A Novel Secure Localization Scheme Against Collaborative Collusion in Wireless Sensor Networks Jinfang Jiang, Guangjie Han, Lei Shu, Han-Chieh Chao, Shojiro Nishio Hohai University, China

Contents Introduction Motivation Network model and assumptions Attack model The first phase of the TSFD scheme Checking the coordinates' information Checking the time information Checking the ID information The second phase of the TSFD scheme Security calculation Simulation Conclusion

Introduction Our topic Security issues in WSN

Motivation Current localization methods are vulnerable to most attacks. Design a secure localization algorithm against malicious attacks in WSNs. Guarantee high detection rate, especially for collusion attacks Guarantee high localization accuracy, the designed secure localization algorithm should be able to localize sensor nodes under malicious attacks Consideration localization time and energy consumption, the designed secure localization algorithm should be able to fit the resource limited WSN

Network model and assumptions Three kinds of static nodes: anchor node sensor node Intruder node Different deployment Different communication radii Communication is two way The WSN considered in this paper consists of three kinds of static nodes: anchor nodes, sensor nodes and intruder nodes. (2) Different deployment: Anchor nodes are assumed to be distributed on a two dimensional surface, as vertices of tiling polygons. Then, sensor nodes and intruder nodes are randomly deployed around anchor nodes. Localization error is the least while anchor nodes are uniformly deployed. Besides, a base station is needed to control management of the WSN, e.g., managing deployment of the WSN. (3) Different types of nodes have different communication radii. Ra, the communication radius of any anchor node, is twice as long as that of any sensor node, denoted by Rs. Rm, the communication radius of any intruder node is assumed to range from Rs to Ra. (4) We also assume that communication is two way, that is, if node A hears node B, then node B can hear node A as well. The transmission information at least contains: 1) ID information, 2) coordinates of sending nodes and 3) time of sending information.

CCAM (Collaborative Collusion Attack Model) Two types of malicious nodes in CCAM intruder nodes compromised nodes Malicious nodes can launch both external and internal attacks compromise normal sensor nodes distort replayed location information pretend as anchor nodes There are two types of malicious nodes: 1) intruder node and 2) compromised node. Intruder nodes are malicious nodes outside of WSNs but compromised nodes are normal nodes compromised by intruders. These compromised nodes further act as intruder nodes to further compromise other normal nodes. All the malicious nodes can modify or distort received localization information, or even pretend as anchor nodes to send incorrect localization information. Malicious nodes can launch both external and internal attacks: compromise normal nodes, distort replayed location information, pretend as anchor nodes (3) The CCAM is rather different from traditional attack models: 1) harder to detect; 2) launch multiple malicious attacks; 3) interfere with the communication in the entire WSN; 4) distort received localization information randomly. (4) Existing approaches for secure localization cannot detect malicious nodes in CCAM. For example, the VM (Verifiable Multilateration technique) is vulnerable to detecting malicious nodes in CCAM because no node can be chosen as a trusted verifier and no accurate distance can be calculated. So we propose a new efficient algorithm against CCAM.

CCAM is rather different from traditional attack models 1) Harder to detect; 2) Launch multiple malicious attacks; 3) Interfere with the communication in the entire WSN; 4) Distort received localization information randomly.

The first phase of the TSFD scheme (1) Using anchor nodes to identify suspicious nodes step by step All the anchor nodes communicate with one-hop neighbor nodes Checking the coordinates' information If one node communicates with another node far away outside the communication range, at least one suspicious node exists in these nodes to forward information from the sender to receiver. Ra不是节点a的通信半径，而是anchor nodes 的通信半径 (1) In order to reduce influence of malicious nodes in the localization process, we identify suspicious nodes before the actual localization phase. During the initial phase, we assume that all the normal nodes cannot forward any package. (2) The transmission information at least contains: 1) ID information, 2) coordinates of sending nodes and 3) time of sending information. Malicious nodes in CCAM can distort three kinds of information. Thus, malicious nodes can be detected by checking whether the transmission information is normal or not. (3) Once a node receives localization information from a neighbor node, it calculates the distance between them based on the coordinates’ information. If one node communicates with another node far away outside the communication range, at least one suspicious node exists in these nodes to forward information from the sender to receiver. (4) As shown in the figure, on one hand, malicious nodes c replay the information from other nodes a and b outside the communication range of the sensor node e. On the other hand, malicious node d sends incorrect information, e.g., node c pretends as located in an unreal place d’. Then, the calculated distances are larger than Ra, thus, suspicious nodes can be identified. (5) However, not all malicious nodes can be detected as suspicious nodes through checking coordinates' information. If node d pretends itself as located in communication range of node e or revises coordinates (xa; ya) as node a located in communication range of node e, node e cannot distinguish any suspicious nodes as the calculated distances are smaller than Ra. Thus, further detections are needed to detect suspicious nodes. not all malicious nodes can be detected as suspicious nodes through checking coordinates' information

The first phase of the TSFD scheme (2) Checking the time information If any malicious node replays information, more time is needed for data transmission and processing malicious nodes can also revise time information. If time information is incorrect, using the time information to detect suspicious nodes becomes useless. (1) If any malicious node replays information, more time is needed for data transmission and processing. We detect suspicious nodes through comparing the time difference between sending and receiving information. As shown in figure, if tde > Tmax, node d can further determine that d is suspicious even dad < Ra. (2) However, malicious nodes can also revise time information. If time information is incorrect, using the time information to detect suspicious nodes becomes useless. Furthermore, the scheme based on time information is an accessorial scheme as time information is influenced directly by hardware condition. Therefore, using the schemes solely based on the coordinates and time information, we still cannot detect enough suspicious nodes.

The first phase of the TSFD scheme (3) Checking the ID information node e receives at least two pieces of messages from neighbor node b. One piece is directly delivered from node b. The other piece is forwarded by malicious node a. If there is no malicious node within communication range of node a, the message from node b is received only one time. node e receives its own information through malicious nodes c and d. On one hand, node e receives at least two pieces of messages from neighbor node b. One piece is directly delivered from node b. The other piece is forwarded by malicious node a. If there is no malicious node within communication range of node a, the message from node b is received only one time. On the other hand, node e receives its own information through malicious nodes c and d.

The first phase of the TSFD scheme (3) The period of time: The delay time: The delay time between two neighbor anchor nodes: The average number of malicious nodes in communication range of each anchor node: The maximum number of malicious nodes in communication range of each anchor node: In the phase, once a node wakes up, it broadcasts information continuously. In order to calculate the amount of information sent by each node accurately, a period of time Tp is assigned to each node. In each Tp, any normal node only sends its position’s information for one time. A period of time Tp is denoted as Tmax +
T. We denote the maximum communication time between normal anchor nodes as Tmax. That is, after sending information for one time, normal nodes send information once again after a delay time after a delay time
T

The second phase of the TSFD scheme Mesh generation method is used to isolate malicious nodes In the left figure, traditional mesh generation divides the WSN into different levels and there are several nodes in each level (1) As shown in the left figure, traditional mesh generation divides the WSN into different levels and there are several nodes in each level. One grid is in the first level, two grids are in the second level and four grids are in the third level. Most existing mesh generation schemes have the same shortcoming: partial nodes cannot decide which mesh they belong to, because they stay on common boundaries of meshes regardless of the size of each mesh. (2) In order to solve the above-mentioned problem, we propose a new mesh generation method that each unit mesh is a circumscribed square of anchor node. The WSN is divided into many unit meshes and each unit mesh only contains one node (3) After the first phase, each node keeps a record of suspicious node and these IDs are transported to the base station. Then, the base station calculates the number of recorded times of each ID. A node with higher number of recorded times is detected as a malicious one. The WSN is divided into four grades: untrusted area, suspicious area, uncertain area and trust area to isolate malicious nodes. (4) Each ID is matched with a trust grade one by one. The base station broadcasts trust grades to all the nodes so that every node knows which area it belongs to. (5) Using the modified mesh generation method to isolate malicious nodes has two advantages: 1) making a detour against malicious nodes as almost destructive nodes are included in the untrusted area; 2) guaranteeing enough anchor nodes to complete localization as seldom normal nodes are erroneously judged as malicious ones. However, using the TSFD , not all the malicious nodes can be detected completely. Therefore, some measurements are still needed to detect the rest of malicious nodes in the process of calculating coordinates. we propose a new mesh generation method that each unit mesh is a circumscribed square of anchor node. The WSN is divided into many unit meshes and each unit mesh only contains one node

The second phase of the TSFD scheme After the first phase, each node keeps a record of suspicious node and these IDs are transported to the base station. Then, the base station calculates the number of recorded times of each ID. A node with higher number of recorded times is detected as a malicious one. The WSN is divided into four grades: untrusted area, suspicious area, uncertain area and trust area to isolate malicious nodes. Each ID is matched with a trust grade one by one. The base station broadcasts trust grades to all the nodes so that every node knows which area it belongs to.

Advantages of modified mesh generation method Making a detour against malicious nodes as almost destructive nodes are included in the untrusted area; Guaranteeing enough anchor nodes to complete localization as seldom normal nodes are erroneously judged as malicious ones. However, using the TSFD , not all the malicious nodes can be detected completely. Therefore, some measurements are still needed to detect the rest of malicious nodes in the process of calculating coordinates.

Security calculation The WSN has been divided into four trust grades in the process of isolating malicious nodes, the localization process is firstly performed in trust area, then in the uncertain area and suspicious area. The untrusted area is the last one. Thus, the proposed scheme chooses main anchor nodes from the higher trusted area to avoid malicious nodes pretending as anchor nodes. However, there may be still some malicious nodes surviving to pretend as vice anchor nodes, thus further detections should be taken by sensor nodes to filter out malicious localization information: a) whether vice anchor node is outside the communication range. b) whether coordinates sent from the same main anchor node is different.

Security calculation A passive localization scheme only anchor nodes broadcast their localization information, but sensor nodes do not preventing sensor nodes from declaring their positions (1) We assume only anchor nodes broadcast their localization information, but sensor nodes do not. In other words, a passive localization scheme is used in this paper. For one thing, in order to ensure saving energy of sensor nodes by means of consuming anchor nodes’ energy. For another, in order to prevent sensor nodes from declaring their positions, thus avoiding sensor nodes being easily attacked by intruder nodes. (2) There are many redundant localization information if all the anchor nodes send and forward localization information. In order to save energy, we choose some trusted anchors as main anchor nodes which only sent localization information, like node a. Other nodes called vice anchor nodes, like nodes b and c. (3) The WSN has been divided into four trust grades in the process of isolating malicious nodes, the localization process is firstly performed in trust area, then in the uncertain area and suspicious area. The untrusted area is the last one. Thus, the proposed scheme chooses main anchor nodes from the higher trusted area to avoid malicious nodes pretending as anchor nodes. (4) However, there may be still some malicious nodes surviving to pretend as vice anchor nodes, thus further detections should be taken by sensor nodes to filter out malicious localization information: a) whether vice anchor node is outside the communication range. b) whether coordinates sent from the same main anchor node is different. Choose trusted anchors as main anchor nodes which only sent localization information, like node a. Other nodes called vice anchor nodes, like nodes b and c.

Simulation (1): The rate of detection Robustness of TSFD compared with other secure localization schemes As the rate of malicious nodes increases, TSFD is always the most robust one

Simulation (2): The localization error Robustness of TSFD compared with other secure localization schemes

Conclusion In this paper, we proposed a new attack model called CCAM and introduced a novel approach called TSFD in static WSNs Simulation results show that TSFD is effective against malicious nodes in CCAM with high detection rate And the modified localization scheme provides considerable localization accuracy The calculation of sensor node’s coordinates is directly influenced by two factors: 1) the clock precision; 2) the distance between two anchor nodes. Thus, localization accuracy can be improved through enlarging the distance between two anchor nodes and enhancing clock precision.

Thank you