Dr. Mohamed Osama Khozium
Hello Flood Counter Measure for Wireless Sensor Networks
Dr. Mohamed Osama Khozium
UMM AL-QURA University
a.prof.osama@gmail.com
ABSTRACT
Wireless sensor nodes are generally deployed in a hostile and unattended
enviorment. Sensor nodes are cheep resource intensive devices. The major
resource constraint is energy. Unattended nodes are expected to live years not
weeks. Limited battery power force sensor nodes to inform neighboring nodes
about their existence by broadcasting hello packets periodically. It is very easy for
an adversory to budge-in or take over few sensor nodes and use the
vulnerable/slave nodes to broadcast hello packet flood. Considering hardware
constraints we proposed a defense mechanism in which probabilistically chosen
random set of nodes will correspond with base station to validate the legitimacy of
request.
Keywords: Hello Flood, Sensor Network, Turn Rolling Proble, Routing, Network
Modeling
1
INTRODUCTION
Sensor networks have attracted a lot of attention lately. Intensity of sensor network varies from ten to
thousands of cheep sensor nodes depending on the application. Sensor networks are categorized mainly by low
cost, small size and dense deployment. Typically node densities vary from Three meter apart to as high as 20
nodes per m3. Each node has communication radius with in which it can communicate with other sensors. Sensor
nodes are low powered and less computational devices which make them vulnerable to different layer attacks. In
this paper we will focus on spoofed Hello flooding attacks.
802.15.4 Based sensor nodes require broadcasting Hello packet to inform their presence to their neighboring
nodes. The node which receive Hello packet may assume that the sender is with in the communication radius of
receiving node and can furnish its services on demand. An adversary with high communication radius, for
example laptop, can make this assumption false by broadcasting high transmission routing information to all or a
part of network.
When node receives a hello packet it creates or refreshes the routing table entry of neighbor. Failure of
receiving the hello packet after certain time span indicate that either the node is no longer a neighbor or
connectivity has been lost due to node failure.
International Journal of Computer Science and Security, volume (2) issue (3)
57
Dr. Mohamed Osama Khozium
1.1 Routing in Sensor Network
Communication in sensor network imagined as a tree considering root as a base station. In general case, a sensor
will be in the communication radius of several other sensor nodes. Nodes broadcast hello packet and exchange
their neighboring information in the extension field of hello packet. This neighboring set information is being
later used to make routing path towards the base station.
(a)
Figure.1.
(b)
(a) Routing tree among sensor nodes (b) Hello flood
Spoofed hello packet may force sensor nodes to forward their packets towards week or possibly dead links.
In this paper, we have presented a secure routing protocol for sensor network which can protect against hello
flood attack. In our approach, considering minimal energy resources of sensor nodes we used probabilistic
approach which forces few randomly selected nodes to report base station about hello request which can later
analyze the request authenticity.
The rest of paper is organized as follows:
2
Hello Packet Properties:
There are many features which differentiate Hello packets with data packets.
1.
The size of Hello packet is small compared to data packet. Since there are fewer bits to transfer, it is less
prone to bit errors. It is high probability that hello packet will reach to its receiver than the data packet,
especially over week links.
2.
Some times broadcast messages in 802.15.4 are broadcasted with out any ACK. Receiving hello message
does not guarantee to communication on bidirectional links.
3.
Broadcasting Hello packet is always done at basic bit rate while data packets are usually forwarded on
higher rate. Lower bit rate transmission is more reliable.
3
Problem Statement
Many protocols demand motes to broadcast Hello Packet to publicize themselves to their neighbors. A mote
receiving such a packet may presume that it is with in the normal radio range of the sender. Laptop class
adversary can falsify this postulation by broadcasting Hello packet with large enough transmission power which
could prove to every mote in the network [with in the signal range of high powered and wide signaled adversary]
International Journal of Computer Science and Security, volume (2) issue (3)
58
Dr. Mohamed Osama Khozium
that adversary is its neighbor. In sensor networks, a Hello flood attack uses a single hop broadcast to transmit a
message to a large number of receivers.
An adversary does not always need to be able to construct legitimate traffic in order to use Hello Flood attack. It
can simply rebroadcast overhead by every node in the network.
Processor
4 Mhz, 8bit MCU [Atmel]
Storage
512 KB
Radio
916 Mhz Radio [Radio Modulo]
Communication Range
100 ft
Data Rate
40 kbps
Transmit Current
12 mA
Receive Current
1.8 mA
Sleep Current
5 uA
Table 1: Hardware characteristics of MICA Mote
4
Related Work
Deployments of thousand of unattended energy crucial sensor nodes, which will efficiently enable the
cooperation among each other, are vulnerable to many kind of routing attacks like Hello flood.
In [1] authors stated that each packet forwarded by the node is encrypted with a key and any two sensors
share the same common secret. Every new encryption key is generated on fly during the communication. This
phenomenon ensure that only reachable neighbor node decrypt and verify the message, which can prevent the
adversary attack. The drawback of this approach is that any attacker can spoof identities i.e. using hello packets
and can initiate syble attack.
In [2] authors suggested that hello flood attack can be encountered using ‘identity verification protocol’.
This protocol verifies the bi-directionality of a link between two links. If an adversary has a very powerful link
quality, the base station can analyze the anomaly by verifying number of verified neighbors of each node. This
mechanism is not energy efficient as almost all nodes generate traffic towards base station, which can also lead
to congestion near sink node.
In [3] authors suggested that link layer encryption and authentication, multipart routing, and bidirectional
link verification can protect sensor nodes from hello flood attacks.
International Journal of Computer Science and Security, volume (2) issue (3)
59
Dr. Mohamed Osama Khozium
5
Proposed Idea
The ability of sensor network is not only to sense the desired information but also to communicate among nodes
in order to send data to base station. Sensor nodes are cheep resource intensive devices. The major resource
constraint is energy. Unattended nodes are expected to live years not weeks. Limited battery power force sensor
nodes to inform neighboring nodes about their existence by broadcasting hello packets periodically.
Beside system faults, sensor nodes are also vulnerable to malicious attacks launched either by compromised
nodes or by laptop class adversary. Security solutions against these attacks have to be designed with limited
memory, limited battery and limited computational power of sensor node in mind.
5.1 Network Modeling
The solution for achieving ubiquitous context is to assemble devices to get related services. For the context of
coverage, negotiation and resolution strategies are needed to accurately identify their neighbors for greedy
routing. We have assumed identical sensors sensitivities where coverage is depend only on geometrical distances
from sensors. We assumed a centralized control server where nodes are connected with each other in peer-topeer fashion which leads to connectivity with base station.
5.2 Node Selection: Turn-Rolling Problem
Considering the fact that it takes same amount of energy either to send one packet to neighboring node or
computer eight hundred or one thousand lines of instructions in sensor node, it is not feasible that on each time
nodes belonging to sensor field receives a hello packet will report to base station. Considering energy constraint
in mind, probabilistically chosen random set of nodes will correspond with base station to validate the legitimacy
of request. Assume sensor field ‘X’ has ‘k’ nodes that got hello packet, the turn of each sensor to send hello
packet reception report to base station can be described as follows: after ‘n’ the reporting nodes will be ‘S n mod
k’. where
n
Sn   X i
(1)
i 1
and X1, X2,… are the turns nodes obtained on successive turns. For further clarity of mind let’s evaluate two
cases:
Case1: the probability ux that ‘Sn = x’ for n nodes where x
Case 2: when t
0
0
 (t ) = min {n  0: Sn > t} and
(2)
R(t) = ST ( t ) - t
(3)
R(t) is the residual life of any node.
Sn process a counting process N(t) is associated that tracks total number of renewals (with out considering first
occurrence). The random variable N(t) is
International Journal of Computer Science and Security, volume (2) issue (3)
60
Dr. Mohamed Osama Khozium
N(t) = max {n : Sn
 t}
(4)
N(t) =  (t ) - 1, where  (t ) is the first response time defined by (2).
Nodes in sensor network are deployed in hostile environment where they may die because of battery limitations
or some nodes may be installed in the pre-functional network. Nodes send hello packet to neighboring nodes
periodically to let the other nodes know about their physical status. Imagine X 1, X2, … are the life time of
replaceable nodes in sensor field. If the first node is added at time 0, the Sn are times at which components must
be replaced. It is quite traditional to mention the Xi as intercurrence time, and their common distribution as
intercurrence time distributions. So:
A(t) = t – SN(t), and
(5)
R(t) = ST ( t ) - t
(6)
L(t) = ST ( t ) - SN(t)
(7)
A(t) is age of node, R(t) is residual life time and L(t) is total life time where L(t)= A(t)+R(t). Note that hello
packet is periodically sent to the neighboring nodes. Meaning sensor node may have certain threshold of sending
the hello packet in its whole life time. By using hello packet counter we can judge the node remaining life time.
In order A(t)=k, it must be the case that the last renewal take place at time t-k and the life time of installed
node exceeds k. So


P{A(t)=k} = u t – k P{X1 > k} = ut – k
x  k 1
Where u t – k 
px
(8)
1
as t   , it illustrates that for each k = 1,2, …

Limt  p{ A(t )  k}   1
Limt  p{ A(t )  k}   1


x  k 1
px


x  k 1
px
(9)
Suppose that k  1: then in order that there will be a renewal at k, on event that X 1=m will satisfy the condition
when renewal process S*1, S*2,… has an occurrence at time k-m. Thus it satisfy
u(k) =
Where
 0 (k) + Eu(k-S1)
(10)
 0 (*) is the kronecker delta function which will raise the trigger in sensor node weather to send report or
not.
5.3 Confidence Level
Suppose Y= f (X1, X2, … , Xn)= f( X )
(11)
y = f (x1, x2, …, xn)= f(x)
(12)
Where Y is meaurand, X = {X1, X2, …, Xn} which is a vector value which can be random, ‘n’ is different
measurand in same measurement process, ‘f ’ is function of measurement process and x = x1, x2, …, xn.
International Journal of Computer Science and Security, volume (2) issue (3)
61
Dr. Mohamed Osama Khozium
Suppose we observe report as Y = y
 U ; where ‘y’ is expectation of ‘Y’ and ‘U’ is expected uncertainty
defined by the U=Kuc(y) where uc(y) is combined standard uncertainty representing the estimated standard
deviation of result ‘Y’ and ‘k’ is coverage factor.
Now, standard measurement uncertainties can be obtained as square roots from variances of distributions:
U(xi)=
Var[ X i ] ; where i = 1, 2, …, n
2
The observation implies that Y= uc ( y ) where
n 1
n
uc2 ( y ) =
n
 A  2  B
i 1
i
i 1 j i 1
ij
(13)
where Ai= (f / xi ) u ( xi ) . Ai and Bij depends on probability distribution that shows the knowledge of input
2
2
nodes. We also know that the weighted covariance B ij = (f / xi )(f / x j )u ( xi , x j ) ; here i,j = (1, 2 , … , n)
respectively.
We evaluated the weighted sensitivity coefficient under the assumption ‘X = x’. If f (X) is supposed to be a
continuous function as X = ( X1, X2, … , Xn), than by using Taylor’s series expression we can get
n
Y = f (x) +
(
i 1
f ( X )
) X= x + W
xi
(14)
‘W’ is the remainder nodes. We observe that when ‘X’ is closer x; we can neglect the ‘W’. Considering this
scenario we can assume W = 0 in equation 14.
U(y) 
n
(
i 1
n 1 n
f ( X ) 2
f f
)u ( xi )  2 
u ( xi , x j )
xi
i 1 j i 1 xi x j
(15)
Where u(xi, xj) = p i, j u(xi)u(xj) and pij is the correlation coefficient between xixj, i 
0
P i, j = {1
if
if
i j
i j
j.
(16)
5.3.1 Measurement and its confidence Region
Let M = (M1, M2, … , Mn) is the random vector for measurement, ‘n’ is different measurement in the same
measurement process, S(n) is ‘n’ dimensional measurement space, C(n) is event space, which has variable region
of M, and can be partial part of S(n), ‘P’ is confidence level and fM is joint probability density function.
The related confidence level, defined by ‘p’ can be
p = P {M  C(n)} =
 ... 
(m)dm1dm2
(17)
C(n) M
here m = m1, m2, …, mn and Fm(m) is the nth varied joint probability density function which is:
fM(m) = Lim h0 P{m
 M  m+h}/h
International Journal of Computer Science and Security, volume (2) issue (3)
(18)
62
Dr. Mohamed Osama Khozium
here h = (h1, h2, … , hn) and 0 is zero vector. The confidence region C(n) and the related confidence level ‘p’ are
the bases for the uncertainty expression in the multivariate model.
6
Performance Evaluation
We simulate our proposed scheme on NetSim. We assumed that each node is aware of its geographical region
and broadcasting Hello packet is always done at basic bit rate. We used following simulation parameters.
List of parameters for simulation
Parameter
Values
Area size of simulation
400m * 100m
Total number of nodes in simulation
300
Total time for simulation
200
Nodes transmission range
20m
Traffic type
Constant bit rate
Inter-Packet transmission delay
Decided by the graph
Beacon Time period
6 sec.
Energy Consumption
Idle
4µJoules/s
Sense
200Joules
Transmit
150Joules
Receive
250 Jouls
Battery Size
7
0.04 mAH
Conclusion
In this paper we have presented a simple but efficient mechanism which presents the collateral damage effect
caused by hello packet flood. To launch a Hello Flood an adversary does not always need to be able to construct
legitimate traffic in order to use Hello Flood attack. It can simply rebroadcast overhead by every node in the
network. Dynamically chosen nodes cast vote against each control packet received, to base station. We used
‘turn rolling algorithm’ to choose nodes from particular geographical region to cast vote. We observed less
energy consumption, longer life of network, and better packet authentication.
8
Reference
1.
A Hamid, S Hong, Defense against Lap-top Class Attacker in Wireless Sensor Network, In Proceedings of
ICACT 2006
2.
Venkata C. Giruka, Mukesh Singhal, James Royalty, Srilekha Varanasi, Security in wireless sensor
networks, in Proceedings Wiley InterScience, 2006
International Journal of Computer Science and Security, volume (2) issue (3)
63
Dr. Mohamed Osama Khozium
3.
Chris Karlof David Wagner; Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures;
In proceedings of IEEE 2003.
4.
A Perrig, J Stankovic, D Wagner, Security threats in wireless sensor networks, In Proceedings of
Communications of the ACM, 2004
5.
Xiaojiang Du, Yang Xiao, Hsiao-Hwa Chen, Qishi Wu, Secure cell relay routing protocol for sensor
networks, In proceedings of John Wiley & Sons, Ltd. Journal
6.
C. Yin, S. Huang, P. Su, and C. Gao., Secure Routing for Large-scale Wireless Sensor Networks., In Proc.
of International Conference on Communication Technology (ICCT'03), April 2003
7.
A.D. Wood and J.A. Stankovic, Denial of Service in Sensor Networks, IEEE Computer, 35, 54-62,
September 2002
8. Yinian Mao and Min Wu, Coordinated Sensor Deployment for Improving Secure Communications and
Sensing Coverage, ACM Workshop on Security of Ad Hoc and Sensor Networks (SASN 2005), November
2005
9. Jing Deng, Richard Han, and Shivakant Mishra, Defending against Path-based DoS Attacks in Wireless
Sensor Networks, ACM Workshop on Security of Ad Hoc and Sensor Networks (SASN 2005), November
2005
10. Li Zhou and Jinfeng Ni and Chinya V. Ravishankar, Supporting Secure Communication and Data Collection
in Mobile Sensor Networks, IEEE INFOCOM, April 2006
11. F. Stajano, R.J. Anderson, The resurrecting duckling: security issues for ad-hoc wireless networks, in:
Seventh International Security Protocols Workshop, 1999, pp. 172–194
12. J. Kong, P. Zerfos, H. Luo, S. Lu, L. Zhang, Providing robust and ubiquitous security support for mobile adhoc networks, in: ICNP, 2001, pp. 251–260
13. Y. Yu, R. Govindan, D. Estrin, Geographical and energy aware routing: a recursive data dissemination
protocol for wireless sensor networks, Tech. Rep. UCLA/CSD-TR-01-0023, Computer Science Department,
University of California at Los Angeles, May 2001
14. S. Lindsey, C. Raghavendra, PEGASIS: power-efficient gathering in sensor information systems, in: IEEE
Aerospace Conference, 2002
Author’s Biography
Dr.Khozium is currently professor assistant at the department of information systems, college of
information technology, Misr University for science and technology. He was born in Mansoura,
EGYPT. He received the B.S. degree in aviation science from Air academy, EGYPT, in 1975,
first M.S. degree in aviation science (in laser applications) from Air war studies institute,
Egyptian air force, in 1994, high diploma and second M.S. degree in computer science and
information systems from the university of Cairo, Egypt. Many studies in electronic warfare from USA and
France,
Ph.D.
in
information
systems
from
the
university
of
Cairo,
Egypt.
Dr. khozium has published many articles in international journals and conferences in the area of electronic
warfare, information security and software engineering, he participated in organizing many international
conferences,
he
is
an
active
reviewer
for
numerous
International Journal of Computer Science and Security, volume (2) issue (3)
international
journals.
64
Dr. Mohamed Osama Khozium
Dr.khozium has been awarded "doing duties honestly and faithfully award" and "excellent duty medal from the
first
level"
from
the
president
of
Arab
Republic
of
Egypt,
1996,
2006
respectfully.
Dr.khozium is an active member in many international computing and electronic warfare associations including
ACM and AOC.
International Journal of Computer Science and Security, volume (2) issue (3)
65