Essay: Malicious nodes spoofing their identity and location

A wireless sensor network is distributed autonomous sensors to monitor physical or environmental conditions, such as temperature, sound, pressure, etc.  and to cooperatively pass their data through the network to a main location. One of the main issues in WSN is malicious nodes spoofing their identity and location. A packet drop attack or black hole attack is a type of denial-of-service attack in which a router that is supposed to relay packets instead discards them. This usually occurs from a router becoming compromised from a number of different causes.
One cause is through a denial-of-service attack on the router using a known DoS tool. Sensor networks are used in numerous utility domains, equivalent to cyber physical infrastructure systems, environmental monitoring and energy grids. Information are produced at a giant number of sensor node sources and processed in network at intermediate hops community on their approach to a Base station that performs selection-making. The diversity of information sources create the need to assure the trustworthiness of knowledge to simplest dependable expertise is viewed in the selection system.
The packet drop attack can be frequently deployed to attack wireless ad hoc networks. Because wireless networks have a much different architecture than that of a typical wired network, a host can broadcast that it has the shortest path towards a destination. By doing this, all traffic will be directed to the host that has been compromised, and the host is able to drop packets at will. Also over a mobile ad hoc network, hosts are specifically vulnerable to collaborative attacks where multiple hosts will become compromised and deceive the other hosts on the network. In a multi-hops sensor network, data provenance allows for the BS to trace the supply and forwarding course of character information packets. Provenance ought to be recorded for every packet. However primary challenges arise as a result of the tight storage, energy and bandwidth constraint of sensor nodes. As a consequence, it’s indispensable to devise a mild-weight provenance answer with low overhead. As a result it’s crucial to address protection requisites like confidentiality, integrity and freshness of provenance. This system predominant goal is to design a provenance encoding and decoding process that satisfies security and performance need.
System suggests a provenance encoding procedure whereby each node on the trail of an information packet securely embeds provenance information inside a Bloom filter that is transmitted along with the info. Upon receiving the packet, the bottom station extracts and verifies the provenance information. This system also devise an extension of the provenance encoding scheme that makes it possible for the bottom station to discover if a packet drop assault used to be staged by a malicious node.
1.2 Data Model
Data model considers a process of accumulating information. Each and every node generates data periodically, and person values are aggregated closer to the base station making use of any existing hierarchical dissemination scheme. Each packet of information contains (i) a specific packet sequence number, (ii) an information value, and (iii) provenance.
1.3 Threat Model
Threat model is additionally to provide data provenance binding i.e., a coupling between knowledge and provenance so that an attacker are not able to effectually drop or alter the legitimate information at the same time conserving the provenance, or swap the provenance of two packets.
1.4 Stable Bloom Filter
Stable Bloom filter as a variant of Bloom filters for streaming information.  The notion is that on the grounds that there’s no ways to retailer the complete history of a flow (which may also be limitless), stable Bloom filters regularly evict stale expertise to make room for extra contemporary elements. Considering that stale information is evicted, the steady Bloom filter introduces false negatives, which don’t show up in normal bloom filters. The authors exhibit that a good upper certain of false optimistic rates is guaranteed, and the system is sophisticated to standard bloom filters in phrases of false confident premiums and time effectively when a small space and an acceptable false constructive price are given.
The lightweight scheme uses the separate transmission channels for data and provenance. In this lightweight scheme provenance security solutions use cryptography and digital signatures, and they have append-based data structures to store provenance, leading to high cost. In this lightweight scheme Fast message authentication code (MAC) schemes and Bloom filters, are used which are fixed-size data structures that compactly represent provenance.
In-packet bloom filter technique is used to encode the data provenance retrieved at the base station. The provenance decoding process done at the base station.  Decoding contains two sequences in the process of provenance verification and collection at the base station. However, this method does not detect the provenance forgery in accurately also does not avoid packet modification. This method not suitable for multiple following malicious sensor nodes.
DISADVANTAGES:
Response time for the request packet transmission will be high.
This system cannot detect the packet loss attack and does not ensure the secure transmission.
The malicious can gain the data provenance.
Not suitable for multiple following malicious nodes.
This system introduces provenance encode scheme and provenance decode scheme using AES algorithm to precede a secure transmission in the wireless sensor network. This system proposes the stable bloom filter technique to encode the data provenance retrieved at the base station. This system introduces the data aggregation mechanism to gather the information of the specified variables such as packet sequence number, data value and provenance transmit to the base station. The provenance decoding process done at the base station. Decoding contains two sequences in the process of provenance verification and collection at the base station.
In provenance verification process the BS knows the preceding packet sequence number and the last packet sequence number. If the sequence mismatch then the verification process failure at the BS. It leads to packet drop attack.  The packet dropped node send to provenance collection and identifies the malicious node. We address security requirements such as confidentiality, integrity and freshness of provenance.
ADVANTAGES:
Minimum response time for the request packet transmission
Energy efficiency
Identify the malicious who performs provenance forgery
Detect provenance forgery in accurately also avoid packet modification.
Initialize the source and destination port
Provenance Encode Scheme
Provenance Verification
Provenance Collection
Detect Provenance Forgery
In this module the system have to set path and port between source and destination. The source may create a file and browse the file to source to destination. These files are split while reach the destination after encryption process done.
In this module use the AES algorithm to encode the data for the data security. For a packet, provenance encoding refers to propagating the vertices in the provenance graph and inserting them into the stable bloom filter. Each vertex originates at a node in the data path and represents the provenance record of the host node. A vertex is uniquely identified by the vertex ID (VID). The provenance record of a node includes 1) the node ID, and 2) an acknowledgement of the lastly observed packet in the flow.
In verify modules following process are preformed.
Key generation,
Generate secret key for the verification process.
Verifying packet seq no.
In this part it verifies the current packet seq.no and preceding packet sequence number if it mismatches the verification process could be failure.
Send to receiver
In this part verification details will be sending to the receiver to detect the provenance forgery.
In receiver module receive a packet data suspicious means place in suspicious box suppose data correct data means placed in province box.
Data-provenance
Setup: the data producer sets up its signing key k and data consumer sets up its verification key k0 in a secure fashion that prevents malware from accessing the secret keys.
Sign(D, k): the data producer signs its data D with a secret key k, and outputs D along with its proof sig.
Verify (sig, D, k0): the data consumer uses key k0 to verify the signature sig of received data D to ensure its origin, and rejects the data if the verification fails.
The verifier before storing the data packet at the destination preprocesses the data packet and appends some Meta data to the packet and stores at the destination. At the time of verification the verifier uses this Meta data to verify the integrity of the data.
It is important to note that our proof of data integrity protocol just checks the integrity of data i.e. if the data has been illegally modified or deleted. It can be prevent the destination from modifying the data.