针对虫洞攻击的无线传感器网络安全定位方法

节点定位技术是无线传感器网络的关键技术之一,是很多基于无线传感器网络的应用的基础。然而,无线传感器网络通常部署在无人值守的敌对环境中,攻击节点能够很容易地破坏网络中节点的定位过程。本文针对无线传感器网络中距离无关的定位技术,分析了虫洞攻击对DV-Hop定位过程的影响,提出了一种无线传感器网络中抵御虫洞攻击的DV-Hop安全定位方法。仿真结果表明所提出的安全定位方法能够有效降低虫洞攻击对DV-Hop定位过程的影响,验证了该方法的有效性。     

Secured Self Organizing Network Architecture in Wireless Personal Networks

Secured self organizing network is an approach to computer network architecture that seeks to address the technical issues in heterogeneous networks that may lack continuous network connectivity. In delay tolerant network packets storage exists when there is any link breakage between the nodes in the network so delay is tolerable in this type of network during the data transmission. But this delay is not tolerable in wireless network for voice packet transmission. This evokes the use of wireless networks. In a network, different wireless network topologies are interoperating with each other so the communication across the network is called overlay network. This network is vulnerable to attacks due to mobile behaviour of nodes and frequent changes in topologies of the network. The attacks are wormhole attack and blackhole attack is analysed in this paper. They are critical threats to normal operation in wireless networks which results in the degradation of the network performance. The proposed recovery algorithm for wormhole and the isolation of blackhole will increase the performance of the network. The performance metrics such as throughput, packet delivery ratio, end–end delay and routing overhead of the network are evaluated.

     

Wormhole attacks in wireless networks

As mobile ad hoc network applications are deployed, security emerges as a central requirement. In this paper, we introduce the wormhole attack, a severe attack in ad hoc networks that is particularly challenging to defend against. The wormhole attack is possible even if the attacker has not compromised any hosts, and even if all communication provides authenticity and confidentiality. In the wormhole attack, an attacker records packets (or bits) at one location in the network, tunnels them (possibly selectively) to another location, and retransmits them there into the network. The wormhole attack can form a serious threat in wireless networks, especially against many ad hoc network routing protocols and location-based wireless security systems. For example, most existing ad hoc network routing protocols, without some mechanism to defend against the wormhole attack, would be unable to find routes longer than one or two hops, severely disrupting communication. We present a general mechanism, called packet leashes, for detecting and, thus defending against wormhole attacks, and we present a specific protocol, called TIK, that implements leashes. We also discuss topology-based wormhole detection, and show that it is impossible for these approaches to detect some wormhole topologies.     

Topological comparison‐based wormhole detection for MANET

Wormhole attack is considered one of the most threatening security attacks for mobile ad hoc networks. In a wormhole attack, a tunnel is setup in advance between two colluders. The colluders record packets at one location and forward them through the tunnel to another location in the network. Depending on whether or not the colluders are participating in the network functions, the wormhole attack can be further divided into two categories: traditional wormhole attack and Byzantine wormhole attack. Existing researches focusing on detecting traditional wormhole attacks can be classified into three categories: one‐hop delay‐based approach, topological analysis‐based or special hardware/middleware‐based approaches. Unfortunately, they all have their own limitations. Most of the researches detecting Byzantine wormhole attack are not addressing the Byzantine wormhole attack directly. Instead, they focus on observing the consequence after a Byzantine wormhole attack, like packet dropping or modification. In this paper, we propose to detect both traditional and Byzantine wormhole attacks by detecting some topological anomalies introduced by wormhole tunnels. Simulation results show that our scheme can achieve both high wormhole attack detection rate and accuracy. Our scheme is also simple to implement. Copyright © 2012 John Wiley & Sons, Ltd.     

HiRLoc: high-resolution robust localization for wireless sensor networks

In this paper, we address the problem of robustly estimating the position of randomly deployed nodes of a wireless sensor network (WSN), in the presence of security threats. We propose a range-independent localization algorithm called high-resolution range-independent localization (HiRLoc), that allows sensors to passively determine their location with high resolution, without increasing the number of reference points, or the complexity of the hardware of each reference point. In HiRLoc, sensors determine their location based on the intersection of the areas covered by the beacons transmitted by multiple reference points. By combining the communication range constraints imposed by the physical medium with computationally efficient cryptographic primitives that secure the beacon transmissions, we show that HiRLoc is robust against known attacks on WSN, such as the wormhole attack, the Sybil attack, and compromise of network entities. Finally, our performance evaluation shows that HiRLoc leads to a significant improvement in localization accuracy compared with state-of-the-art range-independent localization schemes, while requiring fewer reference points.     

无线Mesh网络中的虫洞攻击检测研究

为了有效检测出无线mesh网络中的虫洞攻击,针对微软提出的支持多射频的链路质量源路由MR-LQSR(multi-radio link-quality souse routing)协议提出了一种虫洞攻击模型,并根据虫洞攻击及无线mesh网的特点,在基于端到端的虫洞攻击检测算法、投票机制、邻居检测机制和基于身份加密技术的基础上提出一种基于端到端的虫洞攻击检测机制.最后通过理论分析和实验证实了该机制能有效地抵御无线mesh网中的虫洞攻击和提高无线mesh网的安全性.     

Byzantine robust trust establishment for mobile ad hoc networks

In a mobile ad hoc network (MANET), the nodes act both as traffic sources and as relays that forward packets from other nodes along multi-hop routes to the destination. Such networks are suited to situations in which a wireless infrastructure is unavailable, infeasible, or prohibitively expensive. However, the lack of a secure, trusted infrastructure in such networks make secure and reliable packet delivery very challenging. A given node acting as a relay may exhibit Byzantine behavior with respect to packet forwarding, i.e., arbitrary, deviant behavior, which disrupts packet transmission in the network. For example, a Byzantine node may arbitrarily choose to drop or misroute a certain percentage of the packets that are passed to it for forwarding to the next hop. In earlier work, we proposed a trust establishment framework, called Hermes, which enables a given node to determine the “trustworthiness” of other nodes with respect to reliable packet delivery by combining first-hand trust information obtained independently of other nodes and second-hand trust information obtained via recommendations from other nodes. A deficiency of the Hermes scheme is that a node can fail to detect certain types of Byzantine behavior, such as packet misforwarding directed at a particular source node. In this paper, we propose new mechanisms to make Hermes robust to Byzantine behavior and introduce a punishment policy that discourages selfish node behavior. We present simulation results that demonstrate the effectiveness of the proposed scheme in a variety of scenarios involving Byzantine nodes that are malicious both with respect to packet forwarding and trust propagation.     

Simulation Based Comparative Study of Routing Protocols Under Wormhole Attack in Manet

A Mobile Ad hoc network (manet) has emerged as an autonomous, multi-hop, wireless and temporary type of network which works within the constraints like bandwidth, power and energy. Manet can be observed as an open type of network where nodes become a part of any network at any time that’s why it is susceptible to different types of attacks. Wormhole attack is most threatening security attack in ad hoc network where an attacker node receives packet at one location and replay them at other location which is remotely located far. In this paper, we study and compare the performance of AODV, DSR and ZRP under the impact of multiple wormhole attacker nodes. Diverse scenarios are characterized as like average of 50 runs and mobility. By statistical placement of multiple wormhole nodes across the network, we evaluate the performance in terms of throughput, packet delivery ratio, packet loss, average end to end delay and jitter. Finally based on the simulation we investigated the most affected routing protocol in terms of network metrics.     

Location-based compromise-tolerant security mechanisms for wireless sensor networks

Node compromise is a serious threat to wireless sensor networks deployed in unattended and hostile environments. To mitigate the impact of compromised nodes, we propose a suite of location-based compromise-tolerant security mechanisms. Based on a new cryptographic concept called pairing, we propose the notion of location-based keys (LBKs) by binding private keys of individual nodes to both their IDs and geographic locations. We then develop an LBK-based neighborhood authentication scheme to localize the impact of compromised nodes to their vicinity. We also present efficient approaches to establish a shared key between any two network nodes. In contrast to previous key establishment solutions, our approaches feature nearly perfect resilience to node compromise, low communication and computation overhead, low memory requirements, and high network scalability. Moreover, we demonstrate the efficacy of LBKs in counteracting several notorious attacks against sensor networks such as the Sybil attack, the identity replication attack, and wormhole and sinkhole attacks. Finally, we propose a location-based threshold-endorsement scheme, called LTE, to thwart the infamous bogus data injection attack, in which adversaries inject lots of bogus data into the network. The utility of LTE in achieving remarkable energy savings is validated by detailed performance evaluation.     

A graph theoretic framework for preventing the wormhole attack in wireless ad hoc networks

Wireless ad hoc networks are envisioned to be randomly deployed in versatile and potentially hostile environments. Hence, providing secure and uninterrupted communication between the un-tethered network nodes becomes a critical problem. In this paper, we investigate the wormhole attack in wireless ad hoc networks, an attack that can disrupt vital network functions such as routing. In the wormhole attack, the adversary establishes a low-latency unidirectional or bi-directional link, such as a wired or long-range wireless link, between two points in the network that are not within communication range of each other. The attacker then records one or more messages at one end of the link, tunnels them via the link to the other end, and replays them into the network in a timely manner. The wormhole attack is easily implemented and particularly challenging to detect, since it does not require breach of the authenticity and confidentiality of communication, or the compromise of any host. We present a graph theoretic framework for modeling wormhole links and derive the necessary and sufficient conditions for detecting and defending against wormhole attacks. Based on our framework, we show that any candidate solution preventing wormholes should construct a communication graph that is a subgraph of the geometric graph defined by the radio range of the network nodes. Making use of our framework, we propose a cryptographic mechanism based on local broadcast keys in order to prevent wormholes. Our solution does not need time synchronization or time measurement, requires only a small fraction of the nodes to know their location, and is decentralized. Hence, it is suitable for networks with the most stringent constraints such as sensor networks. Finally, we believe our work is the first to provide an analytical evaluation in terms of probabilities of the extent to which a method prevents wormholes. Radha Poovendran received the Ph.D. degree in electrical engineering from the University of Maryland, College Park, in 1999. He has been an Assistant Professor in the Electrical Engineering Department, University of Washington, Seattle, since September 2000. His research interests are in the areas of applied cryptography for multiuser environment, wireless networking, and applications of information theory to security. Dr. Poovendran is a recipient of the Faculty Early Career Award from the National Science Foundation (2001), Young Investigator Award from the Army Research Office (2002), Young Investigator Award from the Office of Naval Research (2004), and the 2005 Presidential Early Career Award for Scientists and Engineers, for his research contributions in the areas of wired and wireless multiuser security. Loukas Lazos received the B.S. and M.S. degrees from the Electrical Engineering Department, National Technical University of Athens, Athens, Greece, in 2000 and 2002, respectively. He is currently working towards the Ph.D. degree in the Electrical Engineering Department, University of Washington, Seattle. His current research interests focus on cross-layer designs for energy-efficient key management protocols for wireless ad-hoc networks, as well as secure localization systems for sensor networks.     

Performance analysis of wireless sensor networks assisted by on‐demand‐based cloud infrastructure

The wireless sensor networks composed of tiny sensor with the capability of monitoring the tangible changes for a wide range of applications are limited with the capabilities on processing and storage. Their limited capabilities make them seek the help of the cloud that provides the rented service of processing and storage. The dense deployment of the wireless sensor and their vulnerability to the unknown attacks, alterations make them incur difficulties in the process of the conveyance causing the modifications or the loss of the content. So, the paper proposes an optimized localization of the nodes along with the identification of the trusted nodes and minimum distance path to the cloud, allowing the target to have anytime and anywhere access of the content. The performance of the cloud infrastructure‐supported wireless sensor network is analyzed using the network simulator 2 on the terms of the forwarding latency, packet loss rate, route failure, storage, reliability, and the network longevity to ensure the capacities of the cloud infrastructure‐supported wireless sensor networks.     

A Secure Relay-Assisted Handover Protocol for Proxy Mobile IPv6 in 3GPP LTE Systems

The LTE (Long Term Evolution) technologies defined by 3GPP is the last step toward the 4th generation (4G) of radio technologies designed to increase the capacity and speed of mobile telephone networks. Mobility management for supporting seamless handover is the key issue for the next generation wireless communication networks. The evolved packet core (EPC) standard adopts the proxy mobile IPv6 protocol (PMIPv6) to provide the mobility mechanisms. However, the PMIPv6 still suffers the high handoff delay and the large packet lost. Our protocol provides a new secure handover protocol to reduce handoff delay and packet lost with the assistance of relay nodes over LTE networks. In this paper, we consider the security issue when selecting relay nodes during the handoff procedure. During the relay node discovery, we extend the access network discovery and selection function (ANDSF) in 3GPP specifications to help mobile station or UE to obtain the information of relay nodes. With the aid of the relay nodes, the mobile station or UE performs the pre-handover procedure, including the security operation and the proxy binding update to significantly reduce the handover latency and packet loss. The simulation results illustrate that our proposed protocol actually achieves the performance improvements in the handoff delay time and the packet loss rate.     

Design and implementation analysis of a public key infrastructure‐enabled security framework for ZigBee sensor networks

ZigBee is a wireless network technology suitable for applications requiring lower bandwidth, low energy consumption and small packet size. Security has been one of the challenges in ZigBee networks. Public Key Infrastructure (PKI) provides a binding of entities with public keys through a Certifying Authority (CA). Public key cryptography using public–private key pairs can be used for ensuring secure transmission in a network. But large size of public and private keys and memory limitations in ZigBee devices pose a problem for using PKI to secure communication in ZigBee networks. In this paper, we propose a PKI enabled secure communication schema for ZigBee networks. Limited memory and power constraints of end devices restrict them from storing public keys of all other devices in the network. Large keys cannot be communicated due to limited power of the nodes and small transmission packet size. The proposed schema addresses these limitations. We propose two algorithms for sending and receiving the messages. The protocols for intercommunication between the network entities are also presented. Minor changes have been introduced in the capabilities of devices used in the ZigBee networks to suit our proposed scheme. Network adaptations depending on different scenarios are discussed. The approach adopted in this paper is to alter the communication flow so as to necessitate minimum memory and computational requirements at the resource starved end points. In the proposed PKI implementation, end devices store the public keys of only the coordinator which in turn holds public keys of all devices in the network. All communication in our scheme is through the coordinator, which in the event of failure is re‐elected through an election mechanism. The performance of the proposed scheme was evaluated using a protocol analyzer in home automation and messenger applications. Results indicate that depending on the type of application, only a marginal increase in latency of 2 to 5 ms is introduced for the added security. Layer wise traffic and packets captured between devices were analyzed. Channel utilization, message length distribution and message types were also evaluated. The proposed protocol's performance was found to be satisfactory on the two tested applications. Copyright © 2014 John Wiley & Sons, Ltd.     

Secure neighbor discovery and wormhole localization in mobile ad hoc networks

Neighbor discovery is an important part of many protocols for wireless adhoc networks, including localization and routing. When neighbor discovery fails, communications and protocols performance deteriorate. In networks affected by relay attacks, also known as wormholes, the failure may be more subtle. The wormhole may selectively deny or degrade communications. In this article we present Mobile Secure Neighbor Discovery (MSND), which offers a measure of protection against wormholes by allowing participating mobile nodes to securely determine if they are neighbors, and a wormhole localization protocol, which allows nodes that detected the presence of a wormhole to determine wormhole’s location. To the best of our knowledge, this work is the first to secure neighbor discovery in mobile adhoc networks and to localize a wormhole. MSND leverages concepts of graph rigidity for wormhole detection. We prove security properties of our protocols, and demonstrate their effectiveness through extensive simulations and a real system evaluation employing Epic motes and iRobot robots.     

Non‐cooperative game‐based packet ferry forwarding for sparse mobile wireless networks

In sparse mobile wireless networks, normally, the mobile nodes are carried by people, and the moving activity of nodes always happens in a specific area, which corresponds to some specific community. Between the isolated communities, there is no stable communication link. Therefore, it is difficult to ensure the effective packet transmission among communities, which leads to the higher packet delivery delay and lower successful delivery ratio. Recently, an additional ferry node was introduced to forward packets between the isolated communities. However, most of the existing algorithms are working on how to control the trajectory of only one ferry work in the network. In this paper, we consider multiple ferries working in the network scenario and put our main focus on the optimal packet selection strategy, under the condition of mutual influence between the ferries and the buffer limitation. We introduce a non‐cooperative Bayesian game to achieve the optimal packet selection strategy. By maximizing the individual income of a ferry, we optimize the network performance on packet delivery delay and successful delivery ratio. Simulation results show that our proposed packet selection strategy improves the network performance on packet delivery delay and successful delivery ratio. Copyright © 2013 John Wiley & Sons, Ltd.     

A trust mechanism-based channel assignment and routing scheme in cognitive wireless mesh networks with intrusion detection

Cognitive Wireless Mesh Networks (CWMN) is a novel wireless network which combines the advantage of Cognitive Radio (CR) and wireless mesh networks. CWMN can realize seamless integration of heterogeneous wireless networks and achieve better radio resource utilization. However, it is particularly vulnerable due to its features of open medium, dynamic spectrum, dynamic topology, and multi-top routing, etc.. Being a dynamic positive security strategy, intrusion detection can provide powerful safeguard to CWMN. In this paper, we introduce trust mechanism into CWMN with intrusion detection and present a trust establishment model based on intrusion detection. Node trust degree and the trust degree of data transmission channels between nodes are defined and an algorithm of calculating trust degree is given based on distributed detection of attack to networks. A channel assignment and routing scheme is proposed, in which selects the trusted nodes and allocates data channel with high trust degree for the transmission between neighbor nodes to establish a trusted route. Simulation results indicate that the scheme can vary channel allocation and routing dynamically according to network security state so as to avoid suspect nodes and unsafe channels, and improve the packet safe delivery fraction effectively.     

To‐send‐or‐not‐to‐send: An optimal stopping approach to network coding in multi‐hop wireless networks

Network coding is all about combining a variety of packets and forwarding as much packets as possible in each transmission operation. The network coding technique improves the throughput efficiency of multi‐hop wireless networks by taking advantage of the broadcast nature of wireless channels. However, there are some scenarios where the coding cannot be exploited due to the stochastic nature of the packet arrival process in the network. In these cases, the coding node faces 2 critical choices: forwarding the packet towards the destination without coding, thereby sacrificing the advantage of network coding, or waiting for a while until a coding opportunity arises for the packets. Current research works have addressed this challenge for the case of a simple and restricted scheme called reverse carpooling where it is assumed that 2 flows with opposite directions arrive at the coding node. In this paper, the issue is explored in a general sense based on the COPE architecture requiring no assumption about flows in multi‐hop wireless networks. In particular, we address this sequential decision making problem by using the solid framework of optimal stopping theory and derive the optimal stopping rule for the coding node to choose the optimal action to take, ie, to wait for more coding opportunity or to stop immediately (and send packet). Our simulation results validate the effectiveness of the derived optimal stopping rule and show that the proposed scheme outperforms existing methods in terms of network throughput and energy consumption.     

Optimal rate allocation and QoS-sensitive admission control in wireless integrated networks

The problem of Call Admission Control and rate allocation in loosely coupled wireless integrated networks is investigated. The related Radio Resource Management schemes were introduced to improve network performance in wireless integrated networks. However, these schemes did not reflect the independence and competitiveness of loosely coupled wireless integrated networks. Furthermore, given that users have different requirements for price and Quality of Service (QoS), they are able to select a network according to their preference. We consider a scenario with two competitive wireless networks, namely Universal Mobile Telecommunications System cellular networks and Wireless Local Area Networks. Users generate two types of traffic with different QoS requirements: real-time and non-real-time. We propose a scheme that exploits a mathematical model for the control of call admission and adopt a noncooperative game theory-based approach to address the rate allocation problem. The purpose is to maximize the revenue of the network providers while guaranteeing a level of QoS according to user needs. Simulation results show that the proposed scheme provides better network performance with respect to packet loss rate, packet delay time, and call-blocking probability than other schemes when the data rates are allocated to each call at the point that maximizes the revenue of network providers. We further demonstrate that a Nash equilibrium always exists for the considered games.     

LSAPSP: Load distribution‐based slot allocation and path establishment using optimized substance particle selection in sensor networks

Sensor node energy conservation is the primary design parameters in wireless sensor networks (WSNs). Energy efficiency in sensor networks directly prolongs the network lifetime. In the process of route discovery, each node cooperates to forward the data to the base station using multi‐hop routing. But, the nodes nearer to the base station are loaded more than the other nodes that lead to network portioning, packet loss and delay as a result nodes may completely loss its energy during the routing process. To rectify these issues, path establishment considers optimized substance particle selection, load distribution, and an efficient slot allocation scheme for data transmission between the sensor nodes in this paper. The selection of forwarders and conscious multi‐hop path is selected based on the route cost value that is derived directly by taking energy, node degree and distance as crucial metrics. Load distribution based slot allocation method ensures the balance of data traffic and residual energy of the node in areal‐time environment. The proposed LSAPSP simulation results show that our algorithm not only can balance the real‐time environment load and increase the network lifetime but also meet the needs of packet loss and delay.     

Trust-aware secure routing protocol for wireless sensor networks

A trust-aware secure routing protocol (TSRP) for wireless sensor networks is proposed in this paper to defend against varieties of attacks. First, each node calculates the comprehensive trust values of its neighbors based on direct trust value, indirect trust value, volatilization factor, and residual energy to defend against black hole, selective forwarding, wormhole, hello flood, and sinkhole attacks. Second, any source node that needs to send data forwards a routing request packet to its neighbors in multi-path mode, and this continues until the sink at the end is reached. Finally, the sink finds the optimal path based on the path's comprehensive trust values, transmission distance, and hop count by analyzing the received packets. Simulation results show that TSRP has lower network latency, smaller packet loss rate, and lower average network energy consumption than ad hoc on-demand distance vector routing and trust based secure routing protocol.