Technological advances have made it possible to develop tiny sensor nodes which can be deployed in harsh physical conditions and inaccessible locations to perform various monitoring tasks. A Wireless Sensor Network (WSN) is a distributed and self-organized network consisting of a number of such sensor nodes. WSNs have many uses in industrial, commercial, military applications owing to their low-cost design which makes them economically viable solutions to a variety of real-world problems. However, security in WSNs faces significant challenges due to several inherent constraints such as the use of wireless communication, lack of tamper resistant features in sensor nodes, etc. A Mobile Wireless Sensor Network (MWSN) is a type of WSN which employs mobile sensors deployed in a specified coverage area. The mobility of sensor nodes has several advantages, but introduces additional security challenges compared to WSNs. The movement of sensor nodes can be controlled in such a way that there is an optimal distribution of sensors throughout the coverage area [11, 12]. This can help in covering the entire monitored area using lower number of sensors compared to a stationary Wireless Sensor Network (WSN), where the sensor nodes are stationary . Alternatively, nodes can be made to move towards a particular region of interest to increase number of nodes in that area, e.g., the site of an explosion, thus providing improved resolution of detected events .
Mobility of sensor nodes also impacts the network topology and introduces security vulnerabilities in the network. Sensor nodes in a MWSN can move around freely and if they are not adequately protected, they become susceptible to capture and compromise. Detecting such an attack becomes difficult as it is hard to track a particular mobile node in a global network . In a WSN, where the sensor nodes are stationary, node position is valuable information which can be used to verify a node's identity. The base station in such a network can detect imposters using node location of legitimate nodes using algorithms such as . In a MWSN, however, nodes are in constant motion and it becomes difficult to verify whether a particular sensor node is legitimate or an imposter, based on its location. As a sensor node moves within the coverage area, it needs to establish connections with its neighboring nodes in order to route data through them towards the sink node. This requires a strong authentication protocol which enables the sensor node to verify the identity of a sensor node, before communicating with that node. If the identity of the neighboring sensor node is verified to be legitimate, the sensor node in question may choose to route its data through the neighboring node.
The problem of imposter detection is to detect if one or several nodes are using the identity of a legitimate node to infiltrate the network. This has been studied in literature under the name node replication attacks. Detection of sensor node replication could be radio-based or network-based. Radio-based detection relies on a physical characteristic (the radio fingerprint) such as signal strength, to authenticate legitimate nodes, and subsequently detect imposters in the network   . Hall et. al. use radio frequency fingerprinting to authenticate nodes and detect imposters by analyzing the transient portion of the received signal. Bhuse and Gupta discuss an anomaly intrusion technique which uses Received Signal Strength Indicator (RSSI) to help sensor nodes detect an intruder . Such techniques are outside the realm of autonomous network intrusion detection, thus not feasible to be used in unattended and geographically spread WSNs. Thus we focus on network- based detection techniques.
Network-based detection techniques differ for stationary WSNs and MWSNs. In WSNs, each sensor node is associated with a unique deployment position, and if one node ID is associated with several locations, then this indicated a node replication. Network-based techniques to combat node replication attacks have been classified as centralized and distributed solutions. Centralized solutions heavily rely on a powerful base station which is responsible for data collection regarding imposters and decision making. For example, Parno et al. describe a centralized detection scheme in which each node sends a list of its neighbors and the physical location claimed by these nodes (location claim) to the base station, which then examines each neighbor list, looking for replicated sensor nodes . This scheme is a basic approach to centralized detection of node replication, suitable only for stationary WSNs. Distributed solutions utilize what is known as the claimer-reporter-witness framework, as proposed by Parno et al . These solutions utilize location information for a sensor node being stored at one or more witness nodes in the network. When joining the network, nodes are required to send their location information
Office of the Vice President for Research E 4.30
Research Sector - Kuwait University
(location claim) to witness nodes, which then detect replicas of a node, if they receive more than one location for a single sensor node.
Most existing detection techniques assume stationary WSNs and adopting these techniques to MWSNs is not easy. For example, the claimer-reporter-witness framework for stationary WSNs cannot be easily adopted in MWSNs for the following reasons. Nodes in MWSNs are in constant movement, and thus they are not associated with a unique location. Also, it becomes difficult to route any location claim from a certain reporter to a certain witness because of the continuously changing network topology. Also, issues like how to denote a witness (which needs to be linked to a certain physical location) become difficult to address. However, few existing solutions have been proposed for MWSNs. Ho et al. proposed a scheme which utilizes a sequential probability ratio test . A claimer node locally broadcasts its location claim to its neighbors from time to time. This information is collected by the neighboring nodes and sent to the base station, which calculates the node speed as a function of the location of the node and time of reporting. If the calculated node speed exceeds the system-configured maximum speed for a sensor node, then the presence of a replica is detected. This technique has several drawbacks including the requirement for an accurate measurement of location, which necessitates a dynamic and precise localization system along with tight time synchronization, both of which are not affordable in the current generation of WSNs.
Another approach to node replica detection was discussed by Conti et. al where disappearance from the network is associated with capture by an adversary . In this technique, each sensor node observes the time it encounters other sensor nodes and if a particular sensor node has not been encountered for a sufficiently long period of time, an alarm is raised. Sensor nodes can also update their meeting times by exchanging timing information with other sensor nodes. However, this technique suffers from a major drawback that a malicious node can spread incorrect information that an absent sensor node is still present in the network. Also, this technique requires that each sensor node be able to flood the network with an alarm, which may not be possible.
In this project we first define an abstracted Mobile Wireless Sensor Network (MWSN) and outline various possible scenarios of imposter infiltration in the network. We then develop a strategy to detect imposters in MWSNs and neutralize the detected imposters. The proposed strategy needs to take into consideration the resource constraints of sensor nodes. The proposed strategy should be preferably implemented in the base station/sink node to conserve sensor node resources.
The objectives of this research are as follows:
Design a strategy to detect and neutralize imposters in a MWSN.
Perform security evaluation of the proposed strategy by identifying various imposter infiltration scenarios and analyzing how the proposed strategy behaves in such cases.
Define metrics of interest to evaluate the performance or effectiveness of the proposed strategy.
Explore existing network simulators. Implement proposed strategy on the selected/developed network simulator. Evaluate and study the performance based on different network parameters.
Propose enhancements to the imposter detection strategy.
Prepare necessary background for further research in the area of MWSN security.
To achieve the stated objectives, this research will be pursued in three phases.
In the first phase, we formalize and define the following:
The network model, including the properties of the base station/sink node, properties of sensor nodes, mobility model for the base station/sink node, motion pattern of the sensor nodes, key distribution model for the network and communication protocol to be followed in all node-to-node and node-to-sink communications.
The threat model outlining various cases of imposter infiltration into the network.
The proposed strategy to detect and neutralize imposters.
In addition, we plan to complete the literature review in this phase. This phase is expected to be completed in the first five months of the project.
In the second phase, we develop a detailed approach to analyze and evaluate the proposed strategy against some predefined metrics. The second phase will be executed as per the following plan:
Security analysis of the proposed strategy
Analyze how an adversary might be able to disable multiple nodes or even a part of the network.
Identify cases in which the imposter is not detected i.e., the estimated probability of detection.
Performance analysis of the proposed strategy
Define performance metrics: The proposed strategy will be evaluated with respect to some performance metrics to evaluate its effectiveness.
Evaluate existing network simulators and select a network simulator
Implement the proposed strategy and evaluate it using the simulator: Find configurable parameters which affect the performance metrics previously defined, Analyze the behavior by changing these key parameters.
Identify performance bottlenecks
This phase is expected to be completed in nine months after the completion of the first phase.
WSNS have been in focus of the research community due to the variety of applications they enable, and uniqueness of challenges they offer. WSNs have many uses in industrial, commercial, military applications owing to their low-cost design which makes them economically viable solutions to a variety of real-world problems. Examples of WSN applications are environmental and habitat monitoring , surveillance and tracking for military . Mobile Wireless Sensor Networks (MWSN), extend this application range is extended owing to the mobility of sensor nodes. MWSNs find application in military operations so that planes, tanks, and moving personnel can communicate. Rescue missions and emergency situations also find use for such networks. Other examples include virtual classrooms and conferences wherein people can set up a network on the spot through their laptops, PDAs, and other mobile devices, assuming they share the same physical medium such as direct sequence spread spectrum (DSSS) or frequency hopped spread spectrum (FHSS) .
Research Sector - Kuwait University
In this project, we consider the unique problem of imposter detection in mobile sensor networks. As in any wireless network, security is an important problem in a MWSN. In this project, we address the security problem attributed to the presence of imposters in the network. An imposter is an adversary who claims the identity of a legitimate node to gain access to the network. An imposter, if successful in obtaining access to the network, can eavesdrop on the data being communicated between the sensor nodes, thus compromising confidentiality and privacy of the network data. The imposter could learn secret keys employed within the network and use this information to its advantage for example, to inject false data into the network or to replay old data, misleading the network nodes. As discussed in the Related Work Section, most of the existing solutions to this problem are applicable to stationary WSNs and not suitable to be adopted in MWSNs. Furthermore, the few solutions available to MWSNs are probabilistic; require precise localization and/or tight time synchronization. This necessitates a simple yet efficient solution to the imposter detection problem - which is what we propose to develop. This research aims at providing an efficient solution to the problem of imposter detection in Mobile Wireless Sensor Networks.
The results of this research will be essential in establishing the background for future implementations and solutions to this problem. In addition, this research has the potential to improve graduate teaching and supervision, as topics such as Networks and Network security are covered in graduate courses. Furthermore, we have observed that a significant portion of graduates from our university take up professions related to Network Security, and we believe that this research will have a positive impact on guiding them.
The results of this research will be presented in an international conference and in refereed international journals in the area of wireless sensor networks. This will provide due recognition and exposure to Kuwait University in the international community working in the areas of wireless networks, mobile wireless systems and computer networks. Furthermore, Network security is an important topic for Kuwait and the Gulf Region in general, and this research can prepare the country and the region for future endeavors in the area of wireless sensor networks.