Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

Share this Page URL

11.4 Limited Node Compromise Detection > 11.4.1 Static Node Compromise Detectio... - Pg. 290

290 CHAPTER 11 Node Compromise Detection in Wireless Sensor Networks base station performs the SPRT with zone trust information. Each time a zone's trust is below (resp. above or equal to) a trust threshold, it will expedite the test process to accept the alter- nate (resp. null) hypothesis that a zone is untrust- worthy (resp. trustworthy). Once the base station decides that a zone is untrustworthy, the network operator performs software attestations against all sensor nodes to detect and revoke the com- promised nodes in the zone. The main benefit of this zone-based detec- tion approach lies in achieving fast node com- promise detection and revocation while saving the large amount of time and effort that would be incurred from using periodic software attes- tation. By detecting an entire zone at once, the system can identify the approximate source of bad behavior and react quickly, rather than wait- ing for a specific node to be identified. Also, when multiple nodes are compromised in one zone, they can all be detected and revoked at one time. Our approach is also robust. We analyze that our scheme quickly identify untrustworthy zones with a small number of samples at low false positive and false negative rates, as long as at least 50% of the nodes in each zone are honest under the reasonable settings of the configura- tion parameters in the SPRT. We also devel- oped a simple simulation program to evaluate our scheme. We simulate data generation and exchange by having nodes randomly generate data and exchange them with other nodes in the same zone. Every benign sensor node uses the normal distribution for generating data. Specifi- cally, we first set the global data mean µ = 100, global data deviation variable = 5, and local standard deviation = 5. Each benign sensor node v then selects local data mean µ v uniformly at random from the range [µ - , µ + ] and gen- erates data in accordance with the normal dis- tribution N (µ v , ). Compromised nodes generate data from a range that excludes all points in [µ - , µ + ]. We place 100 nodes in a zone. Each benign node and each compromised node determine the number of data values to gen- erate uniformly at random from the range 11.4.1. Static Node Compromise Detection We propose a reputation-based trust manage- ment scheme that is designed to facilitate fast detection and revocation of compromised nodes [4]. The key idea of our scheme is to detect untrustworthy zones and perform software attes- tation against nodes in these zones to detect and revoke the ones that are compromised. Specifi- cally, we first divide the network into a set of zones, establish trust levels for each zone, and detect untrustworthy zones by using the Sequen- tial Probability Ratio Test (SPRT) [27]. The SPRT decides a zone to be untrustworthy if the zones trust is continuously maintained at low level or is quite often changed from high level to low level. Once a zone is determined to be untrustworthy, the network operator performs software attesta- tion against all nodes in the untrustworthy zone, detects compromised nodes with subverted soft- ware modules, and physically revokes them. A straightforward approach for untrustwor- thy zone detection is to decide a zone as untrust- worthy by observing a single evidence that its trust value is less than a trust threshold. However, this approach does not consider the zone trust measurement error. Due to the errors in the zone trust measurement, a trustworthy (resp. untrust- worthy) zone could be detected as untrustworthy (resp. trustworthy). To minimize these false posi- tives and false negatives, we need to make a deci- sion with multiple pieces of evidence rather than a single evidence. To satisfy this requirement, we apply the SPRT [27] to node compromise detec- tion and revocation problem. We believe that the SPRT is well-suited for tackling untrustworthy zone detection problem in the sense that we can construct a random walk with two limits in such a way that each walk is determined by the trust value of a zone. Indeed, the lower and upper limits are properly configured to be associated with the excess and shortfall of a trust thresh- old, respectively. Specifically, every sensor node in a zone acts as trust aggregator in a round-robin manner. In each time slot, the trust aggregator computes a trust level for its zone and reports the zone's trust level to the base station. The