[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN104702606A - Method for replication attack detection of distributed type wireless sensor network nodes - Google Patents

Method for replication attack detection of distributed type wireless sensor network nodes Download PDF

Info

Publication number
CN104702606A
CN104702606A CN201510107472.1A CN201510107472A CN104702606A CN 104702606 A CN104702606 A CN 104702606A CN 201510107472 A CN201510107472 A CN 201510107472A CN 104702606 A CN104702606 A CN 104702606A
Authority
CN
China
Prior art keywords
node
witness
information
sensing
wireless sensor
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201510107472.1A
Other languages
Chinese (zh)
Other versions
CN104702606B (en
Inventor
马锐
张岩
马科
严祎明
王江
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Institute of Technology BIT
Original Assignee
Beijing Institute of Technology BIT
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Institute of Technology BIT filed Critical Beijing Institute of Technology BIT
Priority to CN201510107472.1A priority Critical patent/CN104702606B/en
Publication of CN104702606A publication Critical patent/CN104702606A/en
Application granted granted Critical
Publication of CN104702606B publication Critical patent/CN104702606B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention discloses a method for replication attack detection of distributed type wireless sensor network nodes; the method is adopted to cyclically perform replication attack detection to the distributed type wireless sensor network nodes, wherein before each round of detection starts, a base station node generates a random number R smaller than the number of the nodes and broadcasts to other sensor nodes; in each round of detection, the sensor nodes receive the random number R, then generate an integer random number r and calculate a witness node identity IDwitness by utilizing a generation formula; the sensor nodes generate declaration information including IDnode and the random number r and transmit the declaration information to a witness node; after receiving the declaration information, the sensor nodes substitute the IDnode to calculate the IDwiteness again and judge whether the sensor nodes themselves are equal to the IDwitness; if so, the sensor nodes store the declaration information; if not, the sensor nodes transmit the declaration information to the IDwitness; if two or more sensor nodes with the same identifiers and different random numbers r exist in the sensor nodes, the replicated node identity is broadcasted to the whole distributed type wireless sensor network and warning messages are given.

Description

A kind of Distributed Wireless Sensor Networks Node replication attack detection method
Technical field
The present invention relates to a kind of radio sensing network node replication attacks detection method, particularly a kind of detection method based on distributed random mapping mechanism, belongs to network safety filed.
Background technology
Along with the development of radio sensing network, its safety problem receives publicity day by day, wherein, in radio sensing network node replication attacks, assailant passes through technological means, obtain key information and the internal code rear clone node of certain node (be called and be captured node), stealing data, interfering data transmission etc. by being placed in radio sensing network by clone's node, bringing great harm to radio sensing network.
The Node replication attack detection method occurred the earliest is centralized detection method.The method is when each takes turns detection beginning, and in network, the claim information of oneself is all sent to base-station node by all nodes, and claim information wherein comprises node ID, positional information etc.After base station receives the claim information of all nodes, unification judges whether there is the node that two or more ID are identical, positional information is different in network.
Centralized detection method is disposed simple, and verification and measurement ratio can reach 100%, but also there is very large defect.First the method is very high to base station operational capability, security requirement, secondly the method makes the consumption of whole network energy unbalanced, the node that distance base station is nearer, the amount of information transmitted is larger, consumed energy is higher, once this part node energy approach exhaustion, then the connectedness of whole radio sensing network is affected, thus shortens radio sensing network life cycle.
For the defect of centralized detection method, forefathers propose Distributed Detection method.Distributed Detection method main thought is to the sensing node in radio sensing network by the task random distribution of base station in centralized detection method.In the method, claim information is sent in the witness's node with its mapping by all declaration nodes in radio sensing network, after witness's node receives claim information, compare with the claim information of having preserved in witness's node, detect and whether there is the node that ID is identical, positional information is different, if find, in radio sensing network, there is replica node.
Current distributed node replication attacks detection method mainly contains random multicast detection method, straight line multicast detection method etc.
(1) random multicast detection method
The position assert message of the method is the geographical position coordinates at node place.The position assert message of node is sent to the node of the some of Stochastic choice by random multicast detection method, i.e. witness's node.This message is broadcasted after first generating a position assert message by oneself private key signature by declaration node within the scope of a hop neighbor, after the neighbor node of declaration node receives position assert message, determines whether forward this position assert message with certain Probability p.If neighbor node determine forward this position assert message, so this neighbor node in a network Stochastic choice g node as witness's node of declaration node, then this position assert message is sent to this g witness's node.Theoretical according to birthday paradox, if declaration node is replica node, at least has a node in network and receive two or more collision message about declaration node positional information, so just detect replica node.
(2) straight line multicast detection method
Straight line multicast detection method is optimized on random multicast detection method basis.In the method, when declaration node sends claim information to witness's node, claim information preserved to each intermediate node on witness's node path by declaration node, namely these intermediate nodes also become witness's node simultaneously.Because the position assert message propagation path in a network of replica node has g bar, if therefore there are two replica nodes in network, then 2g paths very likely intersects at same witness's node, when witness's node finds that the id of two nodes is identical, but when position claim information is different, can detect in network to there is replica node.In straight line multicast detection method, the quantity g of declaration node Stochastic choice witness node can be relatively little, so while minimizing communication cost, improve the verification and measurement ratio of replica node, but the also corresponding storage cost adding node.
Different from centralized detection method, the verification and measurement ratio of Distributed Detection method cannot reach 100%.And, in random multicast detection method and straight line multicast detection method, secondary attack is carried out in order to prevent assailant, the multiple witness's node of Stochastic choice is wanted to each declaration node, make the unpredictable witness's node to this declaration node of assailant, thus prevent from assailant from continuing to capture witness's node carrying out secondary attack.In order to improve verification and measurement ratio, will improve and be captured the probability that node and replica node choose same witness's node, and according to birthday paradox principle, witness's node must be chosen in a large number, therefore improve the communication consumption in testing process and storage consumption.
Summary of the invention
In view of this, the invention provides a kind of Distributed Wireless Sensor Networks Node replication attack detection method, communication can be reduced and consume and storage consumption, and prevent secondary from attacking.
In order to achieve the above object, technical scheme of the present invention is: the method is used for circulation and carries out replication attacks detection to Distributed Wireless Sensor Networks node, wherein each take turns detect start before first generate a random number R by the base-station node in Distributed Wireless Sensor Networks node and be broadcast to other sensing nodes in Distributed Wireless Sensor Networks, R ∈ (0, n], wherein n is the quantity of sensing node in Distributed Wireless Sensor Networks; Each takes turns in detection, and each sensing node is all handled as follows:
After sensing node receives random number R, generate shaping random number r, and generate this sensing node of formulae discovery as witness's node identification ID during declaration node according to witness's node identification witness, witness's node identification generates formula and is: ID witness=ID node* R%n; Wherein ID nodefor the mark of sensing node self, then generate and comprise ID nodepacked be sent to witness's node with the claim information of random number r.
Sensing node, after receiving claim information, first generates formula, by the ID in this claim information according to the witness's node identification sent in the sensing node of this claim information nodesubstitute into and calculate witness's node identification ID witness, and judge self whether with ID witnessequal, if equal, then claim information is preserved by sensing node; If unequal, then claim information is sent to and is designated ID by sensing node witnesswitness's node preserve.
Sensing node judges in its claim information of preserving, the whether identical but plural sensing node that random number r is different of existence mark, if exist, then this is designated replica node mark, then sensing node is broadcasted this replica node to whole Distributed Wireless Sensor Networks and identified and the information that gives a warning.
Further, witness's node identification ID is being calculated witnessafterwards, this ID is judged further witnesswhether equal ID nodeif, equal, then continue to adopt following formulae discovery witness node identification ID witness=(ID node* R%n+1) %n.
Beneficial effect:
(1), in testing process, use integer random number r to replace positional information, can memory space be saved; Each declaration node is chosen and is only chosen witness's node, and ensures that witness's node that each takes turns the selection of this declaration node of detection is all random, prevents assailant from predicting witness's node and carrying out secondary attack; Because each declaration node only chooses witness's node, compared with traditional Distributed Detection method, greatly reduce witness's sensor selection problem quantity, communication consumption, storage consumption in testing process can be reduced, thus extend radio sensing network life cycle.
(2) a kind of multiple mapping mechanism is proposed, ensure that claim information is sent in same witness's node by the node with identical ID, under this mechanism, even if assailant revises witness's sensor selection problem code of replica node, still can ensure replica node and be captured node claim information to be sent in same witness's node, if replica node and be captured node mapping to same witness's node, then the probability that replica node is detected can reach 100%.
Accompanying drawing explanation
Fig. 1 is for selecting witness's node flow chart;
Fig. 2 is NS2 radio sensing network topological diagram.
Embodiment
Below in conjunction with instantiation, technical solution of the present invention is described in detail, but embodiments of the present invention are not limited thereto.
Use NS2 network simulator analog sensed network, in the topology area of 500*500, arrange 1 base-station node, 49 wireless sensing nodes, arranging wireless sensing node ID is 1 ~ 49, and wherein wireless sensing node position is random static.NS2 is used to arrange this radio sensing network topological structure as shown in Figure 2.In Fig. 2, each initial point represents a sensing node, and random placement is in the region of 500*500.
Setting network interior joint 2 victim is captured, and assailant has generated the replica node of node 2, and assigns in a network, and assailant, by the internal code of change replica node 2, makes it have new witness's node mapping mechanism.New witness's node identification and the ID computing formula of setting replica node 2 are revised as formula (3), formula (4) by initial calculation formula (1), formula (2) victim.
ID witness=ID node*R%n (1)
if(ID witness==ID node){ (2)
ID witness=(ID witness+1)%n;
}
ID witness=(ID node*R+1)%n (3)
if(ID witness==ID node){
ID witness=(ID witness+1)%n (4)
}
The method is used for circulation and carries out replication attacks detection to Distributed Wireless Sensor Networks node, wherein each take turns detect start before first generate a random number R by the base-station node in Distributed Wireless Sensor Networks node and be broadcast to other sensing nodes in Distributed Wireless Sensor Networks, R ∈ (0, n], wherein n is the quantity of sensing node in Distributed Wireless Sensor Networks.
First base-station node generates the random number between random number 1 ~ 49, is set in this and takes turns in testing process and generate random number 8, then this random number 8 is broadcast to all sensing nodes.
After sensing node receives broadcast message R, generate random number r.
Each node is after receiving random number 8, and setting node 1 generates 256, and be captured node 2 and generate 19, replica node 2 generates 18, and node 3 generates 879 ..., node 50 generates 271.The random number that sensing node generates is used for representing oneself positional information.
Sensing node calculates witness's node ID, sends claim information.
Be captured node 2 to generate claim information { 2,19}, replica node 2 generates claim information { 2,18}.
Be captured node 2 and calculate its witness's node ID, ID witness=ID node* R%n=2*8%49=16, namely witness's node is node 16;
Replica node 2 calculates its witness's node ID, ID witness=(ID node* R+1) %n=(2*8+1) %49=17, namely witness's node of replica node 2 is node 17.
{ 2,19} is sent to node 16, and node 16 receives { after 2,19}, first verifies whether oneself is final witness's node, i.e. ID by claim information to be captured node 2 va=ID node* R%n=2*8%49=16, first judges ID vawith ID nodewhether identical, ID here vawith ID nodenot etc., judgement is continued whether identical with oneself ID, ID here vaequal with oneself ID of witness's node, be namely all 16, so judge oneself to be exactly the witness's node being captured node 2, this claim information is preserved by node 16.
Replica node 2 by claim information 2,18} is sent to node 17, node 17 receives after 2,18}, first verify whether oneself is final witness's node, because node 17 is not captured, so its witness's node calculate formula is not made an amendment, ID witness=ID node* R%n=2*8%49=16, first judges ID vawith ID nodewhether identical, ID here vawith ID nodeetc., and different from oneself ID, then do not continue claim information that { 2,18} is sent to node 16.
Node 16 receives claim information and { after 2,18}, recalculates witness's node ID, i.e. ID witness=ID node* R%n=2*8%49=16, ID vawith ID nodenot etc., and identical with oneself ID, namely oneself be exactly witness's node of replica node 2.And information is preserved.It is as shown in table 1 that node 16 stores claim information form:
Table 1
Declaration node ID Declaration node generates random number
2 19
2 18
Select witness's node flow chart as shown in Figure 1.
Whether witness's node verification exists replica node.
Node 16 judges in the claim information received, whether there are two or more ID identical, the node that random number is different, through checking, find have { 2 respectively in claim information storage list, 19} and 2,18}, two claim information, declaration node ID is identical is all 2, declaration node random number is different, be followed successively by 19 and 18, then judge to there is replica node in radio sensing network, and be captured node and replica node is node 2.
To sum up, these are only preferred embodiment of the present invention, be not intended to limit protection scope of the present invention.Within the spirit and principles in the present invention all, any amendment done, equivalent replacement, improvement etc., all should be included within protection scope of the present invention.

Claims (2)

1. a Distributed Wireless Sensor Networks Node replication attack detection method, it is characterized in that, the method is used for circulation and carries out replication attacks detection to Distributed Wireless Sensor Networks node, wherein each take turns detect start before first generate a random number R by the base-station node in Distributed Wireless Sensor Networks node and be broadcast to other sensing nodes in described Distributed Wireless Sensor Networks, R ∈ (0, n], wherein n is the quantity of sensing node in Distributed Wireless Sensor Networks; Each takes turns in detection, and each sensing node is all handled as follows:
After sensing node receives random number R, generate shaping random number r, and generate this sensing node of formulae discovery as witness's node identification ID during declaration node according to witness's node identification witness, described witness's node identification generates formula and is: ID witness=ID node* R%n; Wherein ID nodefor the mark of sensing node self, then generate and comprise ID nodepacked be sent to witness's node with the claim information of random number r;
Sensing node, after receiving claim information, first generates formula, by the ID in this claim information according to the witness's node identification sent in the sensing node of this claim information nodesubstitute into and calculate witness's node identification ID witness, and judge self whether with ID witnessequal, if equal, then described claim information is preserved by sensing node; If unequal, then described claim information is sent to and is designated ID by sensing node witnesswitness's node;
Sensing node judges in its claim information of preserving, the whether identical but plural sensing node that random number r is different of existence mark, if exist, then this is designated replica node mark, then sensing node is broadcasted this replica node to whole Distributed Wireless Sensor Networks and identified and the information that gives a warning.
2. a kind of Distributed Wireless Sensor Networks Node replication attack detection method as claimed in claim 1, is characterized in that, is calculating witness's node identification ID witnessafterwards, this ID is judged further witnesswhether equal ID nodeif, equal, then continue to adopt following formulae discovery witness node identification ID witness=(ID node* R%n+1) %n.
CN201510107472.1A 2015-03-12 2015-03-12 A kind of Distributed Wireless Sensor Networks Node replication attack detection method Expired - Fee Related CN104702606B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510107472.1A CN104702606B (en) 2015-03-12 2015-03-12 A kind of Distributed Wireless Sensor Networks Node replication attack detection method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510107472.1A CN104702606B (en) 2015-03-12 2015-03-12 A kind of Distributed Wireless Sensor Networks Node replication attack detection method

Publications (2)

Publication Number Publication Date
CN104702606A true CN104702606A (en) 2015-06-10
CN104702606B CN104702606B (en) 2018-01-19

Family

ID=53349375

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510107472.1A Expired - Fee Related CN104702606B (en) 2015-03-12 2015-03-12 A kind of Distributed Wireless Sensor Networks Node replication attack detection method

Country Status (1)

Country Link
CN (1) CN104702606B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110944383A (en) * 2019-12-09 2020-03-31 青岛黄海学院 Wireless sensor network safety positioning method for clone attack
CN112203289A (en) * 2020-04-26 2021-01-08 北京理工大学 Aerial base station network deployment method for area coverage of cluster unmanned aerial vehicle

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060062154A1 (en) * 2004-09-22 2006-03-23 International Business Machines Corporation Method and systems for copying data components between nodes of a wireless sensor network
CN102143495A (en) * 2011-03-16 2011-08-03 中山爱科数字科技有限公司 Method for detecting node attack in wireless sensor network
CN102325131A (en) * 2011-07-20 2012-01-18 北京邮电大学 Bidirectional identity authentication method for wireless sensor network node
US20130003591A1 (en) * 2010-09-23 2013-01-03 Research In Motion Limited System and Method for Dynamic Coordination of Radio Resources Usage in a Wireless Network Environment
CN103139804A (en) * 2013-02-07 2013-06-05 西安邮电大学 Energy-saving transmission self-adaption recursive least squares (RLS) distributed-type detection method of wireless sensor network
CN103298058A (en) * 2013-06-14 2013-09-11 南京邮电大学 Distributed target detection method based on wireless sensor network
CN103338451A (en) * 2013-06-24 2013-10-02 西安电子科技大学 Method for detecting distributed malicious nodes in wireless sensor network
CN104376206A (en) * 2014-11-14 2015-02-25 浙江工业大学 Large-scale reaction kettle distributed fault diagnosis method based on sensor network

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060062154A1 (en) * 2004-09-22 2006-03-23 International Business Machines Corporation Method and systems for copying data components between nodes of a wireless sensor network
US20130003591A1 (en) * 2010-09-23 2013-01-03 Research In Motion Limited System and Method for Dynamic Coordination of Radio Resources Usage in a Wireless Network Environment
CN102143495A (en) * 2011-03-16 2011-08-03 中山爱科数字科技有限公司 Method for detecting node attack in wireless sensor network
CN102325131A (en) * 2011-07-20 2012-01-18 北京邮电大学 Bidirectional identity authentication method for wireless sensor network node
CN103139804A (en) * 2013-02-07 2013-06-05 西安邮电大学 Energy-saving transmission self-adaption recursive least squares (RLS) distributed-type detection method of wireless sensor network
CN103298058A (en) * 2013-06-14 2013-09-11 南京邮电大学 Distributed target detection method based on wireless sensor network
CN103338451A (en) * 2013-06-24 2013-10-02 西安电子科技大学 Method for detecting distributed malicious nodes in wireless sensor network
CN104376206A (en) * 2014-11-14 2015-02-25 浙江工业大学 Large-scale reaction kettle distributed fault diagnosis method based on sensor network

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
MAURO CONTI等: "《Distributed Detection of Clone Attacks in Wireless Sensor Networks》", 《IEEE》 *
周豫苹等: "《一类新的分布式随机验证无线传感网络节点克隆攻击检测》", 《传感技术学报》 *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110944383A (en) * 2019-12-09 2020-03-31 青岛黄海学院 Wireless sensor network safety positioning method for clone attack
CN110944383B (en) * 2019-12-09 2022-01-04 青岛黄海学院 Wireless sensor network safety positioning method for clone attack
CN112203289A (en) * 2020-04-26 2021-01-08 北京理工大学 Aerial base station network deployment method for area coverage of cluster unmanned aerial vehicle
CN112203289B (en) * 2020-04-26 2022-02-15 北京理工大学 Aerial base station network deployment method for area coverage of cluster unmanned aerial vehicle

Also Published As

Publication number Publication date
CN104702606B (en) 2018-01-19

Similar Documents

Publication Publication Date Title
Ponnusamy Detection of selfish nodes through reputation model in mobile adhoc network-MANET
Han et al. KCLP: A k-means cluster-based location privacy protection scheme in WSNs for IoT
Chen et al. Trust‐aware and low energy consumption security topology protocol of wireless sensor network
CN102244658B (en) Partitioned dynamic secure routing method for wireless sensor network based on hash chain
Deng et al. Sensor scheduling for multi-modal confident information coverage in sensor networks
Jerusha et al. Location aware cluster based routing in wireless sensor networks
CN105897577B (en) A kind of immune method for repairing route of rechargeable wireless sensor network
Gorbil et al. Resilience and security of opportunistic communications for emergency evacuation
Dagdeviren et al. An energy-efficient distributed cut vertex detection algorithm for wireless sensor networks
CN104702606A (en) Method for replication attack detection of distributed type wireless sensor network nodes
Soni et al. A novel scheme to minimize hop count for GAF in wireless sensor networks: two‐level GAF
Antil et al. Hole detection for quantifying connectivity in wireless sensor networks: A survey
CN104994109A (en) Self-organizing network protocol security analysis method based on vulnerability attack
Moradi et al. A distributed method based on mobile agent to detect Sybil attacks in wireless sensor networks
Wang et al. Self-organizing fault-tolerant topology control in large-scale three-dimensional wireless networks
CN102143495B (en) Method for detecting node attack in wireless sensor network
Artail et al. A faulty node detection scheme for wireless sensor networks that use data aggregation for transport
CN106332131B (en) Clone node detection method and system of wireless sensor network
Yi En‐Route Message Authentication Scheme for Filtering False Data in WSNs
Saad et al. Ellipse routing: A geographic routing protocol for mobile sensor networks with uncertain positions
Shih et al. Hierarchical gradient diffusion algorithm for wireless sensor networks
Ashouri et al. FOMA: Flexible overlay multi-path data aggregation in wireless sensor networks
Agrawal et al. A Survey on Location Based Routing Protocols for Wireless Sensor Network
Prabowo et al. (EDsHEED) Enhanced Simplified Hybrid, Energy-efficient, Distributed Clustering for Wireless Sensor Network
Gao et al. Scale‐free topology security mechanism of wireless sensor network against cascade failure

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20180119

CF01 Termination of patent right due to non-payment of annual fee