Detecting Node Replication Attacks in WSN

8/9/2019 Detecting Node Replication Attacks in WSN

1/13

Review

Detecting node replication attacks in wireless sensor networks: A survey

Wen Tao Zhu a,n, Jianying Zhou b, Robert H. Deng c, Feng Bao b

a State Key Laboratory of Information Security, Graduate University of Chinese Academy of Sciences, 19A Yuquan Road, Beijing 100049, Chinab Cryptography & Security Department, Institute for Infocomm Research, 1 Fusionopolis Way, Singapore 138632, Singaporec School of Information Systems, Singapore Management University, 80 Stamford Road, Singapore 178902, Singapore

a r t i c l e i n f o

Article history:

Received 5 September 2011

Received in revised form14 December 2011

Accepted 12 January 2012Available online 4 February 2012

Keywords:

Wireless sensor network

Security

Node replication attack

Detection

a b s t r a c t

A wireless sensor network (WSN) consists of a number of tiny, low-cost, and resource-constrained

sensor nodes, but is often deployed in unattended and harsh environments to perform various

monitoring tasks. As a result, WSNs are susceptible to many application-dependent and application-independent attacks. In this paper we consider a typical threat in the latter category known as the node

replication attack, where an adversary prepares her own low-cost sensor nodes and deceives the

network into accepting them as legitimate ones. To do so, the adversary only needs to physically

capture one node, extract its secret credentials, reproduce the node in large quantity, and then deploy

the replicas under her control into the network, possibly at strategic positions, to cripple various WSN

applications with little effort. Defending against such node replication attacks has recently become an

imperative research topic in sensor network security, and the design issues may involve different and

more threatening challenges than detecting typical application-dependent attacks. In this survey, we

classify existent detections in the literature, and explore the various proposals in each category. We

look into necessary technical details and make certain comparisons, so as to demonstrate their

respective contributions as well as limitations. We also present the technical challenges and indicate

some possible directions for future research.

& 2012 Elsevier Ltd. All rights reserved.

Contents

1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1023

2. Preliminaries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1024

2.1. Sensor Node Identity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1024

2.2. Network-related discussions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1024

2.3. Intrusion detection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1024

2.4. A quick overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1025

3. Centralized detection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1025

3.1. Straightforward scheme. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1025

3.2. Set operations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1026

3.3. Detecting cloned keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1026

3.4. Fingerprint verification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1026

3.5. Speed test. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10264. Distributed detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1027

4.1. Node-to-network broadcasting (N2NB). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1027

4.2. Deterministic multicast (DM) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1027

4.3. Randomized multicast (RM) and line-selected multicast (LSM). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1028

4.3.1. RM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1028

4.3.2. LSM. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1028

4.3.3. Countering counterattacks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1029

4.4. Single deterministic cell (SDC) and parallel multiple probabilistic cells (P-MPC) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1029

Contents lists available at SciVerse ScienceDirect

journal homepage: www.elsevier.com/locate/jnca

Journal of Network and Computer Applications

1084-8045/$- see front matter& 2012 Elsevier Ltd. All rights reserved.

doi:10.1016/j.jnca.2012.01.002

n Corresponding author. Tel.:86 10 88256432x411; fax:86 10 88255549.E-mail addresses: [email protected],[email protected] (W.T. Zhu), [email protected] (J. Zhou),[email protected] (R.H. Deng),

[email protected] (F. Bao).

Journal of Network and Computer Applications 35 (2012) 10221034
http://www.elsevier.com/locate/jncahttp://www.elsevier.com/locate/jncahttp://localhost/var/www/apps/conversion/tmp/scratch_3/dx.doi.org/10.1016/j.jnca.2012.01.002mailto:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]://localhost/var/www/apps/conversion/tmp/scratch_3/dx.doi.org/10.1016/j.jnca.2012.01.002http://localhost/var/www/apps/conversion/tmp/scratch_3/dx.doi.org/10.1016/j.jnca.2012.01.002mailto:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]://localhost/var/www/apps/conversion/tmp/scratch_3/dx.doi.org/10.1016/j.jnca.2012.01.002http://www.elsevier.com/locate/jncahttp://www.elsevier.com/locate/jnca


2/13


3/13

article presentation. Specifically, two indispensable building

blocks are introduced. We then generally categorize mainstream

detection methodologies intocentralizedanddistributedones, and

review the two categories inSections 3 and 4respectively. Such a

rudimentary classification is not very balanced since research

efforts have focused on the latter so as to conform to the

distributed nature of WSNs. Finally, Section 5 concludes this

article with certain comparisons, where we also indicate some

possible directions for future research.

2. Preliminaries

Before one can dive into the nuts and bolts of a concrete

replication detection protocol (particularly a distributed one),

there are certain building blocks that we need to make clear.

This also gives us a chance to conduct certain clarification and

classification.

2.1. Sensor Node Identity

Since sensor nodes are produced in large quantity out of the

same hardware, each node in a WSN is assigned and then identified

by its software identity, id for short. The replicated sensor nodes are

the same with the original node captured from the network;

everything including the id has to be cloned (though sometimes

based on their roles they may be strategically reprogrammed

slightly differently). If the secret credentials are cloned but the id

is not, the attack is very likely to fail. Herein the point lies in that a

key management scheme for WSNs can bind the keys preloaded to a

node to its id, so that all the cryptographic behaviors of a node are

tied to its id.

Take symmetric pairwise key assignment for example. If a

replicated node claims an id different from that of the originally

captured node, it will be immediately revealed when it is unable

to employ certain pairwise keys that it is supposed to possess (i.e.,

keys bound to the claimed id). Alternatively but more impor-

tantly, the id-based public key cryptosystem binds ones publickey (and thus the corresponding private key for signing a

message) to ones id. With an id-based signature scheme, it is

very convenient for a sensor node to authenticate itself to others,

and id-based signature has been necessarily adopted in replica-

tion detections since (Parno et al., 2005). Extensive discussions of

the id-based signature technique can be found in Parno et al.

(2005). Recent advances in id-based signature schemes for sensor

nodes (along with real implementation) can be found inLiu et al.

(2010).

An attack superficially similar to the node replication attack is

theSybilattack (Newsome et al., 2004), where one physical sensor

node gains an unfair advantage by claiming multiple ids. The Sybil

attack is also application-independent and enables one malicious

node to multiply its inputs to subvert many protocols likedistributed storage, routing, data aggregation, voting/agreement,

resource allocation, and so on (Newsome et al., 2004); it is just

like the opposite of replication attack, where one logical node id is

reused by multiple physical sensor nodes. The Sybil attack is

outside the scope of this survey article, but is often mentioned in

research efforts against replication attacks (e.g.,Parno et al., 2005;

Conti et al., 2007;Brooks et al., 2007;Zhu et al., 2007) as a related

note. Some (Conti et al., 2007) regard Sybil attack as orthogonal to

replication attack. Indeed, if an id-based signature scheme is

adopted, then the adversary cannot associate a compromised

node with extra ids due to not being able to generate the

corresponding private keys. Nevertheless, the id-based signature

only binds a nodes public/private key pair to its node id, but by

itself does not counteract the replication attack.

2.2. Network-related discussions

On a high level, the detection of sensor node replication

attacks can be either network-based or not. A typical (but perhaps

the only) instance in the latter case is found in Hussain and

Rahman (2009), where radio signal strength is utilized at a

receiver node to detect node replication (and other attacks like

the SybilNewsome et al., 2004one). The main idea is to harness a

physical characteristic (the radio fingerprint) (Zeng et al., 2010;Mathur et al., 2010), which is outside the realm of autonomous

network intrusion detection. As a result, the proposal is imprac-

tical for unattended and geographically widespread WSNs. Here-

inafter, we only consider network-based detections.

A WSN can be either stationary (which is the prevalent case) or

mobile, and replication detection scenarios in stationary and

mobile WSNs can be substantially different. The detection philo-

sophy for stationary WSNs, on a coarse level, is based on the

exclusiveness of nodelocation(Boukerche et al., 2007). That is, a

sensor node should be related to a unique deployment position; if

one logical node id is found to be associated with two or more

physical locations, node replication is detected. Clearly, this

principle is inapplicable to the emerging mobile WSNs, where

sensor nodes may roam in the deployment field all the time. So

far little (Yu et al., 2008;Ho et al., 2009b;Yu et al., 2009;Xing and

Cheng, 2010) has been done to address node replication detection

for mobile WSNs, but we have just made an effort in a separate

work (Zhu et al., 2011). Replication detection in a mobile WSN

involves significantly different scenarios and techniques, and we

will only show a very brief example inSection 3.5. To make the

current survey more focused, herein we are mainly concerned

with detecting replication attacks in stationary WSNs, where all

sensor nodes are fixed and immobile.

Besides the aforementioned id-based signature technique,

another important building block for node replication detection

is a geographic routingscheme (Ruhrup, 2009) likeKarp and Kung

(2000), which is especially pertinent to distributed detections for

stationary WSNs. In a geographic routing protocol, a message

recipient is identified by a physical position (instead of a node idor an IP address), and is typically relayed hop-by-hop from one

node to its neighbor that is closest to the destination, until there

is no node closer to the position than the current node (which

then eventually becomes the receiver). It is supposed that each

node is aware of its own location (hence node localization

Boukerche et al., 2007 is an implicit assumption), and that a

message sender can somehow (e.g., randomly) determine the

location of the delivery destination. With this information a

message can be routed to the destination without the knowledge

of the network topology or a prior route discovery.

Distributed replication detections prefer geographic routing to

traditional addressing (e.g., by node ids) because the latter

method does not scale well in a dynamic environment (such as

a WSN): messages destined for a node id will get lost if theintended node has perished, and newly added nodes will not have

the chance of being message recipients if their ids are not

foreseeable for the senders. Moreover, geographic routing proto-

cols (Karp and Kung, 2000) such as Choi et al. (2007) are

intrinsically self-protective in that they are resistant to sinkhole

and wormhole attacks (Karlof and Wagner, 2003).

2.3. Intrusion detection

In this subsection we talk about node replication detection in

terms of intrusion detection system (IDS). In the traditional

context of computer security, a typical case could be a host-based

IDS auditing the log files generated by the operating system and

various applications and looking for suspicious user actions, or a

W.T. Zhu et al. / Journal of Network and Computer Applications 35 (2012) 102210341024


4/13

network-based IDS eavesdropping the traffic exchanged over a

wired network and performing string matches to identify on-

going attacks. In the context of intrusion detection in a wireless

sensor network (Sun et al., 2007), however, a typical case is that

sensor nodes monitor each others behaviors, and sometimes a

consensus is needed (e.g., by means of majority voting) to

diagnose the presence of an attack. As will be shown later, node

replication detection is usually based on the collaborative efforts

of a large number of sensor nodes.The design and implementation of any security service for

WSNs must keep in mind that compared with conventional

computers, the low-cost sensor nodes have limited energy supply

and stringent capabilities. For node replication detection, it has

been identified that communication and storage are the major

overheads for performing the intrusion detection, and there can

be various tradeoffs. The higher the communication cost is, the

faster a sensor node will deplete its batter-powered energy

supply. The larger the storage consumption is, the less room a

sensor node can make for other applications like data collection

and processing. As a result, to make the overall WSN solution

applicable, one may have to trade certain detection metrics (e.g.,

detection rate) for communication efficiency and/or memory

efficiency.

Traditionally, there are two types of intrusion detection techni-

ques (Sun et al., 2007),misuse detection and anomaly detection(Xie

et al., 2011):

Misuse detection encodes known attack patterns; if a deployedIDS finds a match between current activities and pre-defined

patterns, an alarm is generated. For example, to detect appli-

cation-based attacks, it is necessary to integrate the detection

patterns with corresponding applications (Sun et al., 2007). A

general drawback is that misuse detection is ineffective to

discover unknown attacks. Anomaly detection creates normal profiles of system states or

user behaviors and compares them with current activities; if a

significant deviation is observed, the IDS raises an alarm.

Anomaly detection can detect unknown attacks but may sufferhigh false positives.

For node replication detection, since it is to identify a known and

dedicated attack, most solutions follow misuse detection (Section

3.3 will review one exceptionBrooks et al., 2007, which follows

anomaly detectionXie et al., 2011). The attack pattern for misuse

detection is derived from the aforementioned exclusiveness.

Recall that id-based signature binds a nodes cryptographic keys

to its logical node id, and that a physical node is supposed to have

a distinctive location. Therefore, the pattern for detecting replicas

(particularly for distributed detection) is that two or more nodes

at different locations possess the same node id. Basically, no false

positiveswill be incurred when following such a misuse detection.

Nevertheless, there may be false negatives; in other words, thedetection rate may not be 100%. The detection rate may by design

be traded for benefits like communication efficiency, and may

also be subject to runtime factors like the actual number of

replicas existent in the network and the topology of the deploy-

ment field (and thus be difficult to predict).

2.4. A quick overview

This section can be summarized withFig. 1, which establishes

a rudimentary classification, and provides a first step in better

understanding node replication detections. Now we are ready to

explore the various detection schemes recently proposed in the

literature. We first look into centralized solutions inSection 3and

then turn to distributed ones in Section 4, where representative

proposals in the literature are reviewed basically following the

chronological order. Centralized solutions heavily rely on a

powerful base station for information convergence and decision

making, and are relatively simple to understand, while distrib-

uted solutions are typically accommodated by a special detection

mechanism pioneered in Parno et al. (2005) which we call theclaimerreporterwitnessframework. Generally, using distributed

manner for computing is a promising way for WSN applications,

particularly for intrusion detection (Zhu et al., 2004).

3. Centralized detection

In this section we briefly investigate five representative but

distinct centralized replication detection schemes. Besides their

contributions, their respective limitations are also pinpointed,

many of which are found to be fairly serious. In general,

centralized detections barely have an advantage over distributed

detections, which are the topic of the next section and theemphasis of this survey. Consequently, we do not further compare

the proposals in the centralized category against each other.

3.1. Straightforward scheme

The most straightforward detection scheme is outlined in

Parno et al. (2005) (and similar to the centralized node registra-

tion method in Newsome et al., 2004). It requires each node to

send a list of its neighbors (more specifically, a list of their ids)

and the positions claimed by these neighbors (and signed by

them, e.g., with an id-based signature scheme) to the base station,

which then examines every neighbor list to look for replicated

sensor nodes. In a stationary WSN, conflicting position claims for

one node id indicates a replication. Once the base station spotsone or more replicas, it can revoke the replicated nodes by

flooding the network with an authenticated revocation message,

e.g., employing mTESLA (Perrig et al., 2002) or id-based signature

(seeSection 2.1) for broadcast authentication.

While conceptually simple, this approach suffers from several

drawbacks (Parno et al., 2005) inherent in a centralized system.

First, the base station introduces a single point of failure and can

become a significant bottleneck. Second, the nodes close to the

base station, referred to as hotspots hereinafter, will receive the

brunt of the routing load and thus will quickly deplete their

power supply (usually by irreplaceable batteries). Network con-

nectivity may then be seriously affected. Moreover, besides the

base station, these hotspots will also become attractive targets for

attacks. Third, this approach may incur observable processing

Fig. 1. The big picture for node replication detection in wireless sensor networks,

with an elementary taxonomy. The state of art is represented by the distributed

detections, which typically employ id-based signature and geographic routing as

two building blocks.

W.T. Zhu et al. / Journal of Network and Computer Applications 35 (2012) 10221034 1025


5/13

delay, since the base station has to wait for telling reports (to

propagate hop-by-hop and eventually converge), analyze them to

confirm conflicts, and then flood revocations throughout the net-

work. Fourth, some WSNs may not have the luxury of a powerful

base station.

3.2. Set operations

Choi et al. (2007) proposed another centralized detectionknown as SET, which attempts to reduce the detection overhead

by computing set operations (intersection and union) of

exclusive subsets in the network. We conjecture that the under-

ling idea is borrowed from secure WSN data aggregation employ-

ing network clustering (e.g., He et al., 2007): SET logically

partitions the network into non-overlapping regions (clusters)

respectively managed by leaders (cluster heads), and has these

leaders respectively report to the base station all the ids of the

nodes (including the leader herself) in the region, in the form of a

subset (which is a subset of all node ids network-wide). Intui-

tively, the intersection of any two subsets of reports should be

empty; otherwise, a replication is detected. Essentially, all node

ids in the network are pulled up by the base station and left to its

discretion.

Although SET declares reduced number of message transmis-

sions, its comparison with other schemes (e.g., with RM and LSM

Parno et al., 2005, which are both distributed solutions; see the

next section) is not a fair one; the claimed reduction in the

number of message transmissions is just the result of increased

size per message (simply due to the union operation, i.e.,

combination). Therefore, one may have to question how a

centralized WSN solution like SET (Choi et al., 2007) can compare

with distributed ones like RM and LSM (Parno et al., 2005).

Interestingly, inChoi et al. (2007)it is exactly noted that reporting

every nodes id to the base station may cause the size of the report

to become too large, and this problem can be addressed by

using randomized optimization, where a leader (cluster head)

only generates a report of randomly selected members instead of

all nodes in the managed region (cluster). However, such opti-mization necessitates multiple rounds of reports (actually, this is

also pointed out inChoi et al., 2007), in each of which a certain

part of the members in a region is reported. Taking additional

security mechanisms such as message authentication codes into

consideration, such multiple-round optimization inevitably

results in even higher detection cost in terms of computation

and communication.

Although the above review by us may not be difficult to under-

stand, the actual SET protocol (Choi et al., 2007) is highly complex

due to its complicated components (like authenticated subset

covering and interleaved authentication following Zhu et al.,

2004), which also contribute to increased overload. The real com-

munication cost of SET is left inChoi et al. (2007)as unclear and for

future work. Moreover, the SET protocol may have to be performedmultiple rounds just to counter colludingreplicas. Furthermore, an

unexpected design flaw of SET is reported in Conti et al. (2011): an

adversary can misuse the detection protocol to revoke honest nodes.

A detection scheme similar to SET (but less known) is found in

Znaidi et al. (2009). It passes the workload of the base station on

to the cluster heads themselves.

3.3. Detecting cloned keys

Brooks et al. (2007)proposed a clone detection protocol based

on random pairwise key pre-distribution schemes. Its assump-

tions and application scenarios are quite different from other

approaches; in fact, it addresses the detection of cloned crypto-

graphic keys rather than cloned sensor nodes and falls into the

category of anomaly detection (Xie et al., 2011). The basic idea is

that in the context of random key pre-distribution, the keys

employed by genuine nodes should follow a certain pattern.

Therefore, it is possible to monitor the key usage (which refers

to the number of times a key is used to set up secure connections

between neighboring nodes, but not to the number of times a key

is used for encrypting or decrypting packets) as authentication

tokens and then detect statistical deviations that indicate clone

attacks. The approach detects the cloned keys by analyzing nodeauthentication statistics; those keys whose usage exceeds a

certain threshold (determined by the false positive rate) are

considered cloned and erased from the network. To this end,

each node is required to report its pre-loaded keys to the base

station, which then performs an anomaly detection to discover

cloned keys. Counting Bloom filter is utilized to collect the key

usage data.

Nevertheless, it seems that the detection only becomes effec-

tive when (i) the size of the keys pre-distributed to each node is

small, (ii) more clones exist in (i.e., are inserted into) the network,

and (iii) a high false positive rate is set. These conditions imply

possibly poor detection accuracy (high false negative and positive

rates) for actual scenarios. Moreover, the detection of cloned keys

assumes an ideal Erd +osRenyi topology where connections

between all nodes are equally likely Brooks et al. (2007), while

in a practical WSN any sensor node can only communicate with a

limited number of neighbors within a finite wireless communica-

tion radius. This number is characterized by d , the average node

degree, also known as the network density, which can be adjusted

by selecting the appropriate transmission range (Zhang et al.,

2009) but still has to be very limited (d5n). In Brooks et al.

(2007)possible methods for the clones to subvert the detection

are also discussed; the best strategy for a cloned node appears to

be not participating in the protocol. However, related problems

may be overlooked, e.g., how to ensure that the participating

clones report their keys honestly (and exactly) to the base station.

3.4. Fingerprint verification

Xing et al. (2008)proposed detecting clone attacks with nodes

encoded network community information called the social finger-

print. The scheme consists of two phases. In the first phase, each

node u computes for each neighbor vANu the fingerprint FPv,which is a reflection ofvs fixed neighborhood characteristics; node

v itself is also capable of computing FPv. In the second phase, the

legitimacy of the originator for each message is verified by checking

the enclosed fingerprint, and the detection is conducted both at the

sensor side (seemingly in a distributed manner by the notion) and

at the base station. However, even the detection at the sensor side

needs the base station to process the alarms for decision making,

and thus the scheme is throughout centralized.

Besides all the limitations commonly found in centralized

solutions, the employed coding system unusually asks for anabsolutelyfixed WSN: the intended number of nodes is nonadjus-

table, and thus neither node addition nor disappearance can be

handled. Moreover, a sophisticated replica can intelligently com-

pute by itself a fingerprint consistent with its neighborhood so as

to escape the detection at the sensor side, and it can also dodge

the detection at the base station simply by not communicating

with the base station.

3.5. Speed test

While all the above research efforts against replication attacks

adopt a stationary network model, Ho et al. (2009b) proposed a

fast and effective replica detection scheme for a mobile WSN. It

works as follows. A node a locally broadcasts its location claim to



6/13

its temporary neighbors from time to time, and essentially its

location vector L!

i and the corresponding time information Tiduring its movement are collected by as temporary neighbors

and then sent to the base station. The base station then computes

the measured speed for a as v i 9 L!

i L!

i19=TiTi1 and com-pares it with the system-configured maximum speed vmax. Intui-

tively, a genuine node should never move faster than vmax; if the

measured viis found beyond the configured vmax, it is very likely

that at least two nodes bearing the same id are present in the

mobile WSN.

The idea behind the detection protocol is intuitive. However,

accurate measurement is a prerequisite for acceptable false

negative and positive rates. This requires not only a precise

dynamic localization system but also tight time synchronization,

both of which have to be secured against attacks (Poovendran

et al., 2007). Particularly, for accurately sampling L!

is, each

moving node localizing itself has to deal with unstable beacon

signals (or otherwise employ the expensive GPS). Therefore, the

detection may not be affordable for the current generation of WSNs

due to cost concerns. The replicas can also employ a group mobility

strategy (Ho et al., 2009b) such that the perceived velocity is less

thanvmax, and thus evade quarantine by the base station.

4. Distributed detection

All the centralized solutions bear similar deficiencies (Parno

et al., 2005). For example, any compromise of the base station (or

the communication channel around it) will render the solution

useless. For another example, even if there are no attacks, the

nodes surrounding the base station (i.e., the hotspots) will suffer

an undue communication burden that may shorten the life

expectancy of the WSN. All these make a distributed solution a

necessity. At first glance it seems easy to design a decentralized

detection protocol, for example, by localizing the straightforward

scheme inSection 3.1, in a way similar to the neighbor position

verification approach inNewsome et al. (2004). However, such a

local detection may not be able to handle the case where no two

replicas share a neighbor. In fact, the first set of nontrivial

distributed detections was proposed only recently (Parno et al.,

2005). Next, we focus on the relatively more mature schemes (i.e.,

distributed detections for stationary WSNs) and analyze their

respective pros and cons. We summarize in Table 1the symbols

and parameters commonly employed by distributed detections.

4.1. Node-to-network broadcasting (N2NB)

A plausible approach to distributed detection of replicated

nodes is the decentralized (but network-wide) version of the

straightforward scheme inSection 3.1: Every node collects all its

neighbors ids and their positions, and floods the entire network

with this information employing authenticated broadcast. When

a node receives a broadcast message, it compares those nodes

listed in the message with its own neighbors. Once nodes that

have conflicting positions are spotted, they can be revoked also

with authenticated broadcasts. The major concern with this

approach is its prohibitive communication cost.

A similar but slightly simplified approach is the node-to-

network broadcasting (Parno et al., 2005), N2NB for short, where

each node floods the entire network with authenticated broadcast

to claim its own location (instead of its neighbors). Each node

stores the location information for its neighbors, incurring astorage cost ofOd. Each node upon receiving a conflicting claiminvokes a revocation procedure against the offending nodes, and

eventually any replica will be cut off by all its neighbors (thus

isolated from the WSN). The N2NB protocol achieves 100%

detection rate as long as the broadcasts reach every node. Assume

the network size isn and certain duplicate suppression algorithm

is employed so that each node only broadcasts a given message

once. Then each location broadcast incurs On messages, asgenerally every node in the WSN has to be involved for hop-by-

hop propagation. For n broadcasts, the total communication cost

for N2NB is On2. Given the simplicity of the scheme and thedetection rate achieved, this On2 cost may be justifiable forsmall WSNs.

The challenge for detecting replication attacks has roots in the

resource scarcity of sensor nodes. For stationary WSNs, such

detection essentially requires network-wide comparison of loca-

tion-dependent authentication information, and the limited

memory capacity and energy supply place severe constraints on

how much authentication information can be stored per node and

exchanged in the network (Zhang et al., 2009). Hence it is

reasonable to trade the detection rate (e.g., 100% for N2NB) for

other major performance criteria like energy efficiency and

memory efficiency. Note that the wireless transceiver is the

biggest energy consumer for sensor nodes, while the communica-

tion cost for N2NB is On2.

4.2. Deterministic multicast (DM)

The DM protocol is actually a negative (or unappealing)example given in Parno et al. (2005), and has thus received

relatively less attention. However, we find it a good example to

illustrate the claimerreporterwitness framework; we even

believe it has directly inspired other solutions like SDC and

P-MPC (Zhu et al., 2007), though both schemes are proposed in

Zhu et al. (2007) under another brand localized multicast (see

Section 4.4). The design goal for DM is reduced communication

cost, and the main idea is to only send a nodes location claim to a

limited set of deterministically chosen nodes serving as witnesses.

Next, we outline DM as follows.

When a node, referred to as the claimer, locally broadcasts its

location claim to its neighbors, each neighbor, serving as a reporter,

employs a function to map the claimer id to a witness. Then the

neighbor forwards the claim to the witness, which will receive twodifferent location claims for the same node id if the adversary has

replicated a node. One immediate issue arises: the adversary can also

employ the function to know about the witness for a given claimer id,

and may locate and compromise the witness node before she inserts

the replicas into the WSN so as to evade the detection. To alleviate

this problem, DM employs g instances of a function so that one

claimer id is mapped to gdifferent witnesses (hence the adversary

needs g times more effort to thwart the detection by DM). Never-

theless, each of the d neighbors does not necessarily need to forward

the location claim to each of all g witnesses. Assume they do not

collaborate, i.e., each reporter behaves independently. The well-

studied coupon collectors problem (Cormen et al., 2001) tells us

that if the reporters randomly select in allgPg

i 1 1=iglng0:58repeatable destinations from all g witnesses for the claimer, then

Table 1

Notions for distributed replication detection.

IDa Identifier of node a

la Deployment location claimed by node a

/IDa ,laS Location claim (with an id-based signature)n Network size (no. of nodes in the WSN)

d Network density (average node degree)

p The probability a neighbor becomes a reporter

g No. of witnesses contacted by one reporter

s Cell size (no. of nodes that a cell should contain)

ps The probability a node in the destination cell becomes a witness



7/13

each witness will probably receive at least one location claim. Hence,

each reporter only needs to select glng=d random witnesses as the

forwarding destinations.

Each sensor node in the network both is a claimer and plays

the role of a witness, if the 1-to-g mapping is well designed.

Therefore, each node in the network stores on average 1=n gPg

i 1 1=i nglnglocation claims. Assume the WSN deploy-ment approximates any regular polygon. Then the average net-

work path length is O ffiffiffinp , resulting in an overall communicationcost of Oglng n ffiffiffinp messages. (Table 1 in Parno et al. (2005)summarizes the costs for the proposals, where DMs network-

wide communication cost is labeled as Oglng ffiffiffinp =d and DMsmemory cost per node is labeled as Og; we believe bothinaccuracies there are due to analysis oversights, and similarly,

we summarize the performance analysis later in ourTable 2.)

DM is treated as an unfavorable protocol inParno et al. (2005)

because it does not provide much security. Since the 1-to-g

mapping is deterministic, an adversary only needs to compromise

all thegwitnesses for a given claimer id to prevent the conflicting

reports from converging, so that she can deploy as many replicas

with that id as she desires but without triggering any alarm, as

long as no two replicas share a neighbor. The dilemma for DM is

that a large g (for improved resilience) is not affordable becauseboth the network communication and the node storage are

proportional to glng, and yet a small gmay allow the adversary

almost unlimited replication ability.

4.3. Randomized multicast (RM) and line-selected multicast (LSM)

Since DM is unappealing for its deterministic property, Parno

et al. (2005) developed two probabilisticalgorithms RM and LSM,

which are generally accepted as the pioneering full-fledged replica

detections. RM distributes node location claims to a randomly

selected set of witnesses, exploiting certain combinatorics theory

(the birthday paradoxCormen et al., 2001) to detect replicas, while

LSM exploits the routing topology of the network to nominate

additional witnesses for a claimer and utilizes geometric probabilityfor the detection. RM and LSM still follow the claimerreporter

witness approach, but the witnesses become unpredictable for the

adversary. Therefore, both schemes can be regarded as improve-

ments of the above DM. They trade efficiency for security, i.e.,

increased resistance is achieved at the price of also increased

communication and/or memory consumption. Both are based on

the emergent properties (Gligor, 2004), while further modifications

and tradeoffs are possible (as to be shown in subsequent subsec-

tions). One major difference between RM and LSM lies in that in the

former protocol the reporters randomly select several witnesses,

while in the latter protocol nodes forwarding a location claim (i.e.,

on the path from a reporter to the corresponding witness) also save

the claim for inspection, serving as additional witnesses. Next, we

review them respectively. For completeness/clearness and also a

better understanding of subsequent proposals in the literature, we

include a little more technical details for the pioneering RM and

LSM, though similar assumptions may have already been made in

DM implicitly.

4.3.1. RM

In RM, a claimer node a with id IDa and location la locally

broadcasts to its neighbors its location claim /IDa,laS signed with

an id-based signature scheme, where anyones public key isessentially her id. Recall Section 2.1 that all replicas copying the

same public/private key pair have to reuse the same id with the

originally captured node, and that an adversary cannot create

new node ids due to not being able to generate the corresponding

private keys. The id-based signature also enables authenticated

broadcast, as anyone (herein any of the claimers neighbors) can

authenticate as location claim by verifying the signature with the

public key immediately derived from IDa. Each neighbor node,

aware of its own position (Boukerche et al., 2007), also verifies the

plausibility of la with certain geometric constrains, and with

probabilityp, becomes a reporter (recall that p1 in DM). Thusthere are on averagedp reporters for node a. Each reporter selects

grandom destinations in the network, and forwards the authen-

ticated location claim to each witness node closest respectivelyto each of the gselected destinations employing a geographic

routing protocol (recall Section 2.2).1 Thus there are dpg wit-

nesses for a; as to be shown later, the choice of the product dpg

exploits the birthday paradox (Cormen et al., 2001). Assumeahas

a replica a0, which involves another set of dpg witnesses. Theprobability that the two sets have no intersection can be esti-

mated with P1 1dpg=ndpg, and thus the detection rate in thecase of only one replica is Pd 1P1. That is, with probability Pd,two conflicting location claims /IDa,laS and/IDa0 IDa,la0 a laSwill be received by at least one common witness, who can

immediately flood the network with the conflicting pair as the

evidence to discreditaand a0. Then each node receiving the pair canindependently verify (with the same public key) the two signatures

to confirm the revocation.

Generally, if there are L compromised nodes with the same id

in the network (that is, there areL1 replicas), we can employ theMaclaurin Series (ex 1x) and formulate the detection rate asPd41edpg

2=nLL1=2. RM chooses the parameters in a specialmanner so that dpg ffiffiffinp and thus Pd41eLL1=2. Therefore,RM detects a single replication of node a (L2) with probabilityabove 63%; if a is replicated twice (L3), the detection rateproliferates to over 95%. This is very desirable. However, RM

poses high costs. Each node is both a claimer (each of whose dp

reporters forwards the location claim to grandom witnesses) and

a witness for storing the received claims, and thus on average

each node needs to store 1=n dpg n ffiffiffinp claims. Again assumethe average network path length is O ffiffiffinp . Each of the n nodesincurs dpgdeliveries of its location claim. Therefore, the network

communication cost is O ffiffiffinp n dpg, i.e., On2, which is asexpensive as N2NB (Section 4.1). Actually, one can roughly regard

N2NB as an ultimate edition of RM, where the witnesses for any

claimer are present everywhere in the network (i.e., ubiquitous).

4.3.2. LSM

If we interpret RM as a randomized version of DM, LSM can

then be regarded as a less expensive version of RM to decrease the

communication cost. On a high level, when node as location

Table 2

Summary of protocol costs: network-wide communication and memory con-

sumption per node.

Detection protocol Communication Storage

N2NB (Parno et al., 2005) On2 OdDM (Parno et al., 2005) Ogln g n ffiffiffinp Ogln gRM (Parno et al., 2005) On2 O ffiffiffinpLSM (Parno et al., 2005) O

n ffiffiffin

p

O

ffiffiffin

pSDC (Zhu et al., 2007) Odp n ffiffiffinp Os n Osps

P-MPC (Zhu et al., 2007) Odp n ffiffiffinp Os n OspsRED (Conti et al., 2007) Odpg n ffiffiffinp OdpgB-MEM (Zhang et al., 2009) On ffiffiffinp O ffiffiffinpRDE (Li and Gong, 2009a) Od n ffiffiffinp Od

1 It is implicitly assumed that each reporter appends (in an authentic manner)

a random destination to each of the location claims (otherwise, other nodes will

have no idea where to forward a location claim). Among several side effects is

increased communication cost. Nevertheless, such appending is not necessary for

detection schemes like DM (due to the mapping function, recall Section 4.2).



8/13

claim propagates from a reporter to a witness, all the intermedi-

ate nodes on the forwarding path also learn about the informa-

tion, and can serve as additional witnesses, as shown in Fig. 2.

Hence whenever a conflicting location claim by a replica a0

crosses the forwarding path for a, the intermediate node at the

intersection of the two paths can detect the conflict, i.e., an

intersection corresponds to a detection of the replication attack.

This idea can be compared to the following geometric theorem:

forx randomly drawn lines within a circle, the expected number

of intersections is about 0:339xx1, and thus we only need a fewsuch lines to insure an intersection (e.g., with only x3 randomlines we expect 2 collisions).

In LSM, the productdpg(inherited from RM) is fixed and set to

a very small constant r(5ffiffiffin

p ). Each location claim from a nodea

is forwarded to rrandom nodes following the claimerreporter

witness framework, but the intermediate nodes on the r forward-

ing paths also save a copy of the claim. Once another location

claim /IDa0 IDa,la0 a laS is received by a witness (eitherselected by a reporter, or more likely, an additional one), it floods

the network with the unforgeable evidence to exclude both a anda0. One may notice that LSM actually draws r line segments(paths) that originate from reporters around a central point (theclaimer node) and radiate out in random directions (to rrandom

witnesses), instead of random lines (as in the aforementioned

geometric theorem). However, even so, simulations indicate that

even if there is only one replica (i.e., rrandom paths radiate from

a, another rpaths from a0), setting r2 assures that the prob-ability for generating at least one intersection (i.e., the detection

rate Pd) is above 56%, and r5 leads to 95%. Similar reliabilityholds for realistic WSN deployment fields with irregular topolo-

gies far different from a circular domain. Compared with RM, LSM

has the network communication cost scaling as O ffiffiffinp n r, i.e.,On ffiffiffinp , and an average node storage cost of 1=n r ffiffiffinp nlocation claims scaling as O ffiffiffinp .

4.3.3. Countering counterattacks

For an actual WSN, new nodes may be added over time while

old nodes may perish, and it is impossible to foresee when an

adversary would launch a replication attack. Hence it is necessary

to schedule regular detection rounds for RM and LSM (and other

schemes). If a node hears from a neighbor a that did not participate

in the previous round, it will refuse to communicate with a until a

successfully participates in one round. This precludes the adversary

from bypassing the detection, in terms of the time domain. Next we

look at the counterattacks in the space domain.

The adversary may tamper with the detection by disrupting

the routing of location claims from reporters to witnesses, but

this can be easily detected (Karlof and Wagner, 2003) and creates

tell-tale signs of the adversarys presence in the network.

Alternatively, since the witnesses for any claimer become unpre-

dictable in RM and LSM, an adversary may turn to compromise all

thed neighbors of a replica so as to prevent a location claim from

propagating to any witness (actually, to eliminate the reporters at

all). Such a masked replication attack can be addressed with

pseudo-neighbors (Parno et al., 2005) (eventually, additional repor-

ters). Nevertheless, as indicated in Conti et al. (2011), it is possible

for such a replica (whose neighbors have all been compromised) to

lie about its physical position (hence the location claim), which may

be a common drawback of all location-based replication detections.

4.4. Single deterministic cell (SDC) and parallel multiple probabilistic

cells (P-MPC)

Zhu et al. (2007)proposed two schemes SDC and P-MPC under

the brand localized multicast. Essentially both are variants of

DM (Section 4.2), and can be parsed as network-wide determi-

nistic multicast, followed by in-cell broadcast and probabilistic

storage. In both schemes, the WSN deployment field is considered

as a geographic grid of cells, and a location claim from node a is

sent by its reporters tog

1 (SDC) org41 (P-MPC) cells for in-cell

broadcast, the cell id(s) of which is/are deterministically mappedfrom IDa; each node in the destination cell(s) then probabilisti-

cally chooses to be a witness by saving the claim. If there is a

replicaa 0, its location claim is sent to the same cell(s) for in-cellbroadcast, and thus the witnesses can spot the conflict.

One may remark that the concept localized multicast advo-

cated inZhu et al. (2007)is not very exact. Both schemes also bear

a similar dilemma with DM (Section 4.2) that if the cell size s is

too large, they incur expensive communication cost like N2NB

(Section 4.1); ifs is too small, they degenerate back to DM, and an

adversary can defeat both schemes by compromising all nodes in

thegdeterministic tiny cells. Note that in the latter case (a very

smalls), all prospective witnesses in one cell are deployed close to

each other within a geographically limited region instead of

sparsely spreading throughout the deployment field, and thus itis easy for an adversary to physically approach and compromise

them once for all. Therefore, the practicality of SDC and P-MPC

relies on careful selection ofs. Unfortunately, inZhu et al. (2007)

the critical issue of choosing an appropriate cell size s is over-

looked; for all provided examples, s is set to 100 nodes without

any explanation/discussion. In practice, one needs to choose s

carefully to find an appropriate tradeoff between efficiency and

security.

Another problem omitted inZhu et al. (2007)is what we term

the indistinguishable dilemma. Take SDC for example. Once a

location claim by node aarrives at the destination cell, it should

be flooded within the cell so that each node in the cell indepen-

dently stores the claim (i.e., becomes a witness) with probability

ps. To reduce the in-cell broadcast overhead, SDC requires that the

Fig. 2. Randomized multicast (left) and line-selected multicast (right) following the claimerreporterwitnessframework, where the red hexagons stand for claimers with

the same node id, green/blue circles stand for reporters, and green/blue squares stand for witnesses. The squares with two colors (green and blue) stand for the common

witnesses that detect the conflict. (For interpretation of the references to color in this figure legend, the reader is referred to the web version of this article.)



9/13

flooding be executed only when the first copy ofas location claim

arrives at the cell, and thefollowingcopies are ignored (Zhu et al.,

2007). Now, let the location claim by a replica node a0 arrive atthe same cell, since IDa IDa0 . The conundrum is that the node inthe cell that first receives the claim can be anywhere on the cell

perimeter; if it has not become a witness for a, it is unable to

distinguish between the following two scenarios: (i) the claim is

of the followingcopies of node as claim or (ii) the claim is not

from node a , but from another node a0. Although not specified inZhu et al. (2007), an effective solution is available as follows. Anode in the destination cell, upon the first (and only) in-cell

broadcast, need temporarily store the received location claim for

a very short period, which corresponds to the time difference

between the arrivals of the location claims forwarded by the dp

reporters of the same a. Note that all these reporters are as

neighbors, and thus their forwarding paths may overlap signifi-

cantly and eventually converge, resulting in approximately the

same routing delays (and thus only insignificant time difference).

During this short period, the node in the destination cell simply

ignores any identical copy arriving later, addressing scenario (i).

After that the node will discard the stored claim with probability1ps, but is still ready for addressing scenario (ii). Clearly, withthis solution, conflicting location claims can be spotted no matter

they arrive at the destination cell simultaneously or not.

SDC and P-MPC have the same level of costs. The network-wide

communication overhead comprises Odp n ffiffiffinp reporter-to-cellrouting and Os n in-cell flooding. The memory consumption pernode scales as Osps. A more recent version ofZhu et al. (2007)isfound in Zhu et al. (2010), where the cell size s is additionally

evaluated with respect to the node communication range.

4.5. Randomized, efficient, and distributed (RED) detection

Conti et al. (2007) proposed a randomized, efficient, and

distributed (RED) protocol, which combines both merits of DM

(Section 4.2) and RM (Section 4.3.1). The major motivation stems

from the fairness or so called quality of the detection protocol

(Conti et al., 2006): resilience to attacks can be improved bydesigns that associate individual sensor nodes with equal risk

level. For example, a protocol where the likelihood for a genuine

node to serve as a witness node (known as the node appeal) is

independent of the nodes geographical position is more favor-

able, because such an area-oblivious protocol actually associ-

ates sensor nodes with almost even responsibility.

In RED, each of the d neighbors of a claimer a becomes a

reporter with probability p , and each reporter sends as location

claim to a set of gpseudo-randomly selected network locations

(hence to gwitnesses, like RM). The point is that these pseudo-

random locations are computed from IDa with a 1-to-gdetermi-

nistic mapping (like DM), which is seeded with a nonce received

from centralized broadcasting (e.g., from a satellite). Once the

random seed is shared network-wide at the beginning of eachprotocol iteration, the gwitnesses are actually deterministic, and

the witness set selected by any reporter for a is actually the same.

Compared with RM and LSM (Section 4.3), REDs philosophy lies in

just enough witnesses, which is inherited from DM. The productdpgcan be merely a very small constant (5

ffiffiffin

p); it is even enough

to setg1. Clearly, the node storage isdpglocation claims, and thenetwork communication is of O ffiffiffinp n dpg. Importantly, theincurred overheads are almost evenly balanced among sensor nodes.

The probability that a claimer has no reporter is 1pd, and thus thedetection rate is Pd 11pd2 assuming there are only twonodes sharing the same id.

The pseudo-random choice of witnesses leads to a uniform

witness distribution (area-oblivious). On the contrary, in LSM

(Parno et al., 2005) a very small central area (for a convex

deployment field like a square) may accommodate a large portion

of all the witnesses that spot non-coherent location claims,

because two forwarding paths are more likely to intersect in the

central area; these nodes are just another type of hotspots (recall

Section 3.1), and may become appealing targets of attack and/or

exhausted quickly. This is termed the crowded centerproblem in

Zhang et al. (2009) to be reviewed in the next subsection. RED

(Conti et al., 2007) following Conti et al. (2006) solves this

problem justifiably, and an updated version is in Conti et al.(2011). We consider RED as one of the most promising replication

detections in the state of the art. Nevertheless, in Zhang et al.

(2009) it is also noted that the infrastructure for distributing

REDs random seed may not always be available. Moreover, since

for each protocol iteration the witnesses set for any node is

deterministic, there might exist a dilemma in selecting an appro-

priate g so as to balance between efficiency and robustness

against node compromise (Zhu et al., 2010).

4.6. Memory efficient multicast: B-MEM, BC-MEM, C-MEM, and

CC-MEM

Zhang et al. (2009)proposed four replication detection proto-

cols in the name of memory efficient multicast (MEM). The first,

B-MEM, is an extension of LSM (Parno et al., 2005), and is the

basis of all other three schemes. It reduces the number of stored

location claims per node by factor ffiffiffin

p through the use of two

compact Bloom filters, which are maintained by semi-witnesses

(known as watchers) and are reset right before each detection

round. However, additional memory consumption per node has to

be incurred for storing the two filters (essentially compressed

location claims), and the overall node storage still scales as O ffiffiffinp (i.e., of the same level with LSM). Moreover, simulations show

that B-MEM may lower the detection rate of LSM due to so called

false verifications (Zhang et al., 2009) (essentially the intrinsic

false positives of Bloom filters). The second, BC-MEM, employs a

technique called cell forwarding to solve the cross overproblem

that unlike geometric line segments intersecting at a common

point, in LSM even when two forwarding paths cross they maynot intersect at a common node. One can indeed verify the

problem by reconsidering the geographic routing (Section 2.2).

The third, C-MEM, employs a technique called cross forwardingto

address the aforementioned crowded center problem (Section

4.5) that in LSM random forwarding paths tend to pass the central

area of the deployment field more frequently, where the nodes

suffer far worse overheads. For each claimer, C-MEM first selects a

random point called the cross pointin the network, and forwards

the location claim to that point. From there, the claim is then

forwarded in four directions, along the horizontal and vertical

lines that pass the cross point. Last, CC-MEM integrates cell

forwarding and cross forwarding, and thus is a combination of

BC-MEM and C-MEM.

Simulation results show that the performance of C-MEM iscomparable to BC-MEM, because two sets of crossing lines have a

very high probability to intersect at one or two locations. That is,

C-MEM can also mitigate the cross over problem. However, cross

forwarding achieves a high probability for intersection only for a

convex deployment field, particularly a rectangle (the simulations

inZhang et al., 2009actually employed a square). For the various

irregular topologies considered by LSM such as thin cross,

large H, etc. (Parno et al., 2005), the cross forwarding technique

employed by both C-MEM and CC-MEM may work far poorer than

in a rectangle; the detection rate may drop drastically.

As to cell forwarding in BC-MEM, the basic idea is to divide the

deployment field into virtual cells (like SDC and P-MPCZhu et al.,

2007). By employing a pseudo-random mapping similar to RED

(Conti et al., 2007) but seeded with the detection round number



10/13

(an increasing index), in each cell an anchor node is assigned for

each claimer in the network; one anchor node as a representative

of the cell may serve different network-wide nodes. To solve the

cross over problem, BC-MEM only chooses witnesses from these

anchor nodes, which serve as definite intersections for forwarding

paths. The price is increased energy expenditure, as any location

claim is no longer forwarded along an approximately straight

path but a zigzag path. A major problem with BC-MEM is that

similar to Ho et al. (2009b), the cell division and anchor nodeselection ask for highly accurate localization, which may not be

affordable for the current generation of WSNs. A less serious

problem is that an adversary may circumvent BC-MEM by

compromising certain deterministic anchor nodes, assuming the

detection only runs for a few rounds. An unaddressed problem is

the policy for cell size selection (as also observed in SDC and

P-MPC Zhu et al., 2007, recall Section 4.4), which makes fair

comparison with other schemes difficult. In all simulations the

deployment field is always divided into 100 cells without further

explanation/discussion.

4.7. Randomly directed exploration (RDE)

InLi and Gong (2009a), a simplified version of N2NB (Section4.1) known as randomly directed exploration (RDE) is proposed,

where a location claim along with the claimers neighbor list is

forwarded in such a manner that the each of the forwarding paths

are approximately a straight line segment. We notice such a

directed (i.e., oriented) forwarding approach is just a special

(yet simple) implementation of geographic routing (Section 2.2)

that only works for a convex deployment field (the more regular

the better). The real interesting part lies in its motivation: RDE

tries to mimic N2NB while suppressing broadcast flood. The

underlying idea can be interpreted as follows: if the WSN is

small-scale but very densely deployed, a thin forwarding path

can become a thick belt to cover sufficient overhearing nodes.

Hence it is plausible to substitute such an anycast (as suggested

inLi and Gong, 2009a) for broadcast.

RDEs node storage cost remains the same with N2NB (i.e., Od),while the network communication overhead is reduced from On2to Od n ffiffiffinp , at the price of decreased detection rate. Note that weadd the coefficientd to count for the cost of additionally forwarding

a claimers neighbor list (which is not forwarded in N2NB), whereas

this cost is overlooked in the evaluation in Li and Gong (2009a).

Actually, the communication reduction from On2 to Od n ffiffiffinp isnot very beneficial. Moreover, RDE only seems feasible for an ideal

network model, and the detection rate may not be very significant

even for a convex deployment field.

4.8. Rethinking the claimerreporterwitness framework

4.8.1. A brief sum-up

In this section we have investigated a dozen distributed

detection protocols, all of which can be accommodated by the

claimerreporterwitness framework pioneered in Parno et al.

(2005). Following the taxonomy inFig. 1, we depict the relation-

ship between these various solutions inFig. 3, which enables us to

better understand how the research in this area has evolved. It is

also easy for one to yield another but quite similar illustration

(herein omitted for space concerns) for a qualitative comparison

between the schemes. For example, one can replace the text

additional witnesses in Fig. 3 (between RM and LSM) with

trading storage for communication efficiency, replace the text

cell forwarding (between B-MEM and BC-MEM) with resolving

the cross over problem, and so on.There are also some other proposals (possibly less well-

known) under the same framework. For example, in Li and

Gong (2009b), a detection scheme based on the distributed hash

table is proposed. The main idea is to replace the geographic

routing with the index-based routing in a special upper overlay

network built upon the WSN. This actually increases the network

communication by a factor of logn, and thus is unfavorable.

In Sei and Honiden (2009), instead of developing a new

detection scheme, the problem of efficient selection of reporters

is considered. In the claimerreporterwitness framework, each

neighbor of a claimer becomes a reporter with probability p, and

thus the average number of reporters, dp, may be more than

enough; for RED (Conti et al., 2007), SDC (Zhu et al., 2007), and

P-MPC (Zhu et al., 2007), a witness only needs one reporter to

forward the location claim. The reporter determination is to

decrease the number of reporters, so that unnecessary message

forwarding can be restrained. The proposed algorithm cannot be

applied to other schemes like RM or LSM (Parno et al., 2005).

Fig. 3. Relationship between the most well-known distributed node replication detections in the state of the art accommodated by theclaimerreporterwitness

framework.



11/13

4.8.2. Potential deficiencies

While the prospect of the claimerreporterwitness frame-

work seems promising, so far little work has been done to inspect

possible defects of the location-based framework. One exception

is inConti et al. (2011), where Conti et al. found that a replica can

circumvent detections by lying about its position. As previously

mentioned in Section 4.3.3, if all the neighbors of this cheating

node are corrupted, they will not identify it as a cheater. The

security breakage is posed as a common drawback of both LSMand RED inConti et al. (2011), where no countermeasure is given.

Another but more sophisticated circumvention is described in

Zhou et al. (2008), where Zhou et al. introduced a novel asynchro-

nous node replication attack as a variant of the classical one. The

inventive attack does not violate the assumption that all deployed

sensor nodes are physically fixed and immobile, but can avoid the

detection by major protocols like RM and LSM (Parno et al., 2005). A

competitive scenario is conceived, where two rival WSNs exist in the

same deployment field. Both are stationary. Assume the gray

network attacks the blue network employing ccaptured nodes.

The main idea is to have the credentials of the ccaptured nodes

utilized bydifferentnodes of the gray network during each detection

round. Although the number of nodes actively mounting the attack

at any instant is limited by c, over a period of time the total number

of nodes actively participating in the asynchronous attack is far

greater thanc. Note that this is indeed a dedicated replication attack,

though the terminology of dual id nodes in Zhou et al. (2008)

might remind one of the (actually irrelevant) Sybil attack (Newsome

et al., 2004) (recallSection 2.1). To confront such an asynchronous

attack, a hybrid approach consisting of both distributed detection

and centralized monitoring is proposed.

4.8.3. Formalized design goals

InZhou et al. (2008) the challenge in detecting mobile replicas

was already implied, and in Zhu et al. (2011) we concentrate on

detecting node replication attacks in mobile WSNs. While the

solutions proposed there are purely for mobile WSNs, some princi-

ples developed there are generally applicable to static WSNs, too. For

example, we contend that the design goals of a replication detection

scheme can be set according to different information requirement

levels (informally, whether, who, and how many) (Zhu et al.,

2011). Assume the adversary has captured and compromised one

sensor node with id IDc, from which she has created rclones and

then places all these 1rmalicious nodes back into the network. Forany detection protocol:

1. The basic goal is to tell whether there is a replication attack or

not (i.e., rZ1 orr0?).2. If rZ1, it is often necessary for the scheme to identify the

compromised id (i.e., IDc ?).3. Furthermore, it is preferable (though not always necessary) for

the scheme to infer the number of malicious nodes (equiva-

lently,r ?).

In the above, the goal of a higher level implies more under-

standing of the security status of the WSN than the goal of a

lower level. For example, only achieving goal level 1 (but not level

2) means detection without identification. In this case, the net-

work owner is passively aware of the situation that an attack is

ongoing, but is unable to undertake active responses like

revocation and/or emergency recovery; all she could do might

be only discard the data received from the sensor nodes.

4.9. Other related work

Ho et al. (2009a)assume nodes are organized in groups, each

of which is deployed towards a predetermined geographic

location called the group deployment point. Since each group of

nodes exhibit similar geographic relations, replication detection

becomes almost a trivial task. The proposed schemes partially

follow (Parno et al., 2005), but can be made arbitrarily efficient

by increasing the accuracy of deployment knowledge (Ho et al.,

2009a). This reminds us of that the predetermined node place-

ment sounds more like replication prevention than replication

detection.

Another work that goes further towards prevention (but is stillentitled detection) is found in Bekara and Laurent-Maknavicius

(2007), which exploits the apparent fact that excluding new

nodes from joining the WSN can trivially prevent replication

attacks. The main idea is to enforce a strict generation- (or batch-

)based node deployment policy, and to tie every node to its

generation when establishing pairwise keys. Although it does not

involve asymmetric cryptosystem, the work (Bekara and Laurent-

Maknavicius, 2007) seems to be inspired byZhang et al. (2006),

where the private keys of individual sensor nodes are bound to

both their ids and geographic locations.

For the completeness of this survey, we have also checked

some replication detections proposed recently (Kim et al.,

2009a,b; Ko et al., 2009; Meng et al., 2010); unfortunately, the

underlying ideas are all found to be flawed (Zhu, 2011a,b).

5. Concluding remarks

In this paper, we addressed a unique yet application-indepen-

dent problem in WSN security known as the node replication

attack. As depicted inFig. 1, we classified mainstream detection

protocols as centralized and distributed, and reviewed the litera-

ture with a focus on the latter category. For distributed solutions,

the detection overheads are summarized in Table 2 for a quick

comparison. Note that B-MEM (Zhang et al., 2009) is selected as a

representative of the MEM family (Section 4.6). InTable 2we do

not compare the detection rates because different detections

assume quite different scenarios (regarding deployment field

topology, grid division, ability for network-wide spontaneouschange of a random seed, etc.). Moreover, the detection rates

sometimes may be analytically inferred (e.g., for REDConti et al.,

2007), but often may not (i.e., can only be obtained heuristically

with simulations, like for LSM Parno et al., 2005 and the MEM

familyZhang et al., 2009).

Due to quite different motivations and assumptions behind

these research efforts as well as their respective strengths and

weaknesses, it may be inappropriate to make general and definite

remarks that which is the most promising or which are better

than the others. For example, even the relatively naive N2NB

(which obviously incurs the highest communication overhead

among all schemes, recall Section 4.1) may be preferable for a

very small WSN due to its simplicity and intuitiveness, while

more sophisticated schemes are found in the three protocolspioneered inParno et al. (2005)(i.e., DM, RM, and LSM) and their

various derivatives (see Fig. 3). Nevertheless, we summarize in

Table 3the different scenarios considered in all the solutions that

have been included inFig. 3. This helps us better understand the

emphases and tradeoffs of respective proposals, though a com-

parison like this has generally been overlooked in the literature.

The recent research has so far been striving for solutions that

incur less communication and occupy less memory, and this trend

will continue towards more efficient detection schemes. More-

over, we notice one factor that has received relatively less

attention in replication detection is the computational cost

involved. It is reasonable to count on this additional metric when

evaluating various detection schemes besides network commu-

nication and node storage overheads. Adding more generic



12/13

evaluation dimensions also allows protocol designers to balance

between various expenditures in an in-depth and more compre-

hensive manner.

For future development, one can first reflect on the thought-

provoking discoveries summarized in Section 4.8.2. One can also

borrow some ideas from closely related research topics in WSN

security, like detection of captured nodes (Conti et al., 2008,2009)

or detection of general compromised nodes (Song et al., 2007;

Zhang et al., 2008). These explorations (Conti et al., 2008,2009; Song

et al., 2007; Zhang et al., 2008) address application-independent

intrusion detection in sensor networks from different prospects, but

bear intriguing similarities with replica detection (for example, our

latest research efforts on detecting node replication attacks in

mobile WSNsZhu et al., 2011are partially inspired by Conti et al.,

2008). We envision that these relevant security solutions (Conti

et al., 2008, 2009; Song et al., 2007; Zhang et al., 2008) will hopefully

serve as complementary mechanisms in detecting node replication

attacks, and application-independent intrusion detections will sig-

nificantly help defend the security for wireless sensor networks.

Acknowledgments

We would like to thank the anonymous reviewers for their

constructive comments. This work was supported by the National

Natural Science Foundation of China under Grant 60970138.

References

Bekara C, Laurent-Maknavicius M. A new protocol for securing wireless sensornetworks against nodes replication attacks. In: Proceedings of the 3rd IEEEinternational conference on wireless and mobile computing, networking andcommunications (WiMob07); 2007. October.

Bonaci T, Bushnell L, Poovendran R. Node capture attacks in wireless sensornetworks: a system theoretic approach. In: Proceedings of the 49th IEEEconference on decision and control (CDC10); 2010. p. 676572, December.

Boukerche A, Oliveira HABF, Nakamura EF, Loureiro AAF. Localization systems for

wireless sensor networks. IEEE Wireless Communications 2007;14(December):612.Brooks R, Govindaraju PY, Pirretti M, Vijaykrishnan N, Kandemir MT. On the

detection of clones in sensor networks using random key predistribution. IEEETransactions on Systems, Man, and Cybernetics, Part C: Applications andReviews 2007;37(November):124658.

Chan H, Perrig A. Security and privacy in sensor networks. Computer2003;36(October):1035.

Choi H, Zhu S, La porta TF. SET: detecting node clones in sensor networks. In:Proceedings of the 3rd international conference on security and privacy incommunications networks and the workshops (SecureComm07); 2007.p. 34150, December.

Conti M, Di Pietro R, Mancini LV, Mei A. Requirements and open issues indistributed detection of node identity replicas in WSN. In: Proceedings ofthe 2006 IEEE international conference on systems, man, and cybernetics(SMC06); 2006. p. 146873, October.

Conti M, Di Pietro R, Mancini LV, Mei A. A randomized, efficient, distributedprotocol for the detection of node replication attacks in wireless sensornetwork. In: Proceedings of the 8th ACM international symposium on mobile

Ad Hoc networking and computing (MobiHoc07); 2007. p. 809, September.

Conti M, Di Pietro R, MAncini LV, Mei A. Emergent properties: detection of thenode-capture attack in mobile wireless sensor networks. In: Proceedings ofthe 1st ACM conference on wireless network security (WiSec08); 2008.p. 21419, March.

Conti M, Di Pietro R, Mancini LV, Mei A. Mobility and cooperation to thwart nodecapture attacks in MANETs. EURASIP Journal on Wireless Communications andNetworking 2009: 13 (Article ID 945943).

Conti M, Di Pietro R, Mancini LV, Mei A. Distributed detection of clone attacks inwireless sensor networks. IEEE Transactions on Dependable and SecureComputing 2011(September/October):68598.

Cormen TH, Leiserson CE, Rivest RL, Stein C. Introduction to algorithms. MIT Press;

2001.Deng J, Hartung C, Han R, Mishra S. A practical study of transitory master key

establishment for wireless sensor networks. In: Proceedings of the 1stinternational conference on security and privacy for emerging areas incommunication networks (SecureComm05); 2005. p. 28999. September.

Dolev D, Yao AC. On the security of public key protocols. IEEE Transactions onInformation Theory 1983;29(March):198208.

Duan M-J, Xu J. An efficient location-based compromise-tolerant key managementscheme for sensor networks. Information Processing Letters 2011;111(May):5037.

Gligor V. Security of emergent properties in ad-hoc networks. In: Proceedings ofthe 12th international workshop on security protocols; 2004. p. 25666. April.

He W, Liu X, Nguyen H, Nahrstedt K, Abdelzaher T. PDA: privacy-preserving dataaggregation in wireless sensor networks. In: Proceedings of the 26th IEEEconference o n computer communications (INFOCOM07); 2007. p. 204553May.

Ho J-W, Liu D, Wright M, Das SK. Distributed detection of replica node attacks withgroup deployment knowledge in wireless sensor networks. Ad Hoc Networks

2009;7(November):147688.Ho J-W, Wright M, Das SK. Fast detection of replica node attacks in mobile sensornetworks using sequential analysis. In: Proceedings of the 28th IEEE conferenceon computer communications (INFOCOM09); 2009b. p. 177381. April.

Hussain S, Rahman MS. Using received signal strength indicator to detect nodereplacement and replication attacks in wireless sensor networks. In: SPIEProceedings of the data mining, intrusion detection, information assurance,and data networks security; 2009. April.

Karlof C, Wagner D. Secure routing in wireless sensor networks: attacks andcountermeasures. Ad Hoc Networks 2003;1(September):293315.

Karp B, Kung HT. GPSR: greedy perimeter stateless routing for wireless networks.In: Proceedings of the 6th international conference on mobile computing andnetworking (MobiCom00); 2000. p. 24354. August.

Kim C, Park C, Hur J, Lee H, Yoon H. A distributed deterministic and resilientreplication attack detection protocol in wireless sensor networks. Commu-nications in Computer and Information Science 2009a;56(December):40512.

Kim C, Shin S, Park C, Yoon H. A resilient and efficient replication attack detectionscheme for wireless sensor networks. IEICE Transactions on Information andSystems 2009b;E92-D(July):147983.

Ko L-C, Chen H-Y, Lin G-R. A neighbor-based detection scheme for wireless sensornetworks against node replication attacks. In: Proceedings of the 2009international conference on ultra modern telecommunications and workshops(ICUMT09); 2009. October.

Li Z, Gong G. Randomly directed exploration: an efficient node clone detectionprotocol in wireless sensor networks. In: Proceedings of the 6th IEEE interna-tional conference on mobile adhoc and sensor systems (MASS09); 2009a.p. 10305. October.

Li Z, Gong G. DHT-based detection of node clone in wireless sensor networks. In:Proceedings of the 1st international conference on ad hoc networks (ADHOC-NETS09); 2009b. p. 24055. September.

Liu J, Baek J, Zhou J, Yang Y, Wong J-W. Efficient online/offline identity-basedsignature for wireless sensor network. International Journal of InformationSecurity 2010;9(August):28796.

Mathur S, Reznik A, Ye C, Mukherjee R, Rahman A, Shah Y, et al. Exploiting thephysical layer for enhanced security. IEEE Wireless Communications2010;17(October):6370.

Meng X, Lin K, Li K. A note-based randomized and distributed protocol fordetecting node replication attacks in wireless sensor networks. In: Proceedingsof the 10th international conference on algorithms and architectures forparallel processing (ICA3PP10); 2010. p. 55970. May.

Newsome J, Shi E, Song D, Perrig A. The Sybil attack in sensor networks: analysis &defenses. In: Proceedings of the 3rd international symposium on informationprocessing in sensor networks (IPSN04); 2004. p. 25968. April.

Parno B, Perrig A, Gligor V. Distributed detection of node replication attacks insensor networks. In: Proceedings of the 26th IEEE symposium on security andprivacy (S&P05); 2005. p. 4963. May.

Perrig A, Szewczyk R, Tygar JD, Wen V, Culler DE. SPINS: security protocols forsensor networks. Wireless Networks 2002;8(September):52134.

Poovendran R, Wang C, Roy S. Secure localization and time synchronizationfor wireless sensor and ad hoc networks.New York Inc: Springer-Verlag; 2007.

Ruhrup S. Theory and practice of geographic routing. In: Liu H, Leung Y-W, Chu X,editors. Ad hoc and sensor wireless networks: architectures, algorithms andprotocols. Bentham Science Publishers; 2009.

Sei Y, Honiden S. Reporter node determination of replicated node detection inwireless sensor networks. In: Proceedings of the 3rd international conferenceon ubiquitous information management and communication (ICUIMC09);

2009. p. 56673. January.

Table 3

Comparison between the scenarios in replica detections under the claimer

reporterwitness framework.

Protocol Assumed deployment model

N2NB (Parno et al., 2005) Arb it rary n etwork ver y sm all in size

DM, RM, LSM (Parno et al., 2005) Arbitrary network

SDC, P-MPC (Zhu et al., 2007) A (preferably rectangle) grid of cells

RED (Conti et al., 2007) Arb it rary n etwork , p referably r ectangle

B-MEM (Zhang et al., 2009) Arbitrary networkBC-MEM (Zhang et al., 2009) A (preferably rectangle) grid of cells

C-MEM (Zhang et al., 2009) Rectangle network

CC-MEM (Zhang et al., 2009) A Rectangle grid of cells

RDE (Li and Gong, 2009a) Convex, small-scale, and dense network



13/13

Song H, Xie L, Zhu S, Cao G. Sensor node compromise detection: the locationperspective. In: Proceedings of the 3rd international conference on wirelesscommunications and mobile computing (IWCMC07); 2007. p. 2427. August.

Sun B, Osborne L, Xiao Y, Guizani S. Intrusion detection techniques in mobile adhoc and wireless sensor networks. IEEE Wireless Communications2007;14(October):5663.

Xie M, Han S, Tian B, Parvin S. Anomaly detection in wireless sensor networks: asurvey. Journal of Network and Computer Applications 2011;34(July):130225.

Xing K, Cheng X. From time domain to space domain: detecting replica attacks inmobile ad hoc networks. In: Proceedings of the 29th IEEE conference on

computer communications (INFOCOM10); 2010. March.Xing K, Liu F, Cheng X, Du DHC. Rea

Detecting Node Replication Attacks in WSN

Documents

Transcript of Detecting Node Replication Attacks in WSN