Chapter 11 - Node Compromise Detection in Wireless Sensor Networks

Abstract

Wireless sensor networks are known to be vulnerable to various attacks that could impair normal operations. This is mainly due to the fact that sensor nodes are often deployed in an unattended manner, and thus an adversary is able to physically capture and compromise them, launching a variety of attacks with the help of compromised nodes. To reduce the damages, it is imperative to root out the compromised nodes. To this need, this chapter deals with a framework for robust detection and revocation of node compromise in wireless sensor networks. In the framework, we consider the limited and wide-spread node compromise attacks. In the limited attack, an attacker physically captures a few nodes and compromises them. He can also move the compromised nodes to multiple locations to escape the detection. To combat against the limited node compromise attacks, we propose static and mobile node compromise detection schemes in static sensor networks. More specifically, we perform trust management per region and quickly detect the suspected regions. We then perform software attestations against the nodes in the suspected regions, leading to the detection and revocation of the compromised nodes. However, if an adversary moves the compromised nodes to multiple locations in the network, he can make the compromised nodes evade the region-based detection scheme. To mitigate this limitation, we detect mobile malicious nodes by leveraging the intuition that such nodes are silent for unusually many time periods when they freely roam throughout the network. In the wide-spread attack, on the other hand, an attacker can generate wide-spread impact by producing many replica nodes of a few compromised nodes and widely disseminate them over the network, thereby saving the time and effort incurred by physically capturing and compromising many benign nodes. To fight against the wide-spread attacks, we propose replica detection schemes in both static and mobile sensor networks. In particular, we detect static replica nodes by exploiting the fact that static replica nodes are placed in more than one location. We also quickly detect mobile replicas because they are in two or more locations at once and thus appear to move much faster than benign nodes, leading them to exceed the predefined maximum speed with most likelihood.We evaluate each of the proposed schemes that achieve high node compromise detection capability with little or moderate overhead while rarely misidentifying benign nodes as the compromised nodes.