03-09-2016, 09:54 AM
1452234760-ISSNIP2014a.pdf (Size: 644.12 KB / Downloads: 3)
Abstract—WSN (Wireless Sensor Network) has a wide range
of applications. As a result, security problems become increasingly
important. We investigate the problem of minimising the
failure rate of packet delivery in the presence of the modification
attacks and the selective forwarding attacks in a static WSN with
one base station without using expensive encryption/decryption
algorithms. We propose a novel heuristic approach to this problem.
Our approach is based on randomised multipath routing.
When a sensor node needs to send a packet to the base station,
it creates three copies and sends these three copies to the base
station via three paths. Among the three paths, two of them are
selected at random based on a spanning tree with the base station
as the root. The base station accepts a packet only if it receives
at least two identical copies. We have simulated our approach.
The simulation results show that our approach achieves a very
low failure rate of packet delivery in the presence of a relatively
high percentage of malicious sensor nodes.
INTRODUCTION
A WSN consists of a large number of autonomous sensors
nodes and one or more base stations. Each sensor node sends
its data sensed from the physical environment to its designated
base station. Typically, sensor nodes are battery powered. In
order to save energy, the power of transceiver of each sensor
node is kept low, leading to a short transmission range. As a
result, data collection is performed in a multi-hop way. Each
packet originated from a sensor node needs to delivered to
the target base station via a routing path. Different routing
structures such as trees have been proposed [1].
WSN has a wide range of applications, including military
field surveillance, health-care, homeland security, industrial
control, and intelligent green aircraft [2]. Therefore, network
security becomes increasingly important.
Sensor nodes have limited processing power, small storage
and limited energy. These constraints make classical security
algorithms unsuitable for WSNs. Therefore, new techniques
considering these limitations are needed.
WSN security has attracted extensive research [2]–[8].
There are various attacks that may cause many security problems.
Among them are the modification attack and the selective
forwarding attack. In the modification attack, a malicious
sensor node may modify a packet it receives and sends the
incorrect packet to the base station via a routing path. In
the selective forwarding attack, a malicious sensor node may
refuse to forward a packet, resulting in a packet loss.
In this paper, we investigate the problem of minimising
the failure rate of packet delivery in the presence of the
modification attacks and the selective forwarding attacks in
a static WSN with one base station without using expensive
encryption/decryption algorithms. The failure rate is equal to
the percentage of the total number of packets rejected by the
base station over the total number of packets generated by
all the sensor nodes. We propose a novel heuristic approach to
this problem. Our approach is based on the three copy strategy.
When a sensor node generates a packet, it creates three copies
which are sent to the base station via three paths. Among the
three paths, two of them are selected at random based on a
spanning tree with the base station as the root. The base station
accepts a packet only if it receives at least two identical copies.
We have simulated our approach. The simulation results
show that our approach achieves a very low failure rate of
packet delivery in the presence of a relatively high percentage
of malicious sensor nodes.
RELATED WORK
A. Modification Attack
Only a few attempts have been made to handle the modification
attack so far. [9] uses an overhearing technique to
detect malicious packet-modifying attacks in WSNs. By the
overhearing technique, a committee structure is constructed for
each sensor node. The committee structure includes several
committee sets, and each committee set is designed for a
specific communication link. Due to the microwave nature
of the wireless channel, neighbouring sensor nodes within a
sender’s radio range can overhear the packet the sender is
transmitting. Therefore, each packet can be examined by the
sensor nodes of the committee set during forwarding. If a
packet is modified by a malicious node, the committee set will
detect the error. However, the overhearing technique consumes
a significant amount of energy [10].
[8] proposes an approach for identifying the malicious
nodes that modify or drop packets. The proposed approach
encrypts each packet and adds some extra bits to the packet
to hide the source of the packet. It adds a packet mark, a
small number of extra bits to each packet such that the base
station can recover the source of the packet and figure out
the dropping ratio associated with every sensor node. The
routing tree structure dynamically changes in each round so
that behaviour of each sensor node can be observed in a
large variety of scenarios. The heuristic ranking algorithms can identify most of the bad nodes with small false positive.
[8] also gives an excellent review of the previous approaches to
the modification attack problem and the selective forwarding
attack problem.
Node-Disjoint Multipath Routing
It is widely agreed that multipath routing is an efficient
solution to the modification and selective forwarding attacks
[4]–[6], [11]. Multipath routing reduces the chance of a packet
being modified or dropped by a malicious sensor node by using
different paths. A survey of multipath routing protocols is
presented in [12]. Multipath routing can be either node disjoint
[12], or link disjoint [12], or partially disjoint [13].
[14] presents a multipath protocol to increase the transmission
reliability by discovering a back-up path beside the
service-path in case of transmission failures. [15] is an extension
to [14] by considering secure and reliable data collection.
It improves the protocol’s security by applying the secret
sharing strategy. [16] proposes an efficient N-to-1 multipath
routing protocol based on a minimum spanning tree and a
learning mechanism.
[17] proposes an energy efficient collision aware multipath
routing for WSN. It finds two collision-free paths to reduce the
number of collisions among the sensor nodes in the network.
[18] proposes a Low-Interference Energy-efficient Multipath
Routing protocol (LIEMRO) for WSNs. This protocol aims at
improving packet delivery ratio, lifetime, and latency by discovering
multiple interference-minimised node-disjoint paths
between source node and sink node.
[19] intends to improve the Direct Diffusion algorithm
in order to allow multipath routing in a multimedia wireless
sensor network which suffers from interferences. The base station
selects paths which have disjoint node between them. [20]
proposes a distributed, scalable and localised multipath search
protocol to discover multiple node-disjoint paths between the
sink node and source node, and a load balancing algorithm to
distribute the traffic over the multiple paths discovered.
All the previous multipath based routing approaches use
static routing paths, which make it easy for the attackers to
find the target sensor nodes for attacks [21]. [22] proposes several
schemes that generate randomized multipath routes, and
analytically investigates the security and energy performance
of the proposed schemes. Extensive simulations are conducted
to verify the validity of the proposed schemes.
OUR APPROACH
The target WSN is static, i.e., the location of each sensor is
fixed. There is only one base station 1. Each sensor node has
a set of neighbouring sensor nodes with which it can communicate
directly. Each communication link is bidirectional. The
whole network is connected, i.e., for each sensor node, there is
a routing path between this sensor node and the base station.
When a sensor node generates a packet, this packet needs to
be sent to the base station. No data aggregation is performed
during data collection.
We investigate the problem of minimising the failure rate
of packet delivery in the presence of the modification attacks
and the selective forwarding attacks in a static WSN with
one base station without using expensive encryption/decryption
algorithms. Our objective is two folds. Firstly, we aim at
minimising the failure rate of packet delivery. Secondly, our
proposed heuristic solution makes it difficult for the attackers
to attack the packets from a set of target sensor nodes.
Our approach consists of two major phases, namely, initialisation
phase and randomised multipath routing phase. During
the initialisation phase, our approach constructs a shortest path
routing tree with the maximum lifetime proposed in [23], and
assigns a unique ID to each sensor node. The ID of each sensor
node will be used in randomised multipath routing. During
the second phase, when a sensor node initiates a packet, our
approach creates three copies and sends each copy to the base
station via a different path. In order to make it difficult for
malicious path analysis, our approach selects two routing paths
at random.
A. Initialisation Phase
During the initialisation phase, our approach constructs a
shortest path spanning tree T rooted at the base station with the
maximum lifetime as proposed in [23], then assigns a unique
ID to each sensor node in a distributed way. The ID of each
sensor vi, denoted by IDi, is defined as follows.
• Let vi1 .vi2 , ··· , vik be all the children of the base
station in T sorted in anti-clock-wise order in the polar
coordinate system with the base station as the pole.
• Assign a unique ID to each subtree rooted at a child
of the base station in T. The ID of the subtree rooted
at vij is j.
• For each subtree rooted at a child of the base station
in T, assign a unique rank to each sensor node in the
subtree. The rank of a sensor node in a subtree is its
rank in the depth-first traversal order of the subtree.
• For each sensor node vs, its ID, denoted by IDs, is
a tuple (xs, ys), where xs is the ID of the subtree
containing vs rooted at a child of the base station in
T, and ys is the rank of vs.
Next, we show how the ID of each sensor node is assigned
in a distributed way.
Our distributed naming algorithm consists of two phases.
In the first phase, the base station creates a message for
calculating the size of each subtree in T. This message will
be sent to each sensor node along the tree T. When it reaches
a leaf sensor node, the leaf sensor node will send an acknowledgement
message to its parent in T. An acknowledgement
message sent by a sensor node contains the size of the subtree
rooted at the sensor node. When a sensor node receives the
acknowledgement messages from all its children, it calculates
the size of the subtree rooted at itself. In the second phase, the
base station initiates a message for assigning a unique ID to
each sensor node. This message carries the rank of the receiver
of this message.
For each sensor node vi, we introduce the following
variables: