A Lightweight Secure Scheme for Detecting Provenance Forgery and Packet Drop Attacks in Wireless Sensor Networks

A Lightweight Secure Scheme for Detecting Provenance Forgery and Packet Drop Attacks in Wireless Sensor Networks

ABSTRACT:

Large-scale sensor networks are deployed in numerous application domains, and the data they collect are used in decision making for critical infrastructures. Data are streamed from multiple sources through intermediate processing nodes that aggregate information. A malicious adversary may introduce additional nodes in the network or compromise existing ones. Therefore, assuring high data trustworthiness is crucial for correct decision-making. Data provenance represents a key factor in evaluating the trustworthiness of sensor data. Provenance management for sensor networks introduces several challenging requirements, such as low energy and bandwidth consumption, efficient storage and secure transmission. In this paper, we propose a novel lightweight scheme to securely transmit provenance for sensor data. The proposed technique relies on in-packet Bloom filters to encode provenance. We introduce efficient mechanisms for provenance verification and reconstruction at the base station. In addition, we extend the secure provenance scheme with functionality to detect packet drop attacks staged by malicious data forwarding nodes. We evaluate the proposed technique both analytically and empirically, and the results prove the effectiveness and efficiency of the lightweight secure provenance scheme in detecting packet forgery and loss attacks.

EXISTING SYSTEM:

• Recent research highlighted the key contribution of provenance in systems where the use of untrustworthy data may lead to catastrophic failures (e.g., SCADA systems). Although provenance modeling, collection, and querying have been studied extensively for workflows and curated databases, provenance in sensor networks has not been properly addressed.

DISADVANTAGES OF EXISTING SYSTEM:

• Traditional provenance security solutions use intensively cryptography and digital signatures, and they employ append-based data structures to store provenance, leading to prohibitive costs.
• Existing research employs separate transmission channels for data and provenance.

PROPOSED SYSTEM:

• We investigate the problem of secure and efficient provenance transmission and processing for sensor networks, and we use provenance to detect packet loss attacks staged by malicious sensor nodes.
• Our goal is to design a provenance encoding and decoding mechanism that satisfies such security and performance needs. We propose a provenance encoding strategy whereby each node on the path of a data packet securely embeds provenance information within a Bloom filter (BF) that is transmitted along with the data. Upon receiving the packet, the BS extracts and verifies the provenance information. We also devise an extension of the provenance encoding scheme that allows the BS to detect if a packet drop attack was staged by a malicious node.

ADVANTAGES OF PROPOSED SYSTEM:

• We use only fast message authentication code (MAC) schemes and Bloom filters, which are fixed-size data structures that compactly represent provenance. Bloom filters make efficient usage of bandwidth, and they yield low error rates in practice.
• We formulate the problem of secure provenance transmission in sensor networks, and identify the challenges specific to this context.
• We propose an in-packet Bloom filter (iBF) provenance-encoding scheme.
• We design efficient techniques for provenance decoding and verification at the base station.
• We extend the secure provenance encoding scheme and devise a mechanism that detects packet drop attacks staged by malicious forwarding sensor nodes.
• We perform a detailed security analysis and performance evaluation of the proposed provenance encoding scheme and packet loss detection mechanism.
• We only require a single channel for both transmission channels for data and provenance.

SYSTEM ARCHITECTURE:

Sink

Cluster Head

Data Gathering

Transmission to Sink

SYSTEM REQUIREMENTS:

HARDWARE REQUIREMENTS:

• System :         Pentium IV 2.4 GHz.
• Hard Disk :         40 GB.
• Floppy Drive : 44 Mb.
• Monitor : 15 VGA Colour.
• Mouse :
• Ram : 512 Mb.

SOFTWARE REQUIREMENTS:

• Operating system : Windows XP/7/LINUX.
• Implementation : NS2
• NS2 Version : 2.28
• Front End : OTCL (Object Oriented Tool Command Language)
• Tool : Cygwin (To simulate in Windows OS)

REFERENCE:

Salmin Sultana, Gabriel Ghinita, Member, IEEE , Elisa Bertino, Fellow, IEEE , and Mohamed Shehab, Member, IEEE Computer Society, “A Lightweight Secure Scheme for Detecting Provenance Forgery and Packet Drop Attacks in Wireless Sensor Networks”, IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, VOL. 12, NO. 3, MAY/JUNE 2015.