NISA Node Identification and Spoofing Attack Detection Based on Clock Features and Radio Information for Wireless Sensor Networks
Abstract : Node identification based on unique hardware features like clock skews has been considered an efficient technique in wireless sensors networks (WSNs). Spoofing attacks imitating unique hardware features, however, could significantly impair or break down conventional clock-skew-based node identification due to exposed clock information through broadcasting. To defend against Spoofing attacks, we propose a new node identification scheme called node identification against Spoofing attack (NISA). It utilizes the reverse time synchronization framework, where sensor nodes’ clock skews are estimated at the head of a WSN, and the spatially-correlated radio link information to achieve simultaneous node identification and attack detection. We further provide centralized and distributed NISA for covering both single-hop and multi-hop scenarios, the former of which employs a single-input and multiple-output convolutional neural network. With a real WSN testbed consisting of TelosB sensor nodes running TinyOS, we investigate the identifiability of clock skews under temperature and voltage variations and evaluate the performance of both centralized and distributed NISA. Experimental results demonstrate that both centralized and distributed NISA could provide accurate node identification and Spoofing attack detection.
? This paper studies the algorithm design and analysis in secure time synchronization for resource-constrained industrial wireless sensor networks under Sybil attacks, which cannot be well addressed by existing methods.
? Extensive simulations were conducted to demonstrate the efficiency of NiSTS and compare it with existing protocols.
? In existing time synchronization protocols against message manipulation attacks, a safe node disguised by the Sybil attackers would be regarded as a malicious node, and lose synchronization with other nodes.
? The first phase consists of message filtering rather than node isolation. The second phase involves updating the logical clock parameters based on an existing time synchronization algorithm.
? The wireless network nodes can be attacked with the help of using the low cost sensor devices in which the spoofing attacks can be launched easily and make damage in the network and affect the performance of the network.
? DDoS Flooding attacks are the biggest problems in area of security. These flooding attacks make the explicit attempts to disturb the correct users to access the services.
? These attacks gain control over the nodes in the network by exploiting their vulnerabilities.
? Some mechanism is usually requires the comprehensive understanding of the problem and the techniques to prevent the attacks.
• A node-identification-based secure time synchronization (NiSTS) protocol is proposed.
• Some countermeasures against Sybil attacks have been proposed based on key management and neighboring time information.
• However, they consume more computation, communication, storage, and hardware resources, which are not desirable for resource-constrained IWSNs.
• The proposed NiSTS consists of two parts: the detection process to filter malicious messages and the clock update process to realize time synchronization.
• Next, we detail the detection process, the design of NiSTS with the update rules, and the performance analysis.
? The performance level of this prevention mechanism is better as that of the detection mechanism which is obtained theoretically.
? The shortest path from the source node to destination node was selected by using the AODV,. prevention mechanism will be very helpful for the quick identification of the attackers and also improve the network performance.
? The most efficient protocols in obtaining the shortest path and lower power consumption. It is mainly used in the Ad-hoc networks and wireless networks.
? There are various mechanisms are used to find out the route selection like the On-Demand Distance vector, DSR have been imposed in which the AODV is imposed through which the path can be selected efficiently to transfer the data.
|