Distributed Compromised Nodes Detection Scheme at First Stage for SurvSec Security Architecture

Megahed, Mohamed; Makrakis, Dimitrios; Dahshan, Hisham

Home // SENSORCOMM 2012 , The Sixth International Conference on Sensor Technologies and Applications // View article

Distributed Compromised Nodes Detection Scheme at First Stage for SurvSec Security Architecture

Authors:
Mohamed Megahed
Dimitrios Makrakis
Hisham Dahshan

Keywords: Overlapped Groups; Node Compromise Attack; First Stage.

Abstract:
SurvSec is a novel security architecture for reliable network recovery from base station BS failure of surveillance Wireless Sensor Network WSN in hostile environment. Compromised nodes detection is a very important security mechanism in surveillance WSN to detect compromised nodes before they destroy the security of the WSN. Node compromise attack is a multi-stage attack which consists of three stages: physically capturing and compromising sensor nodes; redeploying the compromised nodes back to network and compromised nodes rejoining the network. Only two protocols detect compromised nodes at first stage. The first protocol can be easily broken by targeting couple of nodes at the same time and the second protocol has high overheads and it is based on the distribution of one key list for all nodes which is not secure if one node is compromised. In this paper, a new compromised nodes detection algorithm that detects compromised nodes at first stage for SurvSec security architecture was proposed. The proposed scheme was based on four algorithms. First algorithm provided the network with key management. Second algorithm provided the network with secure localization. Third algorithm provided the network with secure clustering. Fourth algorithm built overlapped groups from clusters. Each cluster has a security manager (SM) and backup security manager (BKSM) to manage security issues. From the locations of nodes in the cluster, the nodes can form a group by sending and receiving from their right and left neighbours in the cluster. Each group forms overlapped group with its neighbour groups. The groups resemble interconnected rings in a chain and if attackers capture one group in the chain, the chain will be cut and its overlapped groups will discover the compromised group. Each node in the cluster sends an encrypted “Hello” message to its neighbours in the cluster every 15 seconds. If a node does not respond to the “Hello” message, this means it is compromised and its neighbours will send to the SM that the node is compromised and if the SM is compromised, its neighbours will send to the BKSM that the SM is compromised then to BS. The proposed protocol was designed to be resistant against large number of compromised nodes by collaborative work of attackers. Extensive simulation results were given to demonstrate the high detection rate of the proposed scheme besides the low overheads with high security level for the protocol.

Pages: 26 to 35

Copyright: Copyright (c) IARIA, 2012

Publication date: August 19, 2012

Published in: conference

ISSN: 2308-4405

ISBN: 978-1-61208-207-3

Location: Rome, Italy

Dates: from August 19, 2012 to August 24, 2012