1

A Low-Cost Method to Thwart Relay Attacks inWireless Sensor Networks∗

Reza ShokriSupervised by Panos Papadimitratos, Marcin Poturalski, and Jean-Pierre Hubaux

I. INTRODUCTION

Wireless sensor networks (WSNs) are composed of a group of tiny sensor devices which can benetworked together and deployed in a wide spectrum of applications in various military and civil domain.These networks are a particular class of wireless ad-hoc networks which do not relay on the infrastructurein order to communicate. Each sensor node can communicate with nodes that are within its communicationrange, their neighbors. Since the environment that sensors are deployed in is generally hostile, it is usuallynot possible to deploy each node in a known location. Consequently, sensor nodes, upon deployment, havea little or no knowledge of their neighbors. Hence, the first step to construct such self-organized network isthe neighbor discovery. Any new sensor node after deployment, as a simplest way for neighbor discovery,broadcasts a HELLO message to its vicinity to aware other nodes about its existence and then other nodessimply add it as a new neighbor. After discovering the neighbors, intermediate nodes perform the routingoperation when a sensor node wants to communicate with a node that is not within its communicationrange. Thus, the neighbor discovery is the cornerstone of communication in wireless sensor networks andit is crucial to have a secure neighbor discovery protocol to construct a secure wireless sensor network[11].

To have a secure neighbor discovery, at the first glance, it is necessary to guarantee authenticity andavailability in front of external adversaries. That is the attacker can not insert its own sensor nodes intothe network to communicate with other nodes and work as a member of the network. In addition, itshould resist against Denial of Service (DoS) attacks where the attacker prohibit two legitimate neighborsfrom communicating to each other. Although providing authenticity and availability helps all legitimatenodes and only legitimate nodes join to the network, it does not imply that if two nodes can directlycommunicate to each other as neighbors are indeed neighbors. In other words, an external attacker canrelay the messages between two legitimate nodes in the network without any modification, deceivingthem they are neighbor of each other, even though they are not so. Consequently, two nodes considerthemselves as neighbors while their messages are transmitted through the attacker relay channel. Thisattack, names as relay attack (or wormhole attack) has a strong effect on the network security, sinceallows the attacker to fully control the communication over the relay channel. The attacker can mountstrong DoS attacks in the network, eavesdrop the communications and extract more information aboutthe cryptographic operations for breaking them. The attacker by placing one relay point close to the basestation (BS), entices the nodes on vicinity of the other relay point to route their messages through therelay channel, because the attacker has reduced the distance between BS and the victims. Figures 1 and 2depict the position of attacker in different situations in the network and its potential threat for the routing.

A number of schemes have been proposed to thwart such threat in wireless networks. They leverage onthe distance bounding [2], using directional antennas [7], location awareness property [8], [15], connectivityplausibility in the graph model [3], [10], or radio fingerprinting [14], [9]. However, these solutions areeither impractical in wireless sensor networks because they require sophisticated hardware, or trustworthyexternal information, or they are not resilient against strong adversaries. In other words, either strongwireless nodes or naive (blind) adversary models have been assumed.

* Project Report, IC-71 Security and Cooperation in Wireless Networks, Doctoral School of the I&C School of EPFL, Fall Semester 2007

2

A B

M

VU

DC

Fig. 1. Relay Attack on Routing (I). By creating an artificial link (A, B), the adversary M attracts routes, e.g. (U, V )-routes that wouldotherwise use link (C, D). In this way, acting only locally, M gains control over the communication of remote nodes, e.g. u and V . Usedwith permission from [11], c© IEEE 2008.

A1

B1

M1

M2 M

3

A2

B2

N1

N2

Fig. 2. Relay Attack on Routing (II). By relaying transmissions between nodes A1 and B1, the adversarial nodes M1, M2, and M3 createan artificial, long-range link (A1, B1). Similarly, nodes N1 and N2 can use an out-of-band channel to relay transmissions between A2 andB2. In both cases, the artificial link offers a route much shorter than alternative ones, and thus attracts traffic the adversary has control over.Used with permission from [11], c© IEEE 2008.

In this paper, we propose a novel low-cost method to thwart relay attacks in wireless sensor networks.Our protocol relies on the basic ability of RF transceivers of sensor nodes in using different transmissionpower levels and measuring the received signal power. The main idea is that nodes test some simplechannel characteristics like symmetry of received signal power, their distances plausibility and minimumpath loss between neighbors. Based on our analysis, in most of the cases a sophisticated adversary cannot provide such properties for nodes across the relay channel, without being detected.

The paper is organized as follows. We define the system model in Section II, includes the wirelesscommunication model in WSN, the network and adversary model as well as a brief description of SecurityAssociation (SA) establishment methods that we will use to implement our protocol. Section IV describesour method and demonstrates how does it work as a secure neighbor discovery protocol. In the nextSection, we analyze the effectiveness of the proposed protocol in presence of adversaries. Section VIclassifies the related work and characterizes them before we conclude the paper in Section VII.

II. SYSTEM MODEL

This section illustrates our system model including communication, network, adversary models.

3

A. Wireless Communication Model1) Simplified Path-Loss Model: In this subsection we study how to characterize the variation in received

signal power over distance due to the path loss inspired from [13], [6]. Path loss is caused by dissipationof the power radiated by the transmitter as well as by effects of the propagation channel. It is the termused to quantify the difference (in dB) between the transmitted signal power, Pt, and received signalpower at distance d, Pr(d).

The complexity of signal propagation makes it difficult to obtain a single model that characterizespath loss accurately across a range of different environments. Accurate path-loss models can be obtainedfrom complex analytical models or empirical measurements when tight system specifications must bemet. However, for general trade-off analysis of various system designs it is sometimes better to use asimple model that captures the essence of signal propagation without resorting to complicated path-lossmodels. This is a common practice for system design. The model predicts that the mean path loss, PL(d),measured in dB, at a transmitter-receiver separation distance (d) will be:

PL(d) = PL(d0) + 10γ log10(d

d0

) (1)

where, PL(d0) is the mean path loss in dB at close-in reference distance d0, which depends on the antennacharacteristics and the average channel attenuation, and γ is the path-loss exponent.

The path loss exponent is an empirical constant that is often measured, but can also be derivedtheoretically in some environments. It varies depending upon the radio propagation environment. Whenγ = 2 the mentioned path loss model predicts the signal behavior in free space environment. A signalpropagation between two points with no attenuation or reflection follows the free-space propagation law.

The reference distance, d0 is chosen to be in far-field of the antenna, at a distance at which thepropagation can be considered to be close enough to the transmitter such that multi-path and diffractionare negligible and the link is approximately that of free-space. Typically, d0 is chosen to be 1− 10 m forindoor environments and 10− 100 m for outdoor environments.

When the simplified model is used to approximate empirical measurements, the value of PL(d0) is setto the free-space path gain at distance d0 assuming omnidirectional antennas:

PL(d0) = 20 log10(4πd0

λ) (2)

where, λ = c/f is the wavelength of the transmitted signal (c is the speed of light, 3× 108 m/s, and f isthe frequency of the transmitted signal in Hz).

The path losses at different geographical locations at the same distance d (for d > d0) from a fixedtransmitter exhibit a natural variability due to differences in local surroundings, blockage or terrain overwhich the signals travels. This variability over a large number of independent measured locations thesame distance away from the transmitter results in ”log-normal shadowing”. It is usually found to followa Gaussian distribution with standard deviation σ dB about the distance-dependent mean path loss, PL(d).

Finally, the received signal power at a separation distance d based on the transmitted signal in dB is:

Pr(d) = Pt − PL(d0)− 10γ log10(d

d0

) + σ (3)

2) IEEE 802.15.4 Channel Model: The IEEE 802.15.4 standard [1] addresses a simple, low-cost andlow-rate communication network that allows a wireless connectivity between devices with a limited power.Recently, most of sensor platforms equip the specific RF chip which can provide the IEEE 802.15.4physical characteristics. CC2420 RF chip is one of these RF transceivers that can be utilized for a numberof sensor hardware platforms. Table I shows some specifications of CC2420 RF chips.

4

TABLE ISPECIFICATIONS OF CC2420 (IEEE 802.15.4 COMPLIANT)

Frequency band 2400 MHz to 2483.5 MHz (ISM band, programmable in 1 MHz steps)Transmit (TX) data rate 250 kbpsRF power -24 dBm to 0 dBmReceive Sensitivity -90 dBm (min), -94 dBm (typ)IEEE 802.15.4 PHY RSSI and LQI

16 channels in 2.4 GHzCRC check

0 5 10 15 20 25 30 35 40 45 50 55 60 65 70 75 80 85 90 95 10020

30

40

50

60

70

80

90

100

Distance from the transmitter (m)

Pat

h lo

ss (

dB

m)

Fig. 3. Signal path loss of IEEE 802.15.4 channel via the distance between receiver and transmitter using (4)

Now, we want to model the signal propagation of MICAz [16],IEEE 802.15.4 compliant, mote moduleswhich are equipped with CC2420 RF transceivers. The IEEE 802.15.4 standard provides a simple channelmodel, based on the (3), considering the specific characteristics of the corresponding RF transceiver likesignal frequency and type of antenna as follows.

Pr(d) =

{Pt − 40.2− 20 log10(d), d < 8 m;Pt − 58.5− 33 log10(

d8), d > 8 m.

(4)

As it shows, a variant of the path loss model is used which stipulates a two-segment function with apath loss exponent of 2.0 for the first 8 meters and then a path loss model of 3.3 thereafter. Based onthe (4), the received signal power for different transmission powers and the path loss via the distance tothe transmitter are depicted in Figures 4 and 3 respectively. The receiver sensitivity is considered to be−90 dBm, that is the receiver can not decode the received signals with power lower than −90 dBm. Asa result, the transmission range of each transmission power can be considered as the traveling distanceof the signal with power more than the receiver’s RF sensitivity.

As mentioned in Table I, CC2420 RF modules can measure the received signal power as RSSI (ReceivedSignal Strength Indicator). Based on this value, having the transmission power level, the receiver canestimate the transmitter-receiver separation distance. Although in practice the RSSI is not is not a preciseestimator for the distance, we expect the estimated distance is more precise when the receiver is closerto the transmitter.

B. Network ModelHere, we assume a static wireless sensor network composed of a number of tiny motes uniformly

distributed in a field. All the nodes in the network are the same and equipped with RF transceivers which

5

0 2 4 6 8 10 12 14 16 18 20 22 24 26 28 30 32 34 36 38 40 42 44 46 48 50 52 54 56 58 60 62 64 66 68 70 72 74−90

−85

−80

−75

−70

−65

−60

−55

−50

−45

−40

Distance from Transmitter (m)

Rec

eive

d S

igna

l Pow

er (

dBm

)

Pt = −24 dBmPt = −16 dBmPt = −8 dBmPt = 0 dBm

Fig. 4. Received signal strength via distance of receiver to the transmitter for different transmission powers in IEEE 802.15.4 channelmodel.

Fig. 5. Comparing the received signal strength at two nodes in two directions for different transmission power levels in different environments.The diagrams show that the symmetry error is almost constant, no matter what is the transmission power and the position of nodes.

provide several transmission power levels. Nodes also can measure the strength of the received signalsusing the RRSI register provided by the radio module.

Hereafter, four basic principles of our protocol, inherited from communication channel model andrelative distance of connected nodes, are described.

1) Channel Symmetry: Based on the communication channel model presented in subsection II-A whentwo neighbor nodes communicate with each other, the path loss on the signal power will be equivalentin both directions. Considering the difference between calibration of two receivers’ antennas there mightbe a difference on the measurement of the signal power that we call it the symmetry error. Thereforefor each two neighbors in the network the difference of the path loss in two directions should be lessthan the symmetry error. Figure 5 depicts the results of our experiment which is the amount of receivedsignal strength using different transmission power levels when the transmitter and receiver are in different

6

Fig. 6. Bidirectional Connection Transitivity. Three nodes u, v, and s can communicate with each other in a way that s− v is bidirectionaland s− u is unidirectional (dashed lines). If the path loss of s− u is less than s− v, considering similar packet reception ratio on both ofthem, connection between s−u should be bidirectional as well (adding the continues line). The link between s− v is called suspicious link.

Fig. 7. Localization of a node based on its distance to two other nodes. Having three distances values we can check whether they belongto sides of a triangle or not, trying to localize them.

positions. It is shown that the symmetry error is constant no matter what is their position.2) Bidirectional Connection Transitivity: Considering three nodes u, v, and s, as shown in Figure

6, can communicate with each other in a way that the connections between v and s is symmetric andbidirectional (s ↔ v) and u can hear s (s → u). If the path loss in channel s − v is more than s − uchannel, in other words the received signal strength at u is more than the signal strength measured by vfor the same signal coming from s, we claim that there should be a symmetric bidirectional connectionbetween u and s (s ↔ u) as well. Because the channel loss is symmetric, the sole reason that s cannot receive messages from u is that the noise and interference at s is more than the the received signalstrength of messages transmitted by u. But, because s can receive messages of other farther nodes, likev, it should be able to detect signals transmitted by u as well. In this scenario, the link between s− v iscalled the suspicious link in our paper.

3) Signal Attenuation: Clearly, based on the path loss model, the received signal strength anywherefarther than the reference distance must be less than the received power at the reference distance (∀d >d0 : Pr(d) < Pr(d0)). If we assume the distance between every two nodes is more than the referencedistance, no node can receive a message with a power more than Pr(d0).

4) Polygon Distance Possibility: Having a fully connected graph in which edges are real distancebetween nodes located on a plane, there should be a unique possible deployment for them. Figures 7 and8 show how to find the position of nodes in a triangle and quadrilateral using their relative distances.Here, we don’t consider the nodes that are located on a straight line.

C. Security AssociationsIn this section we briefly describe the framework of currently proposed protocols to establish the security

associations (SA) between communicating nodes in wireless sensor networks. We try to formalize the

7

Fig. 8. Localization of a node based on its distance to three other nodes that construct a triangle. In every quadrilateral in a plane, it shouldbe possible to localize the nodes based on the distance between nodes.

required steps in those protocols. We will use this when we explain our secure neighbor discovery inSection IV to show how our protocol is adapted with them, thus we don’t need to devise a new SAestablishment protocol.

SA establishment has two main phases: setup phase and establishment phase. In the setup phase, nodesare bootstrapped by being assigned the basic key material. Then, the establishment phase has a three(or two) way handshake between a new node (initiator u) recently joined to the network and a currentmember of the network (responder v). In some cases, exchanging only two messages is enough for mutualauthentication and establishing the SA between nodes. In the first step, the initiator introduces itself andprovides required materials for authenticating itself and establishing the keys. In the second step, theresponder replies with a message contains the identity of responder and its authenticator. Finally, in thelast step, the initiator can authenticate itself and finalize the key establishment to the other node.u−−−−−→ ∗ : 〈u, ...〉v −−−−−→ u : 〈v, Authenticatorv, ...〉u−−−−−→ v : 〈u,Authenticatoru, ...〉Appendix A illustrates two SA establishment protocols to confirm our framework.

III. ADVERSARY MODEL

As described before, the adversary places one or two relay points in the network to relay messagesbetween two set of disconnected nodes. Set A includes nodes in vicinity of attacker’s relay point Ma andnodes in vicinity of the other attacker’s relay point, Mb, belongs to the set B.

We look at the network from the adversary’s point of view. Because we will use the signal path lossbetween nodes in our protocol, we distinguish between nodes based on the path loss of their distance tothe adversary . We define victim topology as two sets of nodes corresponding to two sides of the attack.Each node is a member of one set and its path loss to the adversary is its representative. As an example,the victim topology of a network can be: {{45, 65, 83}, {64, 87}} that means there are 3 (2) nodes in theleft (right) side of the attack with those path loss values.

Here, we consider an adversary that is equipped with a RF transceiver with multiple power levels. Themore transmission power levels the attacker’s transceiver has, the more powerful the attacker is in ourmodel. Moreover, we assume the attacker can selectively relay the messages to remain undetected. Thus,the weakest adversary uses only one transmission power level (the maximum power level) and blindlyrelays all the received packets from one end to the other end of the victims topology.

The objective of the attacker defines the strength of the attack. While in relay attacks the adversarywants to make the network more dependent to fake links (to have more packets being sent through them),

8

the attacker can be interested to provide more fake links between two set of nodes or deceive morenodes but not with maximum possible links between them. It depends on the protocols in network andapplication layer. For example if the routing protocol needs to find multiple disjoint paths between BSand nodes, the attacker should construct as much as possible fake links between victim nodes. Otherwise,the attacker doesn’t need to make all possible fake links between two set of victim nodes and coveringmore nodes in each side that has at least one fake neighbor among the other side is satisfactory for theattacker.

For each victim topology the attacker has some possible ways to relay the messages in terms of thepower levels he uses and the messages he decides to relay. We call those ways attacker strategies. Asuccessful strategy is the strategy that the attacker can deceive the nodes and remains undetected in thepresence of secure neighbor discovery protocol.

IV. PROPOSED SOLUTION

In this section, first we describe the main idea of our method and after that the protocol is explainedin more details.

A. OverviewThe protocol has two stages: Neighbor Discovery (ND) and Neighbor Verification (NV).In the ND phase, a node simply discovers its neighbors and performs SA establishment. Then, ”Channel

Symmetry” and ”Signal Attenuation” properties are checked by any node engaged in the protocol. Neighborrelation over asymmetric channels are deleted and only two nodes that can communicate via a symmetricchannel (tolerating symmetry error) add each other as neighbors. Moreover, if a connection does notfollow ”Signal Attenuation” property, an alarm should be raised as there is a relay attack in between.

In the NV phase, after nodes find their neighbors they have to verify their neighborhood relation.During this phase, nodes broadcast their neighbor table to their direct neighbors. The neighbor tableincludes the identifier of neighbors and the signal path loss to them from the owner of the table. Everytwo neighbor nodes (based on the result of ND phase) find their common neighbors and check the”Connection Symmetry Transitivity” and ”Location Possibility” properties. If the former check fails thesuspicious links are deleted. An alarm will be raised if the the later check fails.

To simplify the protocol, we abstract away the power level nodes use for ND and NV during protocoldescription. First, we explain the protocol when nodes communicate using one power level. Then, we willpoint out to the effect of multi power level transmission on the security of the method.

B. DetailsThe notations we use during protocol description are shown in Table II. It should be mentioned that

in this section we abstract away the details of SA establishment during ND phase. Therefore, we refer tothe SA required material in different stages as s and use the established keys during 3-way handshakebetween two nodes.

1) ND Phase: Considering node u is discovering its neighbors and v as one of the nodes in its vicinity,the ND protocol is as follows.

u : M1 = 〈u, p, s〉u : Send(M1, p, ∗)

v : Recv(M1, q1)v : M2 = 〈v, S(p, q1),s〉v : Send(M2, p, u)

9

TABLE IINOTATIONS

u : Send(M, p, v) u sends a message M with signal power p to node v (∗ means broadcast).v : Recv(M, q) v received message M with signal power q.Dist(pl) The distance (in meter) corresponding to the signal path loss pl.u ! v u and v are discovered as neighbors but their relation is not verified yet.u ↔ v u and v are verified neighbors.u = v u and v are not neighbors.Esym Symmetry error.s Security association establishment material.Kc

u Cluster key of node u.Kuv Secret key between two nodes u and v.S(m) Message m secured (encrypted, signed, ...) based on established SA.PL(d0) Path loss at reference distance d0.PLuv Path loss between u and v.NTu Neighbor table of node u. It is the set of u’s neighbors, i, and the path loss between u and i.ALARM Sending an Alarm message (following the implemented intrusion detection system).

u : Recv(M2, q2)u : (p− q2) < PL(d0) ⇒ u = v, ALARMu : |q1 − q2| < Esym ⇒ u ! vu : M3 = 〈u, S(p, q2),s〉u : Send(M3, p, v)

v : Recv(M3, q3)v : (p− q3) < PL(d0) ⇒ u = v,ALARMv : |q2 − q3| < Esym ⇒ u ! v

To increase the accuracy of the protocol, nodes can transmit their messages several times and considerthe average of received signal power in their checks.

2) NV Phase: Nodes periodically (for example after a new node joins to the network) can exchangetheir neighbor tables (NT). Then, every two neighbors, u and v verify their neighborhood relation usingthe distance to their common neighbors.

∀i ∈ {a, b, u, v}, i : Send(〈i, S(NTi)〉, ∗)∀a ∈ Nu ∩Nv : CheckP lausibility(a, u, v)∀a, b ∈ Nu ∩Nv : CheckP lausibility(a, b, u, v)If(!Plausible)ALERT

CheckP lausibility function checks the ”Distance Plausibility” property, that is whether it is possibleto draw such a triangle or quadrilateral on a plane or not. It should be mentioned that in the second case(two common neighbors) nodes need to find two common neighbors those are neighbor of each other aswell. The ”Bidirectional Symmetry Transitivity” property between neighbors also should be checked andin the case of violence the suspicious links should be deleted. Moreover, in the case of implausibility ofthe polygon an alert should be raised.

V. ANALYSIS

In this section, first we study how the attacker can find successful strategies to deceive the victim nodeswhile our protocol is running on the nodes. Then, we measure how successful is the attacker, in terms ofthe number of faked links, in finding successful strategies without being detected. We assume the attackercan be detected when an alert is raised in the network.

10

PLB

2M

B2

B1PL

B1M

Mb

Relay Channel

Ma

A1

PLA

1M

Fig. 9. A simple relay channel. Ma and Mb are relay points of the attacker and Ai and Bi nodes are the victims. The labels on the edgesshow the path loss of the channel between the nodes. The adversary, by changing the signals strength before relaying them, aims to fulfilthe chanel properties mentioned in Section II-B.

To find the adversary’s successful strategies, we have to consider two aspects of its strategy. First, wefind how the adversary can make the channel symmetric between two nodes through the relay channel.Then, we show that the attacker can not act selectively to avoid being detected by alert generating checks.

A. Finding Successful Strategy for the AdversaryConsidering a simple scenario, as illustrated in Figure 9, in which the adversary wants to make two

fake links, A1 −B1 and A1 −B2. The received power of exchanged messages in both sides should fulfilthe ”Channel Symmetry” property. Therefore, considering the power level the adversary uses to relay amessage is ∆P plus the received signal power, the following inequality should satisfied in both sides:

|(p− PLA1M + ∆PA1 − PLB1M)− (p− PLB1M + ∆PB1 − PLA1M)| < Esym

⇒ |∆PA1 −∆PB1| < Esym,

|(p− PLA1M + ∆PA1 − PLB2M)− (p− PLB2M + ∆PB2 − PLA1M)| < Esym

⇒ |∆PA1 −∆PB2| < Esym.

To maximize the chance of creating the link the adversary has to minimize |∆PA1−∆PB1| and |∆PA1−∆PB2|. Therefore,

|∆PA1 −∆PB1| = 0, |∆PA1 −∆PB2| = 0⇒ ∆PA1 = ∆PB1 = ∆PB2 = ∆P.

Thus, by selecting any ∆P the adversary can make all the links symmetric. To increase the numberof faked links the adversary should use a larger ∆P , because smaller ∆P is lesser number of nodes canhear the relayed messages. On the other hand, larger ∆P is more probable the attacker being detected by”Signal Attenuation” property check when he relays the messages of close nodes.

B. Selective StrategyThe attacker to remain undetected might want to ignore the messages coming from the close nodes

while relaying farther node’s messages. This strategy leads to making suspicious bidirectional links inthe network which will be deleted based on the ”Bidirectional Connection Transitivity” property. So, theadversary will loose the fake links to the real neighbors of the close node.

To make the attacker uncertain about the selection of the signals of close node, we propose the followingchanges in our protocol. Assume every node has multiple identities for its different power levels. Nodes,introduce themselves as the identifier of using power level. In ND phase, nodes securely exchange theiridentifiers to avoid running SA establishment several times. According to Figure 4, similar signal strengthcan be received by a node when multiple senders transmit with different power levels. As a concrete

11

Fig. 10. An example for the result of a relay attack (∆P = 83dBm), considering the path loss and distance between nodes for both realand fake links. The first figure shows the location of nodes and the attacker relay points. The second one shows that it is not possible tohave a quadrilateral based on the distances between nodes (through the relay channel) after the attack.

example, the received power at distance 7m of a sender with power level -24dBm is equal to the receivedpower at distance 12m of a sender with power level -16, distance 21m of a sender with power level-8dBm, and distance 37m of a sender with power level 0dBm which are equal to -80dBm. Hence, whilethe neighbors of adversary are communicating with different power levels, and the adversary can notlink between the identifiers of nodes, the adversary can not find the messages coming from the closernodes. When two nodes are neighbors in lower levels they expect to be neighbors in higher levels as well.Otherwise they don’t add each other as neighbors and this selective strategy of the adversary may leadto deletion of some faked links.

Hence, we can conclude that the selective strategy is not effective for the adversary.

C. Distance PlausibilityAs mentioned before, one of the properties that hold for a group of nodes that are located in a plane is

that their relative distances to each other should be plausible (i.e. we can construct the polygonal basedon the size of its lines). We saw that the adversary has some problems with close nodes to its relay point.On the other hand, for the farther nodes the probability of satisfying ”Distance Plausibility” decreases.

D. Examples of attack detectionIn this subsection we will give some concrete examples of detecting the attack by checking different

properties.1) Violating ”Signal Attenuation” Property: Assuming the topology is {{45,70},{50,80}}, the maxi-

mum power level of nodes is 0dBm, and the path loss at reference distance is 40dBm, the minimum ∆Pthe attacker can use to make all 4 fake links is 60dBm. Therefore, when it relaying the messages of closernodes it can be detected by the closer node in the other side because the end-to-end path loss betweentwo close nodes is less than 40dBm which is impossible based on the ”Signal Attenuation” property.

12

50 100 1500

0.2

0.4

0.6

0.8

11

50 100 1500

0.2

0.4

0.6

0.8

12

50 100 1500

0.2

0.4

0.6

0.8

13

50 100 1500

0.2

0.4

0.6

0.8

14

50 100 1500

0.2

0.4

0.6

0.8

15

50 100 1500

0.2

0.4

0.6

0.8

16

50 100 1500

0.2

0.4

0.6

0.8

17

50 100 1500

0.2

0.4

0.6

0.8

18

50 100 1500

0.2

0.4

0.6

0.8

19

50 100 1500

0.2

0.4

0.6

0.8

110

Fig. 11. The probability of attack detection (dashed lines) and the strength of the adversary (continues lines), based on the proportion of thenumber of fake links to the maximum possible links between sets A and B, without being detected (y-axis), for different ∆P values (x-axis).The title of each sub-diagram is representative for the size of victim topology in both sides. By increasing the density of the network, thestrength of the adversary decreases while the probability of detection increases.

2) Violating ”Distance Plausibility” Property: Assume the topology is {{73},{72,79}}, the attackerhas selected ∆P = 83dBm and the distance between two real neighbors in the right side is 54m. Distancesbetween nodes will be 11m and 18.5m (through the relay channel) which does not satisfy the triangleinequality.

For a quadrilateral case, assume the topology is {{81,86},{83,89}}, the attacker has selected ∆P =86dBm, and the distance between two nodes in the right and left sides are 54m and 51m respectively.Figure 10 shows the distance between nodes. In this case it is impossible to find a unique location fornode B2 based on its distance to three other nodes.

E. Simulation ResultsTo measure the effectiveness of our method, we run the attack on different network densities when the

number of nodes in vicinity of adversary have changed from 1 to 10 node in each side. These nodes wereuniformly deployed up to distance 80m to the adversary in both sides. We measure the average number offake links the attacker can make without being detected over the maximum possible number of fake links.This is calculated for all values the attacker consider for the ∆P from 0dBm to 150dBm. Moreover, ineach case the attack detection probability based on alarm raising is calculated in average for each case.Because in practice it is not possible (or very hard) to calculate the accurate distance based on the pathloss, we considered 20m error tolerate for checking the ”Distance Plausibility” property. So, nodes raisean alert if the violate form polygon properties is more than 20m.

13

Figure 11 depicts the results of the simulation. Continues lines are representative for percentage ofsuccessful fake links without attack detection, and dashed lines show the attack detection probability. Thetitle of subgraphs show the number of nodes deployed in each side of the attack and the x-axis is the ∆Pvalue selected by the adversary.

As the diagrams show, when the selected ∆P is small, because a small part of the nodes are covered bythe relayed signals the attack is not effective in terms of the percentage of fake links. Moreover, the attackdetection probability is low because the selected ∆P is not enough to violate the ”Signal Attenuation”and ”Distance Plausibility” properties. Respectively, for the higher values for ∆P the average number offake links increases as well as the probability of violence from those properties. Clearly, higher densityof deployed nodes in vicinity of adversary higher probability to delete the fake links and detecting theadversary.

It is worth mentioning that the success of a weak adversary that transmits messages with a constancepower level (its maximum power level) is almost nothing using our protocol. Because only for satisfyingthe symmetry property all the values in the topology should be almost the same, meaning that nodes haveto be in the same distance to the attacker in both sides.

VI. RELATED WORK

Following schemes have been proposed to achieve secure neighborhood discovery in wireless networks:Distance Bounding Approaches: estimate the distance between two communicating nodes to de-

termine an upper bound for the distance of those nodes. The calculated upper bound must be lowerthan the maximum communication range of nodes to convince them they are neighbor of each other.Challenge-response delay measurement [2], and message time-stamping (temporal leash) [8] methodsare in this category. These methods need specific hardware to determine the flight time of messagesin high precision. Deciding based on such high precision brings more false negative error rate into thecomputations.

Location-based Approaches: assume the communicating nodes have access to their physical location.Based on these information, they can check whether it is possible for two nodes to be neighbor of each otheror not. Nodes can be aware of their position using a position service provider like GPS, in geographicalpacket leash [8] method. In another approach some stationary nodes who report their positions, anchors[15], help the nodes to estimate their position having enough received anchors messages.

Using Directional Antenna: and having the fact that every two neighbors can access each otherthrough the opposite zones their antennas covers, relay attacks can be detected in a case the attacker cannot provide this property [7].

Using Signal Patterns: the messages transmitted by a given node can be characterized and distin-guished from other nodes. Radio frequency fingerprinting [14], temporal link signature construction [12], determining signal-print based on several recipients’ report [5] are proposed methods in this category.Moreover, RSSI measurement and correlation [9] is an statistical approach to detect whether differentmessages come with the same signal strength.

Connectivity based Approaches: try to find contradiction in the connectivity graph of nodes basedon statistical nodes’ degree [3] in a central method or in the vicinity of the wormhole in a decentralizedapproach [10] based on graph theory. Connectivity-based approaches are more powerful in dense networksand does not work in the case of sophisticated attacker who selectively convey messages through thechannel. Moreover, these methods are not effective enough in the case of short-distance relay attacks.

As we have seen, speed of transmission, time of flight, location, radio signal patterns and connectivityof nodes in the network have been considered to tackle the problem. It is worth mentioning that in allthe proposed methods, the attacker’s power is almost equal to the participating nodes’ power. As a result,considering a sophisticated attacker in those models degrades the accuracy and detection ability of thosemethods.

14

VII. CONCLUSION AND ON-GOING WORK

In this paper, we studied the fundamental problem of secure neighbor discovery in wireless sensornetworks. We focused on the relay attacks as one of the most challenging attacks on wireless networks.Currently proposed methods, for tackling such attack, are either impossible to be implemented on sensornetwork or can not protect the network in presence of a sophisticated adversary.

Taking the basic characteristics of communication channel between nodes into account, we proposeda low-cost method to thwart relay attacks. Symmetry of the channel, minimum path loss between twoneighbors, and distance plausibility of nodes located in a plane are audited by neighbor nodes for verifyingtheir neighborhood relation. We illustrate the effectiveness of our method in presence of a sophisticatedadversary. The results show the success of the method as increasing the number of nodes in vicinity of theadversary. As an example, for four nodes in each side of the attack, for the best strategy of the adversary,the probability of detecting the adversary is more than 60 percent. In the best case, the adversary canconstruct 4 or 5 fake links (among 16 possible links between two sides), without being detected.

We assumed that the adversary can make the channel symmetric between nodes because in theoryit is possible. Therefore, we only focused on the other properties. One of our on-going works is theimplementation of the attack to see how successfully the adversary can provide the symmetry property inpractice. Moreover, we used the received signal strength to measure the distance between nodes. Althoughwe showed that considering the distance estimation error our protocol can work well in theory, but tohave a robust protocol we need to find an alternative communication channel with the same propertiesas well as high precision distance measurement. It seems that the ultrasound signals are promising to beused for reaching that goal. Thus, the next step is to investigate the properties of such signals to use themfor implementing a robust practical neighbor verification protocol.

APPENDIX

We described the SA establishment general framework in wireless sensor networks in Section II-C.Here, we discuss two well-known key establishment protocols to confirm our simple framework.

1) Random key-chain based key pre-distribution: This solution, originally proposed in [4], relies onprobabilistic key sharing among the nodes of a random graph. In key setup phase, a large key-pool ofKP keys and their identities are generated. For each sensor, k keys are randomly drawn from the key-pool KP without replacement. These k keys and their identities form the key-chain for a sensor node.In key establishment phase, two neighbor nodes exchange and compare list of identities of keys in theirkey-chains. Basically, the initiator and responder in two first steps can exchange their key ID lists of sizek. Moreover, they can authenticate each other in the second and third steps.

2) Localized encryption and authentication protocol (LEAP): In this protocol proposed in [17], oneglobal key, KIN , is shared between all nodes in the setup phase. A node u can use this key and a pseudo-random function f to generate its master key Ku = fKIN

(u). In the establishment phase, two nodes uand v communicate as follows:u−−−−−→ ∗ : 〈u,Nonceu〉v −−−−−→ u : 〈v, MACKv(v|Nonceu), Noncev〉u−−−−−→ v : 〈u,MACKv(u|Noncev)〉

In the second step, node u receiving the identity of its neighbor, v, can calculate the Kv and thereforeauthenticate v. Node u computes its pairwise key with v, Kuv as Kuv = fKv(u). Node v can also computeKuv in the same way. The third message is actually the authenticator of u which can be conveyed evenfurther when u sends a data message to v. Every node after finishing the the establishment phase erasesthe global key.

REFERENCES

[1] Ieee standard for information technology - telecommunications and information exchange between systems - local and metropolitan areanetworks - specific requirement part 15.4: Wireless medium access control (mac) and physical layer (phy) specifications for low-ratewireless personal area networks (wpans). IEEE Std 802.15.4a-2007 (Amendment to IEEE Std 802.15.4-2006), pages 1–203, 2007.

15

[2] Stefan Brands and David Chaum. Distance-bounding protocols (extended abstract). In Theory and Application of CryptographicTechniques, pages 344–359, 1993.

[3] Levente Buttyn, Lszl Dra, and Istvn Vajda. Statistical wormhole detection in sensor networks. In Security and Privacy in Ad-hoc andSensor Networks (Lecture Notes in Computer Science), volume 3813/2005, pages 128–141, 2005.

[4] Laurent Eschenauer and Virgil D. Gligor. A key-management scheme for distributed sensor networks. In CCS ’02: Proceedings of the9th ACM conference on Computer and communications security, pages 41–47, New York, NY, USA, 2002. ACM.

[5] Daniel B. Faria and David R. Cheriton. Detecting identitybased attacks in wireless networks using signalprints. In Proceedings ofACM Workshop on Wireless Security (WiSe), Los Angeles, CA USA, 2006.

[6] Andrea Goldsmith. Wireless Communications. Cambridge University Press, New York, NY, USA, 2005.[7] Lingxuan Hu and David Evans. Using directional antennas to prevent wormhole attacks. In In Symposium on Network and Distributed

Systems Security (NDSS), San Diego, California USA, 2004.[8] Y.-C. Hu, A. Perrig, and D.B. Johnson. Packet leashes: a defense against wormhole attacks in wireless networks. In Twenty-Second

Annual Joint Conference of the IEEE Computer and Communications Societies NFOCOM 2003. San Francisco California, USA, 2003.[9] Urs Hunkeler, Panos Papadimitratos, Marcin Poturalski, and Jean-Pierre Hubaux. Detecting wormholes and sybil nodes by fingerprinting

the radio link. In EPFL Wireless Security Course Project Report, 2007.[10] R. Maheshwari, J. Gao, and S. R. Das. Detecting wormhole attacks in wireless networks using connectivity information. In IEEE

INFOCOM 2007. 26th IEEE International Conference on Computer Communications., pages 107–115, May 2007.[11] Panos Papadimitratos, Marcin Poturalski, Patrick Schaller, Pascal lafourcade, David Basin, Srdjan Capkun, and Jean-Pierre Hubaux.

Secure neighborhood discovery: A fundamental element for mobile ad hoc networking. Accepted in IEEE Communication Magazine,February 2008.

[12] Neal Patwari and Sneha K. Kasera. Robust location distinction using temporal link signatures. In MobiCom ’07: Proceedings of the13th annual ACM international conference on Mobile computing and networking, pages 111–122, New York, NY, USA, 2007. ACM.

[13] Theodore Rappaport. Wireless Communications: Principles and Practice. Prentice Hall PTR, Upper Saddle River, NJ, USA, 2001.[14] Kasper Bonne Rasmussen and Srdjan Capkun. Implications of radio fingerprinting on the security of sensor networks. In Proceedings

of IEEE Securecomm, Nice, France, 2007.[15] Chris Savarese, Jan M. Rabaey, and Jan Beutel. Locationing in distributed adhoc wireless sensor networks. In International Conference

on Acoustics, Speech, and Signal Processing (ICASSP 2001), 2001.[16] Xbow. http://www.xbow.com, 2007.[17] Sencun Zhu, Sanjeev Setia, and Sushil Jajodia. Leap: efficient security mechanisms for large-scale distributed sensor networks. In CCS

’03: Proceedings of the 10th ACM conference on Computer and communications security, pages 62–72, New York, NY, USA, 2003.ACM.