Essay details:

  • Subject area(s): Engineering
  • Price: Free download
  • Published on: 7th September 2019
  • File format: Text
  • Number of pages: 2

Text preview of this essay:

This page is a preview - download the full version of this essay above.











ABSTRACT – Open wireless ad-hoc network become harmful by possessing many identity which malicious node gains dis-appropriate influence and information. Many defense based on Sybil attack posed over channel estimation, trusted sources which is not exposed on the IEEE 802.11 network. RSSI observation and Sybil classification is performed with MASON TEST protocol with high computation in commodity devices. The method Prior round reveals RSSI information is implemented to reduce the computation time generated by the MASON TEST protocol. Specifically, we implement the protocol and the method to defense against the Sybil attack, i.e. 99.99%, without trusted certification in minimum computation time. The performance is illustrated in network simulator and the result is analyzed.


Keywords – Wireless network, Ad-hoc network, security, Sybil attack, Signalprint.








Wireless network technology is one of the hottest topic in in network fundamentals. Wireless networks serves many features. In various cases they uses cable replacements, where in other cases they are used to provide access to corporate data from remote location. The main four categories of wireless networks are WPAN (wireless personal area network), WLAN (wireless local area networks), WWANs (wireless wide area networks), and satellite networks. These networks are now commercially available in most of the region.


The wireless network are categorized into two broad segments: short-range and long-range. Short-range wireless applicable to networks that are confined to a limited area, this are applicable to LANs (local area networks). The same as Wireless local area network are used in building or campuses; typically 100 meters is the coverage area; the function is extension or alternative to wired LAN, associated cost is Low-Medium, typical through-put is 1-54Mpps. The standards used in WLAN is 802.11 a, b, g, HIPERLAN/2.  IEEE 802.11 is a combination of MAC (media access control) and physical layer (PHY) specifications for implementing WLAN (wireless local area network) computer communication in the 2.4 - 60 GHz frequency bands.


Wireless networks turns vulnerable to Sybil attacks, in which Sybil node poses identities in order to gain disproportionate influence. Various defenses based on spatial variability of wireless channels exist, but something not exposed on commodity 802.11 devices. There introduces numerous security concern to defense against the attack, since participants are not vetted this assumption is easily broken by a Sybil attack. Defenses which are proposed falls into categories like trusted certification, social network based technique, misbehavior detection, resource testing, localization techniques. The trusted certification used access point or certification to vet participants, thus not useful in open nature of wireless network. Resource testing method are most easily defeated in ad-hoc network of resource limited mobile devices by attackers with access to greater resources.


The localization technique, supports defense mechanism against open ad-hoc network without trusted certification. RSSI (Received Signal Strength Indication) [3] is a localization technique uses the spatial correlation between the signal strength and physical location of a node to identify the presence of a Sybil node. It is important to note RSSI does not relay on the quality of signal and usually an action is required for mapping RSSI distance values. In Figure 1, (a) represents the RSSI observation from trusted APs used to identifies the Sybil’s,  




Figure 1 Trusted RSSI observation and false observations in Ad-hoc networks.






where S is a Sybil presented by attacker M. Trusted RSSI observations, which are not generally available in open ad-hoc networks. In Figure 1, (b) represents the participant themselves act as observers. The observation are untrusted, coming from possible lying neighbors. In Figure 1, (c) represents I believes S1 and S2 are falsified observation and incorrectly accept them and reject A and B as Sybil. A Signalprint [2] is used, as its direction stays unchanged, as RSSI can be changed by varying transmit power. Signalprint are hard to spoof and strongly correlated with physical location of nodes. Signalprints allow a control over Wireless Local Area Network to reliablysingle out clients. Instead of identifying clients based on MAC addresses or other data, Signalprints allow the system to recognize the identitybased on how clients look like in terms of signal strength levels.


Murat Demirbas and Oguejiofor O.S noted that RSSI is a robust and lightweight solution for Sybil attack issue basedclient position in both indoor and outdoor environment. The framework naturally evaluates the distance between node hubs by measuring the RSSI (got signal quality marker) at a suitable number of node hubs.


The harmful attack against ad hoc networks is known as the Sybil attack. Sybil nodes refer to a malicious device’s additional identities. Open nature of wireless network need a defense against Sybil attack, something exposed on commodity 802.11 devices. Without requiring trust in any other node or authority, RSSI is inherent use true or false RSSI observation reported by one-hop neighbors. The method prior round reveals RSSI information is used to reduce the computation time by comparing the RSSI prior round values. Performing Mason Test protocol with two components: collection of RSSI observations and Sybil classification. The protocol classifies non-Sybil and Sybil by vetting participants without using trusted authority.




Daniel B. Faria, (2006) uses signal print [12] technique to defeat against the sybil attack. The transmitting devices can be robustly identified by its signal print, a tuple of signal strength values reported act as sensors. The signal printcreates signal strength measurement is reliable to client idetifiers . The sybil clients can lie about their MAC address, signal print are strongly correlated with the physical location. Therefore, holding nodes with their Signalprints provides the proper matching rules. Signal print is featured in way that wireless network is able to detect a large class of effective DOS based on MAC address spoofing.


Murat Demirbas, (2003) [3] uses the RSSI as a solution to the sybil attack in wirless sensor network. The RSSI is said to be lightweight  process, the issues like time-varying, unrelaible, non-isotropic is over come by using the Received Signal Strength Indication ratio. The RSSI is found to be the robust since it detects the sybil nodes with 100% completeness and less false positive ratio.


Mohamed Salah Bouassida, (2007) [4] reports that by collection of mobile host forming an estabilished infrastructure without aid. By allowing node to verify the authenticity of neighbour nodes based on the localization. To determine the estimated metric, the nodes are distigushed between the significance of the node.


Zhuliang Xu,(2013) [5] disscus about RSSI along with Ensemble Empirical Mode Decomposition (EEMD) and evaluate the performance in the indoor and outdoor environment. EEMD normalize the RSSI value related to the distance and reproduce the movement of the sender. EEMD can efficetivily ignore the RSSI value that changes in distance equation which is specific for one Wi-Fi devices. The EEMD along with RSSI is effective in outdoor thna indoor environment.


Diogo Monica, (2009) [13] deploys a framework to evaluate the power and performance of radio resource test (RRT), i.e., each node has access to a single radio devices, the potential to support protocol that does not require pre-configuration nor pre-shares secret.


Yue Liu, (2013) [14] proposed a method Multiple-input Multiple-Output (MIMO) [9] in Sybil defense by resource testing. In MIMO the received signal is validated to identify the transmission. The node is identified by multiple identities from same receiver to be a Sybil or malicious node. MIMO gains complete information about the received signal strength.




In this segment, we summarize the problem, solution framework and briefly discus RSSI [4] and Signalprint methods.




We extent the Signalprint and RSSI based Sybil detection and classification methods to work without any prior detection or observation of participants to determine which of its one-hop neighbor are non-Sybil in open wireless network. The framework that formed allows us to identify the truthful subset selection of nodes for secure safe and trustful protocol.






FIGURE 2 Trustless truthful subset selection of RSSI observer




two receiver to compare ratio of RSSI instead of absolute value of RSSI [5] and observe the time varying of RSSI. By comparing the ratio, RSSI can take care of varied transmission power at sender. By using different transmitting power the sender broadcast 1000 messages. RSSI values are recorded by two receivers and transmit them to base station.


〖'P_r (d)'〗'_dBm= R_dBm-10n'〖'log'〗'_10 (d/d_0 )   +Z_dBm                            (1)




R – Received Signal Strength Indication.


Pr – Received signal power.


Z – Gaussian distribution random variable with


0 mean value.


d – Distance difference between receiver and




The base station analysis and compute the ratio of two RSSI values it received from the two receiver at time t1 and t2. The difference of RSSI ratio is calculated and logs this value.


This results in uniform distribution of values by following Gaussian Probability Distribution with standard distribution of 0.066 and 0.106, as in(1). If D1 and D2 is the difference of RSSI ratio in same location and I1, I2, I3 and I4 are the node identity with a threshold.


((R_I1^D1)/(R_I2^D1 )-(R_I1^D2)/(R_I2^D2 ))<σ,((R_I1^D1)/(R_I3^D1 )-(R_I1^D2)/(R_I3^D2 ))<σ,


((R_I1^D1)/(R_I4^D1 )-(R_I1^D2)/(R_I4^D2 ))<σ                          (2)




It is safe to set σ as 0.1 and threshold to 0.5 to detected Sybil node 99.999%, i.e. the threshold to be5σ, more specifically 0.1, calculated as in (2). Figure 3 represent the ratio compared between RSSI.




Signalprint [2] is vector of RSSI median. The properties of signalprint are: Strongly correlated with the physical location with close proximity of client and Packet violently transmitted by stationary nodes generates similar signalprint with high probability.


Signalprint value can be written as original value or as relative value with respect to high and lower values of RSSI [9] levels in dBm.




Figure 3 Comparing ratio of RSSI


The difference between the value at an appropriate position and maximum values found in the signalprint, is calculated using the term differential signal strength. When matching two signalprint (i.e. S1, S2) it should be written with both absolute and differential values. The use of differential values increases the signalprint operation that varying transmission power between the nodes.


MAX-MATCHES: By comparing the Signalprint (i.e., S1 and S2) the total number of '∈' dB is found, denoted by (S1, S2, '∈'), i.e, 10-dB at position I and S1[i] and S2[i] are non-default values, as in (3).




abs(S1[i]-S2[i]) ≤ 10       (3)


MIN-MATCHES: The signalprint S1 and S2 is compared and the total number of '∈' dB is found, denoted by (S1, S2, '∈'), i.e, 10-dB at position I and S1[i] and S2[i] are non-default values, as in (4).




abs(S1[i]-S2[i]) ≥ 10       (4)




The goal of the research is to defense against the Sybil attack without any trusted authority by achieving minimum computation time by extending the Sybil defense method with Prior Round Reveals RSSI Information. Figure 4 represent the flow of the defense mechanism.






Figure 4 Sybil Defense Mechanism




4.1 Prior Round Reveals RSSI Information (PRRRI)


The method prior round reveals RSSI information is deployed to reduce the high computation time computed during MASON test protocol. The method is not actually the defense mechanism where as it is mechanism to reduce the time of computation time.Three steps of the PRRRI method are:


Step 1: Routing Process


The process of selecting the best path to transmit packets between nodes in the open wireless ad-hoc network in the IEEE 802.11. Distance vector routing protocol (DSDV) [6] is the routing protocol used as Routing process. In the 802.11 WLAN network the DSDV [11] operates by having each node i in the network by maintaining a table, which gives the best distance to each destination and which routes to get information with all its neighbors periodically. Each and every node has a single entry in routing table. The entry node will have following information of the nodes: IP address, last know sequence number and the hop count to reach the source node. Along with the details the routing table also holds the track of nexthop neighbor to reach the destination node and the timestamp of the last update received for that node i.e., DSDV_Agent::Update(int&periodic). The updated message of DSDV consist of Destination address, Sequence number and Hop count. DSDV_Agent:: updateRoute(rtable_ent *sequnum, rtable_ent *dstadd, rtable_ent *nxthop). Each nodes deploys two mechanism to send out the DSDV update.s, they are: Periodic updates, Trigger Updates. When the update with same sequence number is received, the with least hopcount is given the precedence.


Step 2: Node certification


The node is certificated in two different way: node id, certification id; by RSA cryptography. The generation of node id and certification id deploys the node to be highly secured. RSA generate the public key based on two large prime number must be kept secret. The prime number is large enough, so that someone without the knowledge of prime number cannot decode the message.


Step 3: RSSI based Node identification


The prior round RSSI information is made an entry in to hash table and each every time the node is entering the network the Prior round RSSI information is initial step to process the node for data transmission as secure node. In the process of node identification after evaluation of routing process and RSA-Encryption and Decryption, the node is compared in the hash table with RSSI values that is performed in prior rounds, if the RSSI values compared in the Prior round that is updated in the hash table matches then the node does not processed with the MASON TEST protocol, if not comparison mismatches then the protocol is performed and data transmission is performed in open ad-hoc network. By performing every time the protocol will consume high computation time i.e, <5s for 5-10 nodes is typically fast but it is slower in high density area 40s for 100 nodes. Thus the method implemented reduce the high computation. Figure 5 represent the flow of PRRRI method.


Figure 5 Node identification in PRRRI.


The each time the new largest γ- consistent subset generated by the MASON test protocol is carried with hash table to as prior round information. Each time all the participating identities entries the PRRRI the nodes information is compared with the prior round information of node i.e. RSSI ratio and identity classification. Figure 6 computational time reduction compared with existing [1].




Figure 6 Computation Time


ALGORITHM 1: Node identification


Require:'〖'(C, R'〗'_max) is the γ-truthful consistence




1: h ←'〖'(C, R'〗'_max)


2: newhash = hashing(h, strlen(h))


3: Compute comparison between newhash with prior information.


4: if(newhash = hdr →hashvalue)


5: authenticate_result ← MESSAGE_ACCEPTED


6: if newhash and (hdr →hashvalue) not matches then


7: authenticate_result ← MESSAGE_ERROR


                                           -integrity violation”);


8: end if


9: return newhash.



Algorithm 1, performs the comparison between the information of entry node and prior information of the same node.




The mason test [1] is the protocol is implemented WLAN 802.11 to defense against the Sybil attack without using trusted authority. The protocol needs four main requirements:


1) The participating identities should be a conforming neighbors.


2) The examined packets should be transmitted in pseudo random order.


3) The information about the RSSI observation must not know to the attackers.


The protocol performs two components: RSSI observation [10] and Sybil classification. At the end of the protocol results the nodes are classified in to Sybil and non-Sybil nodes.


4.2.1 RSSI observation


The RSSI observation is performed with three phases:


Phase I: Identity collection


The identities participating neighbors ensuring that none of the conforming identities are jammed by attackers are gathered in first phase, e.g. HI message is transmitted each acknowledged with initiator, unacknowledged HI is retransmitted. The process terminated if the channel stays ideal till timeout, all stationary neighbors respond with their identities.




Phase II: Randomize broadcast request


In second phase the challenge-response protocol RSSI observation and Sybil classification for motion detection.  E.g., the participants records the RSSIs of the HI message from the conforming identities. Some identities fails to responds within minimum duration (i.e., 10ms) might be an attacker attempting to change the physical position and those identities are rejected.


Phase III: Report of RSSI Observation


In third phase first, each identity broadcasts a hash of its observation, then RSSI observation [8] values are shared, thus not matching the respective hash values are rejected. To prevent attacker from using the values to falsie the observation.


4.2.2 Sybil Classification


Sybil classification is performed by each participants individually. Correlation between the participants decrease with the RSSI values. The Sybil classification performs only with the current observation uncorrelated with the prior ones. In Algorithm 1, once the receiver set is chosen the set S contains a truthful receiver set is carried away to examine the γ-true Sybil classification. The Sybil and non-Sybil nodes are classified and the 99.99% of Sybil nodes are defensed in the 802.11 WLAN ad-hoc network.


The goal of the candidate receiver set selection is, at least one of the candidate should be truthful. Size-n is set for desire receiver set, S is the truthful receiver set, R is the receiver set identity used to form the signalprints[2]. Along with R the random element in the hash table, identities labeled non-sybil by view V, i.e. VNS(R), is updated to R. Truthful receiver set id updated with the new set {R}. Updated γ-truthful receiver set is compared with the number of identity whose RSSI [4] [5] ratio reported by i do not match with R. the view generated by receiver set R V(R) and the view generated by all the participating identities and all Sybil identities i.e. V({i,s}) are not similar. The subset is found with new largest γ- consistent the participating identities are classified as Sybil and non-Sybil identities.




We have described a method Prior round reveals RSSI information to reduce the computation time generated by the Sybil attack defense MASON protocol. We deployed the RSSI to separate true and false observation of neighbor nodes. The protocol along with the method reduce the computation time compared to protocol deployed alone in IEEE 802.11 WLAN. The protocol 99.9% robustly defense the Sybil node and method reduce the computation time of the protocol. The performance is analyzed in network simulator. For future work, the method is tested in outdoor and indoor environment.




[1] Yue Liu, David R. Bild, “The Mason Test: A Defense Against Sybil Attacks in Wireless Networks Without Trusted Authorities”, IEEE Transactions On Mobile Computing, Vol. V, No. 99, 02 February 2015.


[2] Daniel B. Faria, David R. Cheriton, “Detecting Identity­Based Attacks in Wireless Networks Using Signalprints”, WiSe'06, September 29, 2006, Los Angeles, California, USA.


[3] Murat Demirbas, Youngwhan Song, “An RSSI-based Scheme for Sybil Attack Detection in Wireless Sensor Networks”,


[4] Mohamed Salah Bouassida, Gilles Guette, Mohamed Shawky, and Bertrand Ducourthial,”Sybil Nodes Detection Based on Received Signal Strength Variations within VANET”, International Journal of Network Security, Vol.9, No.1, PP.22-33, July 2009.


[5] Zhuliang Xu, Kumbesan Sandrasegaran, Bin Hu, Cheng-Chung Lin, “A Study of WLANRSSI Based Distance Measurement Using EEMD”, International Journal of Advanced Research in Computer Science and Software Engineering 3(8), August - 2013, pp. 5-10.


[6] Guoyou He, “Destination-Sequenced Distance Vector (DSDV) Protocol”.


[7] Iyad Aldasouqi, Walid Salameh, “Detecting and Localizing Wireless Network Attacks Techniques”, International Journal of Computer Science and Security, Volume (4), Issue 1.


[8] Erin-Ee-Lin Lau, Boon-Giin Lee, Seung-Chul Lee, Wan-Young Chung, “Enhanced Rssi-Based High Accuracy Real-Time User Location Tracking System for Indoor and Outdoor Environments”, International Journal on Smart Sensing and Intelligent Systems, Vol. 1, No. 2, June 2008.


[9] Mohit Saxena, Puneet Gupta, Bijendra Nath Jain, “Experimental Analysis of RSSI-based Location Estimation in Wireless Sensor Networks”.


[10] Giovanni Zanca, Francesco Zorzi, Andrea Zanella and Michele Zorzi, “Experimental comparison of RSSI-based localization algorithms for indoor wireless sensor networks”, REALWSN’08, April 1, 2008.


[11] Charles E. Perkins, Pravin Bhagwat, “Highly Dynamic Destination-Sequenced Distance Vector Routing (DSDV) for Mobile Computers”.


[12] Daniel B. Faria, David R. Cheriton, “Detecting Identity ­Based Attacks in Wireless Networks Using Signalprints”, WiSe’06, September29, 2006, LosAngeles, Calfornia, USA. Copyright 2006 ACM1-59593 557-6/06/0009...$5.00.


[13] D. Monica, J. Leitao, L. Rodrigues, and C. Ribeiro, “On the use of radio resource tests in wireless ad hoc networks,” in Proc.3rd WRAITS, 2009.


[14]Y. Liu, D. R. Bild, R. P. Dick, “Extending channel comparison based Sybil detection to MIMO systems,” Tech. Rep. CSE-TR-584-13, Dept. of Electrical Engineering and Computer Science, University of Michigan, Nov. 2013.



...(download the rest of the essay above)

About this essay:

This essay was submitted to us by a student in order to help you with your studies.

If you use part of this page in your own work, you need to provide a citation, as follows:

Essay Sauce, . Available from:< > [Accessed 04.06.20].