYPTO84onAdvancesincryptology,pages47-53,Springer-VerlagNewYork,Inc.,1985. [20] S.W.SmithandS.Weingart.Buildingahighperformance,programmablesecurecoprocessor.ComputerNetworks,SpecialIssueonComputerNetworkSecurity.,Apr.1999. [21] A.Wander,N.Gura,H.Eberle,V.Gupta,andS.C.Shantz.Energyanalysisofpublic-keycryptographyforwirelesssensornetworks.InProceedingsoftheThirdAnnualIEEEInternationalConferenceonPervasiveComputingandCommunications(PER-COM'05),pages324-328,2005. [22] S.WeingartandS.Weingart.Physicalsecuritydevicesforcomputersubsystems:Asurveyofattacksanddefenses.InCryptographicHardwareandEmbeddedSystems(CHES).,Aug.2000. [23] BoZhu,VenkataGopalaKrishnaAddada,SanjeevSetia,SushilJajodia,andSankardasRoy.Ecientdistributeddetectionofnodereplicationattacksinsensornetworks.ComputerSecurityApplicationsConference,volume0,pages257-267,issn1063-9527,LosAlamitos,CA,USA,2007. 31

PAGE 32

VishalisfromthecityofLatur,whichisinMaharashtrastateofIndia.Hedidhisbachelor'sincomputerscienceandengineeringfromGovernmentCollegeofEngineering{Aurangabad(2005).HeworkedwithCognizantTechnologySolutionsPvt.LtdinPuneasaProgrammerAnalystforoneandahalfyears.Hedidhismaster'sincomputerengineeringfromtheComputerandInformationScienceandEngineeringDepartmentattheUniversityofFlorida(2009).HisresearchinterestsincludeNetwork&SystemsSecurity,QualityofServiceinWirelessNetworks,Internetprotocols,DistributedSystemsandSecureEmbeddedSystems. 32