International Journal of Engineering Trends and Technology (IJETT) – Volume 31 Number 4- January 2016
Survey on En-Route Filtering Schemes for
False Data Injection Attack in CPNS
Pooja Shukla#1, A.S Bhattacharya*2
1
ME Student, Department Computer Science and Engineering, RTMNU, Nagpur India
2
Assistant Professor, Department Computer Science and Engineering, RTMNU, Nagpur India
Abstract — In Cyber-Physical Network Systems
(CPNS), false measure into the controller through
compromised sensor nodes, which not only threaten
the security of the system, but also consume network
resources, can be injected by an adversary. To solve
this problem, a number of en-route filtering methods
have been designed for cyber physical network
systems. However, these methods either lack resilience
to the number of compromised nodes or depend on the
statically configured routes and node localization,
which are not suitable for CPNS. Some of the existing
en-route filtering methods for false data injection
attack and evaluates the performance of these methods
based on their features and efficiency are discussed in
this paper.
A member of the network and it is authorized to
access the resources but uses them in an illegitimate
way is an internal attacker.
By emitting a high-energy signal to disturb the
communication in the network are called as remote
attack.
By changing routing information and replicating
data packets, a passive attacker will just drop or
monitor packets in a CPNS. The attackers can make
communication failure.
Keywords — Cyber-physical networked system, data
injection attack, sensor networks, and polynomialbased en-route filtering.
I.
INTRODUCTION
The design of Cyber-Physical Network System (CPNS)
integrates computing and communication capabilities
with monitoring and control of entities in the physical
world. Unlike traditional embedded systems, CPS is
natural and engineered physical systems, which are
integrated, monitored and controlled by an intelligent
computational core. A host of CPNS, including the
smart grid, process control systems, and transportation
systems, are expected to be developed using advanced
computing and communication technologies. For
avoiding false data which leads dropping of false data
in the routing nodes an efficient method is used called
an En-route filtering method. There are many en-route
filtering methods such as Statistical en-route filtering
(SEF), Dynamic en-route filtering (DEF), Virtual
energy-based encryption and keying (VEBEK) which
are useful for different network models and different
applications. The efficiency differs for various
schemes.
II.
ATTACKS IN CPNS
Various types of attacks in CPNS involve a
destruction and potential threats in the efficient
functioning of the network.
An external attacker that aims to harm the network
can be a random node which is not part of that
network masquerades.
ISSN: 2231-5381
Fig 1 Attacks in CPNS
Figure 1 shows the categorization of attacks that
harms networks communication. In routing attacks [6]
attacker can access to routing path information and
redirect the path. These may mislead routing paths,
acting as black holes that swallow packets and lead to
selective forwarding of packets through selected
sensors. Attacks on information transit [7] can be
broadly divided as interruption, interception,
modification and false data injection attack.
1. False data injection attack
False data injection attacks have recently been
introduced as an important class of cyber attacks
against smart grid's wide area measurement and
monitoring systems. These attacks aim to compromise
the readings of multiple power grid sensors and phasor
measurement units in order to mislead the operation
and control centers. Recent studies have shown that, if
http://www.ijettjournal.org
Page 214
International Journal of Engineering Trends and Technology (IJETT) – Volume 31 Number 4- January 2016
an adversary has complete knowledge on the power
grid topology and transmission-line admittance values,
he can adjust the false data injection attack vector such
that the attack remains undetected and successfully
passes the residue based bad data detection tests that
are commonly used in power system state estimation.
However, in this paper, they explain the a realistic
false data injection attack is essentially an attack with
incomplete information due to the attackers lack of
real-time knowledge with respect to various grid
parameters and attributes such as the position of
circuit breaker switches and transformer tap changers
and also because of the attacker's limited physical
access to most grid facilities.
2. En-Route Filtering
An en-route filtering mechanism’s main objective is to
enhance the effectiveness of filtering and improve
prevention against node compromise. Both the
destination node and intermediate nodes check for the
authenticity of the packet and false data is identified as
early as possible in an en-route filtering schemes.
Hence the number of hops the false data will travel is
reduced and energy is conserved. Every intermediate
node verifies the MAC computed by the previous
node in the routing path and then removes that MAC
from the received packet in the first phase of en-route
filtering mechanism. It computes a new MAC based
on its pair wise key shared with the next node to
which it should forward the packet, if the verification
test is passed. This new MAC attaches to the packet.
Finally, it forwards the report to the next node in the
route.
Received report
Check for
required MAC
Forward
packet
No
MAC verified?
Yes
No
Drop
packet
No
2.1 Statistical En-route Filtering (SEF)
A global key pool, which is divided into 'n'
nonoverlapping groups consisted by SEF [13]. A few
keys are randomly chosen from one of the group in
global key pool and stored in each node before
deployment of the nodes. The same nodal group refers
the nodes which have keys from same group in global
key pool. Similarly, all nodes are divided into 'n' nodal
groups via non-overlapping key groups. Tauthentication, i.e, the legitimate packet should carry
T MACs created by T nodes from different groups are
performed by the SEF method. MAC with any one of
the authentication keys stored are created by all these
T nodes. Each sensor which detects an event approves
the message by generating a keyed MAC by using one
of its stored keys. It will be dropped, if a message has
insufficient number of MACs. The node verifies all
the MACs carried in the report since it has the
knowledge about whole global key pool, when the
message is received. At a sink node, false data with
incorrect MACs that may pass the enroute filtering
will be definitely detected. SEF can efficiently detect
false data even when the attacker has compromised a
number of nodes and has obtained the security keys, if
those keys belongs to a small number of key pool
groups are shown by the Simulation results and
analysis. SEF can filter out 80 to 90% false data
within 10 forwarding hops.
3.2. Dynamic En-Route Filtering (DEF) Scheme
A legitimate packet is approved by multiple nodes
using their own authentication keys in the Dynamic
En-route Filtering (DEF) scheme [14]. Before
deployment each node is preloaded with a seed
authentication key and secret keys that are randomly
chosen from a global key pool. The cluster head
broadcasts authentication keys to en-route nodes
encrypted with secret keys before sending the packet,
that will be used for approval. If they can decrypt
them successfully then enroute nodes store the keys.
Each en-route node validates the integrity of the
packet and drops the false ones. Consequently cluster
heads send authentication keys to validate the packet.
To spread the authentication keys, DEF method
involves the
usage of authentication keys and secret keys.
MAC is valid?
Fig 2. Flow of en-route filtering process
Figure 2 shows the framework of an enroute filtering
process. Here the en-route node receives the packet
from source node or previous en-route node in the
routing path. Then it checks the authenticity of the
received packet by verifying the MAC attached in it.
If verification of MAC is confirmed then the packet is
forwarded to next en-route node in the path or else the
packet is dropped.
ISSN: 2231-5381
2.3. VEBEK: Virtual Energy-Based Encryption and
Keying
For cyber physical network (CPN) VEBEK [15] is a
secure network protocol. It uses one-time dynamic key
generated by the source node for one packet, so it
reduces the overhead of refreshing keys. Here to
provide confidentiality of the data RC4 encryption
mechanism is used. The key is generated from Virtual
Energy based keying module for encryption. The
receiving node must keep track of the energy of the
sending node to decode and authenticate a message. It
verifies its watch list to confirm that the packet came
from a node it is watching when an en-route node
http://www.ijettjournal.org
Page 215
International Journal of Engineering Trends and Technology (IJETT) – Volume 31 Number 4- January 2016
receives the packet. The packet is forwarded without
modification if verification fails. Two operational
modes VEBEK-I and VEBEK-II are provided by
VEBEK. All nodes watch their neighbors and when a
packet is received from a neighboring node, its
authenticity and integrity are verified in VEBEK-1
mode. It
Can catch the malicious node in one hop itself and
hence transmission overhead is minimized. But
processing overhead is increased due to the
decode/encode that occurs at each hop. Node in the
network is organized to watch some of the nodes and
it cannot find malicious packets in one hop, in
VEBEK-II mode. More energy will be spent for node
synchronization and this leads to overhead for the
node.
2.4.
A
Bandwidth-Efficient
Cooperative
Authentication (BECAN) Scheme
High filtering and reliability shows by the BECAN
[16] compared to other en-route filtering methods.Cooperative neighbor router (CNR) based authentication
is used in this method and hence each node requires a
fixed number of neighbors.False injected data can be
filtered by BECAN through cooperative authentication
of the event report by fixed 'k' neighboring nodes of
the source node. To minimize complexity BECAN
distributes the authentication of en-route to all sensor
nodes in the routing path. To reduce bandwidth
utilization, it uses bit compressed authentication
technique. BECAN cannot handle selective dropping,
false routing information from compromised node etc.
3. Performance analysis of en-route filtering
methods
Based on false data filtering hops and energy
consumption in terms of amount of authentication
messages transferred, performance of the en-route
filtering schemes are evaluated. SEFs filtering
capacity is limited and cannot address impersonating
attacks. For creating and verifying MACs, here single
shared key is used. To generate packets, misuse of
keys may occur. DEF has higher filtering capacity.
DEF and SEF are independent of topology changes. It
can filter only those unauthorized nodes with no
session key. It cannot identify the false data injected
from the compromised cluster head or any other
sensor nodes. DEF filtering techniques are more attack
resilient than static techniques. . A significant
drawback is that due to refreshing of keys or
redistribution from time to time in the network, the
communication overhead is increased. The reasons for
key refreshing includes updating keys after revocation,
to avoid key from becoming DEFs extra control
messages and it leads to old, or due to dynamic
changes in the topology of network. SEF is simpler as
compared to DEF because of operation complexity
and extra overheads. For resource limited sensors,
DEF is complicated mainly. BECAN is energy
efficient with reduced bandwidth utilization. BECAN
can filter false data injection attack but it cannot detect
other attacks caused by compromised nodes.
Table 1: Performance analysis of different en-route filtering methods
Filtering
Method
Statistical
En-Route
Filtering
scheme
Uses
Network
Features
False
model
Highly
1.
data
and
drops
false 1.
dense
report . Multiple
Information
CPNs
nodes jointly produce event
False
data
Sensor
nodes are
grouped in to
cluster
1.
grouped
2.
Earlier false data filtering.
3.
Each node
requires
key
chain for authentication.
Randomly
injection
distributed
Eavesdrops of
sensor
packets
nodes
False
injection
data
Randomly
Inefficient if the number of
compromised node exceeds a
threshold value
For key dissemination Hill
1.
More complicated because of extra
control messages.
Climbing approach is used.
1.
Key
based
on residual
2. Extra
control
Messages
causes tripling of delay of
reports.
1.
energy
2.
Improves
Extra energy is needed for
synchronization
synchronization
2.
Fixed path for data delivery.
1.
Cannot
problem
1.
distributed
sensor
Bit-compressed
authentication
2.
nodes
Cooperative
High reliability
http://www.ijettjournal.org
detect
injected
neighborhood
based filtering mechanism
3.
ISSN: 2231-5381
detecting
report
False
data
Dynamic En- injection
Route Filtering Selective
scheme
forwarding
BECAN
scheme
Detects
Injection
spoofing
VEBEK
scheme
Drawbacks
false data
by compromised
Node.
2.
Cannot filter gang false data
injection attack.
Page 216
International Journal of Engineering Trends and Technology (IJETT) – Volume 31 Number 4- January 2016
REFERENCES
[1] D. W. Carman, P. Kruus, and B. Matt, “Constraints and
Approaches for Distributed Sensor Network Security,” NAI Labs,
Tech. Rep. 00-010, September 2000.
[2] F.Akyildiz , Y. Sankarasubramaniam, ”A survey on sensor
Networks” ,IEEE communication magazine vol.40, no.8, pp. 102114,Aug 2002.
[3] A.Wood and J. Stankovic, “Denial of service in sensor
networks”, IEEE Computer, Vol. 35, No. 10, pp. 54-62, 2002.
[4] H. Chan and A. Perrig, “Security and privacy in sensor
networks,” IEEE Computer Magazine, 103–105, 2003.
[5] S. Slijepsevic, M. Potkonjak, V. Tsiatsis, S. Zimbeck, and M.
Srivastava, “On Communication Security in Wireless Ad- Hoc
Sensor Networks,” in 11th IEEE International Workshops on
Enabling Technologies: 2002
[6] L. Yuan, “Design Space Exploration for Energy-Efficient Secure
Sensor Networks,” in IEEE International Conference on
Application-Specific Systems, Architectures and Processors, 2002.
[7] C. Hartung,. Balasalle, and R. Han, “Node compromise in sensor
networks: The need for secure systems”, Technical Report CU-CS988-04, Department of Computer Science, University of Colorado
at Boulder, 2004.
[8] J. A. Al-Karaki and A. Kamal, “Routing Techniques in Wireless
Sensor Networks: A Survey,” IEEE Wireless Commun. vol.11, no.
6, Dec. 2004.
[9] F. Ye, H. Luo, S. Lu, and L. Zhang, “Statistical En-Route
Detection and Filtering of Injected False Data in Sensor networks,”
Proc. IEEE INFOCOM ‟ 04, Mar. 2004.
[10] Kai Xing, Shyaam Sundhar Rajamadam Srinivasan, Manny
Rivera, Jiang, Xiuzhen Cheng "Attacks and Countermeasures in
Sensor Networks.
[11] S. Slijepsevic, M. Potkonjak, V. Tsiatsis, S. Zimbeck, and M.
Srivastava, “On Communication Security in Wireless Ad-Hoc
Sensor Networks,” in 11th IEEE International Workshops on
Enabling Technologies: Infrastructure for Collaborative Enterprises,
2002.
[12] L. Yuan and G. Qu, “Design Space Exploration for EnergyEfficient Secure Sensor Networks,” in IEEE International
Conference on Application-Specific Systems, Architectures and
Processors, 2002.
[13] D. W. Carman, P. S. Kruus, and B. J. Matt, “Constraints and
Approaches for Distributed Sensor Network Security,” NAI Labs,
Tech. Rep. 00-010, September 2000.
[14] F. Ye, H. Luo, S. Lu, and L. Zhang, “Statistical En-Route
Detection and Filtering of Injected False Data in Sensor networks,”
Proc. IEEE INFOCOM ‟ 04, Mar. 2004.
[15] H. Hou, C. Corbett, Y. Li, and R. Beyah, “Dynamic EnergyBased Encoding and Filtering in Sensor Networks,” Proc. IEEE
MilitaryComm. Conf. (MILCOM ’07), Oct. 2007.
ISSN: 2231-5381
http://www.ijettjournal.org
Page 217