A Token Based Approach for Detecting Replica Node Attack in Static WSNs | Open Access Journals

ISSN ONLINE(2320-9801) PRINT (2320-9798)

A Token Based Approach for Detecting Replica Node Attack in Static WSNs

Geetha C1, Ramakrishnan M2
  1. Research Scholar, Manonmaniam Sundaranar University, Tirunelveli, India
  2. Director, School of IT, Madurai Kamaraj University, India
Related article at Pubmed, Scholar Google

Visit for more related articles at International Journal of Innovative Research in Computer and Communication Engineering


Wireless sensor network is a network of sensor nodes. Nowadays a common issue in this network is security. The sensor nodes are power constrained; resource constrained and so easily attacked by malicious nodes. One of the major attacks is node replica attack. A node captures the id and cryptographic information of another node and replicates this node and distributed in the network which will lead false data transmission, leaking the data, jamming the data transmission etc. The proposed algorithm is based on a token which is generated by the source node. This algorithm shows efficiency in detecting the clone nodes easily and simply. All the messages are combined into one token and so this reduces the number of message transmission also. The simulation results shows that the detection rate is high and the communication overhead is less compared with other existing algorithms.


message; replica attack; sensor network; token; witness node


A wireless sensor network consists of spatially distributed sensor nodes. In a WSN, each sensor node is able to independently perform some processing and sensing tasks. Furthermore, sensor nodes communicate with each other in order to forward their sensed information to a central processing unit or conduct some local coordination such as data fusion. Major applications of WSN are environmental monitoring, health monitoring, traffic control, industrial sensing, and infrastructure security. The various security attacks in WSN [12] are classified as follows: Fig. 1.
Conceptually, a node replication attack is quite simple; an attacker seeks to add a node to an existing sensor network by copying the node ID of an existing sensor node. A node replicated in this approach can severely disrupt a sensor network’s performance. Packets can be corrupted or even misrouted. This can result in a disconnected network, false sensor readings, etc. If an attacker can gain physical access to the entire network he can copy cryptographic keys to the replicated sensor nodes. By inserting the replicated nodes at specific network points, the attacker could easily manipulate a specific segment of the network, perhaps by disconnecting it altogether.
In other words, Node replication attack is an application-independent attack unique to wireless sensor networks. The attack makes it possible for an adversary to prepare her own low-cost sensor nodes and induce the network to accept them as legitimate ones. To do so, the adversary only needs to physically capture one node, reveal its secret credentials, replicate the node in large quantity, and deploy these malicious nodes back into the network so as to subvert the network with little effort.
The simplest way of protecting clone attacks by an adversary node is that, extracts the secret key elements from an attacked node by using a technique called virtue of tamper-resistance hardware. But to implement this technique, the hardware based measures are too expensive in practical. Several algorithms were developed so far to detect clone attacks in both static and mobile sensor networks. The major requirements of all these algorithms are the witnesses and the communication overhead.


The algorithms developed so far are classified in to centralized and distributed. Centralized algorithms are having the major drawback as single point of failure. All algorithms are based on id and location.
The first solution for clone detection is centralized one based on the Base Station. Each node sends the id and location information to the Base Station [7]. From the same id, if location information is received is different, clone node is detected [14]. But this scheme has drawbacks as lot of message transmission and single point of failure. Also the nodes which are located closer to BS have to transmit lot of messages and thus reduce the operational life of these nodes.
Another centralized approach is, each node is having a set of symmetric keys which are selected randomly from a large pool. Each node counts the number of times that key is [8] used for its communication [11,5]. Each node sends its count to BS. From this count, the BS identifies the clone node in network. The node which uses the keys too often are considered cloned and the revocation procedure is invoked.
Another protocol for detecting node replication attack is SET proposed in [6]. A number is generated randomly and it is sent to all nodes and it is used to form clusters and cluster heads. Within each cluster one or more trees are defined over the network graph. A protocol is used to collect all the nodes belonging to these subsets. If different subsets are having the same ID then there is a clone
The two main protocols appeared in [2] are distributed solutions. The first scheme, Randomized Multicast (RM), sends the information about its location to direct neighbours and in turn each of these neighbours sends this information to randomly selected witnesses. If there is a replicated node, any one of this witness may receive the different location claims with same ID and it revokes the replicated node. The advantage is high detection probability using relatively limited number of witnesses. The number of messages send by each neighbour is ?n.
The second scheme, Line Selected Multicast (LSM), uses the routing information to detect the clones. In addition to the witness nodes, the intermediate nodes within the path can check for clones. Each node forwards the claims and saves the claims. For example, a node a and clone a’ in the network. Neighbour of a sends the location claim to r witnesses. Each node stores this information also. When this information is transferred on the path any node w verifies the signature on the claim and checks for the conflict with the location information on its buffer. If there is a conflict it revokes the cloned node. Otherwise store the claim and forwards to the next node. The advantage is less communication cost, high detection rate and less storage requirements.
In [3], two more schemes are proposed which are Single Deterministic Cell and Parallel Multiple Probabilistic Cells. In the first scheme, each node ID is associated with a single cell. The location information is send to the predefined witness node within a cell. Once the witness node receives the message, it is broadcasted to all other nodes in the cell. In second scheme, A number of witnesses are determined and it is already defined. The neighbours of a node a send a’s claim to these witness nodes with a probability. This solution shows a high detection probability.


A. Network Model and Assumptions
We assume that the network considered is static: the nodes are not having mobility capability. The sensor nodes deployed distributed in the observed area of 500mx500m. We assume that each node is assigned with an ID and they have the capability of calculating the location information in the form of (x,y) coordinates by using some localization algorithms. the communication link between sensor node is considered as bidirectional [1]. It follows any one available encryption decryption algorithm for message encryption and decryption [13]. ID is the sensor node identity. Loc is location of the sensor node in the form of (x,y) coordinates.
B. System Architecture:
Source node starts transmission by generating a token which contains the encrypted ID, Loc and time of the source. Randomly selects one node as the next intermediate node and forwards this encrypted message in the token. When the next node receives this token, decrypts and then verifies for authentication. If valid, append its ID, Loc and time into the token and forward to its randomly selected neighbor. This procedure is repeated until a node called as witness node which receives the token from source and clone node. Now comparison of IDs and Loc in both the tokens are decrypted and compared. If the ID in both the taken is same and Loc is different, the clone node is detected.
C. Proposed Model
In this model, the intermediate node which forwards the token to next node is randomly selected every time. In each iteration, one node is selected as intermediate node to forward the token. In this approach the node ID and Loc are appended in to the token every time and so the token size gets increased but it is only one encrypted message. The node which receives the tokens from source node and the clone node is called as the witness node which will only performs the comparison of the contents of both tokens. If clone node is detected, the revocation procedure is invoked. This approach will reduce the communication overhead.
Step 1: Source Node and Clone node generate a token.
Step 2: Add ID, Loc and Time in to the token and send to the randomly selected neighbor.
Step 3: The neighbor node after receiving the token decrypts the message and checks for the authentication.
Step 4: Checks for another token from the same ID.
Step 5: If so it is the witness node
Step 6: Compares for same ID, cryptographic information and different Loc
Step 7: If ok, clone node is detected. Go to Step 9.
Step 8: Otherwise append its information and forward to next randomly selected neighbor. Go to Step 3.
Step 9: End.


The approach is simulated in NS2 under various densities like 25 nodes, 50 nodes, 75 nodes and 100 nodes and average is taken to plot the graphs. The Fig.3. shows the number of clones detected and the time. It shows the improvement of token based approach than the other approaches. In RED[4,9,10], the witness node is selected using pseudo-random function. It is static and the detection rate is about 84%. In X-RED[15], the witness node is selected every time dynamically and it shows the detection rate 86%. In the token based approach, it is 87% and witness node is only one, and it is selected as a node which gets the tokens from both clone and original node. The Fig. 4. shows Packets transmitted Vs time. Also it shows that very less number of packets transmitted during the process compared with other existing approaches. In RED, the number of messages transmitted is high and is reduced in X-RED [15] to even 0 and 1 when number of iterations goes on and it goes high during the initial stage and saturated after some time to a constant value.


The proposed Token based approach is the major contribution of this work. The simulation results are compared with other existing approaches and it shows that token based approach shows a good efficiency in terms of detection rate and communication overhead. The main advantage of this algorithm is the token initially generated. This algorithm frequently executed by all the nodes. In future, this approach can be modified for mobile sensor network also.

Figures at a glance

Figure 1 Figure 2 Figure 3 Figure 4
Figure 1 Figure 2 Figure 3 Figure 4