ABSTRACT – Open wireless ad-hoc network become harmful by possessing many identity which malicious node gains dis-appropriate influence and information. Many defense based on Sybil attack posed over channel estimation, trusted sources which is not exposed on the IEEE 802.11 WLAN network. RSSI observation and Sybil classification is performed with MASON TEST protocol with high computation in commodity devices. The method Prior round reveals RSSI information is implemented to reduce the computation time generated by the MASON TEST protocol. Specifically, we implement the protocol and the method to defense against the Sybil attack, i.e. 99.99%, without trusted certification in minimum computation time. The performance is illustrated in network simulator and the result is analyzed.
Keyword – Wireless network, Ad-hoc network, security, Sybil attack, Signalprint.
INTRODUCTION
Wireless network technology is one of the hottest topic in in network fundamentals. Wireless networks serves many features. In various cases they uses cable replacements, where in other cases they are used to provide access to corporate data from remote location. The main four categories of wireless networks are wireless personal area network (WPAN), wireless local area networks (WLAN), wireless wide area networks (WWANs), and satellite networks. These networks are now commercially available in most of the region.
The wireless network are categorized into two broad segments: short-range and long-range. Short-range wireless applicable to networks that are confined to a limited area, this are applicable to local area networks (LANs). The same as Wireless local area network are used in building or campuses; typically 100 meters is the coverage area; the function is extension or alternative to wired LAN, associated cost is Low-Medium, typical through-put is 1-54Mpps. The standards used in WLAN is 802.11 a, b, g, HIPERLAN/2. IEEE 802.11 is a combination of media access control (MAC) and physical layer (PHY) specifications for implementing wireless local area network (WLAN) computer communication in the 2.4 – 60 GHz frequency bands.
Wireless networks turns vulnerable to Sybil attacks, in which Sybil node poses as many identities in order to gain disproportionate influence. Various defenses based on spatial variability of wireless channels exist, but something not exposed on commodity 802.11 devices. There introduces numerous security concern to defense against the attack, since participants are not vetted this assumption is easily broken by a Sybil attack. Defenses which are proposed falls into categories like trusted certification, social network based technique, misbehavior detection, resource testing, localization techniques. The trusted certification used access point or certification to vet participants, thus not useful in open nature of wireless network. Resource testing method are most easily defeated in ad-hoc network of resource limited mobile devices by attackers with access to greater resources.
The localization technique, supports defense mechanism against open ad-hoc network without trusted certification. RSSI (Received Signal Strength Indication) is a localization technique uses the spatial correlation between the signal strength and physical location of a node to find out the presence of a Sybil node. It is important to note RSSI does not relay on the quality of signal and
Figure 1.1 Trusted RSSI observation and false observations in Ad-hoc networks.
usually an action is required for mapping RSSI distance values.
In Figure 1, (a) represents the RSSI observation from trusted APs used to identifies the Sybil’s, where S is a Sybil presented by attacker M. Trusted RSSI observations, which are not generally available in open ad-hoc networks. In Figure 1, (b) represents the participant themselves act as observers. The observation are untrusted, coming from possible lying neighbors. In Figure 1, (c) represents I believes S1 and S2 are falsified observation and incorrectly accept them and reject A and B as Sybil.
A Signalprint is used, as its direction stays unchanged, as RSSI can be changed by varying transmit power. Signalprint are hard to spoof and strongly correlated with physical location of nodes. Signalprints allow a control over WLAN to reliably single out clients. Instead of identifying clients based on MAC addresses or other data, Signalprints allow the system to recognize them based on how clients look like in terms of signal strength levels.
Murat Demirbas and Oguejiofor O.S noted that RSSI is a robust and lightweight solution for Sybil attack issue based client position in both indoor and outdoor environment. The framework naturally evaluates the distance between node hubs by measuring the RSSI (got signal quality marker) at a suitable number of node hubs.
The harmful attack against ad hoc networks is known as the Sybil attack. Sybil nodes refer to a malicious device’s additional identities. Open nature of wireless network need a defense against Sybil attack, something exposed on commodity 802.11 devices. Without requiring trust in any other node or authority, RSSI is inherent use true or false RSSI observation reported by one-hop neighbors. The method prior round reveals RSSI information is used to reduce the computation time by comparing the RSSI prior round values. Performing Mason Test protocol with two components: collection of RSSI observations and Sybil classification. The protocol classifies non-Sybil and Sybil by vetting participants without using trusted authority.
2 RELATED WORK
Daniel B. Faria, (2006) uses signal print [4] technique to defeat against the sybil attack. The transmitting devices can be robustly identified by its signal print, a tuple of signal strength values reported act as sensors. The signal print creates signal strength measurement is reliable to client idetifiers . The sybil clients can lie about their MAC address, signal print are strongly correlated with the physical location. Therefore, holding packets with their signal prints provides the proper matching rules. Signal print is featured in way that wireless network is able to detect a large class of effective DOS based on MAC address spoofing.
Murat Demirbas, (2003) uses the RSSI as a solution to the sybil attack in wirless sensor network. The RSSI is said to be lightweight process, by using the RSSI ratio it is feasible to over come the problems like time-varying, unrelaible, radio transmission is non-isotropic. The RSSI is found to be the robust since it detects the sybil nodes with 100% completeness and less false positive ratio.
Mohamed Salah Bouassida, (2007) reports that by collection of mobile host forming a estabilished infrastructure without aid. By allowing node to verify the authenticity of neighbour nodes based on the localization. To determine the estimated metric, the nodes are distigushed between the significance of the node.
Zhuliang Xu,(2013) disscus about RSSI along with Ensemble Empirical Mode Decomposition (EEMD) and evaluate the performance in the indoor and outdoor environment. EEMD normalize the RSSI value related to the distance and reproduce the movement of the sender. EEMD can efficetivily ignore the RSSI value that changes in distance equation which is specific for one Wi-Fi devices. The EEMD along with RSSI is effective in outdoor thna indoor environment.
Diogo Monica, (2009) deploys a framework to evaluate the power and performance of radio resource test (RRT), i.e., each node has access to a single radio devices, the potential to support protocol that does not require pre-configuration nor pre-shares secret.
Yue Liu, (2013) proposed a method Multiple-input Multiple-Output (MIMO) [9] in Sybil defense by resource testing. In MIMO the received signal is validated to identify the transmission. The node is identified by multiple identities from same receiver to be a Sybil or malicious node. MIMO gains complete information about the received signal strength.
3 METHOD AND BACKGROUND
In this segment, we summarize the problem, solution framework and briefly discus RSSI and Signalprint methods.
3.1 PROBLEM STATEMENT
We extent the Signalprint and RSSI based Sybil detection and classification methods to work without any prior detection or observation of participants to determine which of its one-hop neighbor are non-Sybil in open wireless network. The framework that formed allows us to identify the truthful subset selection of nodes for secure safe and trustful protocol.
The framework formed, Figure 2 illustrates truthful subset selection in three steps:
Step 1: First participant takes turn of broadcasting probe packet and other nodes record observed RSSI
Step 2: All the participant share their observation with their one-hop neighbors, i.e. each and every participant holds the RSSI observation of their one-hop neighbors.
Step 3: Finally each and every participant individually select a truthful subset for signalprint base Sybil classification.
3.2 RSSI (Received Signal Strength Indication)
Received Signal Strength Indication is a term of measuring the relative quality of the signal of the client nodes. The strength is based on the nodes signal as seen on receiving device, e.g. a smartphone. The strength of the signal is based on the distance and broadcasting power value, at maximum broadcasting power the RSSI ranges from 40-50 m distance.
Deploying one node to transmit “hello” messages with constant power (0 dBm) and another acts like receiver and capture RSSI then transmit them. The transmitter sends message over 1000 times by setting distance of 15 cm between the transmitter and receiver. But this deployment results to non-uniform nature of RSSI and poor correlation of RSSI value makes it unsuitable for Sybil detection. So, we deploy
FIGURE 2 Trustless truthful subset selection of RSSI observer.
two receiver to compare ratio of RSSI instead of absolute value of RSSI and observe the time varying of RSSI. By comparing the ratio, RSSI can take care of varied transmission power at sender. By using different transmitting power the sender broadcast 1000 messages. RSSI values are recorded by two receivers and transmit them to base station.
〖P_r (d)〗_dBm= R_dBm-10n〖log〗_10 (d/d_0 ) +Z_dBm (1)
Where,
R – Received Signal Strength Indication.
Pr – Received signal power.
Z – Gaussian distribution random variable with
0 mean value.
d – Distance difference between receiver and
transmitter.
The base station analysis and compute the ratio of two RSSI values it received from the two receiver at time t1 and t2. The difference of RSSI ratio is calculated and logs this value.
This results in uniform distribution of values by following Gaussian Probability Distribution with standard distribution of 0.066 and 0.106. If D1 and D2 is the difference of RSSI ratio in same location and I1, I2, I3 and I4 are the node identity with a threshold.
((R_I1^D1)/(R_I2^D1 )-(R_I1^D2)/(R_I2^D2 ))<σ,((R_I1^D1)/(R_I3^D1 )-(R_I1^D2)/(R_I3^D2 ))<σ,
((R_I1^D1)/(R_I4^D1 )-(R_I1^D2)/(R_I4^D2 ))<σ (2)
It is safe to set σ as 0.1 and threshold to 0.5 to detected Sybil node 99.999%, i.e. the threshold to be 5σ, more specifically 0.1.
ρ=0.000,μ=0.000,σ=0.100
Figure 3 Comparing ratio of RSSI
3.3 SIGNALPRINT
Signalprint is vector of RSSI median. The properties of signalprint are: Strongly correlated with the physical location with close proximity of client and Packet violently transmitted by stationary nodes generates similar signalprint with high probability.
Signalprint value can be written as original value or as relative value with respect to high and lower values of RSSI levels in dBm. To reference the difference between the value at a given position and maximum values found in the signalprint we use the term differential signal strength. When matching two signalprint (i.e. S1, S2) it should be written with both absolute and differential values. The use of differential values increases the signalprint operation that varying transmission power between the nodes.
MAX-MATCHES: By comparing the signalprint S1 and S2 the total number of ∈ dB is found, denoted by (S1, S2, ∈), i.e, 10-dB at position I and S1[i] and S2[i] are non-default values.
If,
abs(S1[i]-S2[i]) ≤ 10 (3)
MIN-MATCHES: The signalprint S1 and S2 is compared and the total number of ∈ dB is found, denoted by (S1, S2, ∈), i.e, 10-dB at position I and S1[i] and S2[i] are non-default values.
If,
abs(S1[i]-S2[i]) ≥ 10 (4)
4. EXPERIMENT AND RESULT
The goal of the research is to defense against the Sybil attack without any trusted authority by achieving minimum computation time by extending the Sybil defense method with Prior Round Reveals RSSI Information. Figure 4 represent the flow of the defense mechanism.
4.1 Prior Round Reveals RSSI Information (PRRRI)
The method prior round reveals RSSI information is deployed to reduce the high computation time computed during MASON test protocol. The method is not actually the defense mechanism where as it is mechanism to reduce the time of computation time. Three steps of the PRRRI method are:
Step 1: Routing Process
The process of selecting the best path to transmit packets between nodes in the open wireless ad-hoc network in the IEEE 802.11. Distance vector routing protocol (DSDV) is the routing protocol used as Routing process. In the 802.11 WLAN network the DSDV operates by having each node i in the network by maintaining a table, which gives the best distance to each destination and which routes to get information with all its neighbors periodically. Each and every node has a single
Figure 4 Sybil Defense Mechanism
entry in routing table. The entry node will have following information of the nodes: IP address, last know sequence number and the hop count to reach the source node. Along with the details the routing table also holds the track of nexthop neighbor to reach the destination node and the timestamp of the last update received for that node i.e., DSDV_Agent::Update(int& periodic). The updated message of DSDV consist of Destination address, Sequence number and Hop count. DSDV_Agent:: updateRoute(rtable_ent *sequnum, rtable_ent *dstadd, rtable_ent *nxthop). Each nodes deploys two mechanism to send out the DSDV update.s, they are: Periodic updates, Trigger Updates. When the update with same sequence number is received, the with least hopcount is given the precedence.
Step 3: RSSI based Node identification
The prior round RSSI information is made an entry in to hash table and each every time the node is entering the network the Prior round RSSI information is initial step to process the node for data transmission as secure node. In the process of node identification after evaluation of routing process and RSA-Encryption and Decryption, the node is compared in the hash table with RSSI values that is performed in prior rounds, if the RSSI values compared in the Prior round that is updated in the hash table matches then the node does not processed with the MASON TEST protocol, if not comparison mismatches then the protocol is performed and data transmission is performed in open ad-hoc network. By performing every time the protocol will consume high computation time i.e, <5s for 5-10 nodes is typically fast but it is slower in high density area 40s for 100 nodes. Thus the method implemented reduce the high computation.
The each time the new largest γ- consistent subset generated by the MASON test protocol is carried with hash table to as prior round information. Each time all the participating identities entries the PRRRI the nodes information is compared with the prior round information of node i.e. RSSI ratio and identity classification.
ALGORITHM 1: Node identification
Require: i0 is the initial identity
Require: n is the receiver set size
Require: S is the Entry nodes
1: S ← i0
2: for all i ∈ I do
3: R ← {node_id, cert_id}
4: for cnt = 3 → n do
5: R-> hash{C, Rmax}
6: end for
7: S ->{R}
8: end for
9: return S
Figure 5 Computation Time
4.2 THE MASON TEST
The mason test is the protocol is implemented WLAN 802.11 to defense against the Sybil attack without using trusted authority. The protocol needs four main requirements:
1) The participating identities should be a conforming neighbors.
2) The examined packets should be transmitted in pseudo random order.
3) The information about the RSSI observation must not know to the attackers.
The protocol performs two components: RSSI observation and Sybil classification. At the end of the protocol results the nodes are classified in to Sybil and non-Sybil nodes.
4.2.1 RSSI observation
The RSSI observation is performed with three phases:
Phase I: Identity collection
The identities participating neighbors ensuring that none of the conforming identities are jammed by attackers are gathered in first phase, e.g. HI message is transmitted each acknowledged with initiator, unacknowledged HI is retransmitted. The process terminated if the channel stays ideal till timeout, all stationary neighbors respond with their identities.
Phase II: Randomize broadcast request
In second phase the challenge-response protocol RSSI observation and Sybil classification for motion detection. E.g., the participants records the RSSIs of the HI message from the conforming identities. Some identities fails to responds within minimum duration (i.e., 10ms) might be an attacker attempting to change the physical position and those identities are rejected.
Phase III: Report of RSSI Observation
In third phase first, each identity broadcasts a hash of its observation, then RSSI observation values are shared, thus not matching the respective hash values are rejected. To prevent attacker from using the values to falsie the observation.
4.2.2 Sybil classification
Sybil classification is performed by each participants individually. Correlation between the participants decrease with the RSSI values. The Sybil classification performs only with the current observation uncorrelated with the prior ones. In Algorithm 1, once the receiver set is chosen the set S contains a truthful receiver set is carried away to examine the γ-true Sybil classification. The Sybil and non-Sybil nodes are classified and the 99.99% of Sybil nodes are defensed in the 802.11 WLAN ad-hoc network.
The goal of the candidate receiver set selection is, at least one of the candidate should be truthful. Size-n is set for desire receiver set, S is the truthful receiver set, R is the receiver set identity used to form the signalprints. Along with R the random element in the hash table, identities labeled non-sybil by view V, i.e. VNS(R), is updated to R. Truthful receiver set id updated with the new set {R}. Updated γ-truthful receiver set is compared with the number of identity whose RSSI ratio reported by i do not match with R. the view generated by receiver set R V(R) and the view generated by all the participating identities and all Sybil identities i.e. V({i,s}) are not similar. The subset is found with new largest γ- consistent the participating identities are classified as Sybil and non-Sybil identities.