A framework for robust detection and prevention of wide-spread node compromise in wireless sensor networks.

摘要

Wireless sensor networks are known to be vulnerable to a variety of attacks that could undermine normal sensor network operations. Many schemes have been developed to defend the wireless sensor networks against various attacks. Most of them focus on making the network and service protocols be attack-resilient rather than rooting out the source of attacks. Although the attack-resiliency approach mitigates the threats on sensor network protocols, it requires substantial time and effort for continuously enhancing the robustness of the protocols in line with the emergence of new types of attacks. Accordingly, if we are able to detect and remove the sources of attacks as soon as possible, we could save the large amount of time and effort incurred from employing the attack-resiliency approach. In wireless sensor networks, the principle sources of various attacks are compromised nodes. Specifically, since sensor nodes are deployed in an unattended manner, an adversary can physically capture and compromise sensor nodes, and mount a variety of attacks with the compromised nodes. He can also move the compromised nodes to multiple locations to evade the detection. Moreover, he can create wide-spread influence by generating many replica nodes of a few compromised nodes or propagating malicious worm into the network. Our works are designed for rooting out the sources of possible threats by quickly detecting and removing compromised nodes and preventing wide-spread node compromise through replica node and worm propagation attacks.To meet this challenge, we propose a framework for robust detection and revocation of wide-spread node compromise in wireless sensor networks. In the framework, we first propose a reputation-based trust management scheme to facilitate static node compromise detection, and then propose a distributed detection scheme to achieve fast mobile node compromise detection, and finally propose replica node detection and worm propagation detection schemes to prevent wide-spread node compromise. Specifically, the framework is composed of five components. In the first component, we quickly detect the suspected regions in which compromised nodes are likely placed and perform software attestation against the nodes in the suspected regions, leading to the detection and revocation of the compromised nodes. However, if the attacker moves the compromised nodes to multiple locations in the network, such as by employing simple robotic platforms or moving the nodes by hand, he can evade the detection scheme in the first component. To resolve this limitation, we propose the second component in which we quickly detect these mobile malicious nodes that are silent for unusually many time periods---such nodes are likely to be moving---and block them from communicating in fully distributed manner.To reduce the time and effort incurred from directly compromising many benign nodes, attacker may launch replica node attacks in which he generates many replica nodes of a few compromised nodes and widely spread them over the network. To thwart wide-spread node compromise by replica node attacks, we propose two complementary schemes for replica detection as the third and fourth components. In the third component, we detect static replica nodes by leveraging the intuition that static replica nodes are placed in more than one location. In the fourth component, we quickly detect mobile replicas by leveraging the intuition that mobile replicas are in two or more locations at once and thus appear to move much faster than benign nodes, leading to highly likely exceed the predefined maximum speed.However, the attacker needs to prepare as many sensor nodes as the number of replicas that he wants to generate in replica node attacks. Thus, the attack costs will increase in proportion to the number of deployed replicas. To reduce these costs, the attacker may attempt to widely spread node compromise by capturing a few nodes and having the captured nodes propagate malicious worm through the network, leading to the fast compromise of many benign nodes. To fight against this type of attack, we propose the fifth component in which we quickly detect worm propagation in fully distributed fashion by leveraging the intuition that a worm's communication pattern is different from benign traffic.Through analysis and experimental study, we show that these components achieve robust and effective detection and revocation capability of node compromise, replica node, worm propagation with reasonable overhead.